Articles

26 Cyberspace Solarium Commission recommendations likely to become law…

Once passed, the National Defense Authorization Act will create a White House cybersecurity director role, expand CISA’s capabilities, and create a K-12 security education assistance program.

This year’s National Defense Authorization Act (NDAA), the annual “must-pass” spending bill that ensures the continued funding of the nation’s military, has a wealth of information security recommendations that come from the bi-partisan, bi-cameral, public-private initiative known as the Cyberspace Solarium Commission (CSC). The CSC was itself established in 2019’s NDAA bill and was asked to come up with a new strategic approach to cybersecurity.

Last spring, the CSC issued a report that offered 82 policy and legislative recommendations to improve cybersecurity. Of those, 26 will likely become law given that both the House and Senate last week passed the bill by overwhelming margins. The veto-proof vote count is needed given that President Donald Trump has repeatedly vowed to veto this year’s NDAA unless it also contains provisions that strip internet companies of legal liability protections granted them in Section 230 of the Communications Decency Act of 1996. Over the weekend, Trump reiterated via Tweet his intention to veto the NDAA.

Solarium co-chairs Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI) expressed their delight in turning substantive cybersecurity recommendations into legislative provisions. “From the first day we embarked on crafting America’s cyberdoctrine, we were determined to create a plan of action, not a report collecting dust on a shelf. It is only because of the hard work and commitment of our commissioners and tireless staff that we were able to create such a robust report earlier this year. It is due to them that we were able to inform national policy on such a remarkable level,” the pair said in a statement.

The Commission’s top accomplishment in the bill is the reestablishment of cybersecurity leadership in the White House by creating a national cyber director position. Senator Mike Rounds (R-SD) garners much of the credit for this achievement. “The creation of a national cyber director position in this year’s NDAA was the result of years of hard work,” Rounds said in a statement.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Louis Velazquez on Unsplash

 

Articles

New US IoT law aims to improve edge device…

lead centered=”no”
The Internet of Things Cybersecurity Improvement Act will require device manufacturers to meet new security standards for government contracts. Carryover effect expected for the private sector.
/lead

As the world moves toward interconnection of all electronic devices, the proverbial internet of things (IoT), device manufacturers prioritize speed to market and price over security. According to Nokia’s most recent threat intelligence report, IoT devices are responsible for almost a third of all mobile and Wi-Fi network infections.

This ratio will likely grow dramatically as the number of IoT devices continues its exponential growth. A recent report from Fortinet warns that the rapid introduction of edge devices will create opportunities for more advanced threats, allowing sophisticated attackers and advanced malware to “discover even more valuable data and trends using new EATs edge access Trojans and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands.”

The Internet of Things (IoT) Cybersecurity Improvement Act, passed by the House in September and unanimously approved by the Senate last week, is a step toward warding off these threats and providing greater security in IoT devices. The act is headed to the desk of President Trump, who is expected to sign it into law.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Michał Jakubowski on Unsplash

Articles

Many Cyberspace Solarium Commission recommendations expected to become federal…

lead centered=”no”
Dozens of cybersecurity measures designed to protect US businesses and infrastructure are part of the National Defense Authorization Act. Budget, political concerns might eliminate some.
/lead

Several cybersecurity proposals are advancing in both the US House and Senate that flow from the prolific work of the public-private brainstorming initiative called the Cyberspace Solarium Commission. The Commission was formed in 2019 to break through the seemingly intractable barriers blocking the path to devising and implementing practical solutions to the most challenging cybersecurity problems.

The vehicle through which the commission hopes to enact several dozen of its legislative recommendations (out of 75 recommendations included in its inaugural report this past spring) is the National Defense Authorization Act (NDAA), an annual “must-pass” federal law that sets the budget and expenditures for the US military. The commission’s executive director Mark Montgomery estimated earlier this month that each chamber’s bills would feature eight to 20 of the commission’s recommendations.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Bipartisan bill could bring back the White House national…

lead centered=”no”
Cyberspace Solarium Commission leaders introduce the National Cyber Director Act to reintroduce cybersecurity expertise into the White House.
/lead

Last week a bipartisan group of US House of Representatives legislators introduced the National Cyber Director Act to create the position of a national cyber director within the White House. The creation of this role is one of the chief recommendations of an increasingly influential intergovernmental group known as the Cyberspace Solarium Commission.

The commission issued its report — the product of months-long deliberations by four members from congress, four senior executive agency leaders and six experts from outside of government – just as the coronavirus pandemic quarantine kicked in during March. Nevertheless, the commission’s 80 recommendations, such as creating a national cyber director, are quickly being translated into actionable legislation on Capitol Hill.

Two of the commission’s leaders, Cyberspace Solarium Chair Congressman Jim Langevin (D-RI) and Solarium Co-Chair Congressman Mike Gallagher (R-WI), introduced the bill. Other legislators backing the bill include House Oversight and Reform Committee Chairwoman Carolyn Maloney (D-NY), Ranking Member of the Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure and Innovation John Katko (R-NY), former Ranking Member of the House Intelligence Committee C. A. Dutch Ruppersberger (D-MD), and Ranking Member of the House Intelligence Committee’s Subcommittee on Intelligence Modernization and Readiness Will Hurd (R-TX).

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

New Republican bill latest in long line to force…

lead centered=”no”
Here we go again. Senate Republicans push a new bill to mandate “lawful access” to encrypted devices and data. It won’t end until law enforcement has better cyber forensics capabilities./lead

In what seems like Groundhog Day when it comes to encrypted communications, a group of Republican senators last week introduced the Lawful Access to Encrypted Data Act, which aims to end the use of so-called “warrant-proof” encrypted technology by terrorists and criminals. Senate Judiciary Committee Chairman Lindsey Graham (R-SC), Tom Cotton (R-AR) and Marsha Blackburn (R-TN) introduced this latest measure to find a way for law enforcement to gain access to devices and data that are protected by unbreakable encryption methods.

“The Lawful Access to Encrypted Data Act is a balanced solution that keeps in mind the constitutional rights afforded to all Americans while providing law enforcement the tools needed to protect the public from everyday violent crime and threats to our national security,” the Senators said in a statement.

Although the bill’s proponents don’t say so explicitly, the “lawful access” it seeks to establish mirrors a long string of potentially damaging efforts by the federal government to install backdoors into encrypted communications, according to critics. Virtually all cybersecurity and cryptography experts insist that any break in the encryption chain will break security and protection altogether, leaving criminals and adversarial nation-states with even more power to hack into users’ devices and communications for nefarious purposes.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Senate subcommittee blasts FCC and Team Telecom approach to…

lead centered=”no”
A report claims that oversight of Chinese telecoms for security threats to the US communications supply chain is lacking and without adequate authority.
/lead

The Senate Permanent Subcommittee on Investigations released on Tuesday a report, “Threats to US Networks: Oversight of Chinese Government-owned Carriers.” The document slams the current government review process that oversees how Chinese telecom companies operate in the United States for not rigorously monitoring Chinese tech providers. It outlines a Senate investigation that began shortly after the Federal Communications Commission (FCC) in May 2019 denied a China Mobile USA application to provide international telecom services.

The subcommittee said it reviewed more than 6,400 pages of documents and conducted more than ten interviews, including interviews with representatives from the FCC, Department of Justice (DOJ), Department of Homeland Security (DHS), China Telecom Americas, China Unicom Americas, ComNet, AT&T, Verizon and CenturyLink. The subcommittee also said it met with researchers who analyzed the Chinese government’s use of telecommunications carriers to hijack communications.

The subcommittee’s investigation found that the FCC and “Team Telecom,” a formerly informal group composed of representatives from the DOJ, DHS and Department of Defense, have failed to adequately monitor three Chinese government-owned carriers, China Telecom Americas, China Unicom Americas, and ComNet since they began operating in the United States in the early 2000s.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

New cybersecurity recommendations for US government target IoT, social…

lead centered=”no”
The COVID-19 pandemic spurs the Cyberspace Solarium Commission policy initiative to issue a set of four security recommendations for the federal government in the wake of the crisis.
/lead

The Cyberspace Solarium Commission is a unique policy initiative created in 2019 to cut through the complexity of the vast and dense cybersecurity challenges facing the country. It is composed of lawmakers and government officials from across several agencies who, working with outside experts, are devising “a strategic approach to defending the United States in cyberspace against cyberattacks of significant consequences.” The high-profile focal point group came out this spring with an ambitious report that offered 75 recommendations to keep the country safe from digital threats.

Last week, the commission took its prerogative one step further. It came out with its first white paper, Lessons from the Pandemic, a timely document articulating the changes the COVID-19 crisis creates for cybersecurity. The pandemic “illustrates the challenges of ensuring resilience and continuity in a connected world,” co-chairs Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI), wrote in their executive summary of the white paper.

The white paper contains observations about the parallel connections between cybersecurity and the pandemic. It stresses 32 of the commission’s original recommendations, which King and Gallagher said have attained “renewed importance” in light of the coronavirus crisis.

This article appeared in CSO Online. To read the rest of the article please visit here.