It’s been a busy week for cybersecurity. Read on for the top five cybersecurity stories you can’t afford to miss.

1.This past weekend, the United Nations’ (UN) Open-ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security (OEWG) adopted its final consensus report, with all 193 member states onboard. While the report itself has little new developments—perhaps because of its widespread consensus—the report nonetheless outlines various recommendations for global cybersecurity including strengthening international cybersecurity norms and confidence-building measures between states. The group’s consensus, with a deadline delayed for nine months by COVID-19, also syncs with past work on cybersecurity since it affirms the application of international law in cyberspace, a concept originally set forward by another UN cybersecurity group, the Group of Governmental Experts. But we have yet to see to what extent the agreed principles will be applied to cyberspace, as this consensus is not binding for the member states.

2.On Monday, California’s attorney general approved additional regulations for the California Consumer Privacy Act aimed at clarifying consumer privacy options for users through banning “dark patterns,”—complicated language that obscures how personal data is being collected by organizations—along with introducing a salient design for a privacy option on websites. Attorney General Xavier Becerra stated, “These protections ensure that consumers will not be confused or misled when seeking to exercise their data privacy rights.” California has some of the strictest protections for data privacy in the country, and these additional protections indicated that the state sees data privacy as an ongoing process.

California’s new Privacy Options Icon, designed by Carnegie Mellon University’s CyLab and the University of      Michigan’s School of Information

Image Source: State of California Department of Justice Office of the Attorney General

3.On Tuesday, the United Kingdom’s 2021 Integrated Review sparked controversy with its updated nuclear weapons policy. The review outlines the country’s national security strategy and international policy, especially with regards to being a “responsible cyber power.” As part of changes to the country’s nuclear policy, including a weapon stockpile increase, the review also clarifies that it “reserves the right” to review nuclear weapons use in the face of large-scale threats including “emerging technologies.” This caveat has received backlash, including from a member of Parliament. But former Chief Executive of the National Cyber Security Centre Ciaran Martin defended the review, saying it shows a coherent position. Asserting the policy does not mean the UK will not wage the use of nuclear weapons in retaliation for a cyber attack, Martin instead faulted militaristic cyber language for build-up of rhetoric.

4.On Tuesday, an unclassified intelligence community report issued by the Office of the Director of National Intelligence reported that both Iranian and Russian actors attempted to interfere in the 2020 election. (While China considered interference efforts, it ultimately decided against the move on strategic grounds.) The report assessed that no foreign manipulation of votes was successful in the 2020 election. Also on Tuesday, the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ) jointly released key recommendations on security of the 2020 election. These found that election security efforts leading up to November 2020 were relatively successful, and more importantly, called for their continued support. Outlined areas included physical security and cyber hygiene, supply chain risk management, continued engagement and collaboration at all levels of government, and public messaging and education. These areas of continued effort subsequently align with ongoing legislation proposals such as the House-passed election security bill that would require states to improve their cybersecurity posture continually.

5.On Wednesday, the House Homeland Security Committee held a hearing with DHS Secretary Alejandro Mayorkas. The hearing aimed to understand the future strategy of homeland security, with a focus on cybersecurity. Touching upon key issues including SolarWinds, the Microsoft Exchange hack and standing department vacancies, Secretary Mayorkas also shot down claims of 2020 election fraud. He asserted to the Committee, “Those pronouncements [of election fraud], Congressmen, are not fact-based, they are actually in defiance of the facts.” Going on to praise former CISA Director Chris Krebs’ election security work, Secretary Mayorkas stated that the 2020 election was conducted “with integrity.” Part of the discussion also centered around the need for streamlined communication between the White House and Congress regarding imminent cybersecurity threats.

Image credit: toria

Featured Publications