Latest in Cybersecurity: Legislation
Ukraine’s offensive cyber hacking against Russia, though perhaps for aims that the international community may agree with, is nonetheless a violation of cyber norms—which should be enforced without exceptions.
Policymakers have a golden opportunity to make cyber incident and breach reporting requirements more powerful and effective.
If a new law is passed by government committee and the Knesset, it will redefine cybersecurity governance in Israel.
The spending bill authorizes the Pentagon to create procurement pathways in which software can be purchased in less than a year. If effectively implemented, the change would be dramatic.
The soon-to-be-enacted NDAA includes a provision that will fine-tune the range of military cyber operations subject to the 48-notification requirement. Here’s an explainer.
The good news is that national security bipartisanship in Congress lives. The bad news is that the only place it lives is in the pages of the Senate Intelligence Committee report on Russian election interference.
American companies are getting hacked, and the Securities and Exchange Commission wants corporate executives to do something about it. According to a White House Council of Economic Advisers report released earlier this year, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.
There is a mounting gap between what the headlines say about the costs of cyber insecurity to the U.S. economy and the results of data-driven research on this topic—with negative implications for cybersecurity. Congress should move to narrow the gap by passing a federal law that takes two steps to protect data. First, it should require companies that possess sensitive personal information to publicly disclose when significant breaches of this information occur.
On Dec. 21, all eyes were on the Republican bill to cut taxes. Yet a bipartisan group of six senators also had their eyes on the far less sexy (but still important!) topic of election hacking. They quietly introduced a bill called the Secure Elections Act that, if passed, would be a good down payment on improving the confidence we can have in the integrity of our elections.
The next National Defense Authorization Act (the NDAA FY’18) is nearing the finish line. A Conference Report is now available, and so the time has come for a closer look at some of the key provisions of interest to Lawfare readers. My colleague Scott Anderson is going to post a broad overview shortly. For my part, I’d like to walk you through the “Cyberspace-Related Matters” section (sections 1631-1649C).