Patch: EG Student Wins Art Contest: Langevin’s Office

Patch: EG Student Wins Art Contest: Langevin’s Office

From The Office of Congressman Langevin: On Sunday, Congressman Langevin (D-RI) announced the results of the Second Congressional District 2018 High School Art Competition during a ceremony at the Warwick Mall. East Greenwich High School freshman and Nancy Stephen Gallery and School of Art student Sophia Patti took home the first prize for her oil painting, entitled “Finding an Old Treasure on the Cape,” and her work will be on display in the United States Capitol. Langevin has hosted the competition every year since first taking office in 2001, and 62 teenagers representing schools throughout the Second District participated this year.

“It’s no wonder Rhode Island is renowned nationally for its arts scene given the amazing talent we have in our schools,” said Langevin, who has sponsored legislation to increase the role of art and design in STEM education. “I host this competition every year because exposure to art and design principles helps students do better in a range of academic disciplines. But beyond the important role the arts play in the Rhode Island economy and in preparing students to succeed, I also believe in the power of the arts to change lives. I hope all the participants take what they’ve learned back to their communities, and I thank them and their teachers for the craftsmanship they shared with us.”

In June, Patti’s piece will be placed on display in the Cannon Tunnel, a pedestrian walkway leading to the U.S. Capitol, during a ceremony with art competition winners from around the country. Her work will replace “Dreaming of Spring,” a mixed media portrait by 2017 winner Arianna Deal.

This year’s runners up, who will have their artwork hang in Langevin’s Warwick office, are:

  • Second place: “Bedstemor” by Hallie Comer, a junior at East Greenwich High School
  • Third place (tie): “Tangled” by Zari Apodaca, a junior at Cranston High School West, and “Black Power” by Jeffrey Marchetti, a senior at Cranston High School West
Providence Journal: R.I. delegation blasts Trump over Iran deal pullout

Providence Journal: R.I. delegation blasts Trump over Iran deal pullout

By Mark Reynolds

Rhode Island’s lawmakers in the U.S. Senate and the U.S. House of Representatives on Tuesday strafed President Donald Trump’s decision to pull out of an agreement with Iran and impose sanctions on the country.

Meanwhile, some others, elsewhere in the political sphere, supported the president. U.S. Rep. David N. Cicilline was not one of them.

“This is a reckless decision,” said the member of the House Foreign Affairs Committee, who called the inspection routine set up for keeping nuclear weapons away from Iran “the most intrusive in the history of the world.”

U.S. Rep. James Langevin, a senior member of the House Armed Service and Homeland Security Committees, called Trump’s decision a threat to national security.

To walk away from the agreement negotiated under the Obama administration, said Langevin, “abandons our allies, weakens our credibility, and harms our ability to foster similar diplomatic agreements in the future. Worse, it undermines the central goal of the agreement — to prevent Iran from obtaining a nuclear weapon. The fact is that the nuclear deal is working.”

Said U.S. Sen. Jack Reed: “It is irresponsible for President Trump to abandon this international agreement and needlessly isolate the United States in the absence of an Iranian violation and without presenting a credible alternative to prevent Iran from acquiring nuclear weapons.”

Like Cicilline, U.S. Sen. Sheldon Whitehouse said the policy is “reckless.” He also called it “reflexive.”

“The President’s refusal to waive sanctions puts the United States in violation of the nuclear agreement, moves the United States away from our allies, and reopens a path for Iran to obtain the nuclear arms it seeks,” Whitehouse said.

All of Rhode Island’s elected representatives in the U.S. Senate and the U.S. House of Representatives are Democrats.

Trump’s decision won applause from a former Rhode Island Supreme Court justice, Republican Robert Flanders, who has mounted a bid to unseat Whitehouse in this year’s midterm elections.

“Now, with new economic sanctions placed on Iran, and a president who puts America’s interests first, the United States will be able to negotiate a better, more enforceable agreement to protect the world’s safety,” Flanders said.

Another Republican candidate for the U.S. Senate, Bobby Nardolillo, said that Trump will “impose the strongest unilateral sanctions available on Iran” within six months.

He said he anticipates that the Iranians will exchange “their traditional chant of ‘Death to America’ for one much closer to ‘Let’s Make a Deal!

“When that happens,” he said. “I hope the president gets some credit for real leadership on the world stage.”

The preexisting agreement with Iran has also drawn fire in recent days from the Rhode Island Coalition for Israel. The group of Jewish and Christian residents says Iranian documents, obtained by Israel, undermine the deal.

“The administration,” said the coalition in a May 4 statement, “has hard choices to make about keeping nuclear weapons out of Iran’s hands and pushing back on Iran’s destabilizing behavior, especially in the Middle East.”

Westerly Sun: After yearslong study, region’s rivers are closer to ‘Wild and Scenic’ designation

Westerly Sun: After yearslong study, region’s rivers are closer to ‘Wild and Scenic’ designation

Photo By Harold Hanka, The Westerly Sun
Written By Cynthia Drummond, Sun staff writer

EXETER — After three years of work spanning two states and involving scores of officials and volunteers, the Wood-Pawcatuck Wild and Scenic Rivers Study has been completed and is now headed first to the towns for their approval and, ultimately, to the United States Congress.

The announcement Monday, at the Wood River canoe and kayak access in the Arcadia Management Area in Exeter, was made by study coordinator Denise Poyer of the Wood-Pawcatuck Watershed Association.

“We did it!” Poyer told the assembled guests, who clapped and cheered. “We documented that the seven rivers in the Wood-Pawcatuck watershed have outstandingly remarkable values that absolutely qualify for them for the national Wild and Scenic River system, and we developed a stewardship plan that will help protect these rivers for future generations.”

The 300-square-mile watershed is the sole-source drinking-water aquifer for thousands of people in southern Rhode Island and Connecticut.  The rivers under consideration for the Wild and Scenic designation are the Beaver, Chipuxet, Green Fall-Ashaway, Queen-Usquepaugh, Pawcatuck, Shunock, and Wood rivers.

Members of the Rhode Island and Connecticut Congressional delegations sponsored the Wood-Pawcatuck Watershed Protection Act in 2014, which paved the way for the formation of a study committee to document the special qualities of the rivers and determine how best to protect them.

U.S. Sen. Jack Reed, D-R.I., who has been credited with ensuring the passage of the Wood-Pawcatuck Watershed Protection Act by attaching it to a Defense Authorization Bill, said the designation of the watershed would be a fitting tribute to the national Wild and Scenic Rivers system, which will mark its 50th anniversary in October.

“We’re celebrating 50 years,” Reed said. “We have 12,000 miles of scenic river. We can use a few more and they can be located right here in Rhode Island.”

Recalling happy times spent on the Wood River with his children, U.S. Sen. Sheldon Whitehouse, D-R.I., said he was ready to do what he could to make sure the designation is passed.

“These steps that you have all taken will power us up and enable us to take the final step that will see to it that these rivers are protected for generations and generations,” he said.

U.S. Rep. James Langevin said it was time to add the Wood-Pawcatuck watershed to the federal system.

“There are some 208 rivers that have been given this (number) designation in 40 states, and I certainly look forward to seeing the Wood-Pawcatuck being designated 209,” he said.

Also present for the announcement was U.S. Rep. David Cicilline, D-R.I.

“We are really privileged to live in a state that has a citizenry that really understands our environmental responsibilities and what our waterways mean to our ecosystem and our quality of life,” he said.

U.S. Senators Richard Blumenthal and Chris Murphy and Congressman Joe Courtney, all Democrats from Connecticut, were the other co-sponsors of the Wood-Pawcatuck Watershed Protection Act.

Reading a written statement from Courtney was Emma King, deputy director of Conecticut’s Second Congressional District.

“I am proud to lend my continued support to this multi-state partnership to conserve and celebrate this ecological treasure in our own back yards,” Courtney wrote.

Eight Rhode Island towns and four in Connecticut took part in the Wild and Scenic study. Assisted by the National Park Service, the study committee included town-appointed representatives from Westerly, Charlestown, Hopkinton, Richmond, Exeter, North Kingstown, South Kingstown, and West Greenwich. Connecticut representatives were from the towns of North Stonington, Sterling, Stonington, and Voluntown.

Several state agencies and environmental-advocacy organizations also participated in the study: the Rhode Island Department of Environmental Management, the Connecticut Department of Energy and Environmental Protection, the Wood-Pawcatuck Watershed Association, Save the Bay, The Nature Conservancy, and the Audubon Society of Rhode Island.

Eric Thomas of the Connecticut Department of Energy and Environmental Protection said the two states had collaborated effectively on the study.

“It was natural for us to not only work at the agency levels, but work at the community level for the four communities in Connecticut, matching up with the Rhode Island communities to look at our shared resource within the watershed,” he said. “The study has really brought us all together for a number of years now, and today’s outcome is just another step in the whole process.

Representing the Town of Westerly was town council member Jean Gagnier, who did not serve on the study committee.

“We’ve got a a great representative, Jon Ericson, and we have Joe MacAndrew, who’s been appointed by the Town Council to serve on the committee,” he said.

(Harrison Gatch also represented Westerly on the committee as a council appointee.)

Jamie Fosburgh of the National Park Service’s Boston office said once the watershed receives a Wild and Scenic designation, its status at the federal level will undergo a significant change.

“The first thing is establishing the national priority for all federal agencies, so that becomes the policy of the United States, to recognize these values as of national significance,” he explained. “Directly, the Park Service, through Congressional appropriations, supports the stewardship committee that will be formed after designation to implement the stewardship plan.”

Study Committee Chairman and Hopkinton Planning Clerk Sean Henry said the study will now go back to the towns for approval.

“It’s collaborative with all the local towns,” he said. “Everyone on the committee was appointed by their town councils. We’re going to be going back to the towns when we have the stewardship plan ready, and hopefully, they’re going to approve it.”

Standard Times: Langevin addresses senior population and cyber security in South County

Standard Times: Langevin addresses senior population and cyber security in South County

By ALEX TRUBIA

Congressman Jim Langevin (D-RI), co-founder and co-chair of the Congressional Cybersecurity Caucus, hosted an educational cybersecurity awareness forum with the Rhode Island State Police Computer Crimes Unit, the State Cybersecurity Officer, the Rhode Island American Association of Retired Persons (AARP), and local officials to provide attendees with steps for staying safe online.

The forum, which took place Monday at the South County Nursing and Rehabilitation Center, started off with Langevin explaining what exactly cybersecurity was, describing it as an effort to protect an individual against both foreign and domestic “bad actors” working online.

“Cybersecurity is the national security and economic security challenge of the 21st century and will be here for quite some time.  Cybersecurity isn’t only about foreign hackers or foreign individuals involved in the security,” Langevin said.

While Langevin went on to say that, while Russian interference in the 2016 elections was a topic of concern to remain vigilant about, the topic of cybersecurity goes beyond “nation state attacks on foreigners.”

“It runs the gamut from domestic individuals that run a criminal enterprise or just hackers in general that may try to prey on us, all bad actors,” Langevin said.  “Each of us can take steps in order to protect ourselves while we’re online.”

“There’s a number of stuff that you can do, such as strong passwords, changing passwords on a regular basis, making sure that you’re downloading the security patches,” he continued.

Security patches are general ways of protecting information by updating systems, such as upgrading to the latest version of Windows and updating security systems.

Following his introduction, the congressman invited the three guest speakers to come up one at a time. The speakers were RI cybersecurity officer Mike Steinmetz, RI AARP representative Daniel Liparini, and RI State Police computer crimes unit captain John Alfred.

Steinmetz started off by comparing cybersecurity to everyday protections, such as locking your car, and proceeded to describe a scenario where somebody leaves their car running in the Dunkin’ Donuts parking lot while grabbing a coffee, and how vulnerable that person would be to theft.

“Today, as the congressman mentioned about passwords and patching and backups, I want you to remember that analogy because if you’re not changing your passwords, if you’re not patching your system, your car is outside of Dunkin’ Donuts with the doors open, the keys in it, and the engine running,” he added.

Steinmetz then went on to explain the importance of creating an appropriate passing, and when he asked how many thought passwords were hard to remember, nearly every person in attendance raised their hand.

“Pick something that you like or something that you kind of remember.  Easy things like ‘purple,’ ‘clown,’ or ‘church,’” he said.  “Everybody will remember that, and then you just add in a couple of letters in between, or special characters in between, word or a capital letter in there, or a numeral somewhere.”

Speaking as the AARP representative, Liparini also described the importance of cybersecurity, specifically for senior citizens, and the dangers posed by hacking and phishing– the use of scams to gain access to a user’s sensitive information by appearing legitimate, whether it be passwords, security information, or date of birth.

“Most AARP members grew up in a time where we were playing with tinker toys, then we graduated to Monopoly.  We didn’t carry around devices that use more computing power than NASA used to send the first man on the moon,” he said. “So we’re subject to hacking and phishing, we really have never been trained how to cope with that.”

Phishing scams include IRS, medicare, technical support, lottery, veteran scam, and romance scams.

While Steinmetz and Liparini described the technical aspects of cybersecurity, Alfred said he was there to talk about the “human side of things,” such as how phishing and “social engineering” play a part in the theft of user’s private information.

Alfred defined social engineering as leveraging and manipulating “human nature” to gain access to private information.

“I’m going to find a way or find something that you know about, and try to entice you by using what you know or what you like,” Alfred said, from the perspective of the social engineer.  “We’re all targets, whether you know it or not.  You have some type of information that they can a little bit of that information and pull it from you.  There’s something called the dark web where they’re able to sell this information.”

Wrapping up, Alfred’s central message to residents in attendance was to be more skeptical of what they come across online.

“Don’t be too trusting, be skeptical of any emails or phone numbers you don’t recognize, and don’t click hyperlinks. If it’s too good to be true, it’s too good to be true,” he said.

Transportation Today: House advances legislation to protect expiring FAA programs

Transportation Today: House advances legislation to protect expiring FAA programs

BY CHRIS GALFORD

By an overwhelming majority, the U.S. House voted this week in favor of keeping Federal Aviation Administration (FAA) programs at risk of expiration in September.

The FAA Reauthorization Act of 2018, or HR 4, is heavily focused on consumer protections and does much more than simply maintain the status quo. Rather, it sets a minimum size for aircraft seats, prohibits passengers from being removed once seated, demands airline transparency over compensation policies for unforeseen events like delays, lost luggage and overbooking, and establishes what is essentially a bill of rights for passengers with disabilities. It also, thanks to an amendment from U.S. Rep. Jim Langevin (D-RI), requires a review of airport and airline personnel training, if they are the ones assisting those with disabilities.

“I am proud that this bill makes substantial progress in expanding the rights of all Americans to travel with dignity,” Langevin said. “As someone who knows firsthand the challenges of flying with a disability, it is important that we have a modern framework to prevent discrimination. Air carriers have made substantial progress since the 1980s, but with over 30,000 complaints still being filed annually, we have a ways to go before we can achieve the goal of truly equal access to the skies.

Along with the new additions, the bill reauthorizes FAA programs to continue for another five years. It flat funds the Airport Improvement Program and requests better integration of drones into the U.S. airspace. Notably, it also drops a much-debated effort to privatize the air traffic control system.

“Rhode Islanders have seen the benefits of expanding service at TF Green Airport, and funding from the FAA has been an important part of our improvement projects,” Langevin said. “I also hope the Senate will take a more robust view toward drone regulation by including the bill Senator Whitehouse and I introduced to provide clear criminal penalties for recklessly operating drones in a way that endangers safety.”

The bill now heads to the full Senate floor for further consideration.

Gant News: Thompson, Langevin Introduce Bill to Modernize National FFA Organization’s Charter

Gant News: Thompson, Langevin Introduce Bill to Modernize National FFA Organization’s Charter

By Gant Team

WASHINGTON – U.S. Reps. Glenn ‘GT’ Thompson (R-PA) and Jim Langevin (D-RI) have introduced a bill to modernize the charter of the National FFA Organization (formerly Future Farmers of America) to better reflect agriculture education in the 21st Century.

H.R. 5595, the National FFA Organization’s Charter Amendments Act, makes updates to allow the National FFA to be a self-governing organization while maintaining its long-held relationship with the U.S. Department of Education.

As the charter currently reads, the Department of Education holds the majority of the seats on the National FFA’s Board of Directors.

“FFA is the cornerstone of our rural communities throughout the nation,” Thompson said.

“In its 90-year history, the FFA has been a leader in preparing American youth for careers in the agriculture industry. This bipartisan bill will modernize the charter to ensure FFA can take control of its own organization and it can continue to inspire generations of young agriculture leaders.

“I thank my friend Rep. Langevin for his leadership on this issue and look forward to moving the bill through the legislative process.”

“FFA plays a critical role in agricultural education and workforce development in Rhode Island and across the country by allowing young people to explore exciting careers,” Langevin said.

“I’m proud to work with my fellow Career and Technical Education Caucus co-chair, Congressman Thompson, on this bill to modernize FFA’s charter, providing it with the autonomy to be innovative and an increased focus on comprehensive CTE.

“With a new charter, FFA will better fulfill its mission of developing leadership and achievement in American agricultural education.”

“About 100 organizations have federal charters, but FFA is the only one where the government has a majority of seats on the board,” said U.S. Rep. David Young (R-IA), who is an original cosponsor of the bill.

“This bill will allow the FFA to self-govern and continue the important work of educating and empowering our young people to be successful in agriculture.”

“The amendments set the stage for FFA in the 21st century and allows us to bring FFA and our operations into the future,” said Mark Poeschl, chief executive officer of National FFA.

“The one thing that has not changed is our commitment to the relevance that FFA and agricultural education continue to have in our nation’s education system. With its three integral components – classroom/laboratory instruction, supervised agricultural experiences and FFA – the agricultural education model continues to push students toward a thriving future thanks to the relevant skills learned and experience obtained. These amendments will strengthen our commitment.”

About FFA Charter

FFA was founded in 1928. Congress recognized the importance of FFA as an integrate part of vocational agriculture and in 1950 granted the organization a federal charter.

The charter also provides federal authority to create an inter-agency working agreement between the Department of Education and the Department of Agriculture that’s focused on strengthening the FFA and school-based agriculture education.

The role of education in securing a skilled, sustainable workforce in agriculture is underscored through the required involvement of the U.S. Department of Education on the National FFA Board of Directors.

Putting it in Perspective

Only about 100 organizations have charters with federal agencies.  Only six organizations require their respective government agency to select one member for the board of directors.

FFA is the only organization that requires a majority of its board of directors be chosen by its partner government agency.

About H.R. 5595

The legislation introduced by Thompson and Langevin seeks to modernize the National FFA Organization’s relationship with the Department of Education to reflect agriculture education in the 21st Century.

FFA will continue to work closely with the Department of Education as well as USDA to fulfill its mission to better match the innovative and hands-on approaches that many agriculture educators are implementing across the country.

Bank Info Security: SEC Fines Yahoo $35 Million Over 2014 Breach

Bank Info Security: SEC Fines Yahoo $35 Million Over 2014 Breach

Photo By Scott Schiller

Written By Jeremy Kirk

The U.S. Securities and Exchange Commission says Yahoo has agreed to a $35 million civil fine to settle accusations that it failed to promptly notify investors about a December 2014 data breach.

The enforcement action puts public companies on notice that the SEC doesn’t look kindly upon efforts to conceal or downplay data breaches.

Yahoo, which has renamed itself Altaba, has neither admitted nor denied the allegations – as is typical in such enforcement actions, the SEC says.

But the SEC says that despite Yahoo learning within days of a December 2014 breach that it had been attacked by Russian hackers, the search giant waited nearly two years to disclose the breach to investors. The regulator’s probe into Yahoo’s breach notification speed reportedly launched in December 2016 (see SEC Reportedly Probing Yahoo’s Breach Notification Speed).

“Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”
—Jina Choi, director of SEC’s San Francisco office

“Yahoo’s failure to have controls and procedures in place to assess its cyber-disclosure obligations ended up leaving its investors totally in the dark about a massive data breach,” says Jina Choi, director of the SEC’s San Francisco regional office. “Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors.”

Altaba couldn’t be immediately reached for comment.

The SEC’s enforcement action has been praised by some lawmakers. “Investors have a right to know whether companies are taking cybersecurity seriously,” says Rep. Jim Langevin, D-R.I. “[The] announcement of a $35 million fine in response to Yahoo’s failure to disclose its massive 2014 data breach is a long overdue first step toward providing real protections for investors. I agree that we should ‘not second-guess good faith exercises of judgment’ by executives, but the bias should be toward disclosing a breach, not burying it.”

Troy Hunt, an Australian data breach expert who runs the Have I Been Pwned breach notification service, says that the $35 million fine will “surely cause organizations to think a bit more” about data security.

Many organizations publicly say that security is a top priority, but that often is not necessarily reflected in their IT spending, Hunt says. “There seems to be a degree of lip service [to security],” he says.

‘Crown Jewels’ Stolen

Yahoo disclosed the 2014 breach in September 2016 as it was negotiating its sale to Verizon. Due to the severity of the breach, Verizon closed its acquisition of Yahoo in June 2017 for $4.48 billion, around $350 million lower than the initial asking price.

Under the terms of the acquisition, Yahoo must pay half of all costs related to government investigations and third-party litigation. Yahoo did not carry cybersecurity insurance.

The December 2014 breach affected 500 million users. The SEC’s order says the stolen data included Yahoo’s “crown jewels,” including email addresses, user names, phone numbers, birthdates, hashed passwords as well as unencrypted security questions and answers.

“The bias should be toward disclosing a breach, not burying it.”
Rep. Jim Langevin

Following the breach, Yahoo filed regular SEC reports in which it only outlined the risks of a data breach without disclosing that it had been attacked. The SEC alleged that Yahoo did not share information about the breach with outside auditors or counsel “in order to assess the company’s disclosure obligations in its public filings.”

The SEC adds: “Although information relating to the breach was reported to members of Yahoo’s senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors.”

Repeatedly Breached

Yahoo has a complicated breach disclosure history. After Yahoo disclosed the 500 million breached accounts in September 2016, it revised that tally in December 2016 to 1 billion accounts. It also said at that time attackers had forged cookies, allowing them to directly access some accounts.

In March 2017, four men, including two Russian FSB agents, were indicted on charges related to intrusions into Yahoo, Google and other webmail providers (see Russian Spies, Two Others, Indicted in Yahoo Hack).

Former Yahoo CEO Marissa Mayer told a Congressional committee in November 2017 that it was tough for any corporation to defend against nation-state attackers. She testified that Russian intelligence officers and state-sponsored hackers were responsible for sophisticated attacks on the company’s systems (see Former Yahoo CEO: Stronger Defense Couldn’t Stop Breaches).

“Even robust defenses … aren’t sufficient to protect against the state-sponsored attack, especially when they’re extremely sophisticated and persistent,” Mayer testified.

Just a month prior to Mayer’s testimony, Yahoo disclosed that a 2013 breach compromised virtually its entire user base, encompassing some 3 billion accounts (see Yahoo: 3 Billion Accounts Breached in 2013).

A class-action lawsuit against Yahoo is still winding its way through federal court in San Jose, California. Similar to the SEC’s allegations, the plaintiffs allege Yahoo waited too long to disclose breaches. Some of the plaintiffs allege the Yahoo breaches resulted in fraudulent charges on their cards and spam in their accounts (see Federal Judge: Yahoo Breach Victims Can Sue).

One of the four men who was charged, Alexsey Belan, has been accused of using his access to Yahoo to search for credit and gift card numbers. He has also been accused of using Yahoo account information to facilitate spam campaigns.

Executive Editor Mathew Schwartz also contributed to this report.

Federal Times: NIST publishes update to its cyber framework

Federal Times: NIST publishes update to its cyber framework

By Jessie Bur

The National Institute for Standards and Technology issued the finalized updates to its Cybersecurity Framework April 16, 2018.

The new version 1.1 of the Cybersecurity Framework, which was developed through public feedback collected in 2016 and 2017, includes updates to authentication and identity, self-assessing cyber risk, managing cybersecurity within the supply chain and vulnerability disclosure.

“This update refines, clarifies and enhances version 1.0,” said Matt Barrett, program manager for the Cybersecurity Framework. “It is still flexible to meet an individual organization’s business or mission needs, and applies to a wide range of technology environments such as information technology, industrial control systems and the internet of things.”

NIST also plans to release an updated Roadmap for Improving Critical Infrastructure Cybersecurity later this year as a companion to the framework.

The NIST Cybersecurity Framework has featured heavily in recent government IT and cybersecurity initiatives, and received a callout in the White House IT Modernization report released in December 2017.

In a news release, Rep. Jim Langevin, D-R.I., applauded the update for keeping the framework relevant in the face of a changing cyber landscape:

“In the four years since its release, countless organizations have used the NIST Cybersecurity Framework to voluntarily assess their cybersecurity risk posture, identify gaps, and prioritize security best practices. As demonstrated by the Russian government’s targeting of our election systems, however, the cybersecurity threats to our critical infrastructure continue to evolve. Today’s release marks an important evolution of the Framework that will ensure it remains relevant as risk management practices change to keep pace with the threat.”

Langevin added that, while the framework now has many positive additions, the update process did miss out on an opportunity to offer more concrete guidance on ways to quantify risk.

Industry, too, offered support for the new changes.

“There’s a lot to like in the new Framework, but one area where they made big strides is on supply chain risk management,” said David Damato, chief security officer at Tanium.

“2017 was the year of the supply chain attack, with attacks from NotPetya to CCleaner originating with a breach of a company’s third-party partner. The increasing attention NIST is bringing to this issue, and the standardized language they offer, will go a long way in helping organizations better understand the risks associated throughout their supply chain.”

NIST plans to host a webcast on the updated framework April 27, 2018, and the framework will also feature heavily at the agency’s Cybersecurity Risk Management Conference in November 2018.

Providence Journal: R.I.’s U.S. reps, senators call on Trump to work with Congress in wake of missile strike on Syria

Providence Journal: R.I.’s U.S. reps, senators call on Trump to work with Congress in wake of missile strike on Syria

By Paul Edward Parker

PROVIDENCE, R.I. — Rhode Island’s U.S. representatives and senators have weighed in on President Donald Trump’s decision to launch a missile strike on a Syrian air base Thursday in retaliation for a chemical weapons attack the administration was carried out by the Syrian government, cautioning the president to work with Congress in dealing with Syria.

In separate statements issued Friday, Rep. Jim Langevin and Sen. Sheldon Whitehouse explicitly supported the decision, while Rep. David N. Cicilline and Sen. Jack Reed were more circumspect. They are all Democrats; Trump is a Republican.

“I believe the response taken tonight by the United States in launching an air strike in Syria following the morally reprehensible war crimes committed by Bashar al-Assad when he deployed chemical weapons, killing innocent children and civilians, is justifiable, and I support this decision,” Langevin said in his statement.

“Moving forward, the President must consult with Congress to determine how the United States will deal with Assad’s regime and determine what our strategic objectives will be,” Langevin said. “No nation has the right to use chemical weapons against innocent civilians and the world must speak with one voice condemning the actions of President Assad.”

Whitehouse said: “We have witnessed yet another atrocious act by the Assad regime against its own people, and we are called to conscience. Last night’s military action in Syria met my standards for responding to atrocity: a limited action; with a clear objective; that is not the beginning of American ‘boots on the ground’ military operations.”

The Hill: Facebook case demonstrates gaps in data ownership laws

The Hill: Facebook case demonstrates gaps in data ownership laws

Op-Ed Written By Congressman Jim Langevin

A recent survey indicated that users have little trust in Facebook to follow privacy laws. Trust is the operative word. Privacy policies, account settings, and terms of use play a larger role than any federal law in limiting the use of personal data beyond health or financial information. We extend a great deal of trust to a company when we give them our personal information – trust that they will take care of our data and abide by the contracts that govern our relationship. But after three decades of explosive growth in data harvesting, recent events make it clear that trust may be misplaced.

Facebook’s conduct with the underhanded campaign consultancy firm, Cambridge Analytica, has laid bare the limits of data protection law. Facebook users are the victims in this case – yet the company may only be liable under federal law if it also violated one of its written contracts with users. The innovations of the Information Age have outstripped the U.S. legal system’s protections for individual control over how our personal information is shared and used. It is time for that to change.

As the complexity of data sharing increases, so does the possibility that our information will be used in ways we never intended or authorized. Take the Facebook case. I challenge anyone to find a single one of the millions of affected users who provided information to Facebook with the expectation that Cambridge Analytica would use it to develop “psychographic” voting profiles for targeted political ads.I fully expect the players in the Cambridge Analytica case to come before Congress to testify, which CEO Mark Zurckerberg is scheduled to do next week, and which I called for following news reports in The New York Times and The Sunday Observer. More transparency is essential for policymakers to fully grasp the implications of this incident, and Facebook owes its users and shareholders – both of which I am – a full accounting of its actions. However, the available reporting is enough to provide a framework to explore policy options for strengthening controls on data usage.

Facebook reportedly learned that Cambridge Analytica had acquired millions of users’ profiles two years ago. At the time, Facebook sent letters to Cambridge Analytica and an associated researcher insisting that they delete the information. However, two important things did not happen: Facebook did not positively verify disposal of the data through an audit, and no individuals were notified that their private information had been used in a way they had not authorized. There were no federal requirements that either happen, just trust in the parties involved. Having seen that trust doubly betrayed, we may need new law to impose rigorous notification and disposal requirements when users’ data is shared improperly.

Facebook has stated that it was a violation of their agreements with Aleksandr Kogan, the Cambridge University researcher who initially collected the data, for him to sell or license it to Cambridge Analytica. This defense misses the point that granting unfettered access to raw data makes it technically and legally difficult to enforce limitations on data usage and sharing. Facebook extended trust to the researcher, on behalf of its users and without their knowledge, that the data would be used and protected in accordance with its terms. Those terms also allowed apps like the researcher used to collect data not only about users who explicitly authorized the app to do so, but also about their friends. While Facebook revoked that policy in 2014, there remains no legal requirement that users directly consent to sharing.

Finally, central to this case is the data that the affected users gave to Facebook in the first place. As a condition of joining the social network, users were required to agree to a privacy policy – whether or not they read and understood it – and could only modify the privacy settings Facebook chose to make available. As remarkable as it may sound, this is standard practice. The companies we do business with decide what they can do with our data and what control over those uses they offer to us; we don’t get to choose. Our only alternative is not to use a service at all, and that is less and less of an option in our Internet-enabled economy. Congress could change the law to require that companies give users granular control of their data and codify the right to know how, when and with whom that data is shared.

As long as data sharing adheres to published terms of use, the law does not prohibit most companies from selling or licensing access to your data, for virtually any purpose or duration, without notice to you. They have no obligation to verify that recipients of your data are not abusing it. Without laws to the contrary, we are left to trust service providers that our data will not be misused, misplaced, or misappropriated. Facebook violated that trust, and Congress must take action to update the law to put control of digital identities in more trusted hands – our own.

Langevin represents Rhode Island’s 2nd District. He is co-chair of the Congressional Cybersecurity Caucus.