At a glance.
- Federal judge blocks California child data protection bill.
- Two new bills address cybersecurity of US farms and water systems.
- Biden administration works to harmonize cybersecurity regulations.
- ONCD aims to make the federal grant process more secure.
- Cyberspace Solarium Commission says it’s time to act on remaining proposals.
Federal judge blocks California child data protection bill.
The Verge reports that tech industry group NetChoice has been granted a preliminary injunction to block a law aimed at granting special data protections for underage internet users. Legislators in the US state of California introduced the California Age-Appropriate Design Code Act (CAADCA) as a way to expand existing child privacy protections that control how websites collect data from minors. But NetChoice says the CAADCA is a violation of free speech because it would bar certain internet content not just from children but from adults as well. Judge Beth Freeman agrees. In her decision she wrote, “Although the stated purpose of the Act — protecting children when they are online — clearly is important, NetChoice has shown that it is likely to succeed on the merits of its argument that the provisions of the CAADCA intended to achieve that purpose do not pass constitutional muster…Data and privacy protections intended to shield children from harmful content, if applied to adults, will also shield adults from that same content.”
Two new bills address cybersecurity of US farms and water systems.
US Senators Mike Rounds, a Republican out of South Dakota, and Catherine Cortez Masto, a Democrat from Nevada, have introduced two bills aimed at strengthening rural cybersecurity: The Cybersecurity for Rural Water Systems Act and the Food and Agriculture Industry Cybersecurity Support Act. As GovTech reports, only 20% of US water and wastewater systems have basic cyber protections, and the bipartisan legislation would work to remedy this issue, as well as better support farmers and ranchers in their cybersecurity efforts. Rounds stated, "Our communities are the foundation of what makes South Dakota a great place to live, work and raise a family. It is crucial that people living in those communities can go about their daily lives without interruption. These two pieces of bipartisan legislation would help make certain water systems have adequate cyber protection and would provide farmers and ranchers with expanded access to cybersecurity resources.”
Biden administration works to harmonize cybersecurity regulations.
Over the years, as cybersecurity has become more and more of a priority, a patchwork of legislation and industry standards has developed in the US to address the ever-growing list of digital threats. Now the White House is working to harmonize these disparate rules into a more cohesive and efficient framework. The first section of the recently released National Cybersecurity Strategy Implementation Plan calls on the Office of the National Cyber Director (ONCD) and the Office of Management and Budget to lead the charge in this area. Nick Leiserson, the assistant national cyber director for cyber policy and programs at the ONCD, explains, “Our thesis here is: You can get better cybersecurity outcomes, you can do a better job of raising the bar for critical infrastructure cybersecurity or lower the cost if you remove some of the red tape associated with compliance.” The ONCD has started by issuing a request for information that asks industry stakeholders to discuss the various laws and standards they currently adhere to.
As CyberScoop explains, a first step would be determining what type of cybersecurity intel needs to be shared and with whom. As well, auditors must get on the same page in regard to what amounts to compliance. While all sixteen critical infrastructure sectors will be addressed, the White House has decided not to include operational technology, which is highly dependent on the specific utility it serves, in the harmonization efforts at this point, and some experts question this decision. Bob Kolasky, a senior vice president for critical infrastructure at Exiger, says, “One reason we’re so concerned about OT cyber vulnerabilities is it starts to cross over to a safety issue. We have a long history of trying to regulate for safety.”
ONCD aims to make the federal grant process more secure.
The US Office of the National Cyber Director is also working on a guide to incorporate cybersecurity into the federal grant process. The recently released National Cybersecurity Strategy Implementation Plan calls on the ONCD to leverage Federal grants to bolster the cybersecurity of infrastructure. The plan reads, “Through programs funded by the Bipartisan Infrastructure Law … the United States is making once-in-a-generation investments in our infrastructure and the digital ecosystem that supports it. This Administration is committed to making investments in a manner that increases our collective systemic resilience.” And the deadline for accomplishing this is October 1, just around the corner. As Assistant NCD for cyber policy and programs Nicholas Leiserson explained to MeriTalk, the office has a “procurement lever” that allows the ONCD to build cybersecurity requirements into purchasing agreements. Leiserson added, “We also have the fact that the administration is really injected an unprecedented level of new investment into our infrastructure – both the traditional physical infrastructure that you would think about, like roads and bridges, all the way to some of the advanced manufacturing that the Chips and Science Act is encouraging to go forward on shore.”
Cyberspace Solarium Commission says it’s time to act on remaining proposals.
In a report published last week, the US Cyberspace Solarium Commission (CSC) urged the Biden administration to act on the remaining recommendations the group issued in 2020. While CyberScoop notes that nearly 70% of the Solarium Commission’s eighty initial recommendations have been implemented, the group’s leaders say the remainder must be tackled in order to defend the nation’s systems against a growing number of cyber threats. Senators Angus King and Representative Mike Gallagher wrote in the report. “We cannot afford to pause in the pursuit of enhanced cybersecurity.” In particular, the report notes that the creation of a House Permanent Select and a Senate Select Committee on Cybersecurity has been met with pushback due to “political barriers.” As well, the establishment of a Joint Collaborative Environment (JCE) – a public-private initiative focused on getting the right intel to private sector partners in a timely manner – is another recommendation that hasn’t yet been completed. While the Cybersecurity and Infrastructure Security Agency has initiated a JCE project, the effort was not codified in the 2023 National Defense Authorization Act.