Hello. U.S. legislation to set minimum cybersecurity requirements for internet-connected devices used by the federal government could end up becoming a standard for the private sector, WSJ Pro’s James Rundle reports. Although it is unclear how soon the U.S. Senate will take up the proposal, worries persist about the security of the Internet of Things.
Also today: Hospital chain
Universal Health Services
continues recovery effort after weekend cyberattack; judge dismisses suit against Google over children’s data privacy;
revises patch instructions for critical security flaw; and
fined for privacy violations in Spain.
Internet of Things
Federal security rules for Internet of Things could provide blueprint for private sector. Worries about a lack of security for these technologies persist because many weren’t built to allow the same patching and maintenance rigor as other systems connected to the internet. That leaves an opening for hackers.
Private-sector companies are likely to adopt cybersecurity legislation recently passed by the House of Representatives as a standard, given the sheer range of technologies the bill covers, said Brad Ree, chief technology officer at the IOXT Alliance, an association of IoT manufacturers, retailers and network operators.
IoT manufacturers and suppliers are backing the bill in part because they want to avoid a patchwork of laws in 50 states, similar to what happened with privacy legislation. California and Oregon already have passed their own IoT security bills, while a number of other states have considered similar measures, which differ in their level of detail.
Read the full story.
Real Life. Real News. Real Voices
Help us tell more of the stories that matterBecome a founding member
Number of health-care facilities without access to digital systems for medical records, laboratories and pharmacies on Sunday at Universal Health Services, The Wall Street Journal reports. The hospital chain disabled the systems after malicious software crippled its computers and led it to cancel some surgeries and divert some ambulances.
More Cyber News
Judge dismisses New Mexico lawsuit against Google over children’s data privacy. U.S. District Judge Nancy D. Freudenthal ruled the internet company didn’t violate the Children’s Online Privacy Protection Act in relying on schools to review or limit what data its education platform collects and uses on behalf of students’ parents. The suit alleged Google knowingly spied on students and their families through its suite of cloud-based products for schools, WSJ reports.
Opting out: Although the state argued Google buried the option in its settings for students and parents to opt out of allowing the company to read their data, “there is no requirement that the notice be written in terms understandable by a child under the age of 13,” the judge wrote in her ruling. Guidance from the Federal Trade Commission also says schools can be intermediaries for parental notice and consent. “We strongly disagree with the Court’s ruling and will continue to litigate to protect child privacy rights,” said New Mexico Attorney General
in a statement.
Microsoft revises patch instruction for Windows Zerologon fix. New guidance includes specific steps organizations should take to repair the security flaw that affects Windows servers, Bleeping Computer reports. Microsoft released the patch in August and then revised its instructions after administrators were confused about how to apply it. The so-called Zerologon exploit could let hackers create administrator credentials and take control of devices.
U.S. likely exceeded authority in TikTok ban, judge says (WSJ)
Vodafone España fined about $70,000 for data-privacy violations in Spain. (Spanish Agency for Data Protection)
Subscribe to the newsletter news
We hate SPAM and promise to keep your email address safe