"Costs and consequences." DHS-NSA cooperation? Big Tech and Section 230 reform. EO on disclosure coming?

Summary

By the CyberWire staff

At a glance.

US Secretary of State says Russia will face "costs and consequences."
Op-ed: closer ties between DHS and NSA.
Big Tech on Section 230 reform.
Report: US Executive Order expected to mandate disclosure.

US Secretary of State: Russia will face “costs and consequences.”

Voice of America reports Secretary Blinken’s comments that Washington, in coordination with NATO members, “will take the steps necessary to defend our interests” against Russian mischief. Blinken’s message followed President Biden’s recent remarks that “[t]he price [Putin’s] going to pay, well, you’ll see shortly.” President Biden also noted that “there are places where it’s in our mutual interest to work together."

Closer cooperation between DHS and NSA?

In a Washington Post editorial, former Defense Secretary Robert Gates weighs in on the debate surrounding the National Security Agency’s (NSA’s) limited visibility into domestic networks. He rules out three possibilities: increasing NSA authorities is “not politically feasible,” public-private partnership “would be challenging to operationalize,” and there aren’t sufficient resources to create a “domestic equivalent to the NSA.”

The Department of Homeland Security (DHS) has legal responsibility for domestic networks, but limited cyber capacity. What Gates suggested a decade ago was establishing a connection between the DHS and NSA, with “appropriate structural and regulatory safeguards,” that would allow a DHS official to tap NSA capabilities when necessary. (President Obama greenlighted the plan, but it never came to pass.) Gates says this speedy solution could be executed without new laws.

Big Tech testifies before the House on Section 230 reform.

Last week two House subcommittees spoke some more about Section 230 with guest appearances by Messrs. Zuckerberg, Dorsey, and Pichai. Quartz has an account of the proceedings. Zuckerberg advocated for modest revisions centered on methods rather than results, an evolution from his comments last October. Pichai defended the law and proposed improved transparency as an alternative to 230 reform. Dorsey spoke about trust and mostly kept his 230 opinions quiet, besides pointing out the difficulty of distinguishing large from small platforms, as Zuckerberg’s pitch requires. The CEOs’ competing stances could weaken their negotiating position, according to Quartz.

US Executive Order may mandate breach disclosure, security upgrades.

SecurityWeek says the Biden Administration could issue an Executive Order (EO) this week that would enhance Government agencies’ multi-factor authentication and encryption standards and impose new requirements on Government software vendors. The proposed EO would compel vendors to alert Government clients of data breaches, supply a “bill of materials” to those running “critical” functions, and collaborate with Government agencies on incident response.

Selected Reading

Russia’s policy of preventing conflicts in cyberspace must be preserved, says Putin (TASS) He recalled that the previous version of the document was adopted in 2013. It set a task of promoting the formation of a global system of protecting the international cyberspace"

Now Russia Has Its Own Ultimatum for Twitter (Foreign Policy) If Twitter doesn’t remove content Putin dislikes, he’ll ban it. But that will hurt him more than the platform.

Policing cyberspace (HIndu BusinessLine) Rising cyber attacks on India’s infrastructure call for a concerted policy response

India’s highest cyber security office finalizes trusted gear vendor list; meets global vendors, chipmakers, telcos (ETTelecom.com) The National Cyber Security Coordinator (NCSC) has finalized the criteria for identifying trusted sources and products, and conveyed to the telcos and..

Updated Guidelines on Canada’s National Security Review Bring Greater Clarity (Competition chronicle) On March 24, 2021, the Minister of Innovation, Science and Industry (the “Minister”) announced updates to the Guidelines on the National Security Review

Minister Champagne highlights updated guidelines on national security review of foreign investments (Canada.ca) Today, the Honourable François-Philippe Champagne, Minister of Innovation, Science and Industry, made the following statement regarding updates to the 2016 Guidelines on the National Security Review of Investments, issued under the Investment Canada Act (ICA).

Guidelines on the National Security Review of Investments (Investment Canada Act) Guidelines on the National Security Review of Investments

Proposed Amendment to the Ministerial Ordinances of the Act on the Protection of Personal Information of Japan: Cross-Border Transfer Rules (Part V) (Lexology) In the following, we will deal with the details of the cross-border transfer rules. Please refer to Part I to this newsletter for a general…

Census 2021: How Safe Will Our Data Be Over the Next 100 Years? (Infosecurity Magazine) The digital-first citizen survey is crucial to government planning, but what are the cybersecurity implications?

EU, US Make New Attempt for Data Privacy Deal (SecurityWeek) Facebook, Google, Microsoft and thousands of other companies want a new data privacy deal to keep the internet traffic flowing without facing significant legal jeopardy over European privacy laws.

Even When Covid-19 Vaccines Arrive, EU Struggles to Get Shots in Arms (Wall Street Journal) Despite rising coronavirus cases, many European countries remain reluctant to overhaul slow and bureaucratic vaccination programs.

Director Says NSA’s Domestic Surveillance Authority ‘Rightly’ Limited (Nextgov.com) Gen. Paul Nakasone, who oversees both the intelligence agency and U.S. Cyber Command, stressed the need for greater visibility through private-sector information streams.

Nakasone Says Federal Cyber Defenders Need Better Visibility Within U.S. (Meritalk) As adversaries from overseas continue to threaten the cybersecurity of U.S. companies and organizations, National Security Agency (NSA) director and U.S. Cyber Command (CYBERCOM) chief Gen. Paul Nakasone told senators today that Defense Department (DoD) agencies need to be able to operate more freely within the U.S. to deal with those threats swiftly.

Senators Raise Concerns About Energy Dept. Cybersecurity (BankInfo Security) Eleven U.S. senators are raising concerns about the Department of Energy's cybersecurity readiness as the department continues to investigate a breach related to

Biden Team Boosts Effort to Shield U.S. Power Grid From Hackers (Bloomberg) Moves to include plan for better coordination with industry. Effort seeks to harden cyber defenses and map U.S. responses.

Report: US Gov Executive Order to Mandate Data Breach Disclosure (SecurityWeek) Reuters is reporting that a U.S. government executive order would set new rules on data breach disclosure and use of multi-factor authentication and encryption in federal agencies.

US Vows ‘Consequences’ for Russian Actions (Voice of America) U.S. Secretary of State Antony Blinken says there will be “costs and consequences” for Russia for its allegedly malign activities against the United States. “We will take the steps necessary to defend our interests” at the time of the U.S.’s choosing, Blinken said in a CNN interview that aired Sunday but was taped last week as he completed talks with other NATO diplomats in Brussels. He said there was “a shared commitment” among Western allies to be “clear-eyed” about Moscow’s actions and hold the Kremlin accountable. The top U.S.

Opinion | The United States has a major hole in its cyberdefense. Here’s how to fix it. (Washington Post) We must empower the Department of Homeland Security to quickly respond to attacks originating in the United States.

The Agency at the Center of America’s Tech Fight With China (New York Times) Washington lawmakers, lobbyists and other parties have been vying to influence how the Bureau of Industry and Security, under the Biden administration, will approach a technology relationship with China.

DHS dissolves independent advisory council, ousting Trump-era officials (CNN) Department of Homeland Security Secretary Alejandro Mayorkas on Friday dissolved the Homeland Security Advisory Council, according to a letter obtained by CNN, ousting a board of independent advisers that included Trump-era officials and setting up a plan to reconfigure the council.

How Biden’s Administration is Revamping US Cybersecurity (Analytics Insight) The Biden administration has been formulating plans to rebuild the area of cybersecurity. One of the key steps is giving the top cybersecurity veterans the authority to lead administration positions. This is a new step towards advanced security.

Broken trust: Lessons from Sunburst (Atlantic Council) Sunburst was a startling reminder of the United States’ collective cyber insecurity and the inadequacy of current US strategy.

As US Loses its Edge, Game of Cyber Chicken Could Have Deadly Consequences (NewsClick) ‘…all countries have offensive and defensive capabilities and ‘stealing” data and knowledge from other countries are time-honoured tasks of spook agencies. It becomes an act of war only if it leads to physical damage to critical equipment or infrastructure.’

Did China cross a new red line in cyberspace? (The Sunday Guardian Live) The Mumbai hack showed complete disregard for collateral damage. Washington, DC: Did China cause the blackouts in Mumbai last year? Nearly six months later, the answer is still unclear, but if recent reports that a Chinese cyber operation bears partial responsibility are accurate, Beijing just signalled a willingness

States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks (CSO Online) Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.