from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: October 30, 2015

CISA Congress Net Politics CFR

October 30, 2015

CISA Congress Net Politics CFR
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

  • The U.S. Senate passed the Cybersecurity Information Sharing Act (CISA) 74-21 while rejecting the four amendments proposed to address privacy concerns. The bill now moves to a conference committee for reconciliation with two similar information sharing bills passed by the House of Representatives in April. While the vote drew an onslaught of anxious op-eds, faxes, and emails--perhaps too many according to some on Reddit--CISA in practice will achieve very little. David Sanger and Nicole Perlroth in the New York Times note that Congress’ slow deliberation rendered the legislation largely outdated and inadequate against contemporary cyber threats. In Rob’s words, with CISA’s passage “we will be able to shut up about information sharing and figure out what legislation might actually do something to improve cybersecurity in this country.”
  • According to the Wall Street Journal, U.S. and EU negotiators have agreed “in principle” on a new framework for data transfer across the Atlantic. While the talks began in 2013 to address European complaints about United States surveillance activities, they became more urgent this month following the European Court of Justice’s invalidation of the existing Safe Harbor agreement. European Justice Commissioner Vera Jourova has suggested that many of the technical details will be finalized in the coming weeks, ahead of the negotiators’ January deadline.
  • The Australian Strategic Policy Institute (ASPI) published its second annual Cyber Maturity in the Asia-Pacific Region report, assessing the extent to which countries in the region recognize the importance of cybersecurity issues. Through interviews with experts, ASPI researchers analyzed the relative maturity of twenty countries’ cyber governance structures (e.g. is there a ministry or senior official in charge of guiding cyber policy development?), their ability to investigate cybercrime and cooperate with international partners, their business climate, and their respective militaries’ use of cyberspace. According to ASPI’s findings, the United States, Japan, and South Korea were 2015’s most “cyber mature,” with scores of 90.7, 85.1, and 82.8 respectively. Cambodia, Papua New Guinea, and North Korea are the “least mature” slots with scores of 20.7, 20.3, and 16.4.
  • Freedom House published its fifth annual Freedom on the Net report and concluded that “Internet freedom around the world has declined for the fifth consecutive year.” The report notes a shift in censorship practices where countries engage in content removal instead of using blocking or filtering techniques, a propagation of surveillance laws and technologies, the “stigmatization” of encryption, and an increase in arrests and intimidation cases. The report evaluates of sixty-five countries based on events that took place between June 2014 and May 2015.
  • In case you missed it, we published another Cyber Brief. Danielle Kriz, a cybersecurity fellow at New America, provides recommendations to the U.S. government to improve its supply-chain risk management practices. You can read more about it here.