Risk
5/2/2017
10:40 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

House Bill to Help Small Businesses Facing Cybersecurity Risks

WASHINGTON – ITI, the global voice of the tech sector, released the following statement from Senior Vice President for Government Affairs Andy Halataei endorsing H.R. 2105, the NIST Small Business Cybersecurity Act of 2017, being considered today by the House Committee on Science, Space, and Technology:

“Cyber-attacks are becoming increasingly sophisticated, and this legislation extends a helping hand for small businesses that often don’t have the resources they need to successfully address challenging cybersecurity risks,” Halataei said. “By coordinating cyber resources and tools offered by federal agencies to help small businesses manage their cybersecurity, entrepreneurs can spend more time focusing on expanding their businesses and helping our economy grow. We thank the House Science, Space, and Technology Committee for acting to approve this legislation and urge Congress to pass it into law."

ITI has been a strong proponent of the NIST Cybersecurity Framework, advocating for cybersecurity policies that are voluntary; adaptable to rapidly emerging threats, technologies, and business models; based on effective risk management; technology-neutral; and leverage public-private partnerships. In March, ITI endorsed similar legislation, the MAIN STREET Cybersecurity Act, passed by the Senate Commerce, Science, and Transportation Committee on April 5th. The NIST Small Business Cybersecurity Act was introduced by Reps. Daniel Webster (R-Fl.), Daniel Lipinski (D-Ill.), Lamar Smith (R-Tex.), Barbara Comstock (R-Va.), Jacky Rosen (D-Nev.), Randy Hultgren (R-Ill.), Stephen Knight (R-Ca.), Darin LaHood (R-Ill.), Roger Marshall (R-Kan.), and Bill Posey (R-Fl.).

About ITI. ITI is the global voice of the tech sector. We advocate for public policies that advance innovation, open markets, and enable the transformational economic, societal, and commercial opportunities our companies are creating. Our membership includes the entire spectrum of technology companies ranging from internet companies to manufacturers of hardware and networking equipment to software developers. Our diverse membership and expert staff allows ITI to provide a broad perspective on the implications and opportunities of policy activities around the world.  Visit www.itic.org to learn more. Follow us on Twitter for the latest ITI news @ITI_TechTweets.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.