FCC chair announces plans to restore net neutrality.
Jessica Rosenworcel, chair of the US Federal Communications Commission (FCC), made a significant announcement this week regarding the restoration of net neutrality rules. These rules, which were initially established in 2015 but rescinded during the Trump Administration, aim to ensure an open and equal internet experience for all users.
In a factsheet provided by the FCC, four overarching goals of net neutrality were outlined. Firstly, the goal of “openness” aims to establish basic rules for Internet Service Providers (ISPs) that prevent them from blocking legal content, throttling internet speeds, and creating fast lanes that favor those who can pay for access. This ensures that all users have equal access to online content without discrimination.
Secondly, the “security” goal involves reclassifying broadband internet access to give the FCC and its national security partners the necessary tools to defend networks from potential security threats. By enhancing the security measures of broadband networks, the FCC aims to protect users and prevent cyberattacks that could compromise sensitive information.
The third goal, “safety,” focuses on enhancing the resiliency of broadband networks and requiring providers to notify the FCC and consumers of any internet outages. This ensures that users are aware of any disruptions in their internet service and allows for quicker resolution of network issues.
Lastly, the goal of establishing a “nationwide standard” aims to create a uniform national standard for net neutrality instead of a patchwork of state-by-state approaches. This benefits both consumers and ISPs by providing clarity and consistency in the regulatory landscape.
The UK adopts a hunt-forward approach to cyber war.
Lieutenant General Tom Copinger-Symes, deputy commander of the UK’s Strategic Command, revealed in an interview that the UK has adopted a hunt-forward strategy in cyber warfare. This strategy takes inspiration from the approach followed by the US Cyber Command, based on lessons learned from Russia’s hybrid war against Ukraine.
The hunt-forward approach involves actively seeking out and targeting cyber threat actors within their own networks. By proactively hunting for and disrupting potential adversaries, the UK aims to better defend its networks and prevent cyberattacks.
The effect of the SEC’s new rules on CISOs.
The US Security and Exchange Commission (SEC) recently implemented new rules regarding cyber incident reporting, and these rules have significant implications for Chief Information Security Officers (CISOs). Under the new rules, publicly traded companies are required to disclose cyber incidents within four business days of determining the incident’s materiality to the company’s bottom line.
CISOs are responsible for making this determination, which can be a challenging task to complete accurately and in a timely manner. Additionally, CISOs are now accountable for ensuring that the C-suite and board are informed about any cyber incidents. Failure to do so could result in legal convictions, as seen in the case of the Uber ransomware attack cover-up.
A survey by Proofpoint indicates that the majority of CISOs are already concerned about liability in incident response and governance compliance. The new SEC rules further exacerbate these concerns and add complexity to the decision-making process for CISOs.
The UK and US reach a deal on data transfers.
Officials from the UK and US have reached an agreement on online data flows between the two countries. This agreement comes after years of contention regarding data transfers from the UK and EU to the US, with EU courts finding that the US lacks adequate protections for European data.
The UK agreement is similar to the data flow agreement reached between the EU and the US. However, it is less stringent due to the UK’s partnerships with the US regarding intelligence sharing and surveillance. This agreement provides relief for tech companies, as it allows them to continue accessing data from other countries without significant disruption to their operations.
While this agreement is a positive development, there are still challenges ahead. A court challenge to the EU-US agreement is ongoing and could affect the UK’s new pact. Additionally, US officials will be deciding whether to renew Section 702 of the Foreign Intelligence Surveillance Act, which has faced criticism from EU lawmakers for potential privacy violations.
FTC official says data brokers need to be curbed.
The US Federal Trade Commission (FTC) has signaled its intention to crack down on the data brokerage market. FTC consumer protection chief Sam Levine expressed concerns over data brokers’ attempts to compile detailed digital profiles on individuals.
Levine called on companies to be cautious about partnering with data brokers and to strengthen their data privacy policies. The FTC has already initiated several initiatives to restrain the activities of data brokers, including developing new privacy rules and strengthening enforcement of privacy laws.
Poland investigates OpenAI.
Polish regulators are investigating OpenAI, an American artificial intelligence research laboratory, following a complaint that the company violated the EU’s General Data Protection Regulation (GDPR). OpenAI’s chatbot ChatGPT is at the center of the investigation.
The complainant alleges that ChatGPT generated false data about them, which OpenAI failed to correct. When contacted, OpenAI reportedly provided evasive and misleading responses. The validity of these claims has not yet been commented on by OpenAI.
In response to the investigation, Jan Nowak, President of Poland’s Personal Data Protection Office (UODO), stated that OpenAI would be asked to answer questions regarding the violation of data protection provisions.
Election security: the Ohio model.
The US state of Ohio has gained attention for its efforts in election security. Secretary of State Frank LaRose has issued a series of directives to county election administrators aimed at better protecting the voting process.
These directives, initiated in response to warnings from US intelligence officials about potential voting interference, focus on enhancing security measures at the state level. LaRose has directed local governments to secure their election websites and email systems, proactively prepare response plans, undergo assessments from the federal Cybersecurity and Infrastructure Security Agency (CISA), and train staff on physical security procedures.
Ohio’s proactive approach to election security has been praised by experts, and it is likely that other states will follow suit in implementing similar measures.
CISA issues framework for hardware ingredients labels.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released its Hardware Bill of Materials Framework (HBOM) for Supply Chain Risk Management. This framework, developed by the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force, aims to provide guidelines for tech manufacturers to communicate clearly with buyers about the hardware components of their products.
The goal of the framework is to give purchasers a clearer understanding of the ingredients, or components, within a product and the associated risks. It is akin to a nutrition label on food packaging, providing transparency and enabling purchasers to make informed decisions about the products they buy.
CISA’s release of the framework reflects the agency’s commitment to addressing supply chain risks and improving the cybersecurity of hardware components.