2016 | Q4 Newsletter | Q & A’s with Health Advisory Council Members

Jump to Mark Gibbons, Caregiver Action Network

Christine Simmon 

Senior Vice President, Policy & Strategic Alliances, Generic Pharmaceutical Association (GPhA), and Executive Director, The Biosimilars Council

Q. How would you describe your role at the Generic Pharmaceutical Association (GPhA) and the Biosimilars Council?
A. I serve a dual function: I am both the Senior Vice President of Policy & Strategic Alliances at GPhA, as well as the Executive Director of the Biosimilars Council, a division of GPhA that works to support the development of a robust biosimilars market, and educate policymakers, consumers, patients, providers, and other stakeholders about how biosimilars can increase access to safe, effective and affordable treatments. The generic and biosimilar industries share the common mission of improving patient access to more affordable medicines, and reducing costs to the health system by driving competition in the marketplace.

In my GPhA capacity, I am responsible for leading policy development and issues management for our generic manufacturer members, as well as building relationships with strategic partners and stakeholders in the healthcare sector, such as NCL.

As the Executive Director of the Biosimilars Council, I work with its Board of Directors to position the organization as the leader and resource on biosimilars issues. I oversee the Council’s committees relating to education, advocacy, government and regulatory affairs, as well as our annual conference which provides a forum for biosimilar stakeholders to learn more about key issues.

Q. What do you think Council members should know about GPhA and the Biosimilars Council?
A. Generics and biosimilars drive savings, not costs. Our member companies produce approximately 90% of prescription drugs dispensed in the U.S. annually, and their products treat virtually every disease and condition. However, generics represent only 27% of drug costs. Our members are one of the few players in the healthcare system that are “bending the cost curve” and making medicines accessible for consumers.

Q. What GPhA initiatives would you like to share with the Council?
A. We are very excited to have recently completed negotiations with FDA on the second Generic Drug User Fee Program (GDUFA). While brand manufacturers have had user fee agreements with the agency for over two decades, this has been an important growth experience for the generics industry. FDA and generic manufacturers initially came together in 2012 when it became apparent that the existing generic drug application backlog at the agency was no longer sustainable, and was delaying patient access to lower-cost alternatives. However, while in recent months the agency has begun to sustain a noticeable uptick in generic approvals, that initial program definitely suffered from some growing pains. There is still a backlog at FDA, and approval times are still nowhere near the 180 days initially envisioned by Hatch-Waxman. 

We believe that GDUFA II makes significant progress in improving and maintaining the program. However, the existing program expires on September 30, 2017, so Congress will need to pass legislation to enshrine the latest agreement before then, and it will be important for stakeholders to weigh-in to ensure that FDA has the necessary resources to enhance the science-based review of generic drugs, and address the generic drug backlog currently pending at the agency. 

We look forward to continuing to work with NCL and stakeholders to ensure that GDUFA II moves easily through Congress and that the agency has the appropriate resources to comply with it.

Q. What is GPhA and the Biosimilars Council doing to change the way people think about and approach healthcare?
A. GPhA and the Biosimilars Council have been working very hard to raise awareness about the vastly different markets in which brand and generic manufacturers operate. Unlike brand manufacturers who do not have direct price-based competitors, generics function in an entirely different market where our members aggressively compete with one another on price. As more players enter any given market, the price lowers. As policymakers and stakeholders begin considering various solutions to address prescription drug costs, we’ve found that there is a significant lack of understanding and education surrounding the two different markets. We have been working hard with our allies to address that deficit to ensure that policy solutions seeking to address cost do not jeopardize the incredibly efficient and effective market that the generics industry has created. That system has created enormous value for patients and consumers, and reducing competition would only increase costs. 

Q. What does GPhA and the Biosimilars Council value about membership in NCL’s Health Advisory Council?
A. As new members, we are looking forward to the opportunity to partner with NCL, and in particular the Health Advisory Council, to consider and support policies that will increase consumer access to safe, effective and affordable medicines.

Mark Gibbons

Director of Programs and Operations, Caregiver Action Network

Q. How would you describe your role at the Caregiver Action Network (CAN)?
A. As Director of Programs and Operations, I am responsible for corporate outreach and relationship building. In addition, I manage various programs that CAN is involved in like distributing free meals to family caregivers, surveys, conducting workshops, and many other programs. 

Q. What do you enjoy most about working at CAN?
A. I have been at CAN for a little over 6 years now. To me waking up every day and being able to go to a job that I love is very important. We are a small staff but like many other organizations – we are a true family. Being able to speak to family caregivers every day and provide them with help or just to listen to them vent is rewarding. To know that we help family caregivers as they struggle on this journey that they did not ask for is very satisfying.

Q. How would you describe CAN’s role in the advocacy arena?
A. CAN has created a 501(c)(4) (Caregiver Voices United) which allows us to advocate on family caregiving issues on a full time basis. Our current effort has been featured in the The Hill and Politico and on WTOP radio.

Q. What are the biggest challenges facing CAN today?
A. The biggest challenge we face at CAN is ensuring that family caregivers are not left out of the health care team discussions. A lot of focus is on professionals and the patient. However, in most cases it is the family caregiver who is making the medical and financial decisions for the patient and the family. The family caregiver or care partner is the one researching treatments or clinical trial information. 

Q. What CAN initiatives would you like to share with the Council?
A. CAN was recently awarded a PCORI engagement grant to conduct 8 workshops entitled: Equipping You for Success: Training for Family Caregivers in Team-Based Medical Decisions. 

Q. What do you believe is the most valuable aspect of CAN’s participation in NCL’s Health Advisory Council?
A. CAN appreciates the opportunity to remind Council members that the Family Caregiver voice has to be heard and respected.

Welcome to the Q4 issue of the Health Advisory Council Newsletter. Please read on for NCL policy updates, Member Q&A’s and updates, and more.

 In case you missed it: NCL’s Ensuring Consumer Access to Healthcare conference

In response to interest expressed by Health Advisory Council Members, NCL sponsored a November 16 conference at The National Press Club: Ensuring Consumer Access to Healthcare. The conference brought together patient and consumer advocates, healthcare professional organizations, pharmaceutical and healthcare industry representatives, health plans, and government officials for an engaging discussion of the impact of the election and consumers’ healthcare access problems and solutions.

Discussion panels included:

• The 2016 Election: The Implications for Healthcare Access
• The Move Towards Value-Based Healthcare to Improve Patients’ Access to Care
• Improving Access to Care for the Underserved and Minority Populations, moderated by Dr. Regina Benjamin, 18^th U.S. Surgeon General

Conference attendees particularly appreciated the diversity of the audience and speakers and the thought-provoking examination of the current health policy landscape. 

Minutes are available here.

 NCL Health Policy at Work 

MyHealthPlan.Guide launch. In October, in preparation for Open Enrollment, NCL and America’s Health Insurance Plans (AHIP) launched MyHealthPlan.Guide, a comprehensive online tool that informs, educates, and engages consumers to better understand how health insurance works. The site provides consumers with easy-to-access, straightforward information to determine the health insurance coverage that is right for them and how to best use it to meet their personal health needs.

Click here for more NCL health policy updates. 

 Member spotlight

Get to know Health Advisory Council Members–Generic Pharmaceutical Association and Caregiver Action Network–with new Q&A’s.

 Updates on Member programs

Alliance for Aging Research
The Alliance for Aging Research released Spanish translations and subject chapters of its popular pocket films on Safe Selection, Use, Storage, and Disposal of OTC pain medications. The full-length English films were released earlier this year, and have received more than 110,000 collective views. The films include information on both acetaminophen and NSAIDs and walk the viewer through choosing an OTC pain medication that will be safe for them or their loved one, taking it safely and according to directions, tracking their use to avoid accidental overdose, storing it up and away and out of sight from young children, and disposing of it once it has expired or they no longer need it. The Alliance wanted to expand the impact of the films by translating them into Spanish, and by slicing them up into smaller sections for use in broader settings. The films are available in English here and in Spanish here, and the Alliance encourages you to use and share the films. The films, the translations, and their chapters were made possible by Johnson & Johnson Consumer Inc., previously McNeil Consumer Healthcare.

American Society of Health-System Pharmacists (ASHP)
ASHP publishes controlled substances diversion prevention guidelines recommendations
On October 28, 2016 ASHP published the first set of national guidelines designed to help healthcare organizations devise and implement strategies to prevent the diversion of controlled substances. The guidelines include a framework for creating a collaborative, comprehensive controlled substances diversion prevention program (CSDPP) to protect patients, employees, organizations, and the community. A link to the guidelines can be found here: http://www.ashp.org/DocLibrary/BestPractices/MgmtGdlCSDiversion.aspx

ASHP continues push for expanded access to care in medically underserved areas
ASHP, as a lead member of the Patient Access to Pharmacists’ Care Coalition (PAPCC), continues to push for support of legislation aimed at increasing access to care in medically underserved areas (H.R. 592, S. 314). Nearly 300 House members have signed-on to H.R. 592, and over 50 Senators have signed-on to S. 314. The bills would enable pharmacists to provide care for Medicare beneficiaries in medically underserved areas under Part B of the Medicare program. ASHP, and the PAPCC coalition are pleased to see the high bipartisan support of this legislation, and are seeking swift reintroduction of the bills in 2017. More information about the coalition can be found at: www.pharmacistscare.org.

America’s Health Insurance Plans (AHIP)
Update on AHIP’s Provider Directory Initiative: Earlier this year AHIP led a substantial pilot program to give consumers access to more accurate information when searching for a provider. We have reached the six-month mark, and found that strong partnership and active participation with physician practices is essential. However, physician practices often remain unaware of how important it is to update the information that consumers access online. Click here to learn more. 

Council for Affordable Health Coverage
The Council for Affordable Health Coverage (CAHC), a not-for-profit, 501(c)(6) organization, will launch a national campaign in January to educate and raise awareness about prescription drug costs, and develop and advocate for a set of credible policy solutions designed to lower costs and improve value that both Democrats and Republicans can support. The campaign already includes leading payer, drug manufacturer, employer, patient, consumer, physician, and health care industry leaders, but we are encouraging all groups dedicated to advancing near-term solutions that improve the lives of patients across the nation to participate.

The campaign will:

• Develop and advocate for bipartisan solutions;
• Oppose proposals that shift costs, endanger patient safety, stifle markets, or raise society-wide costs; and
• Educate policymakers and the public about the costs and value of prescription drugs.

CAHC believes the new Congress and Administration should implement policies that lower costs by stimulating competition, paying more for value, and improving transparency for consumers. Specifically, we support:

• Changes to laws that will encourage value-based arrangements, which allow payers and manufacturers to link payment for a medicine to patient outcomes;
• Allowing payers and manufacturers to communicate about products pre- and post-approval to improve premium setting and the coverage process;
• Speeding more generics and brand drugs to market to improve competition and price negotiations;
• Empowering consumers with information on formularies, cost-sharing, and appeals rights; and
• Promoting health plan flexibility to foster disease-specific solutions.

We will also oppose bad ideas that shift costs, imperil patient safety, or that are unworkable.

We urge all stakeholders to help us vet, discuss, and advocate for these solutions. Fortunately, several legislative and regulatory vehicles are emerging to carry these ideas. Please contact Joel White or Sloane Salzburg at CAHC to discuss the campaign further. Joel may be reached at joel.white@cahc.net or at (202) 559-0192 and Sloane may be reached at sloane.salzburg@cahc.net or (202) 808-8855. 

FDA Office of Women’s Health
Fifty percent of pregnant women report taking at least one medication and the use of four or more medications during pregnancy has more than doubled over the last 30 years. In October, the FDA Office of Women’s Health released a new consumer publication on medication use during pregnancy. Available in English and Spanish, the Medicine and Pregnancy fact sheet outlines four tips to help pregnant women talk with their healthcare providers about prescription and over-the-counter medicines. To download a fact sheet or order free bulk copies, visit: www.fda.gov/womenshealthpubs 

Generic Pharmaceutical Association (GPhA)
In October, the Generic Pharmaceutical Association (GPhA) released a new study demonstrating the critical role that safe, effective and affordable generic medicines play in reducing costs to the overall health system, and increasing access to vital medications for patients and consumers. Compiled for GPhA by QuintilesIMS Institute, the annual Generic Drug Savings & Access in the United States Report found that generic drugs are 89% of prescriptions dispensed in the U.S. but only 27% of drug costs. The data also shows that generics have created over $227 billion in savings to the U.S. healthcare system in 2015, and over the last decade those savings total $1.46 trillion. Other key findings include Medicare savings of $67.6 billion in 2015, with savings of $1,737 per enrollee to the system, and Medicaid savings of $32.7 billion, which translates to savings of $450 per enrollee to the system. 

The report documents the level of savings generics provide across multiple segments, including by therapeutic area, payor type, patient age demographic, and on a state-by-state basis. With nearly 3.9 billion of the total 4.4 billion prescriptions being dispensed in the U.S. for generics, the data shows that when generic competition exists, prescription drug prices and healthcare costs come down rapidly and dramatically, and patient health improves.

National Community Pharmacists Association
In July 2016, National Community Pharmacists Association (NCPA) announced the establishment of a new Innovation Center that is intended to further assist and speed up the evolution of independent community pharmacies in a changing health care environment.

At inception, the changes in the health care environment include:

• a growing focus on value and quality based payments and declining product reimbursements;
• the integration of health care providers including pharmacists;
• an increase in consumer driven health care;
• an increase in the services that are able to be provided in a community pharmacy setting; and
• the influence of the digitalization of health care and business. 

The Innovation Center develops and executes programs to inform and educate community pharmacists to realize the opportunities in an evolving health care market. In addition, it will demonstrate, research and support new and expanded roles for community pharmacists. Specifically, this will be accomplished through peer-to-peer exchanges of best practices.

The Innovation Center welcomes the support and partnership of various stakeholders in the health care industry who support the organization’s mission of advancing pharmacy practice and patient care.

NCPIE Collaborates with the American Medical Association on a Medication Adherence Training Module
The National Council on Patient Information and Education (NCPIE) announces the development and production of an on-line training module for residents titled “Promoting Medication Adherence” in collaboration with the American Medical Association (AMA). The AMA, a NCPIE Board Member, operates a residency training program, Introduction to the Practice of Medicine (IPM). The training module was completed in August 2016 and added as a new resource to the educational library for medical resident education. The 28-minute interactive module was introduced to numerous institutions and is now available to approximately 20,000 residents and fellows. 

The objectives of the module include:

• Discuss how the effectiveness of medication is impacted by non-adherence.
• Describe the health and economic consequences of medication non-adherence.
• Understand key patient and healthcare provider factors that contribute to medication non-adherence.
• Formulate and implement a framework for prescription medication counseling to enhance adherence and management of medication-related problems.

NCPIE worked closely with content experts and the AMA’s IPM program for over a year to develop the module. With the introduction of “Promoting Medication Adherence,” there are now over 40 titles in the IPM library, including modules on Patient Safety, Effective Patient Communication, and Safe/Competent Opioid Prescribing for Chronic Pain. The medication adherence module includes an interactive lesson, testing of key concepts during the module, relevant downloads of primary concepts, post-assessment, evaluation and course certificate of completion. The IPM interactive, web-based and tablet compatible educational series helps residents and their institutions develop the competencies required by the Accreditation Council for Graduate Medical Education (ACGME). For information about the IPM program, click here. The module is available to subscribers of the IPM series. NCPIE gratefully acknowledges Merck & Co., Inc. for providing support for the development of this project and the advancement of the NCPIE Adherence Action Agenda (A³ Project). 

Pfizer 
Ready for Cures
To help ensure that patients and their families are able to gain access to new critical, life-saving innovations, Pfizer has launched a new initiative called Ready for Cures. Ready for Cures is dedicated to improving access to life-saving medicines and fostering a public policy environment that supports healthcare innovation. In the coming months, Pfizer will be reaching out to potential members online via social media, email, and at pfizer.com/readyforcures. Please join at pfizer.com/readyforcures and share this with your members and network. Pfizer will keep members of the Ready for Cures community up to date on innovation and policies that impact access to medicines policy. 

SimplySync
Pfizer is sponsoring the SimplySync website to promote Medication Synchronization services, commonly known as Med Sync, now being provided by thousands of pharmacies across the country. Medication synchronization programs provide a platform for decreasing trips to the pharmacy, managing patient refills, and improving medication adherence. To help patients understand this patient care service, and to find a pharmacy near them that offers this service, Pfizer encourages organizations to help get the word out about the www.SimplySync.net website. For additional information on medication synchronization or the SimplySync website, please contact David Searle at david.w.searle@pfizer.com. 

Script Your Future – Ohio
The Script Your Future (SYF) effort in Ohio is being conducted by the Ohio Pharmacists Association (OPA) working with Ohio Colleges of Pharmacy. The primary action has happened at three universities as described below. OPA anticipates conducting a presentation in Columbus in the spring that will bring the groups together to present their efforts. Northeast Ohio Medical University College of Pharmacy (NEOMED), the winner of the 2016 SYF Medication Adherence Team Challenge Health Disparities / Under-represented Community Outreach Award, focused its outreach on underserved populations and those with health disparities, addressing both economic and cultural barriers to medication adherence. Examples of NEOMED’s efforts include work in two free clinics, a medical mission trip to Honduras and outreach to Hispanic patients through an appearance on a local TV show, translation of the SYF PSA into Chinese and Russian, educational efforts in three underserved senior apartment complexes and outreach to underserved residents throughout Northeast Ohio. Ohio State College of Pharmacy students have been leading and engaging in discussions with Charitable Pharmacy of Central Ohio patients about chronic disease states such as hypertension, asthma/COPD, and diabetes and their current medications. Students provide patients with tools and advice to help them overcome barriers to medication adherence. Ohio Northern University students each complete 40 hours of health-related outreach in collaboration with a pharmacist preceptor. The outreach program is a component of ONU Healthwise, which includes community outreach, employee and student wellness, drug and health information (DHIC) services and mobile clinic services. Much of the efforts of the students in the community are directed locally and include monthly screenings, health fairs, presentations to local organizations, and participation in various community-wide health related organizations and events. 

 We want to hear from you!

Online Members-only discussion board – We encourage you to take advantage of the online Members-only communications portal, where Members may share news, suggestions, and ideas directly with each other. Log on here. If you haven’t already, you will be instructed to create an account in order to view discussion items. The Members-only forum is only visible to people who have been given access privileges.

Thank you for your continued interest in the Health Advisory Council!
Please stay in touch! Feel free to contact Karin Bolte (karinb@nclnet.org) or Amy Sonderman (amys@nclnet.org).

_______________

National Consumers League
Published December 13, 2016

Issue 34 | November 22, 2016

#DataInsecurity Digest: Rogers pick for DNI could steady Trump cybersecurity jitters, FriendFinder mega-breach, and more!

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: It appears as if the Trump transition team’s difficulty in filling top jobs is making cybersecurity officials nervous. The removal of former Representative Mike Rogers from the team, in particular, is causing jitters for those in charge of the country’s cybersecurity defenses. For government agencies that already have trouble attracting talent from the private sector, and where threats continue to grow, this could be a critical weakness for the incoming Administration. These worries may be allayed, however, if reports that Trump is considering current NSA Director Admiral Mike Rogers as his Director of National Intelligence.

In other news, the need for better data security was underlined again with news of another mega breach. This time, 412 million accounts associated with the adult dating and entertainment company FriendFinder Networks were compromised. We also learned that 700 million low-end Android devices were secretly collecting and sending their users’ data to China. Meanwhile, Congress returned from recess to grapple with what options they have available to secure the Internet of Things.

And now, on to the clips!

—————–

Trump staffing problems include his cybersecurity team. Recruiting and retaining cyber talent in the federal government has always been a challenge. Due in part to the President-elect’s inflammatory statements and icy relationships with Silicon Valley, however, the Trump transition team may be having even more trouble than usual. @Reuters reports that “Susan Hennessey, a former attorney in the office of the general counsel at the NSA, said she has been urging people in the intelligence community to keep working in Trump’s administration because their expertise will be necessary to protect the country and resist potential abuses of executive power on issues such as surveillance. ‘In candor, I’m sad to be asking former colleagues whom I respect to consider setting aside their conscience in order to serve their country,’ said Hennessey, who now serves as managing editor of the national security blog Lawfare. ‘I can’t and don’t blame anyone who feels they can’t stay.’” (Source: Fortune) 

Transition watch: Admiral Rogers Floated for DNI. In the ranks of government cybersecurity defenders, few positions loom larger than Director of National Intelligence (DNI), a position that ensures that all of the nation’s 17 spy agencies are effectively sharing threat information, particularly about cyber threats. It’s for this reason that news that current National Security Administration head Admiral Mike Rogers is being considered as the next head of DNI by the Trump transition team is so important. Rogers has been at the forefront of warning about cyber threats from Russia and other adversaries at NSA and before that at the U.S. Cyber Command. As @damianpaletta and @AlanCullison report, “Adm. Rogers’s appointment as director of national intelligence could add a complication to the Trump administration, in which the president-elect wants to pursue closer relations to Russia, but where part of the national security establishment is suspicious of Moscow’s intentions.” (Source: Wall Street Journal)

Mega-breach du jour: 412 million FriendFinder Network accounts hacked. Online dating and entertainment company FriendFinder Networks and its affiliate websites could have just sustained one of the largest data breaches in history. This reported hack, the company’s second in two years, is much larger than the previous hack which compromised 3.5 million accounts at the firm. @kansasalps reports that the hacked “data stretched back 20 years and included information such as usernames, emails, join dates and the date of a user’s last visit … Passwords were also included in the trove — the vast majority of them featured unsecured protections or none at all.” (Source: Washington Post)

IoT hearing turns on role of government in improving device security. Unsecured Internet of Things (IoT) devices were to blame for the crippling distributed denial of service (DDoS) attack on DNS provider Dyn which knocked many popular websites offline last month. At last week’s House Commerce Committee hearing on the issue, all sides acknowledged the great threat posed by insecure IoT devices. However, there was still hesitation to support strict rules mandating IoT security standards, reports @alibreland. Communications subcommittee chair Greg Walden (R-OR) expressed concerns that “[t]he knee-jerk reaction might be to regulate the Internet of Things, and while I am not taking that off the table, the question is whether we need a more holistic solution.” Rep. Jan Schakowsky (D-IL) rebutted saying that “we cannot count on IoT manufacturers to do the right thing on their own.” Security expert Bruce Schneier argued that data security in this space could be a market failure necessitating action: “This is not something that the market can fix.” (Source: The Hill)

700 million Android phones secretly sending personal data to China. Security research firm @kryptowire has discovered that software was written into approximately 700 million low-end Android devices that “monitors where users go, whom they talk to and what they write in text messages,” and then send the collected data to China every 72 hours. @mattapuzzo and @nytmike report that “[i]t was not a bug. Rather, Adups (the software manufacture) intentionally designed the software to help a Chinese phone manufacturer monitor user behavior.” (Source: New York Times)

Feds able to gain access to 87 percent of mobile phones and electronic devices. Data security geeks and civil libertarians won’t soon forget the high-profile fight between the FBI and Apple when the agency pressured Apple to create a backdoor into the iPhone belonging to San Bernardino shooter Syed Rizwan Farook. Privacy advocates were therefore rightfully incredulous when the FBI’s General Counsel Jim Baker reportedly stated that of the 6,814 devices the FBI forensics teams attempted to access, they succeeded at an 87 percent rate, with only approximately 880 devices successfully evading investigators efforts. (Source: Motherboard)

Meet the future of DDoS attacks: “BlackNurse.” Researchers at the Danish Firm TDC have discovered a new type of DDoS attack software, one that requires much less to cripple its targets. @joeuchill reports that unlike typical DDoS programs which leverage thousands of devices to storm a single website at once,“[i]n BlackNurse, a computer sends a low volume of a specific Internet Control Message Protocol (ICMP) error message that can overwhelm a firewall’s processor. It only requires a single computer with a decent Internet connection.” (Source: The Hill)

State Department given failing cybersecurity grade. Despite the State Department’s $1.92 billion IT budget, the State Department’s Office of Inspector General (OIG) still gave the department failing cyber security grades in a new report. @HowellOneill reports that the OIG report “served as both a stark reminder of past failing grades and a warning that significant vulnerabilities are getting worse.” (Source: Cyber Scoop)

Quick hit: Donald Trump’s victory is good news for end-to-end encryption businesses. In the days after the election, the end-to-end encryption service Protonmail announced that their subscriptions have doubled. Protonmail CEO Andy Yen wrote that, “Regardless of which side of the political spectrum you are on, Trump’s control over the NSA is now an indisputable fact, and we think it is worth taking a closer look at what this means.” (Source: The Verge)

Obama uses the “red phone” for cybersecurity. It is no secret that cybersecurity experts, defence workers, and the White House feared Russian meddling leading up to the election. In the days before November 8, however, cyber defenders breathed a collective sigh of relief that no major cyber attacks disrupted the election. @IgnatiusPos credits part of that to a message President Obama sent to Russia via a secret crisis message system meant to defuse potential nuclear situations between the two superpowers. Reportedly, “the message was sent on a special channel created in 2013 as part of the Nuclear Risk Reduction Center, using a template designed for crisis communication. ‘It was a very clear statement to the Russians and asked them to stop their activity,’ a senior administration official said, adding: ‘The fact that we used this channel was part of the messaging.’” (Source: Washington Post)

Upcoming events

January 12, 2017 – PrivacyCon – Washington, DC
The FTC will host its second PrivacyCon conference “to continue and expand collaboration among leading whitehat researchers, academics, industry representatives, consumer advocates, and the government to address the privacy and security implications of emerging technologies.”

May 24, 2017 – Planning for the Future: A Conference About Identity Theft – Washington, DC
The FTC will host an all-day conference to take a comprehensive look at how identity theft has evolved over the last decade and what can be done to address this challenge in the future. The conference will be used to gather input from academics, business and industry representatives, government experts and consumer advocates. Participants will look at the current state of identity theft, examine potential future challenges, and discuss how to address these issues.

National Consumers League
Published November 22, 2016

Issue 32 | November 7, 2016

#DataInsecurity Digest: Will Russian hacking undermine results?

By John Breyault (@jammingecono, johnb@nclnet.org)
NCL Vice President of Public Policy, Telecommunications and Fraud

Subscribe here. Tell us what you think.

Editor’s Note: Welcome to this special pre-election edition of the #DataInsecurity Digest! With the election likely to have a major impact on the data security policy landscape, we’re bringing you the Digest two days early. We’ll be back in your inboxes again next Monday, November 14, with our post-election special, featuring reactions to and analysis of the election results from a data security point of view.

What’s the goal of Russian hackers meddling in the U.S. elections? Most experts agree that it would be extremely difficult to successfully pull off a large-scale cyber attack on our distributed voting system. According to federal cybersecurity officials, however, their real aim is to undermine Americans’ faith in the political system and its standing in the world. The concern among many at DHS, FBI and elsewhere is that last month’s massive distributed denial of service (DDoS) attack on Dyn could have just been a test-run for an even bigger attack on Election Day. In other news, if polls are to be believed, privacy and data security advocate Russ Feingold could be back in the Senate in the next Congress. Finally, the FCC’s big vote to require Internet service providers to abide by privacy rules will also have an impact on data security. The FCC’s new role as a data security cop will also be tested thanks to Sen. Mark Warner who wants the agency, along with the FTC and DHS, to examine how Internet of Things (IoT) device security can be improved in the wake of the crippling DDoS attack on Dyn that relied on compromised webcams and other IoT devices.

And now, on to the clips!

—————–

Feds: Russians used Dyn DDoS attack as a “drill” for Election Day. The massive DDoS attack on Dyn that knocked major websites like Amazon and Twitter offline for hours “had all the signs of what would be considered a drill” by Russian hacker, according to former Homeland Security official Ann Barron-DiCamillo. Federal cybersecurity officials expect that such an attack could be perpetrated again on Election Day to sow confusion and distrust of the election’s integrity. Writing for @NBCNews, @KenDilanianNBC reports that “officials fear an 11th hour release of fake documents implicating one of the candidates in an explosive scandal without time for the news media to fact check it.” (Source: NBC News)

FBI agrees: Russia’s goal is to undermine integrity of the political system, not support Trump. As numerous investigations continue into Russia’s attacks on the Democratic National Committee, Clinton campaign chairman John Podesta, and now the Trump campaign’s potential ties to a Russian bank, officials are beginning to conclude that the aim of these cyber attacks is not to elect Donald Trump. Rather, write @EricLichtblau and @stevenleemyers, the consensus developing at the FBI is that the goal was to “disrupt the integrity of the political system and undermine America’s standing in the world more broadly.” (Source: New York Times)

How could hackers suppress the vote? Although the dispersed nature of the U.S. election system makes it next to impossible for hackers to alter the results, some experts are raising the alarm over a potential cyber attack designed to suppress voter turnout. @Incapsula_com cautions that a distributed denial of service attack has been designed to suppress voter turnout by targeting get-out-the-vote carpooling websites, poll locator sites, and online voting platforms. (Source: Imperva Incapsula)

Digital privacy advocate poised to retake Senate seat. Former U.S. Sen. Russ Feingold (D-WI), a longtime digital privacy advocate, and the only U.S. Senator to oppose the U.S. Patriot Act, is enjoying a significant lead according to recent polls. @Reuters reports that, “Privacy advocates and former Feingold staffers said they expected Feingold, if returned to office, to be sympathetic to the privacy concerns of technology companies and civil liberties groups on issues such as encryption and domestic spying, at a time when many lawmakers are being pressured to confront security threats from Islamic State and other militant groups.” (Source: Reuters)

And in non-election news: New FCC rules require ISPs to adopt “reasonable” data security. The impact of new privacy rules on Internet service providers was the focus of much of the analysis of the FCC’s vote on October 27. However, the new rules also require ISPs to abide by rigorous data security and breach notification rules (full disclosure: NCL filed comments in support of the new rules). Fortunately, @HoganLovells provided a quick snapshot of the data security requirements, which require that, “ISPs must take reasonable measures to protect consumer data. ISPs also must notify consumers of data breaches within 30 days unless they determine that no harm is reasonably likely to occur.” Unlike the privacy rules, which take effect next year, the data security and breach notification rules take effect 90 days and six months, respectively, after publication in the Federal Register. (Source: Hogan Lovells)

Sen. Warner: FCC, FTC, DHS should investigate DDoS attacks. Sen. Mark Warner (D-VA), co-founder of the Senate Cybersecurity Caucus, wants three federal agencies to examine how IoT devices are being used to power massive DDoS attacks. Last month, the so-called Mirai botnet, reportedly powered by an army of compromised IoT devices, took down many popular Internet sites, including Twitter and Spotify. “The weak security of many of the new connected consumer devices provides an attractive target for attackers, leveraging the bandwidth and processing power of millions of devices, many of them with few privacy or security measures, to swamp internet sites and servers with an overwhelming volume of traffic,” wrote Warner. (Source: KrebsOnSecurity.com)

Upcoming events

January 12, 2017 – PrivacyCon – Washington, DC
The FTC will host its second PrivacyCon conference “to continue and expand collaboration among leading whitehat researchers, academics, industry representatives, consumer advocates, and the government to address the privacy and security implications of emerging technologies.”

May 24, 2017 – Planning for the Future: A Conference About Identity Theft – Washington, DC
The FTC will host an all-day conference to take a comprehensive look at how identity theft has evolved over the last decade and what can be done to address this challenge in the future. The conference will be used to gather input from academics, business and industry representatives, government experts and consumer advocates. Participants will look at the current state of identity theft, examine potential future challenges, and discuss how to address these issues.

National Consumers League
Published November 7, 2016