At a glance.
- Taxi apps required to share rider data.
- US cybersecurity EO, one year in.
- Maryland upgrades local cybersecurity assistance.
Russian taxi app users could share more than a ride.
Moscow has introduced a law requiring taxi apps to give the Federal Security Service (FSB) real-time remote access to their transportation data. According to a statement published Wednesday by the lower house State Duma, "The document prescribes the obligation of the taxi ordering service to provide the FSB with automated remote access to the information systems and databases used to receive, store, process and transmit taxi orders." Security Week notes that until now, the FSB was required to file a formal information request with the taxi ordering service, which had up to thirty days to respond. The new law has some citizens worried that the intelligence agency might use the data to track taxi passengers, but Adalbi Shkhagoshev, a member of parliament's security committee, says the data would be used only for urgent matters of national security when “FSB agents need to have this data practically within an hour to solve a crime or prevent it." The legislation is the latest in a string of measures the Russian government has enacted to restrict public freedoms since the start of the war in Ukraine.
Biden’s cybersecurity executive order celebrates first birthday.
It’s been one year since US President Joe Biden issued the Executive Order on Improving the Nation’s Cybersecurity, and in honor of this milestone, Mayer Brown offers an overview of the measures the EO has motivated so far. Following a surge of large-scale cyberattacks impacting critical infrastructure in the US, the EO led to a wave of legislation aimed at strengthening the security of the US’s digital tech systems, including a plan for implementing zero-trust architectures, revamped incident reporting rules, and heightened security in the software supply chain. CSO spoke with industry experts about what progress has been made to date, and where there’s room for improvement. President and CEO of the Cyber Threat Alliance Michael Daniel (a former White House cybersecurity coordinator) says, "Whether you're talking about software bills of material, or you're talking about the push for multi-factor authentication across the federal enterprise, the cybersecurity executive order provided the foundation for the ongoing activity and is the lodestar for the administration's priorities." Bob Kolasky, senior vice president for critical infrastructure at Exiger and former assistant director of the Cybersecurity and Infrastructure Security Agency (CISA), adds that while it might be too early to assess the full impact of the EO, “It was, first and foremost, 'Let's get our own house in order. Let's modernize our own house as much as possible.’ I think there's early evidence that it has accomplished that.” That said, Daniel says some measures, like the new incident reporting legislation passed by Congress, have yet to be fully implemented. And, co-founder and CTO of Veracode Chris Wysopal says measures need to be taken to cover more types of software. “The initial requirements around what they deem critical software involve things like hypervisors and operating systems and network security devices, and things that have to operate at increased privileges. That is all well and good…but we've seen plenty of breaches that have come in through run-of-the-mill websites. So that's where I think it needs to go in the future, realizing that most software is putting the government at risk. It's not just critical software."
Maryland governor signs measure to provide assistance for local cybersecurity improvements.
Bollyinside reports that the governor of the US state of Maryland Larry Hogan yesterday signed legislation focused on improving cybersecurity in state and municipal governments, including a measure providing local governments, school systems, and health agencies with greater resources and assistance from the Maryland Emergency Management Agency. Hogan stated, “Today, we are signing bipartisan legislation to further solidify our standing as America’s cyber capital, and to further strengthen our infrastructure to protect Marylanders against cyberattacks.” The agency will assist local governments in completing vulnerability assessments and response plans. During the last legislative session, Maryland lawmakers put approximately $570 million toward cybersecurity and information technology upgrades, including $200 million for cybersecurity.