Comments to NTIA about improving industry ability to deal with botnets and other automated and distributed threats (see 1706090008) were extended to July 28, said the Department of Commerce in a notice slated to appear in Thursday's Federal Register.

American consumers are more likely than counterparts in Canada, China, Germany and the U.K. to opt for a rear-seat entertainment system in their next vehicle, and they’re willing to shell out $640 on average for it, IHS Markit report said Monday, based on a survey of about 5,000 people. Only 32 percent of consumers agreed that telematics would be a feature they would be willing to pay for in their next new vehicle, with in-car Wi-Fi desired by 29 percent.

GTT Communications acquired Perseus in a $37.6 million cloud networking deal, GTT said in a Tuesday news release. The deal gives GTT new points of presence and routes on its global Tier 1 IP backbone, plus Perseus’ financial service and e-commerce customers. GTT will assume about $3 million in capital leases, it said.

American consumer concerns about identity theft, bank card fraud, hacking, viruses and online transactions have grown considerably in the past three years, found a Unisys survey of more than 13,000 consumers in 13 countries released Tuesday. The only issue far more concerning to Americans is national security as it relates to war or terrorism, said the survey -- which dates to 2007 and is the first conducted since 2014. Bill Searcy, Unisys vice president-global justice, law enforcement and border security, said at a news conference that the rising numbers show people "feel they have a lack of control," given terrorism and cybercrime stories in the news. ID theft, he said, is another major problem, citing the 2015 Office of Personnel Management breach (see 1507090049) and other attacks. "Those of us who really don't understand computer systems are just that much more vulnerable, so I think that's why there's some concern," he said. Frank Cilluffo, who directs George Washington University's Center for Cyber and Homeland Security, said physical and cyber threats are converging "a lot quicker" than decision-makers and communities can understand. He said the threat spectrum is "vast and diverse" along with the growing interconnected IoT devices that presents a bigger attack landscape. "If there were a clarion call right now, it's that we need to start baking security into the design of our very infrastructures," he said. National Institute of Standards and Technology fellow Ron Ross said the complexity of internet and computer systems is growing, which also is a security threat. "We have to build an infrastructure that is leaner and meaner" and trusted, he said. He said the White House's cybersecurity executive order (see 1705110058) along with NIST publications like the Cybersecurity Framework can help.

Fifty-two percent of more than 1,000 consumer-facing websites analyzed for their privacy and security practices qualified for the Online Trust Alliance's honor roll, a 5 percent improvement from last year, said an OTA news release Tuesday outlining its ninth annual audit. OTA, which began operating May 1 as an initiative of the Internet Society, said most websites in the consumer services category qualified for the honor roll (76 percent), followed by internet retailers (48 percent), news and media (48 percent), ISPs and email providers (46 percent), government (39 percent) and banks (27 percent). Among the top 50 sites praised are: Airbnb, Fitbit, the FCC, several Alphabet/Google sites including Gmail and YouTube, Instagram, Microsoft Outlook, Snapchat and Twitter. OTA analyzed websites between mid-April and end of May. Internet Society Chief Internet Technology Officer Olaf Kolkman said there has been an increase in sites using end-to-end encryption, showing it's becoming the "norm for site traffic."

Manufacturers should give consumers "clear information about whether, how, for how long, and at what cost their IoT devices will receive security support," the FTC commented on NTIA's multistakeholder initiative on security patching for such devices (see 1610190051). A Monday news release said commissioner voted 2-0 to file the comment in response to an NTIA working group draft document outlining how companies can better inform consumers about IoT security updates. The FTC said companies should, before selling an IoT device: say whether the device can receive security updates, how it receives those updates and when security support will end. On the last point, the commission said manufacturers should provide "a minimum security support period," for "clear, concrete information" compared with an "anticipated timeline" that could be misconstrued as a guarantee. The commission said manufacturers should give a date for starting and ending support. Plus, companies should disclose "key use limitations" before consumers buy a "smart" device so they know it will stop working or become vulnerable when security support ends, said the FTC. It recommended companies adopt a uniform security notification method and give consumers a way to sign up for real-time notifications. The commission said the working group shouldn't require manufacturers to explain how they evaluate, verify or test updates to consumers because those elements may impose "significant communication costs" to industry while providing little to no consumer benefit.

Without encrypting data, nearly 6 billion records may be exposed in security breaches resulting in nearly $220 billion in damages by 2020, the Internet Association said Thursday in a news release on research about the role of encryption. "This research contributes even more evidence to the consensus that encryption is a necessary part of keeping our country safe. Mandatory security vulnerabilities or encryption back doors do not make us safer," said IA President Michael Beckerman. IA said security breaches are potentially increasing at "exponential rates" and "unencrypted data is now a threat to every industry and internet user." The research also cited state-sponsored cybercrime, especially from China, as a threat to U.S. companies. It said Chinese industries use hacking rather than R&D to copy American IP.

The number of records stolen via data breaches in 2016 globally rose nearly 54 percent compared with the prior year, said India-based technology company Wipro, which released its first cybersecurity report Thursday. The report was based on interviews with chief information security officer teams in 139 organizations across various sectors and in 11 countries in Asia, Europe, Middle East and North America. In a news release on the report, Wipro said user credentials were stolen in 56 percent of the breaches, meaning more damage could be perpetrated. It said 56 percent of all malware attacks last year were a result of Trojans, viruses accounted for 19 percent, and worms were 20 percent. It said IoT devices with low memory and processing footprint have "very little security capabilities" such as patching and are "easy prey" for hackers.

Global spending on IoT deployments is expected to grow 16.7 percent year over year in 2017, reaching just over $800 billion, IDC said in a Wednesday report. By 2021, global IoT spending is expected to total nearly $1.4 trillion “as organizations continue to invest in the hardware, software, services, and connectivity that enable the IoT,” IDC said. "The discussion about IoT has shifted away from the number of devices connected," it said. "The true value of IoT is being realized when the software and services come together to enable the capture, interpretation, and action on data produced by IoT endpoints.” Hardware will be the largest spending category until the last year of the five-year forecast, when the faster-growing services category will overtake it, IDC said.

Some of the 18 previously secret opinions from the Foreign Intelligence Surveillance Court (FISC) acquired by the Electronic Frontier Foundation show the intelligence community "overstepped" restrictions in the Section 702 of the Foreign Intelligence Surveillance Act (FISA), blogged EFF senior staff attorney Mark Rumold Wednesday. Rumold said the opinions were sent by DOJ Tuesday night as a result of EFF's lawsuit last year. He said three opinions indicate the program -- which allows intelligence agencies to target and collect internet and phone communications of suspected foreign terrorists abroad -- needs reform. "The opinions show that, almost from the outset of the law in 2008, the intelligence community has overstepped the court-imposed legal restrictions on the operation of the surveillance." Rumold said the documents show intelligence agencies overstepping authority, getting reprimanded by FISC, yet being allowed to continue. He also said two opinions show a service provider challenging the legality of a 702 directive in 2014 "as well as the government's refusal to provide it access to other FISC opinions cited in the government's legal briefs." The court ultimately upheld 702, which will expire by Dec. 31 unless reauthorized, and ordered the provider to comply, he added. Neither DOJ nor NSA commented.