Press "Enter" to skip to content

Emerging security standards based on the increased issues

CYBER.ORG today announced the opening of the public comment period for the most recent version of theK-12 cybersecurity learning standards that have been underway since September 2020. The public comment period opens on May 17th and closes on June 4th.

This feedback will be incorporated into the final version of the standards, which CYBER.ORG plans to release publicly at the start of the 2021-22 school year, with voluntary adoption likely to begin in states the following year.

We may need those standards – the FBI is reporting that cybercrime complaints are doubled in the last 14 months.  This out of the Internet Crime Complaint Center, between March 2020 and May 2021.     It’s a profitable business – eSentire reports that six gangs alone have made $45 million across 290 victims.  

Updating on the Irish health service breach… the Financial Times is reporting that some of the data has started to leak after the Irish government refused to pay.  And that QNAP issue from earlier this week – the group responsible has shut down, having made $350,000 in a month. 

Finally, updating on Colonial Pipeline.   They had trouble with some of their shipping systems on Tuesday as they recovered from the ransomware attack, are still hiring a security expert in a job opening that predates the breach, they did pay the ransomware, and the US government denies they were the ones that disrupted the DarkSide group. 

Why do we care?

It’s the new call for standards that I’m interested in.  The example is a small, industry specific one.  The Biden administration Executive order includes directives to NIST for a much broader set of guidance.  

Again, savvy providers are rethinking their strategies around security.  Be one of those leaders.