May 6 2022

This Week in Washington 

The Hill Biden signs bill aimed at improving data collection on cybercrime
President Biden on Thursday signed into law bipartisan legislation aimed at improving federal law enforcement’s collection of data related to cybercrime. The legislation, known as the “Better Cybercrime Metrics Act,” passed the Senate by unanimous consent late last year and passed the House at the end of March in a broadly bipartisan 377-48 vote.

Washington Post Sen. Gary Peters is overseeing a boom in cyber bills
People are paying more attention to hacks, and that’s helping Congress pass more cybersecurity bills. This is shaping up to be the most productive congressional term for cybersecurity in history — in no small part because of the efforts of Senate Homeland Security Committee Chair Sen. Gary Peters (D-Mich.). Peters and the committee’s top Republican, Sen. Rob Portman (Ohio), shepherded the largest expansion of requirements for industry to share hacking information with government into law last year.

StateScoop Tribal broadband gets $77 million from Commerce Department
The Commerce Department on Wednesday announced a total of $77 million in new grants to tribal governments across the United States. The 19 awards are being distributed through the National Telecommunications and Information Administration’s $980 million Tribal Broadband Connectivity Program. In the latest round, Alaska’s Federation of Natives was awarded roughly $35 million, which is to be distributed to its 73 tribal nations. According to the NTIA, the federation plans to use the funding to subsidize broadband service, offer digital skills and workforce training and improve access to health care.

Axios New bill aims to strengthen internet funding safeguards
A bipartisan Senate bill expected to be introduced Tuesday would require federal regulators to more thoroughly vet internet service providers seeking government money. The Rural Broadband Protection Act, from Sens. Shelley Moore Capito (R-W.Va.) and Amy Klobuchar (D-Minn.), shared exclusively with Axios, would require the FCC to develop rules to make sure funding goes to companies that have the technical capability to deliver the broadband service they promise.

The Hill Polling shows both sides of the aisle support reining in Big Tech
New polling by Schoen-Cooperman Research — which was conducted among a representative sample of U.S. adults, and commissioned by News Media Alliance — reveals broad public concern over Big Tech’s outsized influence with respect to news and publishing, as well as widespread support for reforms to rein in these monopolies. Indeed, roughly 4-in-5 Americans are concerned that Big Tech companies have too much power over the news and publishing industries (79 percent) and manipulate these industries for their own gain (78 percent).

Reuters Planned U.S. Senate bill would help FTC fight deception, fraud
U.S. Senator Maria Cantwell, chair of the Commerce Committee, will introduce legislation this week to restore authority that the Federal Trade Commission lost when the Supreme Court ruled last year that it overstepped in fighting deception and fraud. If it becomes law, the bill would make it easier for the FTC, which also enforces antitrust law, to sue deceptive companies and scammers to recover the money that they took from consumers, Cantwell’s office said in a statement on Monday.

Axios Tech antitrust bills’ big foe: the calendar
The clock is ticking down on Washington’s bipartisan effort to alter how Big Tech does business by passing new antitrust laws. The next couple of months will be do-or-die for backers of the tech antitrust bills. If lawmakers don’t approve them ahead of Congress’ August recess, insiders say the outlook is bleak as midterm elections loom. High-profile issues like abortion rights, inflation and the war in Ukraine are filling up lawmakers’ time. “There’s a natural timeline. Once the summer break happens, it’s going to be harder to get people focused on big issues,” Rep. David Cicilline (D-R.I.), who has led the House’s tech antitrust efforts, told Axios.

Article Summary

TechCrunch Apple, Google and Microsoft team up on passwordless logins
In a rare show of alliance, Apple, Google and Microsoft have joined forces to expand support for passwordless logins across mobile, desktop and browsers. Passwords are notoriously insecure, with weak and easily guessable credentials accounting for more than 80% of all data breaches, per Verizon’s annual data breach report. While password managers and multi-factor technologies offer incremental improvements, Apple, Google and Microsoft are working together to create sign-in technology that is more convenient and more secure.

NextGov Report: Cybersecurity Workforce Needs to Grow by Two-Thirds to Protect Assets
An analysis from (ISC)² indicates the worldwide cybersecurity workforce needs to grow by 65% to adequately protect enterprises’ critical assets. The Cybersecurity Workforce Study, which surveyed more than 4,700 cyber professionals working across North America, Europe, Latin America and Asia, attempted to measure the pool of available cyber talent in comparison to the need for such talent over 2021.

StateScoop Months after ransomware attack, New Mexico county adopts cybersecurity policy
Nearly four months after a ransomware attack forced the closure of municipal buildings and prompted a local jail to lock down inmates, officials in Bernalillo County, New Mexico, this week approved their first governmentwide cybersecurity policy. The county, which contains Albuquerque and is New Mexico’s most populous, disclosed the incident Jan. 5, the first U.S. public-sector ransomware victim to do so in 2022. The ransomware, which has not been publicly attributed to any known malicious actor, knocked out county websites, shut down internal systems and resulted in numerous public services being unavailable for days.

Reuters Internet providers end challenge to California net neutrality law
The U.S. broadband industry ended late on Wednesday its legal challenge to California’s landmark net neutrality law, which seeks to protect the open internet. A group of industry associations that represents major internet providers, such as AT&T Inc, Verizon Communications, Comcast Corp and others, dismissed their 2018 legal challenge. The 9th U.S. Circuit Court of Appeals had last month refused to reconsider a ruling upholding the 2018 state law, which bars internet service providers from blocking or throttling traffic or offering paid fast lanes.

Motherboard CDC Tracked Millions of Phones to See If Americans Followed COVID Lockdown Orders
The Centers for Disease Control and Prevention purchased access to location data from tens of millions of U.S. phones to monitor compliance with COVID-19 curfews, visits to schools and how policies worked in the Navajo Nation, according to CDC documents obtained by Motherboard. In addition to using the data for COVID-19 monitoring, the documents show that the CDC also wanted to use it for general purposes.

The Hill State-backed hackers ramp up cyber operations in Eastern Europe
Government-backed hackers from Russia, China, Iran and North Korea have been increasing their efforts over the past few weeks to target critical infrastructure in Eastern Europe and Central Asia. Reported in a blog post on Tuesday, the hackers are “using the war as a lure in phishing and malware campaigns” as they attempt to target critical sectors including telecommunications, manufacturing and the oil and gas industry. “[The hackers] have used various Ukraine war-related themes in an effort to get targets to open malicious emails or click malicious links.”

Tech Podcast of the Week 

Cybersecurity: Amplified And Intensified

  • Podcast on Cybersecurity Skilling
    Max Shuftan is the Director, Mission Programs & Partnerships at the SANS Institute. Max leads a business unit at SANS Institute focused on (1) growing the global cybersecurity talent pipeline and increasing Diversity, Equity, and Inclusion (DEI) in the cyber workforce, and (2) fostering a stronger cybersecurity workforce through technical skills training and certification plus security awareness training of the State, Local, and Education (SLED) community. (Cybersecurity Reskilling with Max Shuftan, SANS Institute – May 4, 2022)