At a glance.
- A National Security Memorandum for National Security Systems.
- Satellite Cybersecurity Act.
- Infrastructure Investment and Jobs Act.
- FCC cyber disclosure regulations.
US National Security Memorandum signed by president.
US President Joe Biden signed a National Security Memorandum this week detailing how the US Department of Defense and intelligence agencies will enhance the cybersecurity of National Security Systems (NSS), as denoted in last May’s Executive Order 14028, Improving the Nation’s Cybersecurity. As outlined in this fact sheet, the memorandum sets out timelines and implementation guidelines for cybersecurity provisions like multifactor authentication, encryption, cloud technologies, and endpoint detection services. The memorandum also aims to increase the visibility of any incidents that might occur, better protect against and mitigate threats, and create tools that can safely transfer data between classified and unclassified systems. Agency heads now have two months to solidify plans for implementing cloud technology, and one hundred eighty days to execute multifactor authentication and encryption for data-at-rest and data-in-transit. The directive is modeled after the Department of Homeland Security's Binding Operational Directive for civilian government networks. Jim Richberg, former cyber chief at the Office of the Director of National Intelligence, told ZDNet, “Today's National Security Memo makes it explicit that the same elements of basic cyber hygiene that EO 14028 prescribes for non-NSS government networks exist within national security ones, ensuring that there is interoperability of capability.” FedScoop notes that Senate Intelligence Committee Chair Mark Warner expressed his support of the memorandum, adding, “Now it’s time for Congress to act by passing our bipartisan legislation that would require critical infrastructure owners and operators to report such cyber intrusions within 72 hours.”
Satellite Cybersecurity Act aims to protect commercial satellites.
Last week a bipartisan pair of US senators introduced the Satellite Cybersecurity Act, which, if passed, would mandate that the Cybersecurity and Infrastructure Security Agency (CISA) and Government Accountability Office provide operators of commercial satellites with cybersecurity recommendations and resources to better defend their sensitive equipment. NextGov reports that Senators Gary Peters of Michigan and John Cornyn of Texas were motivated by mounting concerns that commercial satellites could be the target of digital attacks. The senators wrote, “In 2014, American officials accused China of hacking a National Oceanic and Atmospheric Administration weather satellite. As commercial satellites become more pervasive, hackers could shut satellites down, denying access to their service or jam signals to disrupt electric grids, water networks, transportation systems and other critical infrastructure.”
Infrastructure Investment and Jobs Act contains critical infrastructure protection provisions.
BizTech Magazine explains how the US’s Infrastructure Investment and Jobs Act, signed into law in November by President Joe Biden, will help provide the nation’s critical infrastructure with much-needed protection from digital threats. As the White House notes, the legislation is “the largest investment in the resilience of physical and natural systems in American history,” and it couldn’t come at a better time, as attacks against US utilities ramped up in 2021. The funding will provide cybersecurity training programs as well as support for research conducted by the Department of Homeland Security’s science and technology wing. At the Environmental Protection Agency, special attention will be given to protecting the nation’s water systems. Additionally, the law will establish a $21 million budget for the Office of the National Cyber Director and implement a $100 million Cyber Response and Recovery Fund over the next five years.
New FCC regulations focus on cyberincident reporting.
In the wake of massive data breaches impacting customers of telecom giants like T-Mobile, the US Federal Communications Commission (FCC) is proposing new regulations that would require carriers to more quickly notify customers and regulators of cybersecurity incidents. In addition to eliminating the seven-day mandatory waiting period for notification of customers, the FCC is also recommending that carriers be required to notify the FCC, Federal Bureau of Investigation, and Secret Service of all breaches. FCC Chair Jessica Rosenworcel told SDxCentral, “These rules need updating to fully reflect the evolving nature of data breaches and the real-time threat they pose to affected customers. Customers deserve to be protected against the increase in frequency, sophistication, and scale of these data leaks, and the consequences that can last years after an exposure of personal information.”