At a glance.
- CISA requests comment on cloud use case.
- USCYBERCOM Industry Day gathers tech experts from Five Eyes.
- EU revamps rules to curb the spread of disinformation.
- White House cracks down on online harassment.
- Japan increases penalty for online hate.
- House Appropriations Committee votes to increase CISA's budget in FY2023.
CISA requests comment on cloud use case.
The US Cybersecurity and Infrastructure Security Agency has issued a request for comment on its Trusted Internet Connections (TIC) 3.0 Cloud Use Case, a federal cybersecurity initiative aimed at securing federal data, networks, and boundaries. TIC cases are released individually and are intended to provide guidance on securely implementing and configuring specific platforms, services, and environments, while providing more transparency about agency traffic.
USCYBERCOM Industry Day gathers tech experts from Five Eyes.
US Cyber Command (USCYBERCOM) reports that it hosted a classified Industry Day event on Tuesday, inviting tech experts from over one hundred cleared industry partners and companies in Five Eye nations to learn about the Command’s needs for advanced cyber capabilities. USCYBERCOM’s Directorate leaders briefed attendees on “Technical Challenge Problems” and future Command requirements to help them align resources to support mission strategies. Presentations focused on hardware and software, technical national defense personnel, studies and analysis, modeling and simulation, and other unique capabilities needed for future missions. Michael Clark, director of Acquisitions and Technology, explained, “What we are trying to acquire are capabilities that will make us successful today, while trying to posture to be successful in the future. The way this Command will be successful is if we can level the scope and scale of the capabilities that industry can deliver.”
EU revamps rules to curb the spread of disinformation.
The European Commission yesterday released an update to its Code of Practice on Disinformation, a set of rules focused on preventing the dissemination of disinformation. When the code was first introduced in 2018, participation was voluntary, but Brexit, the US presidential election, the pandemic, and the war in Ukraine have made the spread of disinformation a bigger concern. As well, CNET explains, the code is now underpinned by the Digital Services Act, which was finalized in April. The overhaul focused on gaps in the previous code, including “manipulative behaviors” like deepfake videos, bots, and fake accounts.
The new rules also attempt to lessen the financial incentive of disinformation by making it more difficult for such content to receive advertising revenue, and platforms will be required to provide users with tools to recognize and flag disinformation. Commissioner Thierry Breton explained, "Disinformation is a form of invasion of our digital space, with tangible impact on our daily lives. Online platforms need to act much more strongly, especially on the issue of funding. Spreading disinformation should not bring a single euro to anyone." Signatories include tech giants like Meta, Google, and TikTok, and violators could be fined up to 6% of their global revenue.
White House cracks down on online harassment.
On Thursday US Vice President Kamala Harris announced the launch of a task force aimed at preventing online abuse, the Washington Post reports. The move is the biggest step the Biden administration has made in highlighting the connection between online hostility and physical violence, an issue Biden and Harris emphasized during their campaign. The launch was heralded by a White House event gathering top administration officials, online harassment survivors, and civil society experts. “We continue to see how some acts of mass violence, the most recent included, have followed expressions of online hate and abuse,” Vice President Harris stated, noting that the gunman responsible for the recent mass shooting in Uvalde, Texas had previously posted threatening messages online. The task force will have 180 days to produce a set of policy recommendations for government, tech companies, schools, and other entities, including initiatives to provide support for victims.
Japan increases penalty for online hate.
Remaining on the topic of online abuse, Japan's parliament on Monday passed legislation making "online insults" an offense punishable by imprisonment. CNN notes that the move comes after cyberbullying led to the suicide of reality TV star Hana Kimura in 2020. Set to take effect this summer, the amendment to the country's penal code will raise detention of offenders from thirty days to up to one year, and fines will increase from 10,000 yen to up to 300,000 yen. Supporters of the bill say the tougher legislation is overdue, but critics argue it could hamper freedom of expression, especially when it comes to criticizing those in power. To assuage opponents, a provision has been added to ensure the law will be re-examined in three years to review its impact on free speech.
House Appropriators vote to increase CISA's budget in FY2023.
The US House Appropriations Committee has voted to increase the Cybersecurtiy and Infrastructure Security Agency's (CISA) budget by some $417 million in FY 2023. It's a long way from a final budget, but it's an important milestone. The Record reports that the measure passed by voice vote, accompanied by some woofing from the minority that the legislation didn't do enough.
Reed Loden, VP of Security at Teleport, sees the proposed increase as an indirect approach to shoring up private sector security:
“The House Democrats’ proposal to boost the CISA budget by more than $400M is yet another strategic move in pushing private entities to keep their shield up against looming digital attacks. That said, putting the proper cyber hygiene in place isn’t the only cause funding should be allocated for; it should also be used to address the security industry’s disclosure problem and better coordinate public/private partnerships. Despite the threat of increasing cyberattacks, enterprises are still hesitant to report when they fall victim to malware, creating a false narrative and sense of security; in fact, 75% of ransomware attacks go unreported.
"Additionally, organizations should collaborate and abide by recent legislation on reporting breaches especially as the major issue is the lack of good coordination. CISA should double down on working proactively with companies/industry to secure systems and networks - using the funding as further encouragement to increase headcount within CISA so the organization is properly staffed to fully assist enterprises disclosing cyber incidents and help them discover vulnerabilities before they are maliciously abused.
"While there’s still work to do in protecting critical infrastructure from cyberattack, increased budget for CISA is a big step in the right direction for solidifying the nation-wide reporting laws. Anything that encourages transparency in an industry with a disclosure problem is a step forward to rewriting the narrative around the current state of security.”