4 min
Government
Cybersecurity for NAFTA
When the North American Free Trade Agreement (NAFTA) was originally negotiated,
cybersecurity was not a central focus. NAFTA came into force – removing
obstacles to commercial trade activity between the US, Canada, and Mexico – in
1994, well before most digital services existed. Today, cybersecurity is a major
economic force – itself a large industry and important source of jobs, as well
as an enabler of broader economic health by reducing risk and uncertainty for
businesses. Going forward, cybe
5 min
Public Policy
Copyright Office Calls For New Cybersecurity Researcher Protections
On Jun. 22, the US Copyright Office released
[https://www.copyright.gov/policy/1201/section-1201-full-report.pdf] its
long-awaited study on Sec. 1201 of the Digital Millennium Copyright Act (DMCA),
and it has important implications for independent cybersecurity researchers.
Mostly the news is very positive. Rapid7 advocated extensively for researcher
protections to be built into this report, submitting two sets of detailed
comments—see here
[/2016/03/15/rapid7-bugcrowd-and-hackerone-file-pro-res
2 min
Public Policy
Legislation to Strengthen IoT Marketplace Transparency
Senator Ed Markey (D-MA) is poised to introduce legislation to develop a
voluntary cybersecurity standards program for the Internet of Things (IoT). The
legislation, called the Cyber Shield Act, would enable IoT products that comply
with the standards to display a label indicating a strong level of security to
consumers – like an Energy Star rating for IoT. Rapid7 supports this legislation
and believes greater transparency in the marketplace will enhance cybersecurity
and protect consumers.
The
4 min
Public Policy
Rapid7 issues comments on NAFTA renegotiation
In April 2017, President Trump issued an executive order directing a review of
all trade agreements. This process is now underway: The United States Trade
Representative (USTR) – the nation's lead trade agreement negotiator – formally
requested [https://www.regulations.gov/docket/USTR-2017-0006] public input on
objectives for the renegotiation of the North American Free Trade Agreement
(NAFTA). NAFTA is a trade agreement between the US, Canada, and Mexico, that
covers a huge range of topics, fr
4 min
Public Policy
White House Cybersecurity Executive Order Summary
Yesterday President Trump issued an Executive Order on cybersecurity:
“Strengthening the Cybersecurity of Federal Networks and Critical
Infrastructure.”
[https://www.federalregister.gov/documents/2017/05/16/2017-10004/strengthening-the-cybersecurity-of-federal-networks-and-critical-infrastructure]
The Executive Order (EO) appears broadly positive and well thought out, though
it is just the beginning of a long process and not a sea change in itself. The
EO directs agencies to come up with plans
4 min
Public Policy
Rapid7 urges NIST and NTIA to promote coordinated disclosure processes
Rapid7 has long been a champion of coordinated vulnerability disclosure and
handling processes as they play a critical role in both strengthening risk
management practices and protecting security researchers. We not only use
coordinated disclosure processes in our own vulnerability disclosure
[https://www.rapid7.com/security/disclosure/] and receiving activities, but also
advocate for broader adoption in industry and in government policies.
Building on this, we recently joined forces with other
4 min
Haxmas
12 Days of HaXmas: Year-End Policy Comment Roundup
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 blog posts on hacking-related
topics and roundups from the year. This year, we're highlighting some of the
“gifts” we want to give back to the community. And while these gifts may not
come wrapped with a bow, we hope you enjoy them.
On the seventh day of Haxmas, the Cyber gave to me: a list of seven Rapid7
comments to government policy proposals! Oh, tis a magical season.
It was an ac
5 min
Public Policy
Rapid7 Supports Researcher Protections in Michigan Vehicle Hacking Law
Yesterday, the Michigan Senate Judiciary Committee passed a bill – S.B. 0927
[http://www.senate.michigan.gov/committees/files/2016-SCT-JUD_-09-20-1-01.PDF] –
that forbids some forms of vehicle hacking, but includes specific protections
for cybersecurity researchers. Rapid7 supports these protections. The bill is
not law yet – it has only cleared a Committee in the Senate, but it looks poised
to keep advancing in the state legislature. Our background and analysis of the
bill is below.
In summary
4 min
Public Policy
Rapid7, Bugcrowd, and HackerOne file pro-researcher comments on DMCA Sec. 1201
On Mar. 3rd, Rapid7, Bugcrowd [https://bugcrowd.com/], and HackerOne
[https://hackerone.com/] submitted joint comments to the Copyright Office urging
them to provide additional protections for security researchers. The Copyright
Office requested public input [http://copyright.gov/fedreg/2015/80fr81369.pdf]
as part of a study on Section 1201
[https://www.law.cornell.edu/uscode/text/17/1201] of the Digital Millennium
Copyright Act (DMCA). Our comments to the Copyright Office focused on reforming
2 min
Public Policy
I've joined Rapid7!
Hello! My name is Harley Geiger and I joined Rapid7 as director of public
policy, based out of our Washington, DC-area office. I actually joined a little
more than a month ago, but there's been a lot going on! I'm excited to be a part
of a team dedicated to making our interconnected world a safer place.
Rapid7 has demonstrated a commitment to helping promote legal protections for
the security research community. I am a lawyer, not a technologist, and part of
the value I hope to add is as a repr