Crossroads Blog | Institute National Security and Counterterrorism

Congress, Cyber Legislation, Data Breaches, encryption

Cyber Round Up: Juniper VPN Code Exploit, Obama to Sign New Cybersecurity Bill, Verizon ePHI Report Watch

Secret Code Found in Juniper’s Firewalls Shows Risk of Government Backdoors (Wired):  A recent article by Kim Zetter indicates that Juniper Networks revealed that it had found “unauthorized” code embedded in the operating system (“OS”) running some of Juniper’s firewalls.  Zetter’s article states that this nefarious code dates back to at least 2012 and it appears that the code would allow a remote exploit wherein complete control of the Juniper NetScreen firewall would be possible to include the ability to decrypt traffic running through the Virtual Private Network (“VPN”).  The article further states that this code appears to be the work of a nation-state and would require the resources (namely signals intelligence (“SIGINT”)), of a nation-state in order to be able to exploit the capability to both remotely control and to decrypt traffic.  The full text of the article can be found here.

Obama to Sign Cybersecurity Bill as Privacy Advocates Fume (CNN): Tal Kopan reports that President Obama is poised to sign a new “information sharing” bill amidst heavy lobbying by the financial services sector as well as the Chamber of Commerce. A key element of this legislation is the liability protection granted to participating companies to encourage information sharing, according to the article. Meanwhile civil liberties and privacy-rights advocates are staunchly opposed to the bill citing it as an expansion of surveillance powers and a limit on consumer privacy rights, according to Kopan.  The article states that one of the biggest issues is the language which only requires companies to remove personally identifiable information (“PII”) that they “know” exists rather than previous version of the legislation which used the “reasonably believe” language. The article can be found here.

Report Watch — Verizon Study of Data Breaches (Politico): Verizon recently conducted a study of data breaches of personal health information (“ePHI”) and discovered that approximately 90 percent of industries have had such a breach.  For this report, Verizon reviewed nearly 2,000 breaches spanning the last two decades and impacting roughly 400 million records.  The full report may be found here.

rp_2015-protected-health-information-data-breach-report_en_xg

Leave a Reply

Bitnami