At a glance.
- Is the FTC prepared for its new regulatory powers?
- Confirmation hearing for nominee for US ambassador for cyberspace and digital policy.
- NIST and CISA issue guidelines for identity and access management.
Is the FTC prepared for its new regulatory powers?
As we previously noted, last week the US House Energy and Commerce Committee advanced the RANSOMWARE Act (short for “Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies”). As the National Law Review details, the new measure tasks the Federal Trade Commission (FTC) with reporting on cross-border complaints about cyberaggression from Russia, China, North Korea, Iran and related entities. Simultaneously, the American Data Privacy Protection Act (ADPPA) strips the Federal Communications Commission (FCC) of its regulatory powers over mainstream telecom companies like AT&T and Verizon, instead giving this authority to the FTC.
The FCC’s oversight of data collected by telecom companies goes back decades, and some experts are concerned that this shift could have a negative impact, especially given the telecom industry’s history of privacy lapses. Lee Tien, legislative director at the nonprofit privacy group Electronic Frontier Foundation, told CyberScoop, “We’re concerned this piece [of the legislation] isn’t intended to and won’t improve Americans’ privacy in any sort of way.” Further complicating matters, the ADPPA does not prevent telecoms from sharing customer data with law enforcement agencies, and the measure does little to support the FTC in its new regulatory powers, especially concerning given the FTC’s past complaints about inadequate funding. Harold Feld, senior vice president at nonprofit public interest group Public Knowledge, explains, “The problem with the Federal Trade Commission is it has fewer tools that it can use to enforce the rule and it has a lot more ground to cover.”
Tom Kennedy, Vice President at Axonius Federal Systems, reviewed some of what Fick would bring to the State Department from his private sector experiences. "The confirmation of Nathaniel Fick as the nation's cyber ambassador at large will further bring President Biden's Executive Order on Improving the Nation's Cybersecurity to life. Not only will Mr. Fick bring more cybersecurity talent to the federal government where approximately 600,000 roles remain unfilled, but his appointment offers further proof that public-private coordination is vital to modernizing federal agencies' cybersecurity programs," he wrote. "Because the majority of Mr. Fick's prior experience comes from the private sector, he is in a unique position to bring more commercial best practices into the federal government, a necessary step in more quickly and accurately meeting security requirements and accelerating incident response investigations. If Mr. Fick manages to influence more agency-to-agency best practice sharing, it will pay off immensely."
Confirmation hearing for nominee for US ambassador for cyberspace and digital policy.
US President Joe Biden has announced his nominee for US ambassador at large for cyberspace and digital policy: technology company executive and former US Marine Nate Fick. VOA reports that Fick will face a Senate confirmation hearing today, and if he is given the role, he will lead the newly established Bureau of Cyberspace and Digital Policy within the State Department. In the words of Secretary of State Antony Blinken, the bureau is intended to support the US’s mission of “shaping the digital revolution that's happening around us and making sure that it serves our people, protects our interests, boosts our competitiveness, and upholds our values.” During the hearing, Fick will be expected to field questions about his strategy for coordinating efforts with other cybersecurity agencies and deterring cyberattacks from foreign adversaries like Russia and China.
The Washington Post notes that Fick would oversee three separate international policy units (cyberspace security, communications, and information and digital freedom), and he’d be tasked with making sure they operate cohesively, all while navigating the complicated bureaucracy of the State Department. It’s a tall order, but his supporters say that as a former Marine, best-selling author, and co-chair for a recent report from the Council on Foreign Relations, Fick is qualified for the job. CyberScoop reports that a bipartisan group of over one hundred national security experts, former government officials, and industry leaders submitted a letter to the Senate Foreign Relations Committee yesterday endorsing Fick for the role. The letter reads, “The new ambassador will need the ability to build diverse sets of economic, military, and political coalitions to advance our national interests and help protect our nation in the cyber domain. Nate has lived these challenges personally as a warfighter, policy expert, and business executive, and he is an inspiring leader and a galvanizing communicator.”
NIST and CISA issue guidelines for identity and access management.
US federal officials gathered virtually yesterday at an event hosted by the Advanced Technology Research Center to discuss identity and access management guidelines to improve the cybersecurity of IT management contractors. Weak identification management led to the devastating SolarWinds incident last year, and while improvements have been made, officials say implementers will need to step up to the plate. The Cybersecurity and Infrastructure Security Agency’s (CISA) Grant Dasher told Nextgov, “We're seeing a larger role in the identity space in the government. We’re trying to produce increasing guidance, we have our zero trust maturity model, our cloud security reference architecture.” Officials at the event concentrated on directives introduced by the Office of Management and Budget for establishing “zero-trust” systems, as well as the basic security requirements all agencies will need to meet, regardless of which vendor or method they choose. The National Institute of Standards and Technology (NIST) is updating its publications on identity and access management, for the first time releasing a document dedicated to guidance around federation to allow for authentication not just between agencies, but between agencies and their contractors and citizens.