At a glance.
- The EU's new cyber strategy.
- General Nakasone testifies about cybersecurity before the US Senate Armed Services Committee.
The EU adopts a new cybersecurity strategy.
GovInfo Security says the European Union’s Cybersecurity Strategy for the Digital Decade, first presented in December, is designed to mitigate risks by encouraging best practices. Formally adopted this week, the plan endorses the following measures in an effort to forward the bloc’s cyber leadership:
- “strong encryption and threat information sharing”
- “security operation centers across the EU to monitor for attacks”
- “a joint cyber unit focused on the EU's cybersecurity crisis management framework”
- “a security standard for 5G technology”
- “key internet security standards”
- “countering cyberattacks that might affect supply chains [and] critical infrastructure”
- “a cyber intelligence working group to strengthen the EU's Intelligence and Situation Center”
- “strengthening cooperation with international organizations and partner countries”
Interviewed experts were pleased with the developments, and suggested additional ventures like a European Computer Security Incident Response Team. The European Council noted that it will be monitoring the plan’s implementation.
DIRNSA/CG CYBERCOM testifies before the Senate Armed Services Committee.
Lawfare has a recording of the Senate Committee on Armed Services’ hearing on the Future Years Defense Program and next year’s Defense Authorization Request. Shedding new light on his team’s efforts to secure the 2020 election, US CyberCom Commander and National Security Agency Director General Nakasone’s testified that CyberCom ran over two dozen election defense missions, SecurityWeek reports, including eleven hunt-forward initiatives in nine nations, according to Breaking Defense. Nakasone called the operations an attempt “to get ahead of foreign threats before they interfered with or influenced our elections.”
The General remarked on threat actors’ apparent “changed risk calculus,” evidenced by the “greater scale, scope, and sophistication” of recent incidents, Breaking Defense notes, and spent some time on adversaries’ exploitation of the domestic network intelligence gap. Without advocating precise policy changes, and with a nod to citizens’ Fourth Amendment rights, he pointed out the risks of private sector reticence to share information and limited Government visibility into US networks. Nakasone did hint that regulation regarding “the private sector understanding who their customers are” might be worth looking into in light of Holiday Bear and Hafnium’s use of private servers in US data centers.
Companies’ concerns about closer partnership with Government range, as we’ve seen, from liability to reputational harm and revenue hits. Breaking Defense observes that the other elephant in the room was “lingering fallout” from the “Snowden revelations about illegal NSA activities on US networks.”
The Defense Department says Nakasone also highlighted CyberCom’s workforce development and threat sharing efforts, and the agility advantages of his joint role.