Posts tagged Government

2 min Public Policy

Congress unanimously passes federal IoT security law

Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.

5 min Public Policy

A step closer to stronger federal IoT security

The US House passed the IoT Cybersecurity Improvement Act, which would require federal procurement and use of IoT devices to conform to basic security requirements.

5 min Public Policy

Hackers On The Hill - Slides and recap on cybersecurity policy

Recap of a presentation on the state of public policy related to cybersecurity and hacking from Hackers On The Hill 2020.

4 min Government

An update on trade

In light of recent activity on US trade agreements, here is a quick update on developments with regard to US-China, US-Mexico-Canada, and US-Japan. This summary focuses on technology and cybersecurity-related issues affecting private enterprises.

6 min Public Policy

How to Join in on the Cybersecurity Policy Conversation at DEF CON

In a recent episode of Security Nation, Meg King and Beau Woods talked about how to build better collaboration between the security community and policymakers on the Hill.

7 min Government

What's Happening With Markups for the IoT Cybersecurity Improvement Act of 2019?

In recent weeks, the House and Senate have drafted versions of the IoT Cybersecurity Improvement Act of 2019. Here are are thoughts.

4 min Public Policy

Expanded Protections for Security Researchers Under DMCA Sec. 1201

The Library of Congress announced that it would renew and expand legal protections for security testing under Section 1201 of the Digital Millennium Copyright Act (DMCA).

6 min Public Policy

Prioritizing the Fundamentals of Coordinated Vulnerability Disclosure

In this post, we aim to distinguish between three broad flavors of CVD processes based on authorization, incentives, and resources required. We also urge wider adoption of foundational processes before moving to more advanced and resource-intensive processes.

5 min Public Policy

Communicating IoT Security Update Capability

What is the essential information that manufacturers should communicate to consumers about security updates for Internet of Things (IoT) devices?

6 min Public Policy

Updating Data Security Laws - A Starting Point

A baseline requirement for commercial data security is often part of discussions on privacy and breach notification regulations. This issue deserves close attention to ensure any security regulation is both effective at protecting users while staying flexible enough to be practicable.

3 min Public Policy

Georgia should not authorize "hack back"

[Update 05/09/18: Georgia Governor Deal vetoed SB 315. In a thoughtful veto statement [https://gov.georgia.gov/press-releases/2018-05-08/deal-issues-2018-veto-statements] , the Governor noted that the legislation raised "concerns regarding national security implications and other potential ramifications," and that "SB 315 may inadvertently hinder the ability of government and private industries" to protect against breaches. The statement expressed interest in working with the cybersecurity and l

3 min Public Policy

NIST Cyber Framework Updated With Coordinated Vuln Disclosure Processes

A key guideline for cybersecurity risk management now includes coordinated vulnerability disclosure and handling processes. This revision will help boost adoption of processes for receiving and analyzing vulnerabilities disclosed from external sources, such as researchers.

2 min Public Policy

Welcome transparency on US government's process for disclosing vulnerabilities

The White House recently released details on the US government's process for disclosing - or retaining - zero-day vulnerabilities. The new VEP charter provides answers to several key questions, but it remains to be seen how it will operate in practice.

4 min Public Policy

Cybersecurity for NAFTA

When the North American Free Trade Agreement (NAFTA) was originally negotiated, cybersecurity was not a central focus. NAFTA came into force – removing obstacles to commercial trade activity between the US, Canada, and Mexico – in 1994, well before most digital services existed. Today, cybersecurity is a major economic force – itself a large industry and important source of jobs, as well as an enabler of broader economic health by reducing risk and uncertainty for businesses. Going forward, cybe

5 min Public Policy

Copyright Office Calls For New Cybersecurity Researcher Protections

On Jun. 22, the US Copyright Office released [https://www.copyright.gov/policy/1201/section-1201-full-report.pdf] its long-awaited study on Sec. 1201 of the Digital Millennium Copyright Act (DMCA), and it has important implications for independent cybersecurity researchers. Mostly the news is very positive. Rapid7 advocated extensively for researcher protections to be built into this report, submitting two sets of detailed comments—see here [/2016/03/15/rapid7-bugcrowd-and-hackerone-file-pro-res