At a glance.
- European Media Freedom Act aims to protect the press from spyware.
- US grant program provides funding for local government cybersecurity.
- Industry leaders voice concerns about SIEs.
European Media Freedom Act aims to protect the press from spyware.
The European Commission on Friday proposed the European Media Freedom Act (EMFA), a regulation aimed at protecting journalists from political interference and surveillance. As the Commission states, the legislation “would focus on the independence and stable funding of public service media as well as on the transparency of media ownership and of the allocation of state advertising.” The Record by Recorded Future notes that among the EMFA’s goals, Article 4 aims to provide “strong safeguards against the use of spyware against media, journalists and their families,” no doubt a reaction to the recent surge in use of controversial surveillance software like NSO Group’s Pegasus to track members of the media. When announcing the new regulation, the European Commission vice-president for values and transparency Věra Jourová stated, “We have seen over the past years various forms of pressure on the media. It is high time to act. We need to establish clear principles: no journalist should be spied on because of their job; no public media should be turned into propaganda channels.” The proposed regulation marks a new approach from the EU, which has historically allowed member states to have full sovereignty over media regulation and laws impacting security, and the Commission anticipates pushback from state governments who might consider the EMFA in conflict with their interests. Damian Tambini, a senior lecturer at the London School of Economics, described the regulation as “a major shift in EU policy on the media, and a welcome shot in the arm for democracy across the Union” but says he expects difficulties as “reforms stretch the legal competence of the Union and because they undermine authoritarian controls on the media.”
US grant program provides funding for local government cybersecurity.
Also on Friday, the US Department of Homeland Security (DHS) announced the State and Local Cybersecurity Grant Program, which will provide $1 billion in funding to state, local, and territorial (SLT) governments over four years. A key provision of the Infrastructure Investment and Jobs Act, signed into law in November 2021, the first-of-its-kind grant program aims to support SLT’s in addressing cyber risk to their information systems, strengthening the cybersecurity of their critical infrastructure, and bolstering resilience against persistent cyber threats. Palo Alto Networks Blog notes that a recent survey commissioned with the Center for Digital Government found that almost 80% of state and local IT officials anticipate that ransomware will be a threat over the next eighteen months, but the majority of state and local entities have not established a ransomware incident response plan.
The Notice of Funding Opportunity gives applicants sixty days to submit their applications for funding, and each year will require a separate application and award. States must pass at least 80% of the funds on to local governments and must also dedicate 25% of the funds to projects in rural areas. The announcement notes that the program represents a “unified approach across DHS,” combining the Federal Emergency Management Agency’s grant administration expertise with Cybersecurity and Infrastructure Security Agency’s cybersecurity knowledge. Secretary of Homeland Security Alejandro N. Mayorkas stated, “Cyberattacks have emerged as one of the most significant threats to our homeland. In response, we continue to strengthen our nation’s cybersecurity, including by resourcing state and local communities to build and enhance their cyber defenses. The cybersecurity grant process we are starting today is a vital step forward in this critical effort. Our approach is one of partnership, in the service of an all-of-society investment in the security of our homeland.”
Bruce Byrd, EVP and General Counsel, Palo Alto Networks, wrote to provide some brief background on the program, and to express its thorough approval: “Last fall, the bipartisan infrastructure law created a much-needed State and Local Cybersecurity Grant Program. Today’s release of the Notice of Funding Opportunity elevates this grant program from concept to reality, and further demonstrates the U.S. government’s ongoing focus on strengthening our cyber defenses. Palo Alto Networks applauds this development as it provides critical resources for state and local governments to protect the systems and networks on which the American people depend.
Industry leaders voice concerns about SIEs.
Last week a group of industry leaders submitted a letter to the US Chamber of Commerce expressing their concerns about a provision in the annual defense authorization bill designating the most important potential hacking targets, or systemically important entities (SIEs). The letter states, “The amendment would shift policymaking, particularly involving DHS’ Cybersecurity and Infrastructure Security Agency (CISA), from being partnership driven to one that empowers CISA to impose additional cybersecurity requirements on industry…The amendment would write into law programs that CISA administers today, such as the identification of dozens of national critical functions and the designation of SIEs as the basis of resilience-oriented risk management.” As the Washington Post explains, the authors of the letter represent industries in the insurance, energy, and technology sectors, and they argue that the legislation would produce unnecessary redundancies that could make cyber reporting less efficient and take resources away from existing public-private cybersecurity programs.