At a glance.
- FCC receives feedback on proposed breach reporting requirements.
- CISA and US Space Force advocate for budget increases.
- Maritime test bed could prevent collisions with cyber icebergs.
- Beijing calls on Apple to improve its privacy and security game.
FCC receives feedback on proposed breach reporting requirements.
In January the US Federal Communications Commission (FCC) announced proposed changes to its data breach reporting requirements, asking for comment by March 24. Telecom industry leaders have shared their feedback, and, as Fierce Telecom explains, they have some concerns. For one, they do not feel the FCC should expand its definition of the term “data breach” unless they also add a “harm-based trigger” for reporting. In other words, they believe reporting requirements should be dependent on the amount of harm caused by the incident. Of course, such a system would also be dependent on the definition of “harm,” and industry groups also have differing opinions there. USTelecom, Verizon, and the Cellular Telephone Industries Association feel reporting should have a threshold trigger based on the size of the breach. However, the Electronic Privacy Information Center, Center for Democracy and Technology, and Public Knowledge such thresholds could overlook the fact that, for consumers, any “unauthorized access of their data is inherently harmful,” regardless of the breach’s size.
CISA and US Space Force advocate for budget increases.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA), spoke before the US House Appropriations Subcommittee on Homeland Security yesterday to justify her agency’s 2024 fiscal year budgetary requests. CyberScoop reports that CISA has asked for around $3.1 billion, which is 5% increase over last year, and Easterly says any decrease in funding could “severely negatively impact” the work the agency has been doing with work with state and local partners and smaller critical infrastructure operators. She warned that cutting the budget to pre-2022 levels would “put us back in a pre-SolarWinds world where we’ll lose that visibility that we’ve developed and that’s harmful to our security as a nation.” Nextgov.com notes that subcommittee chair Representative Dave Joyce, a Republican out of Ohio, pushed Easterly for metrics that could quantify “how much safer the homeland is today” as a result of increased funding to CISA in recent years. Easterly responded that it's difficult to measure the positive impacts of increased agency visibility and warnings about software vulnerabilities. Easterly stated, “We can say, ‘here are the number of critical incidents that occurred across our critical infrastructure this year,’ and then we can measure the reduction given all of the improvements that we've put in place. So we are on our journey to be able to give you very quantifiable metrics to allow us to articulate that return on investment.” She also pointed out that around $100 million of the proposed budget will go toward implementing the Cyber Incident Reporting for Critical Infrastructure Act, which the director called “game changing.
SpaceNews reports that General B. Chance Saltzman, chief of space operations at the US Space Force, also testified before the subcommittee, explaining that budget increases for the space service military branch will support heavy investments in cybersecurity for satellite ground systems. Saltzman stated, “There’s no question that space is going to be central to effective operations in the future.” He also noted that cyberattacks resulting from Russia’s invasion of Ukraine demonstrated the need for greater protection. $700 million of the budget will be used to “enhance the cyber defense of our critical networks associated with space operations,” he stated.
Maritime test bed could prevent collisions with cyber icebergs.
A new report published as part of the US Cyberspace Solarium 2.0 initiative calls for CISA to establish a test bed to analyze the cybersecurity of maritime equipment. The proposal comes on the heels of several major attacks targeting vulnerable European infrastructure last year, which raised concerns about the security of essential US ports. The report states, “The program can begin by testing for cybersecurity vulnerabilities in foreign-manufactured cranes in U.S. ports – as mandated by the National Defense Authorization Act (NDAA) of the fiscal year 2023 – and then expand into broader, systemically important maritime OT.” FedScoop notes that the report also calls for the Coast Guard to establish cybersecurity education and workforce programs, as well as grant programs to help the Coast Guard acquire the necessary cybersecurity resources. It also urges the Department of Homeland Security to ask Congress for increased Coast Guard support for its Sector Risk Management Agency responsibilities.
Beijing calls on Apple to improve its privacy and security game.
Zheng Shanjie, director of China's National Development and Reform Commission, met with Apple CEO Tim Cook, and urged the tech giant to strengthen its products’ privacy and security tools. An official account of the meeting stated, "Director Zheng Shanjie said that the Chinese government will unswervingly implement the basic national policy of opening to the outside world, and the National Development and Reform Commission will continue to support foreign-funded enterprises including Apple in their business in China.” Shanjie also highlighted the fact that the Chinese market, with its massive scale and digital industrialization process, is important for multinationals like Apple. The Register notes that nearly 19% of Apple’s $394 billion total annual revenue came from Greater China, and that the company has made many efforts to maintain that market, like censoring apps the Chinese government might find offensive. Although Shanjie did not offer details about how Apple should improve its privacy and security features, the Register suggests the comments could have been a reference to recent enhancements to China's data security law calling for tighter regulatory requirements over the export of Chinese user data.