At a glance.
- HackDHS expands to include Log4j issues.
- CISA and election security.
- Post-Brexit GDPR.
US bug hunting program zeroes in on log4j.
The US Department of Homeland Security (DHS) launched its Hack DHS bug bounty program last week, offering incentives to cybersecurity experts for finding vulnerabilities in DHS’s external systems. The Hill reports that DHS this week expanded the program to include additional payments for the detection of issues related to the widespread log4j vulnerability that was discovered earlier this month and has the cybersecurity world reeling. The Belgian Ministry of Defense disclosed this week that its systems had been infiltrated as a result of the log4j bug, and it’s clear DHS doesn’t want to find itself in the same situation. DHS Secretary Alejandro Mayorkas stated on Twitter yesterday, “In response to the recently discovered log4j vulnerabilities, @DHSgov is expanding the scope of our new #HackDHS bug bounty program and including additional incentives to find and patch log4j-related vulnerabilities in our systems.”
CISA helps local governments navigate election security.
US Homeland Security Secretary Alejandro Mayorkas outlined his vision for the department’s cybersecurity goals earlier this year, which includes a string of sixty-day sprints, each focused on a particular initiative. As part of DHS’s current sprint spotlighting election security, HSToday reports, the Cybersecurity and Infrastructure Security Agency (CISA) gathered state and local election officials to share best practices about cyber navigators, or state liaisons focused on guiding jurisdictions with fewer resources through the complexities of cyber risk identification and mitigation. CISA’s Senior Advisor for Election Security Kim Wyman explains, “Election security is a whole-of-nation effort that simply isn’t possible without the partnership and leadership of state, territorial, and local election officials…We are proud to offer this forum to collaborate and share best practices on innovative approaches like cyber navigator programs.” One of the state officials in attendance, Florida Secretary of State Laurel M. Lee stated, “Participating in this most recent CISA forum was an exciting opportunity to join with some of the country’s foremost experts on cybersecurity and elections administration to share our perspectives and exchange ideas about the evolving cybersecurity landscape.”
The EU GDPR vs the UK GDPR: separate but equal?
Since, post-Brexit, the UK is no longer a member of the EU, the country is not covered by the EU’s General Data Protection Regulation (GDPR). Cooley's cyber/data/privacy insights explains that the UK operates under its own separate yet similar data protection regime, and while the two regulations are parallel, the UK has the right to review its data protection law and revise it as the country sees fit. The UK GDPR applies to controllers or processors of personal data in the context of the activities of an establishment in the UK, as well as controllers or processors outside the UK when offering goods or services to, or monitoring the behavior of persons in the UK. The experts at Cooley highlight ten key attributes of the UK GDPR, including how to determine when UK Standard Contractual Clauses (SCCs) apply to data transfers (especially given that new UK SCCs are on the horizon), understanding how adequacy decisions affect data transfers, and predicting how the UK GDPR might deviate from its EU counterpart in the future.