10:40 AM
Dark Reading
Dark Reading
Products and Releases

House Bill to Help Small Businesses Facing Cybersecurity Risks

WASHINGTON – ITI, the global voice of the tech sector, released the following statement from Senior Vice President for Government Affairs Andy Halataei endorsing H.R. 2105, the NIST Small Business Cybersecurity Act of 2017, being considered today by the House Committee on Science, Space, and Technology:

“Cyber-attacks are becoming increasingly sophisticated, and this legislation extends a helping hand for small businesses that often don’t have the resources they need to successfully address challenging cybersecurity risks,” Halataei said. “By coordinating cyber resources and tools offered by federal agencies to help small businesses manage their cybersecurity, entrepreneurs can spend more time focusing on expanding their businesses and helping our economy grow. We thank the House Science, Space, and Technology Committee for acting to approve this legislation and urge Congress to pass it into law."

ITI has been a strong proponent of the NIST Cybersecurity Framework, advocating for cybersecurity policies that are voluntary; adaptable to rapidly emerging threats, technologies, and business models; based on effective risk management; technology-neutral; and leverage public-private partnerships. In March, ITI endorsed similar legislation, the MAIN STREET Cybersecurity Act, passed by the Senate Commerce, Science, and Transportation Committee on April 5th. The NIST Small Business Cybersecurity Act was introduced by Reps. Daniel Webster (R-Fl.), Daniel Lipinski (D-Ill.), Lamar Smith (R-Tex.), Barbara Comstock (R-Va.), Jacky Rosen (D-Nev.), Randy Hultgren (R-Ill.), Stephen Knight (R-Ca.), Darin LaHood (R-Ill.), Roger Marshall (R-Kan.), and Bill Posey (R-Fl.).

About ITI. ITI is the global voice of the tech sector. We advocate for public policies that advance innovation, open markets, and enable the transformational economic, societal, and commercial opportunities our companies are creating. Our membership includes the entire spectrum of technology companies ranging from internet companies to manufacturers of hardware and networking equipment to software developers. Our diverse membership and expert staff allows ITI to provide a broad perspective on the implications and opportunities of policy activities around the world.  Visit www.itic.org to learn more. Follow us on Twitter for the latest ITI news @ITI_TechTweets.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
(ISC)2 Report: Glaring Disparity in Diversity for US Cybersecurity
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/15/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.