House Homeland Security Committee Advances Bill to Protect Critical Infrastructure
Last Wednesday, the House Homeland Security Committee advanced a bill that would enhance the protection of critical infrastructure. According to The Hill, the measure “would codify and expand the Department of Homeland Security’s current efforts to identify and mitigate cyber threats to industrial control systems — technology used in a wide swath of critical sectors, including power and water systems, manufacturing and transportation. […] The legislation would also authorize the department to provide cyber technical assistance to end users, manufacturers and other industry stakeholders to identify and mitigate vulnerabilities associated with these systems.”
Stronger Cyber Stance Encouraged by Latest National Defense Authorization Act
During the past few years, our military has found itself at a disadvantage in cyberspace as it operates from a “doctrine of restraint” while other nation states attack more aggressively. This US position has gradually shifted, and another step toward a stronger cyber stance is the latest National Defense Authorization Act submitted last Tuesday. According to CyberScoop, “To counter foreign state actors bent on stealing, striking, spying or disrupting in cyberspace, the bill suggests boosting resilience, increasing attribution capabilities, emphasizing defense and enhancing the country’s ability to respond to attacks. […] According to the proposed law, cyber incidents that inflict casualties, undermine democratic society, damage critical infrastructure or affect armed forces could trigger U.S. offensive cyber operations.”
Facebook–Cambridge Analytica Data Scandal Inspiring Privacy Legislation in Congress
After Facebook took a beating during Congressional testimony and now must follow up to questions submitted by lawmakers, Congress is leveraging the anger and awareness generated by the Facebook–Cambridge Analytica data scandal to push forward various data privacy laws. According to The Washington Post, “Lawmakers are pointing to two main vehicles emerging in Congress. One is the Consent Act, a bill sponsored by Sen. Ed Markey (D-Mass.) that would require Facebook and other tech companies such as Google to get explicit permission from users before doing anything with their personal information. […] The second bill, the Social Media Privacy and Consumer Rights Act, introduced by Sens. Amy Klobuchar (D-Minn.) and John Neely Kennedy (R-La.), proposes similar rules allowing users to opt out of data collection.”
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week:
Two Major Cybersecurity Acquisitions Last Week
Last Monday, Microsoft announced its intent to acquire GitHub. According to a blog post from Microsoft, “More than 28 million developers already collaborate on GitHub, and it is home to more than 85 million code repositories used by people in nearly every country. From the largest corporations to the smallest startups, GitHub is the destination for developers to learn, share and work together to create software. It’s a destination for Microsoft too. We are the most active organization on GitHub, with more than 2 million ‘commits,’ or updates, made to projects.”
In other acquisition news, Capgemini will acquire Leidos Cyber, the commercial cybersecurity division of Fortune 500 company Leidos. According to a press release, “This acquisition will reinforce the Group's capabilities in North America, helping to meet growing customer demand for its portfolio of cybersecurity services and solutions across the region. […] A commercial enterprise security leader with proven critical infrastructure capabilities, Leidos Cyber has established a successful track record of over 10 years in the commercial cybersecurity business. It comprises a team of almost 500 elite cybersecurity professionals located principally across North America.”