At a glance.
- Cyber provisions in the 2023 NDAA.
- As US states take action against TikTok, is federal regulation on the horizon?
- The roadblocks to international cyberincident reporting rules.
- India tightens regulations regarding Meta takedown orders.
Cyber provisions in the 2023 NDAA.
On Tuesday US lawmakers filed a compromise version of the 2023 National Defense Authorization Act, and as Congress prepares to vote on the $858 billion annual defense policy bill, CyberScoop offers a rundown of the bill’s cybersecurity provisions. $44 million has been allocated to Cyber Command’s “hunt forward” missions, part of the command’s persistent engagement strategy. The bill also creates an assistant secretary of cyber policy at the Department of Defense (DOD) and calls for the DOD secretary to present an annual briefing on Cyber Command’s collaborative efforts with the National Security Agency. The bill would also codify into law the State Department’s cybersecurity bureau, established earlier this year and led by the first Senate-confirmed cyber ambassador. The Record by Recorded Future notes among the measures left on the cutting room floor was a proposal to designate “systemically important entities” to the most vital U.S. critical infrastructure, requiring operators to adhere to higher cybersecurity standards.
As US states take action against TikTok, is federal regulation on the horizon?
US security concerns over TikTok’s connections to the Chinese government continue to mount, and several states have taken steps to limit use of the popular video streaming app. Following in the footsteps of South Dakota, South Carolina, and Maryland, yesterday Texas became the latest state to prohibit state employees and contractors from using the app on government-issued devices, and Axios reports that Republican lawmakers in Wisconsin are asking their governor to do the same. Texas Governor Greg Abbott submitted a letter to state officials reading, "[U]nder China’s 2017 National Intelligence Law, all businesses are required to assist China in intelligence work including data sharing, and TikTok’s algorithm has already censored topics politically sensitive to the Chinese Communist Party.” Meanwhile, the state of Indiana is suing the social media giant, claiming the platform is deceptive when it comes to informing users about its content and data security. Indiana is the first state to take such action, the Wall Street Journal notes. Citing reports connecting heavy use of the platform to mental disorders among teenagers, Indiana also alleges that TikTok’s algorithm is designed to addict young users and promote content harmful to minors.
Some experts predict that federal lawmakers could take action against TikTok soon, Broadband Breakfast reports. Rick Lane, CEO of Iggy Ventures, says a general TikTok ban is likely to happen within the next six months. “The ability to collect very large amounts of data from Americans in order to build their AI is a core piece of the CCP’s efforts in terms of domination in world markets,” Lane stated. While Brandon Pugh of think tank the R Street Institute agrees that Congress will continue to investigate TikTok’s security practices, he says a complete ban is not necessarily in the cards, and that states will likely continue to take separate action to protect their residents.
The roadblocks to international cyberincident reporting rules.
As cyberattacks across the world increase, companies operating across sectors and countries face a bevy of conflicting rules from various national regulators regarding cyberincident reporting. Privacy experts and security officials say international breach reporting rules are necessary, but as the Wall Street Journal explains, conflicting opinions on how such rules should be implemented could make adoption a difficult endeavor. Nubiaa Shabaka, chief privacy officer and chief cybersecurity legal officer at software maker Adobe Inc, stated, “I think we would all benefit as customers, consumers, regulators, and businesses to have harmonization in this multinational, cross-border data transfer world.” The US’s Department of Homeland Security (DHS) is working to reconcile reporting requirements between government agencies, and DHS’s undersecretary for strategy Robert Silvers has spoken of the importance of collaborating with foreign governments to find international alignment when it comes to reporting. Although the US and EU have taken an omnibus approach to reporting requirements, the UK’s National Cyber Security Centre (NCSC) is hesitant to take such action, fearing it could damage its relationship with the companies it serves. “I think what we have found is that sometimes if you do legislate or regulate for that, it creates quite a less fluid relationship,” said Paul Chichester, the NCSC’s director of operations.
India tightens regulations regarding Meta takedown orders.
The Indian government announced it’s giving Meta, parent company of Facebook, Instagram, and WhatsApp, just one hour to make efforts to process and complete content takedown orders issued by authorities. Last year the government issued a series of amendments requiring social media platforms remove content no later than thirty-six hours after receiving a request from a court or government agency. Last month, Meta President Of Global Affairs Nick Clegg met with Union IT Minister Ashwini Vaishnaw and other senior Ministry of electronics and information technology officials to discuss shifts in India’s internet regulations, and the government also informed Clegg that it expects Meta to reach a higher rate of compliance with takedown notices from authorities. An anonymous source close to the matter told Moneycontrol, “Clegg and others were evidently taken by a bit of surprise when Vaishnaw said that Google was doing better than Meta in terms of compliance with takedown requests. They had the view that Meta was in full adherence to the takedown norms under the IT Rules amendments of last year.” Vaishnaw also told Meta it needs more fact-checkers to accommodate its platforms’ Indian user base.