What I'm Reading 1/28/2020

Yahoo - PG&E May Face Blackout Fines Under Bill Passed by State Senate -

The bill would allow the state to fine investor-owned utilities $250,000 an hour for every 50,000 customers impacted by a power shutoff if regulators determine they acted irresponsibly.

PG&E opposes the bill, saying in a letter to lawmakers last week that it would put customers and communities “in a very dangerous position by potentially penalizing” utilities for using intentional shutoffs during dangerous fire conditions.

BBC - Twitter and Facebook accounts for 15 NFL teams hacked -

The hacking group OurMine took responsibility for the attack, which said it was to show internet security was "still low" and had to be improved.

...

OurMine says it is currently based in Dubai.

In the past, the group has hacked companies and well-known individuals to offer its private cyber security services. 

 Cyberscoop - Security tools still among the fastest-growing apps in corporate America -

In an analysis based on the log-in activity of more than 7,4000 customers, identity management firm Okta found that of the 10 fastest-growing apps in the enterprise, five are known at least in part for their security offerings. Adoption of the incident management tool Opsgenie, which alerts developers to possible problems, grew by 194%, while Google Cloud implementation climbed by 108%, Splunk by 102%, KnowBe4 by 89% and Jamf Pro enjoyed an 82% increase.

SC Magazine - Bill seeks to reform NSA surveillance, aiming at Section 215, FISA process  -

The legislation proposes to prohibit warrantless collection of cell site location and GPS data, browsing history and internet search history. It prevents the government from collecting information “for intelligence purposes that would violate the Fourth Amendment in the criminal context,” eliminates what was considered a vague “relevance” standard that the government used to justify bulk collection, puts a three-year limit on retaining” information that is not foreign intelligence or evidence of a crime and permits the FISA Court to review compliance with minimization procedures,” according to a release summarizing the bill.

Dark Reading - How to Get the Most Out of Your Security Metrics -

Much is at stake when reporting security metrics. This data is critical for management to evaluate security programs and justify further investment in security tools. The value of metrics comes from their ability to tell larger stories about a business that resonate with key stakeholders. You lose that opportunity if security teams use the wrong metrics — those that are overly technical or detailed — or miscommunicate the right metrics. Here are some of the more common reporting mistakes and best practices for avoiding them. 

Threatpost - Mandatory IoT Security in the Offing with U.K. Proposal -

The drafted law, announced on Monday, comprises three main mandates for IoT manufacturers. First, all consumer IoT device passwords must be unique (and not resettable to universal factory settings). IoT device manufacturers must also provide a public point of contact so that anyone can report a flaw, to be “acted on in a timely manner;” and, manufacturers must also explicitly state the minimum length of time for which devices will receive security updates at the point of sale.