At a glance.
- Debate over Australian cyber response law turns on public, private equities.
- Proper response to Solorigate.
- Data privacy laws and their effect on cyber insurance markets.
- Motivation and effect of CMMC.
Australian cyber response law incites cybersecurity turf war.
ZDNet reports that Amazon, Salesforce, Cisco, Microsoft, and other technology firms with a presence in Canberra are concerned about a provision in the Security Legislation Amendment (Critical Infrastructure) Bill 2020 that would allow the Australian Signals Directorate (ASD) to step in as a “last resort” during severe cyberattacks impacting critical infrastructure. ASD assistance could involve “accessing, restoring, copying, altering, or deleting software.”
Microsoft commented that ASD intervention could complicate mitigation and remediation efforts, undermine in-house experts best suited to diagnose internal systems and tradeoffs, amplify the “Fog of War,” precipitate collateral damage, and leave companies with the bill. Cisco called for checks and balances, and Amazon Web Services requested clarification of “last resort” conditions. ASD stressed that its involvement would be “rare.”
More Solorigate debate.
Two cybersecurity professionals told CBS that Washington should retaliate for Solorigate, or risk further incidents. One proposed clarifying the US’ red line, arguing that indictments alone don’t impede attacks. The other recommended getting creative with influence operations about Russian corruption, or meddling “a little bit” with the funds Russian leaders “have squirreled all around the world,” saying the Biden Administration “could rethink how we use the exquisite capabilities that NSA and Cyber Command have to inflict pain on Russia.” As we’ve seen, counterintelligence and sanctions are commonly viewed as the appropriate responses to cyberespionage events like Solorigate.
Data privacy laws as engines of cyber insurance market growth.
Insurance Day says Brazil’s new General Law on Protection of Personal Data (LGPD), with its comprehensive requirements and substantial fines, could boost demand for a variety of coverages in Latin America. The law grounds its privacy considerations in the following seven principles:
- “respect for privacy”
- “informative self-determination”
- “freedom of expression, information, communication and opinion”
- “inviolability of intimacy, honor and reputation”
- “economic and technological development and innovation”
- “free initiative, free competition and consumer protection”
- “human rights, free development of personality, dignity and exercise of citizenship by the individuals”
Breaking Defense reiterates the importance of Cybersecurity Maturity Model Certification (CMMC) using the example of Beijing’s J-31 stealth fighter, which was ripped off of Washington’s F-35 following a 2007 Lockheed Martin breach. When vendors mismanage data and pay lip service to compliance, military secrets are stolen and the United States’ security posture is weakened. No longer can firms simply “pack the whole data package up and shoot it down the line, and say they’ll figure what data they need out of this,” in the words of CMMC Director Stacy Bostjanick.