At a glance.
- US Senators query DHS about defending against Russian cyberattacks.
- UK's Online Safety Bill.
- Whole-of-nation cybersecurity has evolved beyond voluntary partnerships?
US senators pen letter to CISA about defending against Russian cyber aggression.
A group of twenty-two US senators this week submitted a letter to Secretary of Homeland Security Alejandro Mayorkas inquiring about the Department of Homeland Security’s (DHS) strategies for protecting against the potential of Russian cyberattacks in retaliation for the US’s support of Ukraine. Security Week reports that the bipartisan contingent, led by Senators Jacky Rosen of Nevada and Mike Rounds of South Dakota, noted Russia’s history of targeting the US with “espionage, intellectual property theft, disinformation, propaganda, and cyberattacks,” expressed concern that the recent US sanctions could prompt similar malicious cyberactivity. Senator Rosen commented, “I am the only former computer programmer in the United States Senate. So I have sent a letter with 20 of my colleagues to Secretary Mayorkas and the Department of Homeland Security to be sure that we’re ready for any cyberattacks in our critical infrastructure that may come our way as a matter of retaliation for the support that we’re giving Ukraine and the Ukrainian people.” The letter praises the Cybersecurity and Infrastructure Security Agency (CISA) for the development of the Shields Up Technical Guidance webpage, intended to “help organizations prepare for, respond to, and mitigate the impact of cyberattacks in the context of Russia’s invasion of Ukraine.” As Senator Susan Collins explains, the letter goes on to ask what CISA is doing to monitor the situation, what strategies might be in place in case US critical infrastructure is targeted, and how the Shields Up Technical Guidance is being implemented among infrastructure operators, particularly those without a designated information security staff. The senators also inquire about DHS’s plans for combating disinformation, and encourage CISA to collaborate with its international partners in NATO.
UK Online Safety Bill proceeds to parliament.
Five years after its initial proposal, the UK’s Online Safety Bill is finally being introduced to parliament, and while everyone agrees it’s about time, debate surrounding the bill demonstrates the challenges of attempting to prevent the spread of harmful online content while maintaining freedom of speech. Civil liberties advocates say the bill amounts to unprecedented censorship, while proponents of online safety say the bill isn’t stringent enough, and tech companies worry about their bottomline. Meanwhile, children’s advocacy groups worry the bill doesn’t do enough to protect minors from online abuse, though child behavioral experts feel it goes too far. Sky News explores the government’s efforts to please all interested parties, and posits that if no one party is fully satisfied, the bill is likely striking the perfect balance. Jim Killock of the Open Rights Group explains, "The fact that the bill keeps changing its content after four years of debate should tell everyone that it is a mess, and likely to be a bitter disappointment in practice."
Officials say US cybersecurity can no longer be a voluntary effort.
The Biden administration has made it clear that the US is making cybersecurity a priority, and between last year’s massive Colonial Pipeline hack and the ongoing war in Ukraine, the timing couldn’t be more urgent. National Cyber Director Chris Inglis told the MIT Technology Review, “We're at an inflection point. When critical functions that serve the needs of society are at issue, some things are just not discretionary.” Experts say it’s time for a major shift from simply relying on the goodwill of US industry to do what’s best to protect critical data to instead employing a more direct and firm regulatory approach. As Suzanne Spaulding, former senior Obama administration cybersecurity official, explains, “The purely voluntary approach [to cybersecurity] simply has not gotten us to where we need to be, despite decades of effort. Externalities have long justified regulation and mandates such as with pollution and highway safety.” The challenge, of course, is that companies have expressed disapproval of even the basic requirements being asked of them. The government’s new incident reporting regulations, which became law just this week, is one step toward obtaining the transparency necessary to mitigate cyber threats on a national scale, but it will require a collaborative effort between public and private to effect any real change.