Fifth Domain thinks US Cyber Command, which has adopted a "defend forward" strategy, will see that strategy tested under real operational conditions during the current tension with Iran. Cyber Command has been unusually forthcoming (by Fort Meade standards) about that strategy, and Defense One reports that this is regarded by observers as a deliberate contribution to deterrence.
The Australian Prudential Regulation Authority (APRA), the country's principal financial services regulator, has said it will work closely with the Australian Signals Directorate (ASD), the Australian Security Intelligence Organisation, and what Insurance Business Australia calls "their international peers" (presumably the other four of the Five Eyes) to combat cyberattacks.
The US House of Representatives Wednesday passed, with deep bipartisan support, three bills intended to improve cybersecurity and prepare for 5G build-out. The House Committee on Energy and Commerce, with evident satisfaction, offered a quick summary of the measures. H. Res. 575, expressed "the sense of the House of Representatives" that 5G stakeholders should adhere to the recommendations of the Prague Proposals, which thirty-two countries agreed this past May to adopt. H.R. 2881, the “Secure 5G and Beyond Act of 2019... requires the President to develop the "Secure Next Generation Mobile Communications Strategy” with the heads of the Federal Communications Commission, the National Telecommunications and Information Administration (NTIA), and Department of Homeland Security, as well as the Director of National Intelligence and Secretary of Defense." H.R. 4500, the “Promoting United States Wireless Leadership Act of 2019,” encourages partnership among US companies, Government agencies, and standards-setting bodies to guide the evolution of 5G and subsequent networks. The bills will require Senate passage (and probably modification in conference) before becoming law.
The US Cybersecurity and Infrastructure Security Agency has a new Assistant Director for Cybersecurity: Haystax alumnus Bryan Ware was, a MeriTalk post reports, appointed to the job on Wednesday.
The California Consumer Privacy Act (CCPA), already widely regarded as a kind of American GDPR, has attracted the most attention of any recent state legislation involving cybersecurity, but a sister measure, SB 327 Information Privacy: Connected Devices, is also worthy of attention. Characterized as an IoT security bill, SB 327 is being called, by experts interviewed in Help Net Security, a good start, but one that falls far short of its sponsors' intentions. Many see compliance as too easy--if you've got passwords, you've met the "reasonable security measure" requirement. Among the additions critics would like to see is some mandate for encryption.
Law Press has published a book explaining China's new cryptography law. If you'd like to know how Beijing would like you to understand the proper uses of cryptography, you can order your own copy from the Xinhua Bookstore.