Tag Archive for: Bill

What does the UK government’s Telecoms Security Bill mean for the future of the industry? – Telecoms.com

/in


Telecoms.com periodically invites expert third parties to share their views on the industry’s most pressing issues. In this piece Matias Madou, Co-Founder & CTO of Secure Code Warrior, looks at the implications of a new piece of UK, telecoms-specific legislation.

The Telecoms Security Bill, which seeks to introduce a new security framework for the UK telecoms sector, is currently being passed through the UK parliament. The bill aims to ensure that public telecommunications providers operate secure and resilient networks and services, and manage their supply chains appropriately.

Telecoms, like many other industries, have relied on a reactive approach to security for far too long, and while the new rules introduced by the bill don’t prioritise a grass-roots approach to security led by secure coding, it does introduce a series of tests to ensure providers are meeting government standards. So, what exactly does the bill mean, and how are these new rules going to ensure that security risks and compromises are minimised in the sector?

Raising security standards, across the board

To put it simply, the Telecoms Security Bill aims to empower the government to boost the security standards of the UK’s telecoms networks, whilst removing the threat of high-risk vendors. These measures include new controls on the use of Huawei 5G equipment, for example, including a ban on the purchase of new Huawei equipment from the end of this year, and a pledge to remove all Huawei equipment from 5G networks altogether by 2027.

Another key change is around penetration testing, or “pen-testing” – under the new regulations, telecom providers will be required to pen-test their networks annually. Although many providers already test their networks regularly, the new security framework will make the practice compulsory. In order to the understand the potential impact of the bill, we need to drill down into what pen-testing actually and why it’s so essential for the industry.

Compulsory annual pen-testing

Pen-testing is a security technique designed to identify, test and flag vulnerabilities in IT systems. This is done by allowing “ethical hackers” to simulate cyberattacks to test the…

Source…

Proposed ‘Hack-Back’ Bill Tells DHS To Study Allowing Companies To Retaliate – Breaking Defense Breaking Defense

/in


A new bill could be the first step in companies being able to “hack back” at bad actors – but doing so could come with major risks, experts say. (File)

WASHINGTON: Two members of the Senate Finance Committee have introduced a bipartisan bill that instructs the Department of Homeland Security to study the “potential consequences and benefits” of allowing private companies to hack back following cyberattacks.

Sens. Steve Daines, R- Mont., and Sheldon Whitehouse, D-R.I., have introduced the legislation as frustration over repeated cyberattacks against US companies has led to growing calls across the national security community and the private sector for retaliatory actions. Some, including military legal advisors, are now calling for the US to revisit its policy on military offensive cyber operations, especially in response to increasing ransomware attacks targeting the public and private sectors.

The draft Study on Cyber-Attack Response Options Act tells DHS to study “amend[ing] section 1030 of title 18, United States Code (commonly known as the Computer Fraud and Abuse Act), to allow private entities to take proportional actions in response to an unlawful network breach, subject to oversight and regulation by a designated Federal agency.”

DHS’s report would provide recommendations to Congress on the “potential impact to national security and foreign affairs.” Specifically, the report would address the following issues:

  • Which federal agency or agencies would authorize “proportional actions by private entities;”
  • Level of certainty in attribution needed to authorize such acts;
  • Who would be allowed to conduct such operations and under what circumstances;
  • Which types of actions would be permissible; and
  • Required safeguards to be in place.

“The Colonial Pipeline ransomware attack shows why we should explore a regulated process for companies to respond when they’re targets,” Whitehouse said in a statement to Breaking Defense. “This bill will help us determine whether that process could deter and respond to future attacks, and what guidelines American businesses should follow.” (A request for comment to Daines’s office was not returned by…

Source…

Israel’s Version of Moving Fast and Breaking Things: The New Cybersecurity Bill

/in


The Prime Minister’s Office (PMO) of Israel published a new bill in February entitled “Cybersecurity and the National Cyber Directorate.” If passed by government committee and the Knesset, this law will redefine cybersecurity governance in Israel. The PMO officially tabled an earlier version of the bill in June 2018, but that bill did not advance through the legislative process given the strong objections it raised both in the professional cybersecurity community and among other government authorities. In particular, stakeholders raised concerns about the broad scope of authority sought by the Israel National Cyber Directorate (INCD) under the 2018 bill. Other concerns included the lack of proper safeguards over the nature and scope of invasive “computer protection actions” taken by the INCD in response to cyberattacks, the potential for privacy infringements in the name of national security, and the interface between the activities of the INCD and other law enforcement agencies. The process of affording the INCD—which is currently a policy-setting body—with operative powers has been controversial even within Israel’s security establishment. One publicized example of this controversy was a 2017 leaked memo to the prime minister from the Mossad, the Israel Security Agency (Shin Bet), Israel Defense Forces and the Defense Ministry declaring their opposition to the expanding authorities of the INCD.

The new bill is an abbreviated formulation of the 2018 version and is framed as temporary legislation with a two-year sunset clause—perhaps to avoid some of the opposition that emerged in response to its earlier iteration. The PMO wants to move fast—somewhat insincerely in our view—because of increased cybersecurity risk while teleworking during the coronavirus pandemic and the associated digitization of workplaces in both the public and private sectors. A string of recent attacks on Israeli companies, which two of the authors discussed in a previous Lawfare post, also generated a sense of urgency for providing the INCD with unprecedented and controversial legal tools to respond to the new risk environment. These steps, however, come at the risk of compromising…

Source…

Best Bill Negotiation Services of 2021

/in


Select’s editorial team works independently to review financial products and write articles we think our readers will find useful. We may receive a commission when you click on links for products from our affiliate partners.

If you feel like your monthly bills are always increasing, you’re not alone. In some major cities across the U.S., energy bills are expected to spike as much as 10% due to fluctuating fossil fuel prices and climate change. And year over year, it’s not unusual to see your bills creep up thanks to expiring promotions, taxes, fees, add-ons, etc.

Of course, you can always contact your service providers directly when you want to negotiate down fees and subscription charges. But with our busy lives, not everyone has the time to spend hours on the phone with no guarantee they will score a better rate. Increasingly, there are businesses popping up that offer bill negotiation services, either through an app or a website, that lets consumers hire experts to do the work for them.

For a fee (usually a percentage of your total savings), trained professionals who are up-to-date on the latest rates for various companies will negotiate for you with the goal of saving you a nice chunk of change on your monthly bills. After all, these businesses only make money when you save.

Typically, these services can negotiate your phone, internet and cable bills. However, some companies also include medical bill negotiation along with home security and other subscriptions. Usually, all you need to do is upload the monthly bills you want negotiated, and let the experts take it away. Sometimes, you’ll need to give them authorization to do the negotiating.

Select reviewed roughly a dozen bill negotiation companies, looking at fees, types of bills negotiated, Better Business Bureau and consumer reviews and ratings, as well security features. (Read our methodology for more information on how we choose the best bill negotiation services.) Here are our top picks:

Select’s picks for the top bill negotiation services

Bill negotiation services FAQs

Best overall

Billcutterz

On Billcutterz’ secure site

  • Cost

    Charges 50% on whatever savings you earn (can pay monthly or receive 10% discount for paying in full…

Source…