At a glance.
- Crypto experts push back against Tornado Cash sanctions.
- Expert consensus could differentiate between white hats and black hats.
- US cybersecurity lawmakers reach across the aisle.
Crypto experts push back against Tornado Cash sanctions. Expert consensus could differentiate between white hats and black hats. US cybersecurity lawmakers reach across the aisle.
As we saw earlier this week, crypto mixer service Tornado Cash was blacklisted and sanctioned by the US Treasury Department’s Office of Foreign Assets Control (OFAC) last week for allegedly laundering billions of dollars in digital currency, some of which was linked to North Korean threat group Lazarus. However, CyberScoop reports that some industry experts feel the Treasury’s actions were at best misguided and at worst detrimental to digital assets holders.
Cryptocurrency think tank Coin Center is attempting to overturn the decision, as they group wrote in a post on Monday, “We believe that OFAC has overstepped its legal authority by adding certain Tornado Cash smart contract addresses to the [Specially Designated Nationals] List, that this action potentially violates constitutional rights to due process and free speech, and that OFAC has not adequately acted to mitigate the foreseeable impact its action would have on innocent Americans.” The group went on to note that OFAC’s sanctioning of the Ethereum blockchain that supports Tornado Cash is fruitless, as the code will continue to run, even without human interaction, regardless of penalties. “They basically sanctioned a robot,” Coin Center executive director Jerry Brito stated.
Expert consensus could differentiate between white hats and black hats.
The UK’s Computer Misuse Act (CMA) is undergoing a government review, and the Daily Swig reports that experts are urging lawmakers to deem certain cybersecurity activities legally defensible as legitimate “white hat” hacking endeavors. Such activities include responsible vulnerability research and disclosure, proportionate threat intelligence, best practice internet scanning, and honeypots. A report from the CyberUp campaign argues that an expert consensus deeming activities admissible “would form the core basis of a new legal environment for cybersecurity professionals based on a statutory defence” and “enable the UK’s cybersecurity sector to more effectively protect the UK as part of the whole-of-society effort, whilst ensuring cybercriminals can still be prosecuted.” The report also acknowledged that certain active defense techniques like verification of passive-detected vulnerabilities and active intel gathering present a gray area that would require “further consultation and discussion as the policy formation process develops.”
US cybersecurity lawmakers reach across the aisle.
The Hill discusses how bipartisan support from Congress is helping the US to bolster cyberesilience across the nation. The State and Local Cybersecurity Grant Program was established last fall via bipartisan infrastructure law, and the Department of Homeland Security is working to finalize the Notice of Funding Opportunity for this program. Though the program’s roll-out is still being determined, state and local cybersecurity leaders are looking for support for establishing multi-entity approaches between state and local governments, the implementation of Zero-Trust Architecture, more integrated platforms, and improved information between states. The recently signed State and Local Government Cybersecurity Act will also further these efforts and strengthen connections between the federal government and state leaders. As well, in March the Senate unanimously passed the Strengthening American Cybersecurity Act, a bipartisan measure aiming to broaden the scope of cyber incidents reported to the Cybersecurity and Infrastructure Security Agency.