|
|
|
|
|
|
|
|
|
|
Cyber Daily: Porsche Rolls Out Board-Approved Privacy Strategy
|
|
|
|
|
|
|
|
Happy Friday. German car maker Porsche is developing fine-grained privacy settings for its luxury cars as part of a new strategy to expand customer trust.
WSJ Pro's Catherine Stupp visited Porsche's main office in Stuttgart to discuss how the car maker now lets drivers stop sharing their personal data with the company altogether. The move is part of a board-approved departure from how auto-industry rivals treat driver information. More below.
Also today: Cyber boot camps fall short for some students who cite programs that are too general to provide a solid foundation for entering the field.
Plus the latest news and CISO moves. Have a great weekend!
|
|
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
White House Issues Cybersecurity Statement. Now What?
Local exploits can quickly become global attacks. As uncertainty around Ukraine amplifies the need for secure digital infrastructure, learn how you can ensure complete, incorruptible visibility.
Read More
|
|
|
|
|
|
|
|
|
|
|
Employees work on the body shells of all-electric Porsche AG Taycan luxury automobiles on a production line in Stuttgart, Germany, in 2020. PHOTO: BLOOMBERG
|
|
|
|
|
|
Porsche’s global privacy plan emphasizes driver controls as well as transparency about why the company seeks specific information, how long it is retained and which business partners may access it.
The sports-car brand, part of the Volkswagen AG group, wants to customize services for drivers, said Christian Völkel, Porsche’s chief privacy officer. Through a “privacy mode” menu on the dashboard, customers can give and withdraw their consent for the company to process their personal data, or to share it with third-party suppliers, as frequently as they want.
That's different from how other car makers handle increasingly valuable data. Some ask customers only when setting up their profile if they want to share their information, and don’t provide a menu where they can review their choices anytime.
“It’s not our business to sell data and to make money out of the data of our customers. It’s our business aim to make better services and products out of the data,” Mr. Völkel said.
Read the full story.
|
|
|
|
|
|
|
|
|
|
U.S. President Joe Biden, center, meeting with Finnish President Sauli Niinisto and Swedish Prime Minister Magdalena Andersson at the White House on Thursday. Mr. Biden says the U.S. supports the countries’ moves to join NATO. PHOTO: MANDEL NGAN/AGENCE FRANCE-PRESSE/GETTY IMAGES
|
|
|
|
|
|
Sweden, Finland weigh cyber risks stemming from NATO applications: Authorities in Sweden and Finland have raised alert levels for cyberattacks, concerned they face increased hacking risks because of the war in Ukraine and the two Nordic countries’ subsequent applications to join NATO.
-
Sanctions that prevent Russia from acquiring tech equipment make cyberattacks on Sweden and Finland more enticing, said Kim Elman, director of the center for cybersecurity at RISE, a Swedish government-owned research institute. Finland and Sweden are home to high-tech research and development and would be targets for spying, he said.
-
Cyberattacks are likely to increase later, potentially as retaliation against the Finnish government’s decisions and involvement in NATO, said Mikko Hypponen, chief research officer at WithSecure Corp., a cyber company based in Finland. “I am worried about cyberattacks directly through the Russian government or through proxies of the Russian government targeting Finland and Sweden,” he said.
-
Russia has consistently denied involvement in cyberattacks.
|
|
|
|
|
“The department has never been interested in prosecuting good-faith computer security research as a crime, and today’s announcement promotes cybersecurity by providing clarity for good-faith security researchers who root out vulnerabilities for the common good,” Deputy Attorney General Lisa Monaco said in a statement.
|
|
|
|
|
> $15 Million
|
|
Proceeds recovered by U.S. officials from an online advertising scam conducted over nearly three years starting in December 2015. (CyberScoop)
|
|
|
|
|
|
|
|
PHOTO: IAN DAVIDSON
/ZUMA PRESS
|
|
|
|
|
U.K. Attorney General Suella Braverman, in a speech Thursday at London's Chatham House, laid out four cyberattack scenarios in which a country would be within the bounds of international law to take "countermeasures."
-
Disruption of energy services
-
Disruption of medical care
-
Interference in the domestic economy or financial services
-
Interference with democratic processes
|
|
|
|
"International law matters in cyberspace because if we don’t shape the rules here, if we don’t have a clear framework to counter hostile activity in cyberspace, and if we don’t get cyber security right, the effects will be likely to be felt more often and in hugely disruptive ways by ordinary people," Ms. Braverman said, according to a transcript of her remarks provided by the Attorney General's office.
|
|
|
|
|
PHOTO: JEENAH MOON
/BLOOMBERG NEWS
|
|
|
|
|
Federal, New York officials look for public input on crypto regulation. The U.S. Commerce Department’s International Trade Administration issued a request for comments Thursday as it develops a framework for U.S. economic competitiveness in digital-asset technologies. Comments can be submitted through July 5 on competitiveness, comparisons to traditional financial services and financial inclusion considerations and tech development.
|
|
|
|
|
|
Canada said Thursday it will ban equipment made by China’s Huawei Technologies Co. and ZTE Corp. from being used in the country’s next-generation 5G mobile network, following a nearly four-year security review disrupted by geopolitical tension between Ottawa and Beijing.
|
|
|
Real-estate company Weichert Co. and its affiliates settled a case with the state of New Jersey, which accused it of having inadequate cybersecurity that led to three breaches between July 2016 and July 2018. Morris Plains, N.J.-based Weichert, which disputes the allegations, agreed to pay $1.2 million and implement several cyber measures, including designating a CISO and submitting to a third-party audit of its security compliance. The incidents exposed the sensitive data of 10,926 individuals.
|
|
|
|
|
|
|
|
|
PHOTO: ANDY WONG
/ASSOCIATED PRESS
|
|
|
|
|
Censorship allegations: Bing, Microsoft's search engine has made it harder in North America to look up people who are politically sensitive for China, according to a cybersecurity and surveillance group report. Bing’s autofill system often fell silent in connection to names the Chinese government deems sensitive, Citizen Lab said in the report Thursday. Microsoft said it had already addressed the issue, which was caused by what it called a technical error.
|
|
|
|
|
|
Cyber boot camps fall short for some students. Breaking into the cybersecurity field requires more experience and credentials than what some boot camps provide, students and security chiefs say.
|
|
|
|
|
Job seekers at an employment fair in New York. PHOTO: MARK LENNIHAN/AP
|
|
|
|
|
Many cybersecurity boot camps, often aimed at career changers, have sprung up in the past few years. Among roughly 170 such programs in the U.S., tuition ranges from free to $19,000, according to Course Report, a website that matches students with boot camps. include Fullstack Academy, Flatiron School, Nasdaq-listed 2U Inc. and ThriveDX, formerly known as HackerU.
|
|
|
|
Unlike industry-approved certificate programs that focus on a specific topic in the cyber field, boot camps usually cover a spectrum of concepts over a few months. The programs often don’t offer candidates much help in landing jobs, said Shaun Marion, chief information security officer at McDonald’s Corp. “Boot camps can be hit or miss,” he said.
For those new to cybersecurity, a job search can take six to 12 months, said Deidre Diamond, founder and chief executive of cybersecurity recruiter CyberSN. That’s in part because organizations are often understaffed and don’t have the capacity to hire people without experience and train them, she said.
|
|
|
|
|
|
|
|
|
PHOTO: VOYA FINANCIAL INC.
|
|
|
|
|
Stacy Hughes joined New York-based Voya Financial Inc. as senior vice president and chief information security officer. Ms. Hughes reports to Voya chief information officer and leads a staff of about 100 full-time employees. She was CISO of tech provider Global Payments Inc., based in Atlanta.
|
|
|
-
Rich Baich is the new CISO of the Central Intelligence Agency after leading cybersecurity at insurance company American International Group Inc. since 2019. Before that, Mr. Baich was CISO at Wells Fargo & Co. for nearly seven years. He is a former Navy officer and former FBI special assistant.
-
Adam Rice joined Australia-based mining giant Rio Tinto PLC as CISO, leaving Hilton Worldwide Holdings Inc., where he had been CISO since late 2018.
|
|
|
|
|
|
|
|
|
|
