The non-profit Technology Business Management Council established a Commission on IT Cost Opportunity, Strategy and Transparency (IT COST) Wednesday to “define a set of recommendations and best practices for Federal departments and agencies to transparently measure and communicate their IT costs so that Federal CIOs [chief information officers] are better equipped to govern their IT spending and support agency missions with limited resources,” a news release said. The federal government spends more than $78 billion on technology per year, but each agency uses its own standards to measure, benchmark and communicate the value of its technology investments, the release said. Lack of standardization creates numerous challenges and complications, it said. CIOs from the departments of Health, Transportation, Interior, Commerce and Agriculture are participating in the first IT COST Commission meeting, to be held in June. CIOs from Cisco, Hewlett-Packard and DirecTV are also participating. The goal is to release a report in early 2016 outlining a series of recommendations to reduce waste and increase efficiency, demonstrate cost, quality and value of IT spend, and aid in the implementation of the new Federal IT Acquisition Reform Act, the release said.

The Mozilla Foundation released security updates Tuesday to address vulnerabilities in Firefox, Firefox ESR and Thunderbird, said a notice from the U.S. Computer Emergency Readiness Team. U.S.-CERT said the vulnerabilities in Firefox may have let a remote hacker “cause a denial-of-service condition or steal sensitive information." Adobe also released security updates Tuesday for Acrobat, Flash Player and Reader, a U.S.-CERT notice said. It said exploitation of Adobe vulnerabilities may let an attacker take control of an affected system.

The Online Trust Alliance is welcoming experts from private and public industry to join its initiative to develop a security, privacy and sustainability trust framework for IoT devices, it said in a Wednesday news release. OTA said the framework is intended to provide clarity and confidence to consumers as they shop and use connected devices, with an initial focus on the connected home and wearable/fitness technologies. OTA hopes the framework will be used as a basis for a potential certification program for IoT devices and applications, it said. A draft will be shared in a panel at the TRUSTe IoT privacy summit June 17, it said. “With the rapid introduction of Internet of Things products into the market, we must ensure that security and privacy best practices are integrated to maximize consumer protection,” said OTA Executive Director Craig Spiezle. “According to preliminary data from OTA’s forthcoming Online Trust Audit, 14 percent of leading IoT products did not have a discoverable privacy policy for consumers to review prior to purchase,” Spiezle said. “We welcome industry leaders to join in the multi-stakeholder effort to raise the bar and make security, privacy and sustainability key product attributes.” OTA’s next full working group meeting is June 16 in Mountain View, California. Leaders in the security and privacy community, app developers, manufacturers and international retailers were invited to provide input. TRUSTe CEO Chris Babel welcomed OTA’s initiative to extend the work of the IoT Privacy Tech Working Group to include the security and sustainability issues arising out of the explosion of data collection from connected devices, he said. “Considering that 79 percent of U.S. consumers are concerned about data collected by connected devices, we urge companies to join this important endeavor to develop clear standards for privacy and security in the Internet of Things.”

The Department of Commerce Internet Policy Task Force extended the comment deadline on identifying substantive cybersecurity issues from May 18 to May 27, said a notice in Wednesday's Federal Register. Comments may be submitted via email or mail.

The Trustworthy Accountability Group, the advertising industry's initiative to improve the digital ecosystem, said it plans to create, maintain and share its database of domains that have been identified as known sources of fraudulent bot traffic for digital ads. The TAG fraud threat list program was unveiled Monday at an Interactive Advertising Bureau conference in New York by Mike Zaneis, interim CEO of TAG, and Jim Norton, global head of media sales at AOL, which Verizon Tuesday agreed to buy. The technical proposal for the fraud threat list program will be at tagtoday.net and comments from ad industry stakeholders will be accepted for 30 days before the program is finalized. The pilot phase of the program battling the $6.3 billion issue of fraudulent ad traffic has been implemented, and broader deployment of the final program is expected in Q3, said TAG. The program lets ad companies “take power back from the criminals who are undermining our industry,” Zaneis said. “By gathering and sharing known sources of fraudulent impressions across the digital advertising ecosystem, TAG will give companies the information they need to find and remove non-human traffic from their inventory.” The list will be compiled using information from participating companies with “specific insight on domains that are driving significant fraudulent ad traffic to the ad industry” such as AOL and Yahoo, and will be available to advertising networks, publishers and technology providers, said TAG.

The rapid digitization of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally by 2019, said a Juniper Research news release Tuesday. The industry researcher said most data breaches will come from existing IT and network infrastructure, and threats targeting mobile devices and the IoT are being reported “at an increasing rate.” The report said cybercrime is increasingly becoming professional with the emergence of cybercrime products like malware creation software, and while the number of attacks overall may decrease, there will be more successful hacks. “We aren’t seeing much dangerous mobile or IoT malware because it’s not profitable,” said report author James Moar. “The kind of threats we will see on these devices will be either ransomware, with consumers’ devices locked down until they pay the hackers to use their devices, or as part of botnets, where processing power is harnessed as part of a more lucrative hack,” Moar said. “With the absence of a direct payout from IoT hacks, there is little motive for criminals to develop the required tools.” Juniper said 60 percent of anticipated data breaches in 2015 will occur in North America, “but this proportion will decrease over time as other countries become both richer and more digitized.”

Cox Communications and Cablevision’s Optimum switched spots on Netflix’s U.S. ISP speed index, which respectively ranked them as the No. 2 and No. 3 ISPs on the April index, released Monday. Cox’s average speed rose to 3.49 Mbps in April, up from 3.43 Mbps in March and 2.9 Mbps a year ago. Cablevision’s Optimum also saw its average speed rise to 3.48 Mbps from 3.46 Mbps in March and 3 Mbps a year ago. Verizon FiOS retained the No. 1 spot on the April index with an average speed of 3.55 Mbps, while Bright House remained in fourth place with an average of 3.46 Mbps. AT&T’s DSL service and CenturyLink both rose two spots on the April index to Nos. 11 and 12, while Windstream dropped three spots to No. 14. Bell Canada remained the top ISP on Netflix’s Canada ISP index with an average speed of 3.64 Mbps. Netflix said it now ranks the speeds of ISPs in 29 nations, having added measurements for Australia and New Zealand in April.

The FTC and 27 members of the Global Privacy Enforcement Network, a group of privacy enforcement agencies around the world, are “marshaling resources to protect the privacy of children online,” a news release said Monday. “In this latest initiative, privacy experts from the FTC’s Office of Technology Research and Investigation will conduct an analysis of the privacy disclosures, interactive features, and information collection practices of children’s mobile apps,” the release said. “Staff expect to release a summary of their findings later this year,” it said.

The U.S. Public Interest Research Group Education Fund and the Center for Digital Democracy are hosting an event inspired by Frank Pasquale’s new book The Black Box Society on Monday at Public Citizen’s D.C. office. FTC Bureau of Consumer Protection Director Jessica Rich will discuss what policymakers need to do to ensure the use of digital data tools complies with applicable consumer protection laws. “Every day, corporations are connecting the dots about our personal behavior -- silently scrutinizing clues left behind by our work habits and Internet use,” according to Harvard University Press, the book’s publisher. “The data compiled and portraits created are incredibly detailed, to the point of being invasive.” Pasquale, a University of Maryland law professor, will give a keynote address to open the event. Co-Director of the New Economy Project-NYC Sarah Ludwig and Other98.com Communications Director Alexis Goldstein will join Pasquale for a panel discussion on how to empower citizens and consumers in a digitally data-driven economy. The event begins at 9 a.m. and ends at noon. In-person attendance is limited, and a live stream of the event is available.

Katherine Race Brin was named FTC chief privacy officer, succeeding Peter Miller, Chairwoman Edith Ramirez said Wednesday. Brin's job will be "to ensure that the FTC complies with our privacy obligations,” Ramirez said. The CPO “coordinates efforts to implement and review the agency’s policies and procedures for safeguarding all sensitive information, and chairs its Privacy Steering Committee and the Breach Notification Response Team,” the agency said in a news release. Before becoming acting CPO, Brin was senior adviser to the director of the Consumer Protection Bureau, where she worked on legislative and policy matters involving privacy, security and technology, the FTC said. From 2007 to 2014, Brin was a staff attorney in the Division of Privacy and Identity Protection and “played a key role in many of the FTC’s most significant privacy and data security cases,” the agency said.