TechNet announced four new members: Elevate, FireEye, Philips Lighting and Waymo, bringing full membership to 74.

Amazon’s bid for .amazon won’t be a smooth road, said Daniel Sepulveda, a former deputy assistant secretary of state, in a Council on Foreign Relations blog post. After several years of wrangling at ICANN, Amazon won a favorable ruling in July to move forward. But Brazil, Peru and their allies are again objecting to the .amazon application. “Amazon behaved in accordance with the rules, has a strong interest in acquiring .amazon, and is within its rights to pursue it,” Sepulveda said. Brazil and Peru have strong political and cultural reasons to object to awarding the company .amazon, but the challenge for ICANN leadership is whether this dispute is resolvable without governments feeling disrespected, he said, saying the U.S. “is likely” to support Amazon on procedural grounds but needs "vocal support" from other governments.

Fifty-five percent of respondents in a Parks Associates survey of U.S. broadband households found voice control appealing for managing connected devices or viewing their status, said the researcher Tuesday. “Waking up” a personal assistant by saying a name is a “natural and intrinsic” way to interact with devices, said analyst Dina Abdelrazik.

The Department of Homeland Security is on the "front lines" of federal government efforts to defend critical infrastructure from cyberthreats, terrorism and natural disaster, said officials from the agency's National Protection and Programs Directorate (NPPD) at a House Homeland Cybersecurity Subcommittee hearing Tuesday. "We must ensure that NPPD is appropriately organized to address cybersecurity threats both now and in the future," said Christopher Krebs, senior official performing the duties of the undersecretary, and Jeanette Manfra, assistant secretary for cybersecurity and communications. House Homeland Security Committee Chairman Michael McCaul, R-Texas, hopes the House will advance legislation he introduced to elevate NPPD as a stand-alone agency so it can better support DHS' cybersecurity mission. In a prepared statement, McCaul said he was pleased with President Donald Trump's executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure: With October designated to raise awareness of cybersecurity (see 1710020057), it's time to "learn more about these threats and offer ideas on how we can best secure ourselves."

Focusing on the “why” of cybersecurity and not just the IT components involved is the only way to manage attacks like the recent Equifax hack (see 1710020021), Internet Security Alliance President Larry Clinton blogged. It has been 10 years since October was declared “Cybersecurity Awareness Month,” he said. “We can spike the football on the issue of cybersecurity awareness. Understanding the cybersecurity problem? Not so much.” Not only is the cyber system inherently vulnerable, criminals also stand to gain hugely from large-scale attacks, and Clinton wants more work on understanding why attacks occur. Friday, the White House said President Donald Trump declared October cybersecurity awareness month.

The FTC scheduled a Dec.12 workshop on injuries to consumers when their information is misused, as expected (see 1709190040), said a Friday news release. The workshop will address how to characterize and measure such harms, their prevalence, and the factors businesses and consumers should consider in collection and use of information that could risk consumer injuries. The agency seeks comment by Oct. 27. The event starts at 9 a.m. at 400 7th St. SW.

The National Institute of Standards and Technology is floating a draft updating guidelines for applying the risk management framework to information systems and organizations. A Thursday notice said the update to Special Publication (SP) 800-37, Revision 2 would provide closer linkage and communication between corporate-level risk management processes to operations and system activities, would demonstrate how NIST's Cybersecurity Framework can be implemented using the agency's risk management processes, and would integrate privacy concepts. It said institutionalizing risk-management preparatory activities would help identify and develop security and privacy baselines, reduce complexity of IT infrastructure and prioritize assets. NIST seeks comments by Oct. 3, anticipates publishing an initial public draft in November, a final draft in January and a final document in March.

Google received nearly 49,000 government requests globally for user data involving more than 83,000 accounts for the first half of 2017, it reported Thursday. Richard Salgado, director-law enforcement and information security, blogged that the information includes requests for user data in criminal case and national security matters. In the first six months of 2016, Google received nearly 45,000 requests globally for data involving more than 76,700 accounts. In the U.S., Google received more than 16,800 requests -- including subpoenas, search warrants, court orders and emergency disclosures -- for user data from more than 33,700 accounts in the first six months of 2017. In the year-ago period, the company got nearly 13,700 requests about more than 27,200 U.S. accounts.

Most of two dozen federal departments and agencies continue to inadequately protect their information systems in FY 2016 due to ineffective implementation of security policies and practices, GAO reported Thursday. It said all or most had weaknesses in access controls, configuration management controls, segregation of duties, contingency planning and security management. GAO covered all cabinet departments, except Defense, and agencies such as NASA, the Office of Personnel Management and Small Business Administration. From FY 2006-15, information security incidents rose 1,303 percent to 77,183. In FY 2016, the number decreased to 30,899, probably due to changes in reporting guidelines. GAO said they "no longer required agencies to report noncyber incidents or incidents categorized as scans, probes, and attempted access." It said use of the National Cybersecurity Protection System that detects or blocks potential malicious network traffic also may have been a reason.

The Broadband Internet Technical Advisory Group launched a review of technical aspects of internet data collection and privacy, with a report expected early next year. In a Wednesday news release, BITAG, an advisory group of engineers and technologists, said the report will try to explain collection practices, such as types of data collected, where and how it takes place and what it's used for. The report will show the varied collection and use practices among ISPs, edge providers, advertising networks, app developers, equipment manufacturers and others and the tools and methods they apply, BITAG said.