We’re always looking for ways to improve our content so we can save you time and keep you up to speed on developments in the cybersecurity industry. We created this survey and would love a chance to hear from you. It only takes 15 minutes, and once completed you will have a chance to win a $100 Amazon gift card. Help us make the CyberWire even better.
The SEC and infosec. GAO and its look at emerging technology. How CISA will spend its COVID-19 recovery appropriations windfall.
At a glance.
- SEC's focus on information security.
- GAO's growing tech team.
- How CISA will spend its American Rescue Plan windfall.
What the Securities and Exchange Commission will be looking for this year.
The US Security and Exchange Commission’s 2021 Examination Priorities include a focus on information security and operational resiliency. JD Supra recommends organizations review their Incident Response Plan, with an eye to phishing and ransomware campaign mitigations, Information Security Policy, paying special attention to authentication procedures, Vendor Management Policy, and training programs.
The US Government Accountability Office’s growing emerging tech team.
Federal News Network reports that Government Accountability Office (GAO) Comptroller Gene Dodaro is prioritizing emerging technology cases and hoping to double the Office’s Science, Technology Assessment, and Analytics (STAA) ranks from 2019 numbers. Dodaro explained that the STAA team works to describe new technologies’ function, developmental stage, advantages, pitfalls, and policy significance.
The group has studied the interplay between AI and 5G technologies and policing and medical professions, for example, and is building a framework to assess AI algorithms for bias. GAO is requesting an $83 million budget increase this year, but a Congressional appropriations representative told the office to temper expectations.
How CISA plans to spend $650 million.
The Cybersecurity and Infrastructure Security Agency (CISA) intends to spend its American Rescue Plan windfall on four projects, according to Federal News Network:
- Federal agency “detection sensors”
- Threat and risk intel processing improvements
- Threat hunting and incident response program enhancements
- Zero trust upgrades to “defensive network architecture”
CISA Executive Assistant Director for Cybersecurity Eric Goldstein said the Agency hopes to implement a “proactive” threat hunting model that uses “advanced analytical techniques.” CISA is still hammering out the details of how it will audit partners’ networks—whether by implanting detectors, combing through self-compiled data, or some combination of techniques.
EINSTEIN’s “17-year-old approach” is also in for an overhaul. Goldstein said “CISA is urgently moving our detection capabilities from that perimeter layer into agency networks to focus on those end points, servers and workstations where we are seeing adversary activity today.”
China’s cyberattack on Maharashtra power grid was to improve PLA’s bargaining position (ThePrint) China’s cyber assault against India’s critical infrastructure in October 2020 happened amid an ongoing crisis on their contested boundary.
Tim Berners-Lee says Africa’s internet shutdowns shouldn’t be tolerated (Quartz) The creator of the internet says internet access if a human right that, when violated, creates an untenable power divide.
U.S. Imposes New 5G License Limits on Some Huawei Suppliers (Bloomberg) Conditions for licensed exporters went into effect this week. Move builds on Huawei prohibitions implemented under Trump.
America's Place in Cyberspace: The Biden Administration’s Cyber Strategy Takes Shape (Council on Foreign Relations) The Biden administration's cyber strategy reflects the ideological, geopolitical, technological, and diplomatic pillars of President Biden's overarching vision for U.S. foreign policy and national security.
CISA’s four-part plan to spend $650M on cyber protections (Federal News Network) House Appropriations Subcommittee on Homeland Security members questioned CISA leaders about plans to improve federal cybersecurity efforts.
Commentary: What the first-ever U.S. national cyber director will need to succeed (Fortune) Commentary: The 2021 NDAA created the national cyber director role, which will be appointed by President Biden.
The Cybersecurity 202: Democrats' new infrastructure bill highlights cybersecurity concerns (Washington Post) Coming up on the Biden administration's agenda now that the massive coronavirus relief bill has passed: A major infrastucture and jobs package.
$1.9T Covid relief bill promises tech opportunity for federal contractors (Washington Business Journal) The American Rescue Plan Act includes more than $2 billion in funding for technology and cybersecurity efforts and provides contractors with a change to generate modernization momentum, some experts say.
India lauds efforts of Organization for Security and Cooperation in Europe for countering terrorism (Times Now News) External Affairs Minister S Jaishankar had on January 11 called for member nations to fulfill the obligations enshrined in the international counter-terrorism instruments.