At a glance.
- US cyber ambassador speaks on American cyber diplomacy.
- US lawmakers say the kids are not alright.
- US senator discusses healthcare cybersecurity.
- Everything’s bigger in Texas.
US cyber ambassador speaks on American cyber diplomacy.
Nextgov reports that Nathaniel Fick, the US State Department’s ambassador at large for cyberspace and digital policy, spoke at an event hosted by the German Marshall Fund yesterday, and he emphasized the need for the government to prioritize American foreign policy in relation to technology. Fick stated, “Fundamentally, that means sustaining American advantage and likeminded advantage in areas where we have strong technology leads. It means recapturing our leads in the places where we've lost them. And it means closing off pathways to advantage for adversaries and competitors.” He cited Doreen Bogdan-Martin’s recent win for Secretary-General of the United Nations’ International Telecommunication Union as an example of the importance of having US voices front-and-center in international tech discussions.
As the Washington Times notes, Fick also stressed the importance of abandoning “us versus them” messaging and avoiding rhetoric that focuses only on taking down our adversaries. Fick explained, “In talking about internet governance, I would start with the proposition that we should not cast everything in competitive terms actually. It should not be all anti-Russia or anti-China because there are many middle-ground states around the world, intentionally and historically unaligned states, where that message doesn’t resonate.”
US lawmakers say the kids are not alright.
This week the impact of the internet on minors has become even more of a priority for US officials. As we noted previously, last weekend Surgeon General Vivek Murthy told CNN that he believes that age thirteen is too young for children to be on social media apps. Since then, officials like Senator Michael Bennet and the Federal Trade Commission’s Alvaro Bedoya have underlined the importance of Murthy’s statement. And as the Washington Post reports, yesterday House Republican Chris Stewart of Utah introduced a bill that would prohibit children under the age of sixteen from using social media. The measure would require websites to verify users’ ages and give parents the right to sue internet companies if they fail to keep underage individuals off their sites. Federal and state agencies would also be given the authority to enforce the standards. While other efforts have been made to limit what minors see on social media, such as measures expanding restrictions on targeted ads, they stopped short of a full ban such as this one. Stewart said in an interview, “We protect our children from drinking, from smoking, from driving. They can’t drive when they’re 12. We should protect them from the impacts of social media.”
US senator discusses healthcare cybersecurity.
Senator Mark Warner of the US state of Virginia shared with Bank Info Security his plans for protecting the healthcare sector from cybercrime. Warner, a Democrat and chair of the Senate Select Committee on Intelligence, says he aims to pass legislation that would incentivize healthcare sector entities to meet minimum cybersecurity standards, but he’s aware it will require a group effort. "It's not going to be any single senator that introduces the bill that gets across the finish line. This is going to have to be a collaboration,” he stated. In November Warner’s office completed a report on healthcare sector cybersecurity, and it concluded that cybersecurity is a patient safety issue.
The report recommended dozens of policy considerations, one of which was requiring that entities participating in Medicare and Medicaid programs apply minimum security practices as a standard operating procedure. In the interview, Warner also discusses the current fragmented nature of health sector cybersecurity leadership, addressing the cybersecurity workforce shortage, and the Food and Drug Administration's recently expanded authority over medical device cybersecurity, and the need to include interoperability standards requirements for electronic health records.
Everything’s bigger in Texas.
Security Boulevard offers an in-depth look at data privacy laws in the US state of Texas and how they apply to educational institutions. Texas has had its fair share of K-12 data breaches (the Texas Education Agency says at least seventy districts experienced cyberattacks since 2019), and the state has been a pioneer in passing stronger cybersecurity and student data privacy laws. In June 2019, Governor Greg Abbott signed Senate Bill 820, which requires districts to adopt a cybersecurity framework, establish a program to identify risk, devise a plan to mitigate critical risk areas, and designate a Cybersecurity Coordinator who will report all incidents to the Texas Education Agency and the parents of any students impacted. Enacted in 2017, the Texas Student Privacy Act prohibits the sale of students’ personal data, bans targeted advertisements to students based on the data they’ve shared with educational institutions, and broadly prohibits student data disclosure. The Texas Privacy Protection Act and the Biometric Privacy Act are not solely directed at schools but certainly impact how learning institutions handle incident reporting and the security of biometric data, an issue that has become increasingly important with the growing presence of smart devices in classrooms. Furthermore, new laws could be on their way, as the Texas Department of Information Resources’ Biennial Performance Report, released in December, asked the state legislature to consider new measures regarding breach reporting.