At a glance.
- Cyberattacks could trigger NATO's Article 5.
- Opinion published in TikTok ban injunction.
- Revising Section 230: bipartisan interest in the virtual public square.
- SPD-5 and cyberthreats to space systems.
- Delays, disinformation, seen as principal threats to 2020 US elections.
- US OMB approved Defense interim rule on contractor cybersecurity.
Cyberattacks could trigger NATO's Article 5.
A UPI story reports that NATO's Deputy Secretary Mircea Geoana said, during the virtual CYBERSEC conference, that NATO's members had "agreed that a cyberattack could trigger Article 5 of our founding treaty, where an attack against one ally is treated as an attack against all."
Why TikTok was granted an injunction stopping a US ban on transactions involving the app.
The Wall Street Journal reports that Judge Carl Nichols of the US District Court for the District of Columbia yesterday published his opinion concerning the injunction he granted Sunday that stopped the US ban on TikTok from taking effect. While the Government “provided ample evidence that China presents a significant national security threat,” the evidence that any threat TikTok posed warranted a ban on the app “remains less substantial." The opinion holds it probable that the Government's proposed ban exceeds the authorities granted by the International Emergency Economic Powers Act.
Both parties would ‘like’ edits to cybercommunications law.
Marketplace reviews a cross-party initiative to limit web platforms’ existing legal detachment from decisions about hosted content (federal crimes aside), an issue the CyberWire has discussed. Some want more restrictions on “lawful but awful” content; others want less policing of public discourse. According to Stanford University’s Cyber Policy Center’s Director of the Program on Platform Regulation Daphne Keller, the conversation “transcends politics,” given that platforms like Facebook and Twitter are “the new public square, and that it’s kind of crazy that private companies are setting the speech rules.”
The US Department of Justice’s (DOJ’s) proposed amendments to Section 230 of the 1996 Communications Decency Act – which follow up on the body’s June recommendations and US President Trump’s May Executive Order on Preventing Online Censorship, and recognize that “the internet has drastically changed since 1996” – are now before Congress. The changes would clarify the nonimmunity of platforms that deliberately host certain illegal content, limit protected censorship to “objectively reasonable” as opposed to “deceptive or pretextual” cases, and generally provide “more concrete language that gives greater guidance to platforms, users, and courts,” per the DOJ. The revisions would not prevent platforms from moderating content according to their Terms of Service, provided that those terms are clearly explicated and consistently enforced, and users have a “meaningful opportunity to respond” to alleged violations.
SPD-5 treats space threats with gravity.
As the CyberWire noted, earlier this month US President Trump signed Memorandum on Space Policy Directive-5—Cybersecurity Principles for Space Systems (SPD-5). Acting Assistant Secretary of Homeland Security for Cyber Infrastructure Risk and Resilience Policy Matt Hayden told the Federal News Network that the memorandum launches an exhaustive “whole of government” plan for defending the systems aboard commercial and military satellites, with the acknowledgement that “space is now a contested military domain.” The move coordinates National Space Council, Department of Homeland Security, Cybersecurity and Infrastructure Security Agency, Space Information Sharing and Analysis Center, United States Space Command, and National Aeronautics and Space Administration partners with relevant commercial and international players.
Like terrestrial assets, space assets are vulnerable to accidental and malicious breaches; in Hayden’s words, “each of those [space] vehicles got there with computers on board.” While to date few cyberattacks against space assets have been reported (see ZDNet and Atlantic articles on International Space Station malware), Hayden says certain threat actors “do have capability to cause problems.”
US FBI and CISA see disinformation and delay as the principal threats to the 2020 elections.
As the November US presidential election nears, the Washington Post and Wired report that some security experts fear disinformation operations breeding uncertainty about procedures or outcomes, attacks on registered voter catalogues hamstringing districts without proper backups, cyberintrusions into tools that broadcast initial tallies and transmit final results, and technical difficulties leading to lengthy waits. The Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency reassured voters that cyberattacks “could slow but not prevent voting,” emphasizing that election officials are well-prepared, as we’ve seen. To combat misinformation, Axios says that Google plans to “block election ads after polls close” and Facebook will toss commercials “prematurely claiming victory.”
US Defense Department Interim Rule on contractor cybersecurity received OMB approval.
The US Office of Management and Budget has approved an interim rule requiring Defense contractor compliance with NIST SP 800-171. The interim rule implements the Defense Department’s Cybersecurity Maturity Model Certification program. One of the major changes the interim rule brings is that the Department of Defense will now be able to audit contractor cybersecurity itself. Hitherto contractors have been expected to self-certify compliance, but now external Government audits will be possible.
The interim rule takes effect in sixty days, and it’s open for comment through the end of November. The program itself remains a work in progress, with a number of unanswered questions and a projected phase-in period of five years.