CNET: White House reportedly eliminates top cybersecurity role. “Politico, The Hill and CNN report that the Trump adminstration has eliminated the White House position of cybersecurity coordinator, a role President Obama first established in 2009, at a time when hacks and cybersecurity threats weren’t as commonplace as they are today.” This is a terrible idea, and I’d be saying that even if we had President Fred Rogers.
Politico: Bolton pushing to eliminate White House cyber job. “President Donald Trump’s national security team is weighing the elimination of the top White House cybersecurity job, multiple sources told POLITICO — a move that would come as the nation faces growing digital threats from adversaries such as Russia and Iran. John Bolton, Trump’s hawkish new national security adviser, is leading the push to abolish the role of special assistant to the president and cybersecurity coordinator, currently held by the departing Rob Joyce, according to one current and two former U.S. officials with direct knowledge of the discussions.”
Boing Boing: Georgia criminalizes routine security research. “Georgia is a hub for cybersecurity research, with leading university computer science and security programs and a new $35m state cybersecurity research center underway; but the Georgia state legislature just passed SB315, the most onerous prohibition on computer security research ever passed in the USA.”
TechCrunch: New York City is launching public cybersecurity tools to keep residents from getting hacked . “In a week of harrowing city-level cyber attacks, New York is taking some precautions. While the timing is coincidental, New York City Mayor Bill de Blasio just announced that the city will introduce the first tools in its suite of cybersecurity offerings to protect residents against malicious online activity, particularly on mobile devices.”
POGO: A New Tool for Looking at Federal Cybersecurity Spending. “…a new tool from nonpartisan watchdog group Taxpayers for Common Sense provides perhaps the most comprehensive analysis of federal cybersecurity spending. Last week, Taxpayers released a new database and visualization tool that breaks down unclassified federal spending on cybersecurity over the past decade—giving the public a peek at how each major federal agency is devoting resources toward protecting computer systems.”
The National Institute of Standards and Technology (NIST) has released the first draft of a cybersecurity self-assessment tool for enterprises. “The builder tool is intended to help organizations ensure that their cybersecurity systems and processes support the enterprises’ larger organizational activities and functions. ‘These decisions around cybersecurity are going to impact your organization and what it does and how it does it,’ says Robert Fangmeyer, director of the Baldrige Performance Excellence Program. ‘If your cybersecurity operations and approaches aren’t integrated into your larger strategy, aren’t integrated into your workforce development efforts, aren’t integrated into the results of the things you track for your organization and overall performance, then they’re not likely to be effective.'”
This looks like it could be very useful: CyberTwitter: Using Twitter to generate alerts for Cybersecurity Threats and Vulnerabilities “In order to secure vital personal and organizational system we require timely intelligence on cybersecurity threats and vulnerabilities. Intelligence about these threats is generally available in both overt and covert sources like the National Vulnerability Database, CERT alerts, blog posts, social media, and dark web resources. Intelligence updates about cybersecurity can be viewed as temporal events that a security analyst must keep up with so as to secure a computer system. We describe CyberTwitter, a system to discover and analyze cybersecurity intelligence on Twitter and serve as a OSINT (Open–source intelligence) source.”