Patch: Langevin Presents Medals To World War II Sailor

Patch: Langevin Presents Medals To World War II Sailor

COVENTRY, RI — Cong. Jim Langevin (D-RI) on Friday presented military decorations to retired Chief Petty Officer Edmund Del Barone. The Coventry resident earned the medals over the 22 years he served in the U.S. Navy. According to Langevin’s office, “Del Barone began his service in 1940 when he attended boot camp at Naval Station Newport. The majority of his naval career was spent at sea conducting maintenance, and he was stationed on several ships, including the destroyer USS Wadleigh. Also a talented artist, Mr. Del Barone has painted emblems for naval ships and murals for several Veterans of Foreign Wars posts.”

Langevin said the medals show Del Barone’s “dedication to our nation and the principles for which it stands.”

The presentation at the Alpine Nursing Home in Coventry was also attended by Rhode Island Veterans Affairs Director Kasim Yarn, and Del Barone’s granddaughter, Kim.

The decorations presented include the Combat Action Ribbon, Presidential Unit Citation with one bronze star; Navy Good Conduct Medal (5th Award); American Defense Service Medal with Fleet Clasp; American Campaign Medal; European-African-Middle Eastern Campaign Medal with one silver star and two bronze stars; Asiatic Pacific Campaign Medal; World War II Victory Medal; National Defense Service Medal with one bronze star; and Armed Forces Expeditionary Medal – Lebanon.

Homeland Preparedness News: Moniz calls termination of Iran nuclear deal “major strategic mistake”

Homeland Preparedness News: Moniz calls termination of Iran nuclear deal “major strategic mistake”

Former U.S. Secretary of Energy Ernest Moniz called President Donald Trump’s decision to withdraw from the 2015 Iran nuclear deal on Wednesday “a major strategic mistake” that would impair U.S. ability to deter an Iranian nuclear program as well as its ability to prevent nuclear proliferation around the world.

In announcing termination of the Joint Comprehensive Plan of Action (JCPOA), Trump cited Israel’s release of “compelling details about Iran’s past secret efforts to develop nuclear weapons,” as well as insufficient inspection and verification mechanisms and a “windfall” of cash for Iran. Trump said his administration would begin immediate work to reimpose sanctions and would “assemble a broad coalition of nations to deny Iran all paths to a nuclear weapon.”

Moniz warned, however, that withdrawal from the JCPOA would compromise U.S. ability to collaborate with allies on “issues of global concern.” He also said withdrawal would diminish U.S. ability to protect U.S. interests in the Middle East “for years, if not decades, to come.”

“The Iran nuclear deal rolled back Iran’s nuclear program and imposed uniquely stringent monitoring and verification measures — the most important elements of which were permanent — to prevent the country from ever developing a bomb,” Moniz said. “The United States is now in violation of the terms of the deal without offering a credible alternative.”

U.S. Rep. Jim Langevin (D-RI), a member of the U.S. House Armed Services Committee and Homeland Security Committee, agreed that the president was “threatening U.S. national security and international stability” with his decision to terminate the 2015 nuclear agreement.

“The Iran nuclear deal provides for comprehensive monitoring by the international community, and there remains no evidence that Iran is violating its commitments,” Langevin said. “Walking away from the JCPOA abandons our allies, weakens our credibility, and harms our ability to foster similar diplomatic agreements in the future. Worse, it undermines the central goal of the agreement: to prevent Iran from obtaining a nuclear weapon. The fact is that the nuclear deal is working. Today’s announcement is a crisis of the president’s own making, and he should reconsider and rejoin the JCPOA before our national security is further damaged.”

Moniz added that international inspectors “who have been on the ground every day since the deal was concluded” have confirmed that Iran has not been able to secure highly enriched uranium and plutonium needed to make a nuclear weapon since the deal was completed.

“Remaining in the agreement was very clearly in the U.S. national interest,” Moniz concluded. “It’s hard to predict what will unfold from here, but the president has driven a deep wedge between the United States and our allies in Europe and has withdrawn from the process that would allow a comprehensive investigation of the Iran archives recently revealed by Israel.”

Patch: EG Student Wins Art Contest: Langevin’s Office

Patch: EG Student Wins Art Contest: Langevin’s Office

From The Office of Congressman Langevin: On Sunday, Congressman Langevin (D-RI) announced the results of the Second Congressional District 2018 High School Art Competition during a ceremony at the Warwick Mall. East Greenwich High School freshman and Nancy Stephen Gallery and School of Art student Sophia Patti took home the first prize for her oil painting, entitled “Finding an Old Treasure on the Cape,” and her work will be on display in the United States Capitol. Langevin has hosted the competition every year since first taking office in 2001, and 62 teenagers representing schools throughout the Second District participated this year.

“It’s no wonder Rhode Island is renowned nationally for its arts scene given the amazing talent we have in our schools,” said Langevin, who has sponsored legislation to increase the role of art and design in STEM education. “I host this competition every year because exposure to art and design principles helps students do better in a range of academic disciplines. But beyond the important role the arts play in the Rhode Island economy and in preparing students to succeed, I also believe in the power of the arts to change lives. I hope all the participants take what they’ve learned back to their communities, and I thank them and their teachers for the craftsmanship they shared with us.”

In June, Patti’s piece will be placed on display in the Cannon Tunnel, a pedestrian walkway leading to the U.S. Capitol, during a ceremony with art competition winners from around the country. Her work will replace “Dreaming of Spring,” a mixed media portrait by 2017 winner Arianna Deal.

This year’s runners up, who will have their artwork hang in Langevin’s Warwick office, are:

  • Second place: “Bedstemor” by Hallie Comer, a junior at East Greenwich High School
  • Third place (tie): “Tangled” by Zari Apodaca, a junior at Cranston High School West, and “Black Power” by Jeffrey Marchetti, a senior at Cranston High School West
Providence Journal: R.I. delegation blasts Trump over Iran deal pullout

Providence Journal: R.I. delegation blasts Trump over Iran deal pullout

By Mark Reynolds

Rhode Island’s lawmakers in the U.S. Senate and the U.S. House of Representatives on Tuesday strafed President Donald Trump’s decision to pull out of an agreement with Iran and impose sanctions on the country.

Meanwhile, some others, elsewhere in the political sphere, supported the president. U.S. Rep. David N. Cicilline was not one of them.

“This is a reckless decision,” said the member of the House Foreign Affairs Committee, who called the inspection routine set up for keeping nuclear weapons away from Iran “the most intrusive in the history of the world.”

U.S. Rep. James Langevin, a senior member of the House Armed Service and Homeland Security Committees, called Trump’s decision a threat to national security.

To walk away from the agreement negotiated under the Obama administration, said Langevin, “abandons our allies, weakens our credibility, and harms our ability to foster similar diplomatic agreements in the future. Worse, it undermines the central goal of the agreement — to prevent Iran from obtaining a nuclear weapon. The fact is that the nuclear deal is working.”

Said U.S. Sen. Jack Reed: “It is irresponsible for President Trump to abandon this international agreement and needlessly isolate the United States in the absence of an Iranian violation and without presenting a credible alternative to prevent Iran from acquiring nuclear weapons.”

Like Cicilline, U.S. Sen. Sheldon Whitehouse said the policy is “reckless.” He also called it “reflexive.”

“The President’s refusal to waive sanctions puts the United States in violation of the nuclear agreement, moves the United States away from our allies, and reopens a path for Iran to obtain the nuclear arms it seeks,” Whitehouse said.

All of Rhode Island’s elected representatives in the U.S. Senate and the U.S. House of Representatives are Democrats.

Trump’s decision won applause from a former Rhode Island Supreme Court justice, Republican Robert Flanders, who has mounted a bid to unseat Whitehouse in this year’s midterm elections.

“Now, with new economic sanctions placed on Iran, and a president who puts America’s interests first, the United States will be able to negotiate a better, more enforceable agreement to protect the world’s safety,” Flanders said.

Another Republican candidate for the U.S. Senate, Bobby Nardolillo, said that Trump will “impose the strongest unilateral sanctions available on Iran” within six months.

He said he anticipates that the Iranians will exchange “their traditional chant of ‘Death to America’ for one much closer to ‘Let’s Make a Deal!

“When that happens,” he said. “I hope the president gets some credit for real leadership on the world stage.”

The preexisting agreement with Iran has also drawn fire in recent days from the Rhode Island Coalition for Israel. The group of Jewish and Christian residents says Iranian documents, obtained by Israel, undermine the deal.

“The administration,” said the coalition in a May 4 statement, “has hard choices to make about keeping nuclear weapons out of Iran’s hands and pushing back on Iran’s destabilizing behavior, especially in the Middle East.”

Westerly Sun: After yearslong study, region’s rivers are closer to ‘Wild and Scenic’ designation

Westerly Sun: After yearslong study, region’s rivers are closer to ‘Wild and Scenic’ designation

Photo By Harold Hanka, The Westerly Sun
Sun staff writer

EXETER — After three years of work spanning two states and involving scores of officials and volunteers, the Wood-Pawcatuck Wild and Scenic Rivers Study has been completed and is now headed first to the towns for their approval and, ultimately, to the United States Congress.

The announcement Monday, at the Wood River canoe and kayak access in the Arcadia Management Area in Exeter, was made by study coordinator Denise Poyer of the Wood-Pawcatuck Watershed Association.

“We did it!” Poyer told the assembled guests, who clapped and cheered. “We documented that the seven rivers in the Wood-Pawcatuck watershed have outstandingly remarkable values that absolutely qualify for them for the national Wild and Scenic River system, and we developed a stewardship plan that will help protect these rivers for future generations.”

The 300-square-mile watershed is the sole-source drinking-water aquifer for thousands of people in southern Rhode Island and Connecticut.  The rivers under consideration for the Wild and Scenic designation are the Beaver, Chipuxet, Green Fall-Ashaway, Queen-Usquepaugh, Pawcatuck, Shunock, and Wood rivers.

Members of the Rhode Island and Connecticut Congressional delegations sponsored the Wood-Pawcatuck Watershed Protection Act in 2014, which paved the way for the formation of a study committee to document the special qualities of the rivers and determine how best to protect them.

U.S. Sen. Jack Reed, D-R.I., who has been credited with ensuring the passage of the Wood-Pawcatuck Watershed Protection Act by attaching it to a Defense Authorization Bill, said the designation of the watershed would be a fitting tribute to the national Wild and Scenic Rivers system, which will mark its 50th anniversary in October.

“We’re celebrating 50 years,” Reed said. “We have 12,000 miles of scenic river. We can use a few more and they can be located right here in Rhode Island.”

Recalling happy times spent on the Wood River with his children, U.S. Sen. Sheldon Whitehouse, D-R.I., said he was ready to do what he could to make sure the designation is passed.

“These steps that you have all taken will power us up and enable us to take the final step that will see to it that these rivers are protected for generations and generations,” he said.

U.S. Rep. James Langevin said it was time to add the Wood-Pawcatuck watershed to the federal system.

“There are some 208 rivers that have been given this (number) designation in 40 states, and I certainly look forward to seeing the Wood-Pawcatuck being designated 209,” he said.

Also present for the announcement was U.S. Rep. David Cicilline, D-R.I.

“We are really privileged to live in a state that has a citizenry that really understands our environmental responsibilities and what our waterways mean to our ecosystem and our quality of life,” he said.

U.S. Senators Richard Blumenthal and Chris Murphy and Congressman Joe Courtney, all Democrats from Connecticut, were the other co-sponsors of the Wood-Pawcatuck Watershed Protection Act.

Reading a written statement from Courtney was Emma King, deputy director of Conecticut’s Second Congressional District.

“I am proud to lend my continued support to this multi-state partnership to conserve and celebrate this ecological treasure in our own back yards,” Courtney wrote.

Eight Rhode Island towns and four in Connecticut took part in the Wild and Scenic study. Assisted by the National Park Service, the study committee included town-appointed representatives from Westerly, Charlestown, Hopkinton, Richmond, Exeter, North Kingstown, South Kingstown, and West Greenwich. Connecticut representatives were from the towns of North Stonington, Sterling, Stonington, and Voluntown.

Several state agencies and environmental-advocacy organizations also participated in the study: the Rhode Island Department of Environmental Management, the Connecticut Department of Energy and Environmental Protection, the Wood-Pawcatuck Watershed Association, Save the Bay, The Nature Conservancy, and the Audubon Society of Rhode Island.

Eric Thomas of the Connecticut Department of Energy and Environmental Protection said the two states had collaborated effectively on the study.

“It was natural for us to not only work at the agency levels, but work at the community level for the four communities in Connecticut, matching up with the Rhode Island communities to look at our shared resource within the watershed,” he said. “The study has really brought us all together for a number of years now, and today’s outcome is just another step in the whole process.

Representing the Town of Westerly was town council member Jean Gagnier, who did not serve on the study committee.

“We’ve got a a great representative, Jon Ericson, and we have Joe MacAndrew, who’s been appointed by the Town Council to serve on the committee,” he said.

(Harrison Gatch also represented Westerly on the committee as a council appointee.)

Jamie Fosburgh of the National Park Service’s Boston office said once the watershed receives a Wild and Scenic designation, its status at the federal level will undergo a significant change.

“The first thing is establishing the national priority for all federal agencies, so that becomes the policy of the United States, to recognize these values as of national significance,” he explained. “Directly, the Park Service, through Congressional appropriations, supports the stewardship committee that will be formed after designation to implement the stewardship plan.”

Study Committee Chairman and Hopkinton Planning Clerk Sean Henry said the study will now go back to the towns for approval.

“It’s collaborative with all the local towns,” he said. “Everyone on the committee was appointed by their town councils. We’re going to be going back to the towns when we have the stewardship plan ready, and hopefully, they’re going to approve it.”

Standard Times: Langevin addresses senior population and cyber security in South County

Standard Times: Langevin addresses senior population and cyber security in South County

Congressman Jim Langevin (D-RI), co-founder and co-chair of the Congressional Cybersecurity Caucus, hosted an educational cybersecurity awareness forum with the Rhode Island State Police Computer Crimes Unit, the State Cybersecurity Officer, the Rhode Island American Association of Retired Persons (AARP), and local officials to provide attendees with steps for staying safe online.

The forum, which took place Monday at the South County Nursing and Rehabilitation Center, started off with Langevin explaining what exactly cybersecurity was, describing it as an effort to protect an individual against both foreign and domestic “bad actors” working online.

“Cybersecurity is the national security and economic security challenge of the 21st century and will be here for quite some time.  Cybersecurity isn’t only about foreign hackers or foreign individuals involved in the security,” Langevin said.

While Langevin went on to say that, while Russian interference in the 2016 elections was a topic of concern to remain vigilant about, the topic of cybersecurity goes beyond “nation state attacks on foreigners.”

“It runs the gamut from domestic individuals that run a criminal enterprise or just hackers in general that may try to prey on us, all bad actors,” Langevin said.  “Each of us can take steps in order to protect ourselves while we’re online.”

“There’s a number of stuff that you can do, such as strong passwords, changing passwords on a regular basis, making sure that you’re downloading the security patches,” he continued.

Security patches are general ways of protecting information by updating systems, such as upgrading to the latest version of Windows and updating security systems.

Following his introduction, the congressman invited the three guest speakers to come up one at a time. The speakers were RI cybersecurity officer Mike Steinmetz, RI AARP representative Daniel Liparini, and RI State Police computer crimes unit captain John Alfred.

Steinmetz started off by comparing cybersecurity to everyday protections, such as locking your car, and proceeded to describe a scenario where somebody leaves their car running in the Dunkin’ Donuts parking lot while grabbing a coffee, and how vulnerable that person would be to theft.

“Today, as the congressman mentioned about passwords and patching and backups, I want you to remember that analogy because if you’re not changing your passwords, if you’re not patching your system, your car is outside of Dunkin’ Donuts with the doors open, the keys in it, and the engine running,” he added.

Steinmetz then went on to explain the importance of creating an appropriate passing, and when he asked how many thought passwords were hard to remember, nearly every person in attendance raised their hand.

“Pick something that you like or something that you kind of remember.  Easy things like ‘purple,’ ‘clown,’ or ‘church,’” he said.  “Everybody will remember that, and then you just add in a couple of letters in between, or special characters in between, word or a capital letter in there, or a numeral somewhere.”

Speaking as the AARP representative, Liparini also described the importance of cybersecurity, specifically for senior citizens, and the dangers posed by hacking and phishing– the use of scams to gain access to a user’s sensitive information by appearing legitimate, whether it be passwords, security information, or date of birth.

“Most AARP members grew up in a time where we were playing with tinker toys, then we graduated to Monopoly.  We didn’t carry around devices that use more computing power than NASA used to send the first man on the moon,” he said. “So we’re subject to hacking and phishing, we really have never been trained how to cope with that.”

Phishing scams include IRS, medicare, technical support, lottery, veteran scam, and romance scams.

While Steinmetz and Liparini described the technical aspects of cybersecurity, Alfred said he was there to talk about the “human side of things,” such as how phishing and “social engineering” play a part in the theft of user’s private information.

Alfred defined social engineering as leveraging and manipulating “human nature” to gain access to private information.

“I’m going to find a way or find something that you know about, and try to entice you by using what you know or what you like,” Alfred said, from the perspective of the social engineer.  “We’re all targets, whether you know it or not.  You have some type of information that they can a little bit of that information and pull it from you.  There’s something called the dark web where they’re able to sell this information.”

Wrapping up, Alfred’s central message to residents in attendance was to be more skeptical of what they come across online.

“Don’t be too trusting, be skeptical of any emails or phone numbers you don’t recognize, and don’t click hyperlinks. If it’s too good to be true, it’s too good to be true,” he said.

Transportation Today: House advances legislation to protect expiring FAA programs

Transportation Today: House advances legislation to protect expiring FAA programs

BY CHRIS GALFORD

By an overwhelming majority, the U.S. House voted this week in favor of keeping Federal Aviation Administration (FAA) programs at risk of expiration in September.

The FAA Reauthorization Act of 2018, or HR 4, is heavily focused on consumer protections and does much more than simply maintain the status quo. Rather, it sets a minimum size for aircraft seats, prohibits passengers from being removed once seated, demands airline transparency over compensation policies for unforeseen events like delays, lost luggage and overbooking, and establishes what is essentially a bill of rights for passengers with disabilities. It also, thanks to an amendment from U.S. Rep. Jim Langevin (D-RI), requires a review of airport and airline personnel training, if they are the ones assisting those with disabilities.

“I am proud that this bill makes substantial progress in expanding the rights of all Americans to travel with dignity,” Langevin said. “As someone who knows firsthand the challenges of flying with a disability, it is important that we have a modern framework to prevent discrimination. Air carriers have made substantial progress since the 1980s, but with over 30,000 complaints still being filed annually, we have a ways to go before we can achieve the goal of truly equal access to the skies.

Along with the new additions, the bill reauthorizes FAA programs to continue for another five years. It flat funds the Airport Improvement Program and requests better integration of drones into the U.S. airspace. Notably, it also drops a much-debated effort to privatize the air traffic control system.

“Rhode Islanders have seen the benefits of expanding service at TF Green Airport, and funding from the FAA has been an important part of our improvement projects,” Langevin said. “I also hope the Senate will take a more robust view toward drone regulation by including the bill Senator Whitehouse and I introduced to provide clear criminal penalties for recklessly operating drones in a way that endangers safety.”

The bill now heads to the full Senate floor for further consideration.

Gant News: Thompson, Langevin Introduce Bill to Modernize National FFA Organization’s Charter

Gant News: Thompson, Langevin Introduce Bill to Modernize National FFA Organization’s Charter

By Gant Team

WASHINGTON – U.S. Reps. Glenn ‘GT’ Thompson (R-PA) and Jim Langevin (D-RI) have introduced a bill to modernize the charter of the National FFA Organization (formerly Future Farmers of America) to better reflect agriculture education in the 21st Century.

H.R. 5595, the National FFA Organization’s Charter Amendments Act, makes updates to allow the National FFA to be a self-governing organization while maintaining its long-held relationship with the U.S. Department of Education.

As the charter currently reads, the Department of Education holds the majority of the seats on the National FFA’s Board of Directors.

“FFA is the cornerstone of our rural communities throughout the nation,” Thompson said.

“In its 90-year history, the FFA has been a leader in preparing American youth for careers in the agriculture industry. This bipartisan bill will modernize the charter to ensure FFA can take control of its own organization and it can continue to inspire generations of young agriculture leaders.

“I thank my friend Rep. Langevin for his leadership on this issue and look forward to moving the bill through the legislative process.”

“FFA plays a critical role in agricultural education and workforce development in Rhode Island and across the country by allowing young people to explore exciting careers,” Langevin said.

“I’m proud to work with my fellow Career and Technical Education Caucus co-chair, Congressman Thompson, on this bill to modernize FFA’s charter, providing it with the autonomy to be innovative and an increased focus on comprehensive CTE.

“With a new charter, FFA will better fulfill its mission of developing leadership and achievement in American agricultural education.”

“About 100 organizations have federal charters, but FFA is the only one where the government has a majority of seats on the board,” said U.S. Rep. David Young (R-IA), who is an original cosponsor of the bill.

“This bill will allow the FFA to self-govern and continue the important work of educating and empowering our young people to be successful in agriculture.”

“The amendments set the stage for FFA in the 21st century and allows us to bring FFA and our operations into the future,” said Mark Poeschl, chief executive officer of National FFA.

“The one thing that has not changed is our commitment to the relevance that FFA and agricultural education continue to have in our nation’s education system. With its three integral components – classroom/laboratory instruction, supervised agricultural experiences and FFA – the agricultural education model continues to push students toward a thriving future thanks to the relevant skills learned and experience obtained. These amendments will strengthen our commitment.”

About FFA Charter

FFA was founded in 1928. Congress recognized the importance of FFA as an integrate part of vocational agriculture and in 1950 granted the organization a federal charter.

The charter also provides federal authority to create an inter-agency working agreement between the Department of Education and the Department of Agriculture that’s focused on strengthening the FFA and school-based agriculture education.

The role of education in securing a skilled, sustainable workforce in agriculture is underscored through the required involvement of the U.S. Department of Education on the National FFA Board of Directors.

Putting it in Perspective

Only about 100 organizations have charters with federal agencies.  Only six organizations require their respective government agency to select one member for the board of directors.

FFA is the only organization that requires a majority of its board of directors be chosen by its partner government agency.

About H.R. 5595

The legislation introduced by Thompson and Langevin seeks to modernize the National FFA Organization’s relationship with the Department of Education to reflect agriculture education in the 21st Century.

FFA will continue to work closely with the Department of Education as well as USDA to fulfill its mission to better match the innovative and hands-on approaches that many agriculture educators are implementing across the country.

Bank Info Security: SEC Fines Yahoo $35 Million Over 2014 Breach

Bank Info Security: SEC Fines Yahoo $35 Million Over 2014 Breach

Photo By Scott Schiller

Written By Jeremy Kirk

The U.S. Securities and Exchange Commission says Yahoo has agreed to a $35 million civil fine to settle accusations that it failed to promptly notify investors about a December 2014 data breach.

The enforcement action puts public companies on notice that the SEC doesn’t look kindly upon efforts to conceal or downplay data breaches.

Yahoo, which has renamed itself Altaba, has neither admitted nor denied the allegations – as is typical in such enforcement actions, the SEC says.

But the SEC says that despite Yahoo learning within days of a December 2014 breach that it had been attacked by Russian hackers, the search giant waited nearly two years to disclose the breach to investors. The regulator’s probe into Yahoo’s breach notification speed reportedly launched in December 2016 (see SEC Reportedly Probing Yahoo’s Breach Notification Speed).

“Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”
—Jina Choi, director of SEC’s San Francisco office

“Yahoo’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach,” says Jina Choi, director of the SEC’s San Francisco regional office. “Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

Altaba couldn’t be immediately reached for comment.

The SEC’s enforcement action has been praised by some lawmakers. “Investors have a right to know whether companies are taking cybersecurity seriously,” says Rep. Jim Langevin, D-R.I. “[The] announcement of a $35 million fine in response to Yahoo’s failure to disclose its massive 2014 data breach is a long overdue first step toward providing real protections for investors. I agree that we should ‘not second-guess good faith exercises of judgment’ by executives, but the bias should be toward disclosing a breach, not burying it.”

Troy Hunt, an Australian data breach expert who runs the Have I Been Pwned breach notification service, says that the $35 million fine will “surely cause organizations to think a bit more” about data security.

Many organizations publicly say that security is a top priority, but that often is not necessarily reflected in their IT spending, Hunt says. “There seems to be a degree of lip service [to security],” he says.

‘Crown Jewels’ Stolen

Yahoo disclosed the 2014 breach in September 2016 as it was negotiating its sale to Verizon. Due to the severity of the breach, Verizon closed its acquisition of Yahoo in June 2017 for $4.48 billion, around $350 million lower than the initial asking price.

Under the terms of the acquisition, Yahoo must pay half of all costs related to government investigations and third-party litigation. Yahoo did not carry cybersecurity insurance.

The December 2014 breach affected 500 million users. The SEC’s order says the stolen data included Yahoo’s “crown jewels,” including email addresses, user names, phone numbers, birthdates, hashed passwords as well as unencrypted security questions and answers.

“The bias should be toward disclosing a breach, not burying it.”
Rep. Jim Langevin

Following the breach, Yahoo filed regular SEC reports in which it only outlined the risks of a data breach without disclosing that it had been attacked. The SEC alleged that Yahoo did not share information about the breach with outside auditors or counsel “in order to assess the company’s disclosure obligations in its public filings.”

The SEC adds: “Although information relating to the breach was reported to members of Yahoo’s senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors.”

Repeatedly Breached

Yahoo has a complicated breach disclosure history. After Yahoo disclosed the 500 million breached accounts in September 2016, it revised that tally in December 2016 to 1 billion accounts. It also said at that time attackers had forged cookies, allowing them to directly access some accounts.

In March 2017, four men, including two Russian FSB agents, were indicted on charges related to intrusions into Yahoo, Google and other webmail providers (see Russian Spies, Two Others, Indicted in Yahoo Hack).

Former Yahoo CEO Marissa Mayer told a Congressional committee in November 2017 that it was tough for any corporation to defend against nation-state attackers. She testified that Russian intelligence officers and state-sponsored hackers were responsible for sophisticated attacks on the company’s systems (see Former Yahoo CEO: Stronger Defense Couldn’t Stop Breaches).

“Even robust defenses … aren’t sufficient to protect against the state-sponsored attack, especially when they’re extremely sophisticated and persistent,” Mayer testified.

Just a month prior to Mayer’s testimony, Yahoo disclosed that a 2013 breach compromised virtually its entire user base, encompassing some 3 billion accounts (see Yahoo: 3 Billion Accounts Breached in 2013).

A class-action lawsuit against Yahoo is still winding its way through federal court in San Jose, California. Similar to the SEC’s allegations, the plaintiffs allege Yahoo waited too long to disclose breaches. Some of the plaintiffs allege the Yahoo breaches resulted in fraudulent charges on their cards and spam in their accounts (see Federal Judge: Yahoo Breach Victims Can Sue).

One of the four men who was charged, Alexsey Belan, has been accused of using his access to Yahoo to search for credit and gift card numbers. He has also been accused of using Yahoo account information to facilitate spam campaigns.

Executive Editor Mathew Schwartz also contributed to this report.

Federal Times: NIST publishes update to its cyber framework

Federal Times: NIST publishes update to its cyber framework

The new version 1.1 of the Cybersecurity Framework, which was developed through public feedback collected in 2016 and 2017, includes updates to authentication and identity, self-assessing cyber risk, managing cybersecurity within the supply chain and vulnerability disclosure.

“This update refines, clarifies and enhances version 1.0,” said Matt Barrett, program manager for the Cybersecurity Framework. “It is still flexible to meet an individual organization’s business or mission needs, and applies to a wide range of technology environments such as information technology, industrial control systems and the internet of things.”

NIST also plans to release an updated Roadmap for Improving Critical Infrastructure Cybersecurity later this year as a companion to the framework.

The NIST Cybersecurity Framework has featured heavily in recent government IT and cybersecurity initiatives, and received a callout in the White House IT Modernization report released in December 2017.

In a news release, Rep. Jim Langevin, D-R.I., applauded the update for keeping the framework relevant in the face of a changing cyber landscape:

“In the four years since its release, countless organizations have used the NIST Cybersecurity Framework to voluntarily assess their cybersecurity risk posture, identify gaps, and prioritize security best practices. As demonstrated by the Russian government’s targeting of our election systems, however, the cybersecurity threats to our critical infrastructure continue to evolve. Today’s release marks an important evolution of the Framework that will ensure it remains relevant as risk management practices change to keep pace with the threat.”

Langevin added that, while the framework now has many positive additions, the update process did miss out on an opportunity to offer more concrete guidance on ways to quantify risk.

Industry, too, offered support for the new changes.

“There’s a lot to like in the new Framework, but one area where they made big strides is on supply chain risk management,” said David Damato, chief security officer at Tanium.

“2017 was the year of the supply chain attack, with attacks from NotPetya to CCleaner originating with a breach of a company’s third-party partner. The increasing attention NIST is bringing to this issue, and the standardized language they offer, will go a long way in helping organizations better understand the risks associated throughout their supply chain.”

NIST plans to host a webcast on the updated framework April 27, 2018, and the framework will also feature heavily at the agency’s Cybersecurity Risk Management Conference in November 2018.