At a glance.
- Precedents set by media site takedowns?
- US Defense Department wants contractors to improve their cybersecurity.
- "Digital authoritarianism" as a threat to national security.
- CISA to maintain a running list of "bad practices."
- A net assessment of national power in cyberspace.
Assessing the precedents set by the US takedown of Iranian media sites.
Wired worries that the Justice Department’s seizure last week of the domains supporting thirty-plus Iranian propaganda outlets was unclearly explained and could undermine international interests in the long run. The Justice Department cited sanctions violations and security concerns in announcing the action, which arrives as Washington engages Tehran on arms control and regional disputes. Other Governments dole out disinformation through state-sponsored and allied media, however, and routine interventions could drive authoritarian regimes to strengthen domestic Internet controls, curtailing residents’ speech and information access, and complicating future attempts to combat influence operations.
US Department of Defense expresses its cybersecurity aspirations for contractors.
The Defense Department (DOD) says it’s doing its part for cybersecurity and anti-ransomware efforts—publishing malware findings, tracking malicious activity, and disrupting criminal infrastructure—and vendors of all sizes need to step up to the plate as well. Contractors should plan for attacks and leverage private sector offerings, cloud technology, and multi-factor authentication, for example. Foreign adversaries know to target the DOD’s industry partners, and the DOD wants to help vendors help themselves. Deputy Assistant Secretary of Defense for Cyber Policy Mieke Eoyang said the Department’s “door's always open” to cyber firms who want to discuss how their solutions could “shore up the cybersecurity of our partners and allies.”
Digital authoritarianism as a national security threat.
Eoyang also warned about the rising challenge from countries like China that “use technology to control and repress their populations” and export their tools globally, according to Defense One. These tools not only imperil Western values and endanger citizens abroad, but they pose a competitive threat. To keep up, Eoyang argued, the US should invest in competing technologies, with a focus on AI and microelectronics: “we need to make sure that we are offering alternatives to allies,” she said, and highlighting for them the risks of authoritarian options.
CISA has begun keeping track of "bad practices."
The US Cybersecurity and Infrastructure Security Agency (CISA) has begun cataloguing "bad practices." CISA will add to its catalogue over time, but its first two entries are unlikely to be controversial. They involve using unsupported or beyond-end-of-life software, and using known, fixed, or default credentials. Expect more to come.
A "net assessment" of national cyber power.
The International Institute for Strategic Studies (IISS) has published a long research paper ranking the world’s major cyber powers. “Cyber Capabilities and National Power: A Net Assessment,” says the US is number one. “What sets the US apart on offensive cyber is its ability to employ a sophisticated, surgical capability at scale,” the report says. IISS regards its study as a first in assessing relative national power in cyberspace, and they see their present work as laying out a whole-of-society approach to the issue that can be used more broadly. The methodology used to compile the rankings is "principally qualitative and analyses the wider cyber ecosystem for each country."