At a glance.
- UN notes on cyber norms draw good reviews from Redmond.
- US and EU continue to work toward rules facilitating trans-Atlantic data transfers.
- US Senators query Administration about cybersecurity at the Department of Energy.
Microsoft likes the UN’s moves toward setting cyber norms.
Microsoft On the Issues calls the United Nations’ cybersecurity Open-Ended Working Group report “historic” and “a major step forward” as well as a “win…for cybersecurity.” The document follows almost two years of debate, and is the inaugural such project to invite involvement from every member nation in addition to closer collaboration with the private sector. Participating parties established new standards of acceptable online activity for the first time in five years.
Besides promoting capacity building and upholding the importance of international law, the report placed critical infrastructure, computer emergency response teams, healthcare systems, and the information communications technology supply chain out of bounds. Incidents like Holiday Bear’s romp, Microsoft says, “should not be tolerated,” since they “threaten to undermine public trust and confidence in the update process all vendors use to maintain the security of the digital ecosystem.”
The company’s only complaint was the Working Group’s thin coverage of human rights concerns: they're mentioned, but not discussed at length.
US and EU: we’re serious about trans-Atlantic data transfer.
Last week EU Commissioner for Justice Didier Reynders and US Commerce Secretary Gina Raimondo issued a joint statement committing to “intensify negotiations on an enhanced EU-U.S. Privacy Shield framework.” Echoing language from this month’s CYBERSEC conference, Reynders said the Schrems II decision “raised important questions,” but moving forward “is a priority” for both bodies and shouldn’t be too difficult for “like-minded partners,” SecurityWeek reports. The EU has already finalized twelve analogous arrangements, among them deals with Tokyo and Jerusalem.
As a refresher, the previous US-EU privacy shield was overturned in the summer of 2020 by the European Court of Justice’s Schrems II decision after four years of usage. In 2015, Epic reminds us, Schrems I nixed the preceding data transfer agreement. The Schrems cases were spearheaded by Austrian activist Max Schrems in the wake of Snowden’s exposé. For the time being, companies are relying on “legally uncertain workarounds,” in SecurityWeek’s words.
US Senators worry about Energy Department cybersecurity.
BankInfo Security says a bipartisan cohort of Senators sent US Energy Secretary Jennifer Granholm a letter encouraging her to “prioritize cybersecurity by preserving the [Cybersecurity, Energy Security and Emergency Response (CESER)] office and…its leadership.” Created in 2018, CESER’s role is to mitigate energy infrastructure risks. A recent report by the Government Accountability Office found gaps in the Energy Department’s cybersecurity approach. Granholm’s public comments to date indicate that CESER will remain operable.
Secretary Granholm and Deputy National Security Advisor Anne Neuberger met with energy industry leaders earlier this month about partnering to address grid threats, according to Bloomberg. The initiative, which should be unveiled soon, may bring major developments to cyber policies. Industry’s typical grievance is that Government guidance is inconsistent, but the new plan would coordinate State, Energy, Homeland Security, NSA, and private sector capabilities. The Administration’s sights are set on water, gas, and chemical manufacturing infrastructure next.