At a glance.
- Updates on Australia’s upcoming cybersecurity plan overhaul.
- Bipartisan support needed for US’s new cybersecurity plan.
- US Treasury sanctions Russian disinformation operators.
- CISA retires US-CERT and ICS-CERT websites.
Updates on Australia’s upcoming cybersecurity plan overhaul.
In the wake of a surge in cyberattacks last year, Australian lawmakers are revamping the country’s $1.7 billion cybersecurity plan. Home Affairs Minister Clare O'Neil stated, "In those events, we were meant to have at our disposal a piece of law that was passed by the former government to help us engage with companies under cyberattack. That law was bloody useless, not worth the ink printed on the paper when it came to actually using it in a cyber incident. It was poorly drafted.”
ABC reports that a coordinator for cyber security will be installed in the next month who will oversee a national cyber office to be established under the Home Affairs Department. The government gathered industry leaders and experts to discuss the new plans over the weekend, and ahead of the meeting, Prime Minister Anthony Albanese stated, “For businesses these days, cybersecurity is as important as having a lock on the door. You wouldn't leave your business at the end of the day and just leave the door open, and that essentially is what will occur unless there is more diligence, and unless we upgrade the level of security which is needed."
As Reuters notes, the government has also published a discussion paper on the new cyber security strategy, set to be implemented next year, and is seeking feedback on how businesses can bolster their cyber security. An advisory board led by former Telstra boss Andy Penn today published a discussion paper urging the government to consider a Cyber Security Act that would better coordinate Australia’s patchwork of cybersecurity rules and regulatory frameworks, Innovation Australia reports. Referencing last year’s wave of attacks, the paper states, “It became clear during these incidents that government was ill-equipped, and did not have the appropriate frameworks and powers to enable an effective national response given the number of Australians whose personal information…was compromised.”
Bipartisan support needed for US’s new cybersecurity plan.
As MSSP Alert reports, the US government is also working on new legislation to solve its systemic cybersecurity issues, and a focus will be on ensuring that industry leaders take more responsibility when it comes to securing their products. A thirty-five-page draft document entitled National Cybersecurity Strategy was released last month detailing plans to set mandatory cybersecurity design regulations for a wide swath of industries, and to engage US defense, intelligence, law enforcement and private industry to hack back on adversarial governments. “Our goal is to make malicious actors incapable of mounting sustained cyber-enabled campaigns that would threaten the national security or public safety of the United States,” the draft states.
As the Office of the National Cyber Director works on finalizing the new strategy, Matt Cronin, the office’s director of national cybersecurity operations and planning, stated on Friday that a whole-of-society approach will be key. Comparing cybersecurity to the space race, he stated, “We are a nation that put a man on the moon. You don’t think we’re capable of stopping some rando Russian from hacking a school? No, we absolutely can and we absolutely will, [but] there’s a caveat to that: it will only work if we do it together.” SC Media notes, however, that the new plans are already facing pushback from the Republican-controlled House of Representatives. House Homeland Committee Chair Mark Green, a Republican out of Tennessee, issued a statement criticizing the Biden administration’s “scattershot cybersecurity regulations” He also applauded a recent report from the industry-led National Security Telecommunications Advisory Board calling for the administration to prioritize harmonizing existing private sector cyber mandates. Green said, “While we continue to wait in anticipation for the release of the National Cyber Strategy, which I am concerned will strike the exact opposite tone by encouraging more regulation, I’m glad to see that the NSTAC recommends that the national cyber director work to resolve and streamline duplicative and burdensome regulatory obligations, most of which stem from the White House push for cross-sector mandates.”
US Treasury sanctions Russian disinformation operators.
The Record from Recorded Future News reports that the US Treasury Department’s Office of Foreign Assets Control (OFAC) on Friday announced sanctions on a number of Russian companies and individuals including several entities connected to cybersecurity and disinformation operations. Included on the list are 0Day Technologies, responsible for a botnet and dashboard used to support social media disinformation campaigns for the Federal Security Service, and the companies Lavina Puls and Inforus, which OFAC says “have provided technical support to malign influence operations conducted by the GRU [Main Intelligence Directorate], including the management of false social media personas.”
In announcing the sanctions, Treasury Secretary Janet Yellen stated, “Over the past year, we have taken actions with a historic coalition of international partners to degrade Russia’s military-industrial complex and reduce the revenues that it uses to fund its war.” The sanctions, which prohibit the companies from conducting business on US soil, follow an April 2021 executive order from President Joe Biden aiming to punish Russia for its nefarious cyber activities, but in many cases the sanctions are largely symbolic, given that companies linked with the Russian government are unlikely to do business in the US.
CISA retires US-CERT and ICS-CERT websites.
The US Cybersecurity and Infrastructure Security Agency announced on Friday that it has retired the US-CERT and ICS-CERT domains, integrating CISA’s operational content into a new CISA.gov website. The announcement states, “CISA will continue to be responsible for coordinating cybersecurity programs within the U.S. government to protect against malicious cyber activity, including activity related to industrial control systems.