Tag Archive for: mandates

Industry wants to rein in new hack reporting mandates


Welcome to The Cybersecurity 202! This must be a particularly French way to protest. 

Below: Apple’s sorry about long waits on bug reports and California is the latest state to offer mail voting by default. 

Companies fear overbearing cybersecurity regulations



Sen. Mark Warner (D-Va.) is cosponsoring a bill with stricter cybersecurity regulations. (Photo by Anna Moneymaker/Getty Images)


© Anna Moneymaker/Getty Images
Sen. Mark Warner (D-Va.) is cosponsoring a bill with stricter cybersecurity regulations. (Photo by Anna Moneymaker/Getty Images)

The tech industry association ITI laid out a softer vision yesterday of how companies should have to report cyberattacks to the federal government.

Loading...

Load Error

Its goal: to rein in a bipartisan congressional effort to require companies to alert the government when they’re hacked, which would amount to one of the most significant increases in cybersecurity requirements for industry in years.

The various pieces of legislation share a primary goal: To give the Cybersecurity and Infrastructure Security Agency (CISA), which would receive the reports, better insights about a wave of blistering cyberattacks that have hit critical industry sectors and U.S. government agencies in recent months. CISA would share information from those reports back to industry to help better protect them against future hacks. 

There are two versions of the bills and at least one more in the works. They vary widely, however, in the sorts of cyber incidents companies would have to report to CISA and how quickly the reports would have to come in. 

Industry asks

ITI laid down a marker yesterday for less onorous requirements. The group, which represents Amazon, Google and a slew of other top companies, is pushing for:

  • Only reporting incidents in which companies have verified hackers breached their networks.
  • Giving at least a 72-hour window before those reports must come in.

The list of recommendations is a frontal assault on the first Senate bill, which was sponsored by Intelligence Committee Chairman Mark Warner (D-Va.) and the committee’s top Republican, Marco Rubio (Fla.), among others. That bill called for reports within 24 hours and would require companies to make such reports even if they aren’t sure hackers actually penetrated their…

Source…

Google mandates OEMS to push out Android security updates for at least two years

  1. Google mandates OEMS to push out Android security updates for at least two years  Firstpost
  2. Full coverage

android security news – read more

Google mandates two years of security updates for popular phones in new Android contract

  1. Google mandates two years of security updates for popular phones in new Android contract  The Verge
  2. Popular Android devices must receive two years of security updates  Engadget
  3. Google is mandating major OEMs offer 2 years of Android security updates  XDA Developers (blog)
  4. Full coverage

android security news – read more

Facebook mandates stronger digital verification of apps

Facebook will require application developers to move later this year to a more secure type of digital signature for their apps, which is used to verify a program’s legitimacy.

As of Oct. 1, apps will have to use SHA-2 certificate signatures rather than ones signed with SHA-1. Both are cryptographic algorithms that are used to create a hash of a digital certificate that can be mathematically verified.

Apps that use SHA-1 after October won’t work on Facebook anymore, wrote Adam Gross, a production engineer at the company, in a blog post.

“We recommend that developers check their applications, SDKs, or devices that connect to Facebook to ensure they support the SHA-2 standard,” Gross wrote.

To read this article in full or to leave a comment, please click here

Network World Security