Cyberspace Solarium Commission – Page 5

After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal

Posted on November 23, 2020 by Tim Starks

Congress last week did something that it rarely does: It passed a meaningful cybersecurity bill. The legislation is aimed at enhancing the safeguards of internet-connected devices — also known as the internet of things (IoT) — such as smart sensors that monitor water quality or control ships in waterway locks. The bill is also a major step toward the federal government encouraging vulnerability disclosure policies that implement programs for organizations to work with security researchers to fix software flaws. “It is arguably the most significant U.S. IoT-specific cybersecurity law to date, as well as the most significant law promoting coordinated vulnerability disclosure in the private sector to date,” said Harley Geiger, director of public policy at Rapid7, a cybersecurity company. All it took to get across the finish line was more than three years of bipartisan work, encroaching state and foreign government IoT rules, a ticking legislative clock, goodwill toward […]

The post After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal appeared first on CyberScoop.

Continue reading After years of work, Congress passes ‘internet of things’ cybersecurity bill — and it’s kind of a big deal→

The case for a National Cyber Director

Posted on July 14, 2020 by cyber_admin

Although the aftershocks of COVID-19 will last for years, one result is already clear — shifting more activity online has increased our society’s digital dependence even faster than expected. The federal government’s cybersecurity capabilities need to keep pace. Although some Federal agencies, particularly the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), have made significant improvements over the last few years, at least three factors impede government-wide progress. First, cybersecurity’s cross-cutting nature does not fit with the U.S. government’s bureaucratic structure. Second, agencies are not incentivized to sustain the degree of coordination required for effective cybersecurity. Third, a lack of central leadership hinders effective incident response. No single policy action will solve these problems, but creating a National Cyber Director along the lines of what the Cyberspace Solarium Commission recommends would be a good start. Bureaucracies prefer issues that fit neatly into one organization’s mission. […]

The post The case for a National Cyber Director appeared first on CyberScoop.

Continue reading The case for a National Cyber Director→

Lawmakers call for cyber leadership as they introduce bill that would create White House post

Posted on June 25, 2020 by Sean Lyngaas

After then-national security adviser John Bolton eliminated the position of White House cybersecurity coordinator in the spring of 2018, Democratic lawmakers quickly introduced a bill to restore the position, arguing that it was crucial for the White House to show leadership on the issue. The bill never went anywhere. But two years later, the push for creating a top White House cybersecurity post is gaining fresh traction, with support from Republicans. A bipartisan group of House members on Thursday introduced new legislation that would create a “national cyber director” at the White House. The director would serve a similar role to the coordinator, but have more authority to examine cybersecurity budgets and oversee national incident response. Instituting a national cyber director was a key recommendation put forth by the congressionally mandated Cyberspace Solarium Commission, which released a report in March arguing for big changes to U.S. cybersecurity policy. Two leading members […]

The post Lawmakers call for cyber leadership as they introduce bill that would create White House post appeared first on CyberScoop.

Continue reading Lawmakers call for cyber leadership as they introduce bill that would create White House post→

Why the FBI’s cyber attachés are so valuable

Posted on June 24, 2020 by cyber_admin

On an average day, cybercriminals visiting the Darkode darkweb forum would expect to enter an underground, invitation-only digital marketplace to buy, sell, and trade malware, access to botnets, and stolen personal information. However, in July 2015, users were instead confronted with the emblems of the U.S. Federal Bureau of Investigation (FBI), the U.S. Department of Justice (DOJ), and EUROPOL’s European Cyber Crime Center (EC3) instead of the Darkode homepage. A large, bold warning surrounded by the official seals of 17 additional international police departments prominently proclaimed, “This domain and website have been seized.” This was the culmination of a multi-year joint undercover operation by U.S. and international law enforcement from 20 countries who searched, charged, or arrested 70 of the forum’s members worldwide and indicted 12 individuals with computer fraud conspiracy. This joint effort, known as Operation Shrouded Horizon, exemplifies the collaboration needed to counter the increasingly complex and diffuse […]

The post Why the FBI’s cyber attachés are so valuable appeared first on CyberScoop.

Continue reading Why the FBI’s cyber attachés are so valuable→

Building a resilient cyber future

Posted on March 6, 2020 by cyber_admin

During the early days of the Cold War, American planners wrestled with the emerging challenge of deterring a Soviet nuclear strike. Recognizing the destructive potential of nuclear weapons, the U.S. opted to focus its efforts on ensuring that adversaries clearly understood the U.S. capacity to retaliate and impose costs. Defense and resilience was a secondary priority. We did not, for example, build our subway systems hundreds of feet underground to double as fallout shelters, as the Soviets did. We relied heavily on the concept of mutually assured destruction to dissuade adversaries. With the Cyberspace Solarium Commission, we have assessed that a strong offense does not convey the same deterrent in cyberspace as it does in nuclear or conventional war. While the ability to impose costs is important, a U.S. strategy to secure ourselves in cyberspace must prioritize defense, denying adversaries the opportunity and benefits brought by attacking us in this […]

The post Building a resilient cyber future appeared first on CyberScoop.

Continue reading Building a resilient cyber future→

Congressional commission mulls new private sector reporting requirements

Posted on January 7, 2020 by Shannon Vavra

The Cyberspace Solarium Commission, a bipartisan group tasked last year with devising a strategy for defending the U.S. against cyberattacks, is almost ready to reveal its proposals to the world. The commission’s final report, expected to be issued in March or April, may include new reporting requirements for the private sector that would incentivize better security practices, according to the commission’s co-chairs, Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., said during a Council on Foreign Relations summit in Washington, D.C. Tuesday. While the final language is unclear, the report is expected to include a sweeping set of proposals ranging from an overhaul of Congressional oversight on cybersecurity issues to an assessment of the Pentagon’s offensive and defensive readiness. Whether there’s broader appetite outside of the 14-member commission to implement the recommendations, however, remains to be seen. One idea the commission has entertained is convincing insurance companies to offer better rates to clients who follow specific guidelines […]

The post Congressional commission mulls new private sector reporting requirements appeared first on CyberScoop.

Continue reading Congressional commission mulls new private sector reporting requirements→

US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country

Posted on June 8, 2018 by Liviu Arsene

US legislators are proposing new legislation that would empower US cyber defenses to hack back at cyber aggressors, even if they’re using a third-party country’s infrastructure, without the explicit consent of the respective country. The Na… Continue reading US Lawmakers Propose ‘Hack Back’ Law to Allow Cyber Retaliation Without Permission of Third-Party Country→