Blogs

Weekly WHAT: Data and Privacy Version (+FirstNet hearing)

By Yejin Jang posted Feb 02,2016 12:05 PM

  

Weekly WHAT: Data and Privacy Version (+FirstNet hearing) 

Congressional members pissed at Juniper Networks for security failures spanning 3 years

Mid-December 2015, Juniper Networks announced a security vulnerability in their firewall technology and released a patch a few days later. The vulnerability to Juniper’s ScreenOS is characterized as an unauthorized backdoor code that could allow spying on VPNs. Some report that this backdoor code has been in place for 3 years.

In response, House Oversight and Government Reform Committee sent letters to 24 departments and agencies asking about their exposure to the software vulnerability. The probe will include an examination of whether the software was altered at the request of the National Security Agency.

Subcommittee on Information Technology Chairman Rep. Will Hurd (R-Texas), joined by a bipartisan set of colleagues, also submitted a letter to the U.S. Department of Commerce Secretary Penny Pritzker seeking further information and documentation on the impact of the vulnerability; a response is requested by February 4. The federal government has spent more than $12 million on Junipers products since 2012.

FTC and IRS tackling identity and tax fraud  

On Thursday (1/28), the Federal Trade Commission (FTC) unveiled www.IdentityTheft.gov – a one-stop website that guides victims of identity theft and data breach to recovery. Through the website, consumers can immediately file a complaint with the FTC when an identity theft occurs.  The newly unveiled site also gives consumers the ability to notify multiple stakeholders like credit bureaus, the police, and the IRS. After lodging an official complaint, consumers will be guided through steps to recovery. A Spanish version is also available at: www.Robodeldentidad.gov.  Click here to view FTC’s video on how the website works.

The FTC’s announcement follows the public release of the Treasury Inspector General for Tax Administration’s (TIGTA) report on the deficiencies of the Return Review Program (RRP) employed by the Internal Revenue Service (IRS) to identify fraudulent tax returns.  In 2014, the IRS reported that it rejected 1.8 million fraudulent returns worth $10.8 billion in refunds.

The IG report indicates that while the RRP found fraudulent returns that previous systems failed to detect, it missed other fraudulent refunds totaling $313 million. The RRP has been in development since 2009 and is intended to replace the Electronic Fraud Detection System.

House Energy and Commerce Committee holds hearing on FirstNet progress

Today (2/2), the House Energy and Commerce Committee is holding a hearing on FirstNet’s progress.  David Furth, Deputy Chief, Public Safety and Homeland Security Bureau, Federal Communications Commission (FCC) and TJ Kennedy, President, First Responder Network Authority (FirstNet) are testifying before the committee; both will note the significant progress FirstNet has made since its inception.

The hearing started with Chairman Greg Walden (R-Ore.) praising Chairman Sue Swenson for the timely release of the RFP. Chairman Walden also highlighted several concerns including FirstNet’s “single contract” approach – an approach the chairman sees as similar to the “failed approach of the FCC’s 2007 700 MHZ D block auction” where the wireless industry was asked to provide capital for a public safety network in exchange for the spectrum license; ultimately, the wireless industry declined.

Communications and Technology Subcommittee Ranking Member Rep. Anna Eshoo (D-Calif.) noted the importance of NG911 and urged its discussion as FirstNet moves forward. FirstNet President TJ Kennedy responded that FirstNet is in contact with 911 centers and have been encouraging those organizations to share information with FirstNet. Rep. Eshoo also encouraged discussion of cybersecurity and noted that it must be a core focus for FirstNet. Rep. Blackburn (R-Tenn.) questioned the state opt-out process and asked whether the FCC was intentionally delaying the release of rules (regarding review of a state’s alternative plan) to discourage states from opting out.

During the hearing, Chairman Walden also asked several detailed questions including rural milestones and how those milestones would be reached. FirstNet President TJ Kennedy responded that rural milestones would be met at each phase of the deployment; noting that by phase 3, 80 percent of rural milestones would be reached.

Click here to view the hearing and witness statements.

ISAO standards organization meets again, discusses key topics

On January 21, the Information Sharing and Analysis Organization (ISAO) Standards Organization met again in Virginia where leadership from each of the six working groups were introduced and key topics for the groups were identified and discussed. The six working groups are: ISAO Creation, ISAO capabilities, Information Sharing, Privacy and Security, ISAO Support, and Government Relations.

The ISAO Standards Organization seeks to “identify a common set of voluntary standards for the creation and functioning of ISAOs.”  Interested parties who wish to join a working group, can do so via application here. The next meeting will be on February 9, 2016 at the University of Texas at San Antonio.

Tech Bytes

U.S. Dept. of Commerce’s Data Usability Project Underway; Targets Novice/Student Audience

10 Cybersecurity Issues to Expect in 2016: Micro-Segmentation, Rogue Intelligence Officers and More

5 Reasons to hire a Chief Privacy Officer

2016 State of the State Addresses: Does Technology Matter?

Can government Hiring Get Out of the Stone Age?

Breaking: EU-US Data Transfer Agreement Reached  

0 comments
101 views

Permalink