At a glance.
- US standards for the Internet-of-things.
- US President Trump pushes for Section 230 revision; may veto National Defense Authorization Act.
- Continuity and change in US cybersecurity policy.
IoT standards, at last?
As we’ve seen, the Internet of Things Cybersecurity Improvement Act is pending President Trump’s signature. Nozomi says the bill could finally establish a coherent body of IoT security standards. The Department of Homeland Security, IoT Security Foundation, and IEEE Standards Association, among others, have tried and failed. At present, for instance, vendors face no requirement to share or repair vulnerabilities. While the Act only covers Government gadgets, the lure of Federal contracts could entice many companies to bite. Once the bill becomes law, NIST’s “hard work” of writing standards encompassing development, vulnerability reporting, patching, configuration, and identity management will begin.
President pushes for Section 230 revision.
US President Trump has warned he will exercise his veto powers on the $740 billion National Defense Authorization Act (NDAA) if a provision terminating Section 230 isn’t included, calling 230’s protections “a serious threat to our National Security & Election Integrity,” according to the Washington Post. The Senate Majority Leader reportedly has a rule against presenting bills that are under threat of veto, but Republicans have proposed a deal: revise 230 and they’ll countenance the rechristening of military bases named for Confederate officers. (President Trump previously brandished the veto over base name alterations, so it’s unclear if this arrangement would fly either, or if he has come around.) Both Democrats and Republicans have raised concerns about Section 230’s broad liability protections for internet platforms.
Continuity and change in cyber policy between Administrations.
Governing contends that a Biden Administration “could mean significant changes for technology.” The Trump Administration saw CISA’s genesis, enhanced election security, and the passage of “a bevy” of cybersecurity laws. Many of these, like the formation of the Cybersecurity and Infrastructure Security Agency and the recommendations the Cyberspace Solarium are likely to endure. But spending may increase (President Trump also kept the Federal piggy bank relatively closed), and some senior cybersecurity personnel positions may once again be filled, or recreated (President Trump cut certain cybersecurity personnel). Some officials anticipate the return of former President Obama hires and diplomacy as cybersecurity under a new Administration, and expect operational and financial expansions at CISA. Regardless of the next president, Federal cloud contracts are poised to make some noise and can be expected to affect cybersecurity policy, as evidenced by C2E, the large cloud procurement contract being issued on behalf of the Intelligence Community.