At a glance.
- Voting security in the US.
- Tools for inter-government and inter-agency collaboration.
- Republican Senators call on FCC to clarify Section 230.
- CISA promises more support for ICS security.
- Re-examining the place of Huawei in 5G infrastructure.
- Cyber conflict and arms control.
Voting security.
The Washington Post points, with measured alarm, to the primaries held yesterday in the state of Georgia. The lesson the Post draws is that newer, inadequately tested voting technologies and policies can't be rolled out overnight without problems. The most visible problems in Georgia for the most part came down to long waits at polling places, often made worse by poll workers' unfamiliarity with newly deployed systems.
Some members of Congress are calling for more Federal funding for election security. One form of support, the "Cyber 9-Line," has been deployed by NSA and US Cyber Command to function as a quick reporting system for cyber incidents the states experience during voting.
New US tools for collaboration.
Fifth Domain says that US Cyber Command is establishing a new malware-sharing portal designed to enhance collaboration between Fort Meade and the National Guard. On the civilian side, the Department of Homeland Security's CISA (the Cybersecurity and Infrastructure Security Agency) is pushing out a CDM dashboard to cooperating agencies as part of its Continuous Diagnostics and Mitigation program. Federal News Network says that CISA hopes the initiative will help build inter-agency trust.
Republican Senators question the FCC about when it will look into Section 230.
Reuters reports that four Republican Senators (Marco Rubio of Florida, Kelly Loeffler of Georgia, Kevin Cramer of North Dakota, and Josh Hawley of Missouri) have asked the US Federal Communications Commission (FCC) when it intends to begin reviewing the liability protections afforded online platforms by Section 230 of the Communications Decency Act. The question is posed in the light of the President's recent Executive Order on Preventing Online Censorship.
CISA announces intention to devote more attention to ICS security.
CyberScoop reports that Christopher Krebs, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), says his organization will devote more attention and resources to industrial control security. CISA intends to develop and deploy additional "deep data capabilities to analyze and deliver information the community can use to disrupt the ICS kill chain."
Re-assessing Huawei.
As the British government re-examines its decision to permit Huawei to participate in non-core sections of its 5G infrastructure, Reuters quotes NATO's Secretary General Jens Stoltenberg on the importance of getting it right. “I trust that the UK government will design their networks in ways that protect the networks and make sure that the UK has secure 5G networks. Therefore, also I think it is important that there now will be a new review looking at exactly how to make sure that should happen.”
CPO notes that the deliberations occur at a time of heightened trade tensions between China and the United States. The US Federal Communications Commission has asked Congress to provide $2 billion to fund rip-and-replace work in rural US telecommunications providers. An op-ed in Light Reading argues that the ripping will be easier than the replacing. The paucity of options for vetted replacement equipment may have something to do with slipshod oversight over nearly two decades by Team Telecom: the Hill has a discussion of the recently released Senate study, "Threat to U.S. Networks: Oversight of Chinese Government-Owned Carriers."
Controlling nation-state conflict in cyberspace.
An op-ed in the Japan Times points with alarm at the recent exchange of cyberattacks between Iran and Israel. Some of the issues raised, notably the difficulties of attribution and the low barriers to acquisition of cyber weapons, pose problems for placing limits on cyberwar. The piece argues for some form of negotiated disarmament. It understates, however, the extent to which cyber operations, especially those with kinetic effects, are already beginning to fall under familiar categories defined in the international laws of armed conflict. The exchange between Iran and Israel might prompt some consideration of protection of certain prohibited targets.