Crossroads Blog | CYBER SECURITY LAW AND POLICY

cyber attack, Cyber Command, Identity Management, Legislation, NS-TIC

Cyber roundup (4/10): In defense of CISPA, an analysis of information-sharing, cyber-threats hamstring U.S. cooperation with allies, a global cyber arms race, NSTIC’s pilot program moves forward, and the CFAA and your employer’s computer use policy

A busy night in cyber news . . .

***

On 4/10, Gerry Smith reported for the Huffington Post on how lawmakers are defending CISPA, a House cybersecurity proposal.  Notably, CISPA's authors–Rep. Mike Rogers and Dutch Ruppersberger–rebutted criticisms that CISPA doesn't protect consumers "from having their private data shared with the government."  Privacy groups argue that CISPA's information sharing provisions are an end run around the Fourth Amendment in that private companies can voluntarily share consumer data with the government.  Supporters of the bill argue that the government can't use the information "unless a significant cybersecurity or national security purpose exists."  Moreover, the information-sharing is completely voluntary.

Rep. Rogers was quick to note that CISPA has nothing in common with SOPA.  In fact, Rogers believes that "[t]he two bills 'are some completely different there is absolutely no comparison.'"

***

On 4/10, Paul Rosenzweig wrote a blog post for Lawfare on information-sharing across the various cybersecurity proposals.  His blog post was pretty in-depth, so I recommend you get the full experience here.

***

On 4/10, Carlo Munoz reported for The Hill on U.S. cooperation with its allies on cybersecurity.  According to the article, DOD is concerned about sharing sensitive U.S. cybersecurity information with some of our allies because U.S. adversaries could steal that information from our allies.  The article explained that the U.S. "is looking to grow [its] circle of international cyber allies" by engaging New Zealand, South Korea, Japan, Australia, and the United Kingdom, but these concerns have slowed collaboration.  The article did not mention which of our allies are a liability.

***

On 4/10, David Alexander reported for Reuters on comments coming out of a recent cybersecurity conference held at Georgetown University.  Notably, the article quoted Rear Admiral Samuel Cox, director of intel at CyberComm:

[W]e're looking at [] a gobal cyber arms race . . . It's not proceeding at a leisurely or even a linear fashion but in fact is accelerating. I wouldn't claim that it's following Moore's law, but the curve looks kind of similar.

According to Reuters, the consensus was that in order to achieve effective cybersecurity, government agencies must collaborate together in a team mentality.  Moreover, cyber arms control wouldn't really work, but agreed upon norms of behavior might have more success.

***

On 4/10, SecureIDNews reported that the National Institute of Standards and Technology (NIST) has notified 27 finalists of "grants that would pilot portions of the identity ecosystem for the [NSTIC]."  The article said that the finalists must decide whether to announce their status.  I'll keep my eyes open for any such announcements.  The finalists are likely made up of state and local government agencies, major companies, business start ups, and universities. 

From here, the finalists must submit full proposals to NIST by May 10th.  After that, NIST will choose 5 to 8 proposals that will receive a total of $10 million. 

A bit of background on NSTIC.

***

On 4/10, Joseph S. Nye, Jr., (a former U.S. assistant secretary of defense in the Clinton Administration) wrote for CNN on cyberwarfare.  The article gave a broad overview of the issues, and was mostly a pitch for Mr. Nye's upcoming book The Future of Power

Nye explained that in the The Future of Power, he argues that "the diffusion of power away from governments is one of this century’s great political shifts."  Cyberspace really demonstrates that.

***

On 4/10, Lisa Rein reported for the Washington Post on the Commerce Department's recent problems with a cyberattack.  According to the article, the Commerce Department's Economic Development Administration had been offline since January due to a cyberattack.   

***

On 4/10, David Kravets reported for Wired on a recent holding out of the 9th Circuit.  According to the article, the 9th Circuit held that employers cannot be prosecuted under the CFAA (the basic federal anti-hacking statute) for violating their employer's computer use policy. 

There is a split among the Circuits on this issue . . . the Supreme Court might have to take it up.

Leave a Reply

cyber attack, Cyber Command, Identity Management, Legislation, NS-TIC

Cyber roundup (4/10): In defense of CISPA, an analysis of information-sharing, cyber-threats hamstring U.S. cooperation with allies, a global cyber arms race, NSTIC’s pilot program moves forward, and the CFAA and your employer’s computer use policy

A busy night in cyber news . . .

***

On 4/10, Gerry Smith reported for the Huffington Post on how lawmakers are defending CISPA, a House cybersecurity proposal.  Notably, CISPA's authors–Rep. Mike Rogers and Dutch Ruppersberger–rebutted criticisms that CISPA doesn't protect consumers "from having their private data shared with the government."  Privacy groups argue that CISPA's information sharing provisions are an end run around the Fourth Amendment in that private companies can voluntarily share consumer data with the government.  Supporters of the bill argue that the government can't use the information "unless a significant cybersecurity or national security purpose exists."  Moreover, the information-sharing is completely voluntary.

Rep. Rogers was quick to note that CISPA has nothing in common with SOPA.  In fact, Rogers believes that "[t]he two bills 'are some completely different there is absolutely no comparison.'"

***

On 4/10, Paul Rosenzweig wrote a blog post for Lawfare on information-sharing across the various cybersecurity proposals.  His blog post was pretty in-depth, so I recommend you get the full experience here.

***

On 4/10, Carlo Munoz reported for The Hill on U.S. cooperation with its allies on cybersecurity.  According to the article, DOD is concerned about sharing sensitive U.S. cybersecurity information with some of our allies because U.S. adversaries could steal that information from our allies.  The article explained that the U.S. "is looking to grow [its] circle of international cyber allies" by engaging New Zealand, South Korea, Japan, Australia, and the United Kingdom, but these concerns have slowed collaboration.  The article did not mention which of our allies are a liability.

***

On 4/10, David Alexander reported for Reuters on comments coming out of a recent cybersecurity conference held at Georgetown University.  Notably, the article quoted Rear Admiral Samuel Cox, director of intel at CyberComm:

[W]e're looking at [] a gobal cyber arms race . . . It's not proceeding at a leisurely or even a linear fashion but in fact is accelerating. I wouldn't claim that it's following Moore's law, but the curve looks kind of similar.

According to Reuters, the consensus was that in order to achieve effective cybersecurity, government agencies must collaborate together in a team mentality.  Moreover, cyber arms control wouldn't really work, but agreed upon norms of behavior might have more success.

***

On 4/10, SecureIDNews reported that the National Institute of Standards and Technology (NIST) has notified 27 finalists of "grants that would pilot portions of the identity ecosystem for the [NSTIC]."  The article said that the finalists must decide whether to announce their status.  I'll keep my eyes open for any such announcements.  The finalists are likely made up of state and local government agencies, major companies, business start ups, and universities. 

From here, the finalists must submit full proposals to NIST by May 10th.  After that, NIST will choose 5 to 8 proposals that will receive a total of $10 million. 

A bit of background on NSTIC.

***

On 4/10, Joseph S. Nye, Jr., (a former U.S. assistant secretary of defense in the Clinton Administration) wrote for CNN on cyberwarfare.  The article gave a broad overview of the issues, and was mostly a pitch for Mr. Nye's upcoming book The Future of Power

Nye explained that in the The Future of Power, he argues that "the diffusion of power away from governments is one of this century’s great political shifts."  Cyberspace really demonstrates that.

***

On 4/10, Lisa Rein reported for the Washington Post on the Commerce Department's recent problems with a cyberattack.  According to the article, the Commerce Department's Economic Development Administration had been offline since January due to a cyberattack.   

***

On 4/10, David Kravets reported for Wired on a recent holding out of the 9th Circuit.  According to the article, the 9th Circuit held that employers cannot be prosecuted under the CFAA (the basic federal anti-hacking statute) for violating their employer's computer use policy. 

There is a split among the Circuits on this issue . . . the Supreme Court might have to take it up.

Leave a Reply