at a glance.
- The EU is considering changes to its product lifecycle and vulnerability disclosure rules.
- The FBI works to earn the trust of ransomware victims.
- Imminent Judgment Impact of Section 230 on User Generated Content.
- Self-certification challenge.
- US and India launch technology R&D partnership
The EU is considering changes to its product lifecycle and vulnerability disclosure rules.
Euractiv will consider the EU adjusting its definition of “product lifecycle” in relation to the Cyber Resilience Act, a legislative proposal to introduce basic cybersecurity requirements for Internet of Things (IoT) products. reported that The original proposal would have required manufacturers to secure IoT products for the entire lifecycle or up to five years, but the Swedish government said that different products have lifecycles of varying lengths. Compromises are being distributed that better account for the facts. and warranted to be suitable for the expected service life.” This change will be discussed today by the Horizontal Working Group on Cyber Issues. Another topic of discussion is conformity assessment and the list of critical products that require third-party evaluation before being placed on the European market.
The FBI works to earn the trust of ransomware victims.
After revealing last week that the Federal Bureau of Investigation (FBI) had engaged in a months-long operation to halt the Hive ransomware gang’s digital operations, FBI Director Christopher Wray said that Hive’s revealed that only 20% of respondents reported potential problems. law enforcement in action. As vice president of intelligence at a cyber defense firm, he distrusts the involvement of agencies such as the FBI and the Cyber security and Infrastructure Security Agency in investigating cyberattacks, as Redacted Adam Flatley told his Axios. I have. According to his 2021 survey conducted by cybersecurity firm Talion, about 45% of cyber professionals said that reporting to law enforcement would slow data recovery and distract his IT team at his company. I think it will be Businesses fear the Fed will undermine their own internal investigations or that the Fed’s involvement will undermine negotiations with attackers. In a Hive sting operation, the agents tried to prove otherwise. The FBI quickly deployed her Hive decryption key to the victim, demonstrating the value of involving federal agents in attacks by threat actors. As CISA prepares to enact its next cyber incident reporting law, experts question whether the new measures will give ransomware victims more confidence in engaging with government. I am thinking. Victims also fear that the FBI’s involvement will attract unwanted and intrusive regulatory attention. For years, authorities have worked to allay that concern, promising not to treat victims as victims and alert regulators to tangential issues that investigations might uncover.
Imminent Judgment Impact of Section 230 on User Generated Content.
As previously explained, later this month, the U.S. Supreme Court will hear a case that may decide the future of Section 230, a provision of the Communications Decency Act that protects social media platforms from liability for user-generated content. It’s a schedule. The MIT Technology Review explains why the lawsuit is such a big deal and what it means for tech giants like Meta, Google, Twitter and YouTube. If a court decides to repeal or reinterpret Section 230, these companies may need to make significant changes to their content moderation processes and platform structures. Also, user moderators can suddenly become responsible for their own actions. This could be devastating for platforms like his Reddit, where user upvotes determine which content gets viewed the most, and Wikipedia, which relies almost entirely on user content.
Reddit legal counsel Ben Lee asks: [users] Just because you posted a two-star review on a restaurant, just because you clicked downvote or upvote on that one post, just because you decided to help volunteers in the community to get started. Do you delete or add posts that get dragged into lawsuits, or even good faith lawsuits?” Further complicating matters is the enactment of state-level legislation to prevent discriminatory services based on Experts fear that if Section 230 degrades, the future of content moderation will be determined by complex and fragmented state laws. “Without Section 230, some websites would be forced to overblock, filtering out content that could create potential legal risks,” Halima Delane Prado, Google’s general counsel, said in a blog post. and may shut down some services entirely.” Still, some experts say disruptions like this will motivate Congress to enact federal legislation that would make moderation in and out of moderation more clear. I hope that
Self-certification challenge.
Later this year, the United States will enact cybersecurity regulations that will require government agencies to obtain “self-certifications” from software vendors that indicate whether their products comply with the guidelines of the National Institute of Standards and Technology. Federal Acquisition Regulation officials are still reviewing the proposed rule, but the General Services Administration (GSA) has already developed training on the following systems to begin collecting certifications by mid-June. says there is. As the Bloomberg government explains, some agency contractors and vendors fear that the extensive network of companies that provide the software will make obtaining certification an almost impossible task. Joanne Woytek, NASA program manager for the government-wide acquisition contract called SEWP, said: However, we will work with the GSA to do what we can. [National Institute of Standards and Technology] To determine what this policy means and how it actually works in the world in which it exists, [are not] Ten companies, but thousands selling software. The Information Technology Industry Council filed a letter with the Office of Management and Budget in November outlining suggestions to make the process run more smoothly, including using a single, standardized form for all agencies. .
US and India launch technology R&D partnership
US National Security Advisor Jake Sullivan met with India’s Ajit Doval on Tuesday to formally launch an initiative on Critical and Emerging Technologies (iCET), according to a Candid.Technology report. A product of a partnership announced by US President Joe Biden and Indian Prime Minister Narendra Modi last May, the goal of the initiative is to improve and expand the strategic and defense technology partnership between the two countries. Among other things, the agreement will facilitate joint production of defense equipment such as military jet engines and long-range artillery, as the Washington Post explains. The United States and India have launched new bilateral initiatives and welcome new cooperation between governments, industry and academia.”