At a glance.
- Singapore unveils Digital and Intelligence Service.
- EU proposes new regulations for flight cybersecurity.
- Cyberspace Solarium Commission’s recommendations face industry pushback.
- US Senator calls for legislation to protect healthcare sector from cyber threats.
Singapore unveils Digital and Intelligence Service.
The Singaporean government last week launched its fourth military branch, the Digital and Intelligence Service (DIS), Defense News reports. Composed of service headquarters, a joint intelligence directorate, a joint digital and C4 organization, and cyber staff departments, the DIS is intended to more fully integrate the country’s military forces to combat digital threats. In particular, the digital and C4 unit’s goal will be to develop a digital strategy, master plan, and resource governance for Singapore’s military, and the cyber staff will be tasked with coordinating cybersecurity across the country’s defense sector. There are also plans to implement a dedicated cyber range where personnel can train on simulated “cyber terrain” and participate in bilateral and multilateral exercises that mimic real-life incidents.
EU proposes new regulations for flight cybersecurity.
The EU government is developing new cyber legislation focused on regulating airline flight safety. For the first time, a range of air transportation companies including manufacturers, airlines, airports, flight training schools, caterers, and weather data will be required to adhere to rules to protect against in-flight cyberthreats. The rules, drafted by the European Union Aviation Safety Agency (EASA), will also stipulate that these companies establish a governance system in which staff members are assigned responsibility for making sure any issues are documented and addressed. “It’s a huge increase of the workload,” Robert Baltus, chief operations officer at the Brussels-based European Business Aviation Association, told the Wall Street Journal, and many aviation companies are already struggling to find qualified candidates to fill an increasing number of cybersecurity positions in the field. EASA, however, says the measures are necessary even if they put a strain on staffing. Jean-Paul Moreaux, the agency’s principle coordinator for aviation cybersecurity states, “If you have a small company that has a risky business for others, you can’t duck out because you’re small. You have to take responsibility for the risk you’re exposing others to.”
Cyberspace Solarium Commission’s recommendations face industry pushback.
The US Cyberspace Solarium Commission, established by Congress in the 2019 National Defense Authorization Act (NDAA), was tasked with developing a strategy for improving the nation’s cybersecurity, and in March 2020 it issued a report outlining seventy-five recommendations to be included in future NDAAs. However, as Nextgov explains, industry groups are fighting to make sure the most ambitious of these proposals do not become law. One major recommendation impacting “Systemically Important Critical Infrastructure” (SICI) entities appears to already be doomed. The proposal would require SICI entities to establish essential protections and allow government visibility into their operations, and in exchange they would be granted a legal-liability shield and federal assistance in the event of a cyberattack. But some industry groups, especially those in the finance sector where companies have historically gone unregulated in regard to cybersecurity, are opposed to the proposal. “We have a big chunk of the ecosystem out there without any kind of floor on cybersecurity,” says Mark Montgomery, senior fellow at the Foundation for Defense of Democracies. As well, the software industry is attempting to control the federal acquisition process, in particular a recommendation that government agencies require prospective contractors to submit a software bill of materials, or SBOM. Last month the Alliance for Digital Innovation submitted a letter urging Congress “to remove the SBOM language from the NDAA and give industry and agencies more time to develop solutions that will better secure the country’s cybersecurity supply chain.”
US Senator calls for legislation to protect healthcare sector from cyber threats.
Yesterday US Senator and chair of the Senate Intelligence Committee Mark Warner released a white paper detailing the cybersecurity threats plaguing the health care sector and calling for private industry and the research community to provide their input for future legislation. The introduction reads, “In 2021, cybersecurity attacks on health care providers reached an all-time high, with one study indicating that more than 45 million people were affected by such attacks in 2021 – a 32 percent increase over 2020.” The Record by Recorded Future notes that Warner’s goal is for the Intelligence Committee, which has access to the US’s most sensitive secrets, to help shape policy that could combat these threats. The white paper’s three chapters address how the government can better safeguard the healthcare sector, suggest ways the federal government can collaborate with private industry to boost the sector’s resiliency, and recommend policies that could help healthcare providers respond to and recover from attacks.