At a glance.
- Digital censorship in democratic nations.
- Defending the US’s defense.
- Experts say improved data assessment is needed to strengthen US cybersecurity.
- New York becomes first state to require cybersecurity training for attorneys.
Digital censorship in democratic nations.
A new law is in the works in Indonesia that would give the government the power to require social media platforms like TikTok and Facebook to remove content deemed a disturbance to public order. While measures like this are commonplace in autocracies like China and Iran, Indonesia is a democratic nation – and home to the fourth largest population in the world. The New York Times discusses how laws that essentially amount to digital censorship have been taken hold in China, India, and Indonesia – three of the four largest countries in the world. Privacy advocates like Dhevy Sivaprakasam, Asia Pacific policy counsel for the global digital rights group Access Now, call it downright censorship, and say rules like the one in Indonesia will be used to stifle journalistic freedom and political dissent. The platforms impacted have little choice but to comply, as they must follow the rules of the countries in which they operate, though in some cases, like Russia, tech companies have pulled out. Some American tech companies have said the federal government should push back on censorship measures in other countries, rather than leave it up to the digital platform, and the US Supreme Court may soon rule on whether the First Amendment gives government authorities the right to control social media content.
Defending the US’s defense.
In recent years America’s defense industrial base (DIB) has increasingly been targeted by malicious cyber actors seeking to weaken the US’s military prowess and create advanced weapons systems based on US technology. Lawfare explores how the US government can strengthen the cybersecurity of the DIB by more effectively engaging the private sector. In the wake of 2020’s SolarWinds attack and the compromise of Microsoft Exchange servers, General Paul Nakasone, commander of US Cyber Command and director of the National Security Agency, said the federal government’s issue with cyberdefense is “not that we can’t connect the dots—we can’t see all the dots.” Currently the government places responsibility for network security on the individual network owners, but cybersecurity compliance leader Sera-Brynn found in its 2020 annual report that none of the companies assessed were in full compliance with the Defense Federal Acquisition Regulation Supplement (DFARS) and National Institute of Technology (NIST) cybersecurity standards. Some experts say the solution is to establish a marketplace of accredited cybersecurity vendors, and contractually require DIB companies to use their services. Benefits of such a marketplace could include heightened certification standards, required threat information sharing, and early protection of critical technologies.
Experts say improved data assessment is needed to strengthen US cybersecurity.
American think tank R Street held a virtual event yesterday focused on “Measuring Success in Cybersecurity,” and speakers agreed that more data gathering is needed in order to properly assess the US’s cybersecurity performance, GovTech reports. Dylan Presman, director for budget and assessment in the Office of the National Cyber Director, explained, “Tracking cybersecurity performance with metrics provides insight into which tools and interventions are effective, provides us with early warning when they're not effective, or when new interventions are needed to consider and additional resources needed.” Tony Cheesebrough, chief economist at the Cybersecurity and Infrastructure Security Agency (CISA), says increased incident reporting will help, but it’s not enough on its own. Additional data like the number of particular devices being used and how attacks have been prevented would paint a more complete picture of the cybersecurity landscape. Olga Livingston, cyber economics lead at CISA, also says more time should be spent assessing how well individual protocols work in order to determine which are merely nice to have, and which are essential. Livingston stated, “We have shared understanding of what good practices are, but the data is yet to come in as to which ones are bloodletting and leeches and which ones are penicillin.”
New York becomes first state to require cybersecurity training for attorneys.
The US state of New York in June adopted a measure requiring attorneys to take continuing legal education courses in cybersecurity, privacy, and data protection. LawSites explains that while Florida and North Carolina mandate more broad technology training as part of lawyers’ continuing education requirement, New York is the first state to focus specifically on cybersecurity education. In a 2020 report, the New York State Bar Association’s Committee on Technology and the Legal Profession explained the virtues of specific cybersecurity training over more general requirements. The new requirement will take effect in July of next year.