Latest in Cybersecurity: Legislation
The spending bill authorizes the Pentagon to create procurement pathways in which software can be purchased in less than a year. If effectively implemented, the change would be dramatic.
The soon-to-be-enacted NDAA includes a provision that will fine-tune the range of military cyber operations subject to the 48-notification requirement. Here’s an explainer.
The good news is that national security bipartisanship in Congress lives. The bad news is that the only place it lives is in the pages of the Senate Intelligence Committee report on Russian election interference.
American companies are getting hacked, and the Securities and Exchange Commission wants corporate executives to do something about it. According to a White House Council of Economic Advisers report released earlier this year, malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.
There is a mounting gap between what the headlines say about the costs of cyber insecurity to the U.S. economy and the results of data-driven research on this topic—with negative implications for cybersecurity. Congress should move to narrow the gap by passing a federal law that takes two steps to protect data. First, it should require companies that possess sensitive personal information to publicly disclose when significant breaches of this information occur.
On Dec. 21, all eyes were on the Republican bill to cut taxes. Yet a bipartisan group of six senators also had their eyes on the far less sexy (but still important!) topic of election hacking. They quietly introduced a bill called the Secure Elections Act that, if passed, would be a good down payment on improving the confidence we can have in the integrity of our elections.
The next National Defense Authorization Act (the NDAA FY’18) is nearing the finish line. A Conference Report is now available, and so the time has come for a closer look at some of the key provisions of interest to Lawfare readers. My colleague Scott Anderson is going to post a broad overview shortly. For my part, I’d like to walk you through the “Cyberspace-Related Matters” section (sections 1631-1649C).
The U.K. government released a new “Internet Safety Strategy” Green Paper last week, making clear its intention to follow through on bold campaign rhetoric promising aggressive internet regulation.
Sens. Mark Warner, Cory Gardner, Ron Wyden and Steve Daines have proposed a bill, the Internet of Things Cybersecurity Improvement Act of 2017, that is a good first step in securing the Internet of Things and U.S. government systems in particular. While there are still places for improvement, this is a solid piece of common-sense legislation.
Last week, the Senate took a significant step towards imposing additional sanctions on Russia. The latest step came in the form of an amendment to S.722, the Countering Iran's Destabilizing Activities Act.