At a glance.
- Australia to create new government position focused on cybersecurity.
- Legal experts comment on US’s new cybersecurity strategy.
- GAO report emphasizes need for evaluation of international cybersecurity partnerships.
Australia to create new government position focused on cybersecurity.
Australian Prime Minister Anthony Albanese announced last week that the government will be establishing a new position in the Department of Home Affairs focused on cybersecurity. The Coordinator for Cyber Security, supported by the National Office for Cyber Security, will oversee the implementation of cyberincident prevention and response. The National Law Review reports that former Telstra boss Andy Penn is leading an advisory board tasked with helping to shape the future of Australian cybersecurity. Recommendations include creating a new Cyber Security Act that would codify security standards and instruments. The board also suggests categorizing customer data and systems as critical assets under the Security of Critical Infrastructure Act (2018), giving the government the authority to oversee data breach response.
Legal experts comment on US’s new cybersecurity strategy.
As we discussed last week, the White House has released its long-awaited National Cybersecurity Strategy, and legal experts are weighing in on what they see as the most impactful aspects of the document. Crowell offers an overview of the five pillars of the strategy, noting that liability for product security will now fall on developers instead of local governments and smaller businesses. This approach represents a major shift in how the government holds companies accountable for data security. Jen Easterly, the head of the Cybersecurity and Infrastructure Security Agency, has stated that having firms bake security in at the design stage is crucial to ensuring the safety and resilience of tech products and software. However, Morrison Foerster notes that the strategy offers little detail on how this liability will be upheld, and some members of the tech sector have expressed concern about increased scrutiny of the production process. It’s possible the new approach could discourage the transparency the government needs in order to ensure the new strategy succeeds.
GAO report emphasizes need for evaluation of international cybersecurity partnerships.
On March 1 the US Government Accountability Office released a report calling for the State Department to carry out a “comprehensive evaluation” of federal agencies’ support of partner nations in fighting cybercrime. Nextgov.com explains that the report analyzes “federal efforts to build the capacity of allies and partner nations to combat cybercrime” and notes that the departments of State, Justice, and Homeland Security are leading the charge in that arena. However, the report states that officials have fallen short when it comes to evaluating those efforts, and the GAO calls on the State Department to oversee an evaluation process. The report states, “Without such evaluations, State cannot ensure that agencies’ individual activities or case-specific accomplishments are contributing to long-term success in improving foreign nations’ ability to more effectively combat cybercrime.” In addition, the report highlights some of the challenges faced when it comes to global cybersecurity, including a lack of resources, difficulties with staff retention, and an ever-evolving cybercrime landscape. The GAO also notes that the US’s international allies have encountered challenges when partnering with the US, including communication issues (especially when it comes to classified intelligence) and limited funding.