At a glance.
- Australia considers new forms of cyber intelligence sharing with telcos.
- CISA's push for US municipal cybersecurity.
- No flashers, please; we're British.
- US GAO reviews Federal progress on cybersecurity.
Australian parliamentary intelligence oversight committee pushes for more structure in telecom cybersecurity.
In a report released on Tuesday, Australia’s Parliamentary Joint Committee on Intelligence and Security (PJCIS) concluded that the country’s telecom carriers, government agencies, and security agencies need structured, classified methods for discussing security threats, and that formal telecom cybersecurity standards need to be established. Currently, iTnews explains, the Trusted Information Sharing Network is the main forum for sharing threat info, but PJCIS recommends the establishment of a new mechanism that would allow the Australian Security Intelligence Organisation (ASIO) and Australian Signals Directorate (ASD) to “brief telecommunications stakeholders about ongoing and emerging threats to the maximum classified level possible.” As well, in regards to cybersecurity standards, telecom organizations have been operating on a “do their best” policy that leaves too much wiggle room for inconsistencies across the industry. The Committee is advocating for the establishment of a working group that would allow the ASIO and ASD to collaborate with representatives of the departments of Infrastructure, Transport, Regional Development and Communications, and Home Affairs to “set agreed standards and best practice principles to inform the work of the Cyber and Infrastructure Security Centre’s advice and resources.”
CISA taps Texas mayor to lead municipal cybersecurity movement.
In the continued effort to secure the US’s critical infrastructure against cyberattacks, Cybersecurity and Infrastructure Security Agency (CISA) head Jen Easterly is urging the leaders of the nation’s cities to step up to the plate, and she has asked Austin, Texas Mayor Steve Adler to lead the charge. “Everyone has seen the growing attacks and the growing visibility of attacks on cities – and on businesses. But they don't really know what to do,” Adler told USA Today. “And from a local government standpoint, they really don't have the resources to apply against the challenge.” This lack of resources makes city governments low-hanging fruit for cybercriminals, from low-level hackers to nation-state-backed threat actors. Easterly and Adler are employing a two-pronged approach: first, help municipal government officials to understand their cities are at risk, and second, support them with federal funding and direction. A recently approved infrastructure bill has allocated $200 million this year and $1 billion total over the next four years for local government cybersecurity, and Adler will head the new CISA Cybersecurity Advisory Committee, established in December to provide guidance to municipal officials. Easterly and Adler say simple practices like backing up data and implementing multifactor authentication could prevent 90% of all attacks against critical infrastructure, but it will take effort to get buy-in from local leaders. “It’s like requiring people to wear seatbelts,” Easterly said. “It’s second nature now, but it took a long time to even require that cars had seatbelts."
Keep that digital trench coat closed.
(And, Mr. Carlos Danger, we’re looking at you. Metaphorically, we mean. We wouldn’t actually want to be looking at you, if you know what we mean.) Cyberflashers now have even more reason to think twice before hitting send. Under a new amendment to the Sexual Offences Act 2003, cyberflashing, the act of sending unsolicited nude pictures, will become a crime in the UK. The Speaker explains that initially, the law was to be added to the Online Safety Bill, currently awaiting approval at the House of Commons. However, lawmakers are concerned the Online Safety Bill might never pass, as it contains controversial legislation regarding digital pornography, and pushed for the cyberflashing law to be added to the existing Sexual Offences Act to expedite matters. Justice minister Victoria Atkins stated, “...we very much understand the need for speed and, indeed, the wish of women and girls around the country for the issue to be dealt with quickly and effectively.” The amendment states that cyberflashing perpetrators can face up to two years in prison and will be added to the sex offenders register.
GAO reviews federal response to cyberthreat prevention.
In the wake of recent cyberincidents like SolarWinds and the Microsoft server hacks that highlighted weakness in the federal government’s cybersecurity posture, the US Government Accountability Office offers an overview of the actions being taken by Congress and federal agencies to prevent and mitigate future attacks. Highlights include planned improvements to the agency reporting and evaluation process under the Federal Information Security Modernization Act of 2014 (FISMA), and the formation of two temporary Cyber Unified Coordination Groups to aid in the investigation of the incidents.