At a glance.
- More on the Strengthening American Cybersecurity Act.
- Biden tasks Congress with increasing protections for minors on social media.
- TikTok faces investigation about child users.
- More on incident reporting legislation.
More on the Strengthening American Cybersecurity Act.
As we noted yesterday, the US Senate on Tuesday passed the Strengthening American Cybersecurity Act, a three-bill package aimed at improving cybersecurity in both the private and public sectors. The Wall Street Journal explains that the legislation passed unanimously just before President Joe Biden, who has been focused on improving the cyber posture of private computer networks ever since the SolarWinds incident, took the podium for his State of the Union Address on Tuesday. Many consider the most meaningful aspect of the package to be an incident reporting measure requiring that organizations notify the Cybersecurity and Infrastructure Security Agency (CISA) within seventy-two hours of an attack, and within twenty-four hours of a ransomware payment. Lawmakers have tried and failed for years to pass such a reporting statute, as many companies argued such legislation would complicate their breach response process, but the hope is that by sharing information about cyberattacks, organizations will be better able to prevent future incidents. Senator Gary Peters, one of the senators who introduced the legislation, stated, “You’re going to want to comply because CISA is there providing robust support for you. The only way the industry can protect itself is that people have to have situational awareness.” Once the law is enacted, CISA will have two years to propose specifics for a rule-making process, and another eighteen months to complete it.
Biden tasks Congress with increasing protections for minors on social media.
US President Joe Biden gave his first State of the Union Address on Tuesday, and he took the opportunity to urge Congress to focus on the safety of minors online on social media platforms by establishing stricter children’s privacy rules, prohibiting targeted advertising to minors, pushing for social media apps to make child safety a priority in their platform design, and banning algorithms that target underage minorities. “It’s time to strengthen privacy protections, ban targeted advertising to children, demand tech companies stop collecting personal data on our children,” Biden stated. The Verge explains that Biden’s stance is no doubt influenced by the recent testimony of Facebook whistleblower Frances Haugen (a guest at the address), who alleged that Meta, owner of Facebook and Instagram, was exploiting the data of child users. To support research into how social media impacts users’ mental health, Biden said he’s requesting $5 million in his 2023 budget, and the Department of Health and Human services will establish a national Center of Excellence on Social Media and Mental Illness focused on developing guidance about the effects of social media on adolescents.
TikTok faces investigation about child users.
Remaining on the topic of child safety, video-sharing platform TikTok is under investigation by a bipartisan group of US state attorneys general looking into how the app might be harmful to minors. As the Wall Street Journal explains, the probe is an extension of a similar investigation into Instagram’s treatment of underage users to determine whether the parent company Meta violated state consumer protection laws. In a joint statement issued Wednesday, the attorneys said, “The investigation will look into the harms such usage causes to young users and what TikTok knew about those harms. The investigation focuses, among other things, on the techniques utilized by TikTok to boost young user engagement, including increasing the duration of time spent on the platform and frequency of engagement with the platform.” NBC News notes that the investigation will examine potential harms to children using the app, and just how much TikTok knew about those harms. A TikTok spokesperson stated, “We care deeply about building an experience that helps to protect and support the well-being of our community, and appreciate that the state attorneys general are focusing on the safety of younger users. We look forward to providing information on the many safety and privacy protections we have for teens.”
More on incident reporting legislation.
Tim Erlin, VP of Strategy at Tripwire, commented on the US Senate's passing of the Strengthening American Cybersecurity Act:
“It’s no surprise with recent incidents and an increased threat of cyberattacks that this bill has gained bipartisan support. The requirements included, which go beyond just reporting incidents, are largely common sense measures to protect organizations. Still, the scope of this legislation is limited to civilian federal agencies and critical infrastructure. The vast majority of commercial organizations won’t be directly impacted. Making progress on cybersecurity has been a clear objective for the administration, and the passage of this legislation in the Senate is evidence of that progress.”