At a glance.
- The success of the recent Russo-American summit remains an open question.
- Cyber legislation currently before the US Congress.
Assessing the success of the recent Russo-American summit.
Foreign Policy casts the Biden-Putin summit as “a Rorschach test” where “[e]veryone saw what they wanted.” The critical infrastructure red line, supported by the promise of retaliation, was a positive step, despite uncertainty about President Putin’s sign on, and quibbles about the scope of off-limits targets. The devil will be in the details of future cyber talks that may reveal deeper areas of disagreement between the two powers.
Pending cyber bills in the US Congress.
The Senate’s Federal Cybersecurity Workforce Expansion Act, according to Executive Gov, would widen the Government’s cyber talent pipeline through a CISA apprenticeship program and a cybersecurity reskilling initiative run by the Department of Veterans Affairs. FCW notes that the bill comes as the Department of Homeland Security pursues a two-month cyber recruitment campaign and a new Cybersecurity Talent Management System.
The House’s American Cybersecurity Literacy Act, as we’ve seen, would educate the public about phishing, website security, network security, app security, user permissions, password hygiene, MFA, endpoint vulnerabilities, and cybersecurity software and resources, Security Magazine reports. Industry observers warn that education is one piece of the cybersecurity puzzle, but corporate and employee accountability is another. Netenrich Threat Intelligence Advisor John Bambenek identified the “core problem” as megacorps “outsource[ing] all the risks of the use of their technologies onto society at large.” He thinks a “few billboards from the Ad Council [aren’t] going to fix this problem."
GovTech has an account of the House’s Enhancing K-12 Cybersecurity Act, which would strengthen resources for cybersecurity and incident reporting efforts in what the FBI deems the “most targeted public sector”: public schools. The bill would request an annual $10 million for a CISA-led K-12 Cybersecurity Technology Improvement Program and require the Agency to set up an incident archive, outreach initiative, and grant program.
We received comment on some of the pending legislation, especially with respect to the bills aiming to promote cyber literacy. Alexa Slinger, identity management expert at OneLogin, sees the introduction of such legislation as practically inevitable:
“Given the increase in cyberattacks against critical infrastructure systems, like the recent Colonial Pipeline attack, it’s not surprising that the federal government is stepping in to provide guidance on Internet safety and security best practices. As we have seen in the aftermath of attacks on critical supply chain infrastructure, they can have a widespread and damaging impact on society and trade. Educating the everyday user, especially in today’s digitally connected world, is an excellent first step towards building a nationwide “Security First” culture to protect against and prevent future cyberattacks.”
Chris Hauk, consumer privacy champion at Pixel Privacy notes the crucial role lack of knowledge plays in setting users up to be victims:
“Many online scams and cyberattacks like data breaches rely on user ignorance of proper online usage. It cannot be stressed enough to computer and device users the importance of avoiding phishing and other schemes by not interacting with unsolicited emails and text messages by clicking links or opening attachments, and by not visiting unsavory sites on the web. User education can only help inform unwary users as to the hazards of unsafe online activities. As for seeing any real results from the bill, it depends on how the government goes about educating the masses. Unfortunately, legislation like this is usually written by older members of congress who may still think of the internet as a "series of tubes." The messages spread by any such program should be clear and easy to follow.”
Paul Bischoff, privacy advocate at Comparitech, thinks that the legislative efforts recognize that basic cyber hygiene remains generally inadequate:
“A lot of Americans still lack basic cyber hygiene, which is what this campaign aims to address. Clear, concise messaging emphasizing risks and best practices for digital hygiene, privacy, and security. It also needs to target demographics that have traditionally struggled with cybersecurity and those who are more likely to be targeted by cybercrime.”