Updates on the mass surveillance debate
IP Watch is gathering news from around the world about the the US’s secret programmes to collect the records of domestic telephone calls in the US and international internet activity - available here.
A cybersecurity update on managing advanced persistent threats and attacks
This interview by Latham & Watkins explores why advanced persistent threats (APTs) require an integrated, cross-functional response, and why as a matter of corporate governance, the legal function should be front and center in preparing for and responding to APTs
Cybersecurity bill passes the House
The US House of Representatives has approved the Cyber Intelligence Sharing and Protection Act (CISPA, H.R. 624), which would amend the National Security Act of 1947 by adding a new section titled “Cyber Threat Intelligence and Information Sharing”.
As Duane Morris reports, that section provides that the Director of National Intelligence is to establish procedures to allow elements of the intelligence community to share cyber threat intelligence with security-cleared private entities and utilities.
Information that is shared is to be exempt under the Freedom of Information Act. CISPA also provides that the Director of National Intelligence shall establish policies and procedures that, among other things, “minimize the impact on privacy and civil liberties” and “protect the confidentiality of cyber threat information associated with specific persons to the greatest extent practicable”.
White House issues Executive Order on cybersecurity
The Obama administration has issued an Executive Order on “Improving Critical Infrastructure Cybersecurity”, developing a framework for reducing risks from cyber-attacks on the nation’s critical infrastructure, reports Dechert.
EU announces plans for a cyber-security bill
The EU Commissioner for a Digital Agenda has revealed plans for implementation of a high level of network and information security across the EU, effectively extending the obligations to adopt risk management measures to the private sector, reports ReedSmith.
US cybersecurity proposal defeated in the Senate
The United States Senate failed to pass legislation prior to the August recess that would have established security standards to prevent large-scale cyber attacks on the nation’s critical infrastructure, despite strong endorsements from top military and national security officials, reports King & Spalding.
Cybersecurity Act of 2012 fails to move ahead in Senate
Sponsors were unable to muster the 60 votes required to move forward with the legislation, following heavy lobbying against the bill by the U.S. Chamber of Commerce, the financial industry, and other interested constituencies, and despite an aggressive, coordinated push from the White House, reports Latham & Watkins.
US Cybersecurity Act advances in Senate
The Cybersecurity Act of 2012 (S. 3414) moved one step closer to possible passage when the United States Senate voted 84 to 11 to allow an open amendment process when the bill is taken up for floor debate, Latham & Watkins report.
The Bill still faces an uphill battle to passage in its present form, in the face of opposition to government regulatory intrusion from business groups and key technology companies, as well as a lack of support within the Republican-controlled House of Representatives.
According to Baker Hostetler, there is widespread support among Democrats, Republicans, and the White House on the need for cybersecurity legislation, but there is fierce disagreement over what it should look like.
At least 1/3 of the Senate is very sensitive to lobbying by key constituencies and Members may decide that the Hippocratic oath / political rule of thumb “first, do no harm” means don’t pass an obscure bill the public isn’t clamoring for.
US House passes 4 Cybersecurity Bills during “Cyber Week”
The U.S. House of Representatives has passed a slate of four cybersecurity Bills as part of “Cyber Week”. The main effects of these Bills are :
- to provide positive authority to private-sector entities to defend their own networks and to those of their customers, and to share cyber threat information with others in the private sector, as well as with the federal government on a purely voluntary basis;
- to establish a mechanism for stronger oversight of information technology systems, by focusing on “automated and continuous monitoring” of cybersecurity threats;
- to strengthen the efforts of the National Science Foundation (NSF) and the National Institute of Standards and Technology (NIST) in the areas of cybersecurity technical standards and cybersecurity awareness, education, and talent development; and
- to reauthorize the NITRD program, which focuses on R&D to detect, prevent, resist, respond to, and recover from actions that compromise or threaten to compromise the availability, integrity, or confidentiality of computer-and network-based systems.
The Bills have been delivered to the Senate, which is expected to consider the cybersecurity legislation sometime in June 2012.