Crossroads Blog | CYBER SECURITY LAW AND POLICY

Current Affairs, Legislation, Privacy, warfare

Cyber Roundup (4/24): More CISPA, Pentagon pilot program expands, Cyber ROEs, US Cyber Policy review, and cyber theft of corporate intellectual property

A quick survey of today's news . . .

***

Gerry Smith reported for the Huffington Post on how the authors of CISPA will amend the bill to address privacy concerns.  Specifically, Rep. Mike Rogers and Dutch Ruppersberger will amend CISPA to limit the federal government's use of information shared through private companies to the following categories: "cybersecurity, investigating and prosecuting cyber crime, protecting individuals from death or serious bodily harm,' protecting minors from child pornography, and ensuring national security."  Privacy groups have been criticizing CISPA because its information-sharing provisions may be too broad.

A few privacy advocate groups were pleased with the announcement, but felt that the amendments still fall short because the NSA can still obtain private information unrelated to cybersecurity.

***

Jim Wolf wrote for Reuters on how the government is expanding its Defense Industrial Base Cyber Security and Information Assurance program.  That program is a threat information sharing initiative between the Pentagon and about 37 defense contractors.  The companies get cyber threat information from the DOD and NSA, and vice-versa.  The program has been a success, and the article noted that the DOD wants to expand it to roughly 200 defense contractors. 

These results seem to suggest that the public-private partnerships envisioned under CISPA and other cybersecurity bills might actually help.

***

The Washington Post ran an AP story written by Donna Cassata on the U.S. military's upcoming cyber ROEs.  The article reaffirmed another story from about a month ago stating that the U.S. military will need high level government approval in order to use offensive cyberattacks against foreign computer systems.  This article quoted Rear Adm. Samuel Cox, CyberComm's director of intel,  as saying that a cyberattack's severity of damage (particularly on infrastructure) means that they cannot be used in a cavalier manner.  This, I assume, drives the need for high level government approval.

***

On 4/18, Jason Healey posted a report titled The US Cyber Policy Reboot to the Atlantic Council website.  The report considered the progression of U.S. cyber policies over the past decade.  Healey argued that we've been through a "policy desert" (i.e. a lack of coherent policy) but recent policy initiatives (i.e. the DOD strategy for operating in cyberspace, the creation of US CyberComm, DHS' cybersecurity blueprint, etc.) represent a "glass of water" on our way towards an oasis.  

You can find the report here.

***

The Economist Intelligence Unit put out a really slick report titled Cyber Theft of Corporate Intellectual Property: The Nature of the Threat.  The report covers (as you can probably guess) intellectual property theft.  The report puts together a nice collection of charts, a slideshow, a video interview, and the actual article itself; worth a look.

The Economist Intelligence Unit's cyber hub has a few similar reports. 

 

Leave a Reply