2016 may be coming to a close, but cybersecurity remains on this year’s agenda for lawmakers. Here is the cybersecurity forecast for the rest of 2016.
Senate-Encryption Bill: Senate Intelligence Chairman Richard Burr (R-North Carolina) and Vice Chair Dianne Feinstein (D-California) are busy meeting with tech firms and think tanks. These meetings mark an effort to devise an improved encryption bill. The first draft mandated that companies decrypt and surrender data to investigators when served with a warrant. It was reportedly met with heavy criticism from tech firms and civil liberties advocates alike. In response, Burr and Feinstein have been compiling information to create a more viable option.
The Modernizing Government Technology Act: Plans continue apace for the Modernizing Government Technology Act (“MGTA”), passed in September of this year. Through the bill, Congressman Will Hurd (R-Texas) hopes to enact updates to federal IT infrastructure. The MGTA outlines taxpayer savings, increases in government accountability, and the buildout of technical efficiencies.
“Many parts of the federal government’s IT infrastructure are stuck in the Stone Age,” Hurd said.
The bill earmarks funding for agencies that demonstrate savings through modernization efforts and also allocates capital for federal CIOs to build new technical infrastructure. Advocates of the MGTA, including the White House, point to instances of leaked data from outdated technology as justification for the bill. Currently, the government spends 80 percent of its $90 billion IT budget on legacy systems.
Group of Seven: Recently, the G7, (a group of seven nations: Canada, France, Germany, Italy, Japan, the United Kingdom, and the United States) agreed upon guidelines for protecting the global financial sector. The G7’s cybersecurity division met for the first time to discuss methodologies used in systemic security breaches. Government agencies of the G7 nations drew up a three-page document outlining what they described as non-binding principles. They hope to align firms and regulators worldwide on addressing security threats and encourage communication among the G7 when threats are identified.
IRS Improvements in Identity Theft Reports: Less than half as many people notified the IRS of identity theft concerns in the first three quarters of this year, compared to the same time period last year. The IRS hopes that the difference is a result of their identity theft awareness campaign. The campaign was initiated after hackers compromised the tax data of 700,000 Americans during 2014 and 2015. The drop in reports indicates that the campaign may have proven effective.
DIUX: Defense Secretary Ash Carter has pushed for the Defense Department to embrace updated technologies. Carter is looking into the creation of another innovation outpost in Dayton, Ohio. The Defense Innovation Unit Experimental (“DIUX”) has been at the center of this mission, with outposts in Boston, Austin, and a flagship in Silicon Valley. DIUX “serves as a bridge between those in the U.S. military executing on some of our nation’s toughest security challenges and companies operating at the cutting edge of technology.”
Cyber Units in the National Guard:Maryland and Ohio utilized their National Guard to prevent cyber attacks during the recent election process. Maryland was among the first states to develop a cyber unit in its National Guard. Following Maryland’s example, the country may see these types of units proliferating. Cybersecurity breaches, especially in swing states, would cause severe disruption to the elective process. As cybercriminals gain sophistication, the military is equipping itself to respond to technical breaches.
Commission on Enhancing National Cybersecurity: Established by President Obama (Executive Order 13718), the nonpartisan Commission was tasked with providing recommendations that would strengthen cybersecurity in both the public and private sectors. The report was released in early December and “emphasizes the need for partnerships between the public and private sectors, as well as international engagement. It also discusses the role consumers must play in enhancing our digital security.”
The report lists “six major imperatives, which together contain a total of 16 recommendations and 53 associated action items. The six imperatives are: 1) Protect, defend, and secure today’s information infrastructure and digital networks; 2) Innovate and accelerate investment for the security and growth of digital networks and the digital economy; 3) Prepare consumers to thrive in a digital age; 4) Build cybersecurity workforce capabilities; 5) Better equip government to function effectively and securely in the digital age; and 6) Ensure an open, fair, competitive, and secure global digital economy.”