The National Cybersecurity Strategy – How Does it Look After a Year?

We open this episode by exploring the first National Cybersecurity Strategy, issued almost exactly a year ago. Since the only good way to judge a strategy is by its implementation, we pull in Kemba Walden, who was first the principal Deputy and then the Acting Cyber Director as the strategy came together. She is generally positive, and urges us to wait for the soon-to-be-released posture report from her old office. Kemba, meanwhile, has joined the Paladin Global Institute, designed to further Kemba’s (and Paladin’s) interest in aligning private investment and public security.

Turning from the strategic to the tactical, Sultan Meghji and I dig into the ransomware attack on Change Healthcare, and the heavy financial and human costs it imposed. I’m struck by the fact that the most notoriously disruptive attacks in recent history have targeted the billing and payment systems of companies like Change Healthcare and Colonial Pipeline.

We also cover the sometimes overlooked response of America’s adversaries to U.S. cyber strategies. I note that decoupling goes both ways, as China is slowly but surely extirpating U.S. tech from its infrastructure, and Chinese consumers have joined the campaign, at great cost to Apple. Meanwhile, Russian online disinformation, laughably overrated in 2016, is reported to be more effective in 2024, at least in countries with large Russian minorities.

The latest infrastructure supply chain concern is in U.S. ports, where Chinese-made cranes have achieved deep market penetration, despite suspicious components. Kemba, a veteran of port security debates, chronicles the history of the issue and of the U.S. response.

Brandon Pugh and Sultan remind us that even big companies with valuable secrets can be victimized by employees stealing intellectual property.

Brandon also analyzes the President’s state of the union references to protection of kids on line, seen by some as a boost to the Kids Online Safety Act.

We dive deep into recommendations from Bruce Schneier on How Public AI Can Strengthen Democracy – essentially an effort to bring the healthcare “public option” model to the development of AI. Kemba is open to the idea; Sultan questions whether we need it.

Brandon reports on two bills unanimously approved by the House Commerce Committee. The first would force divestment of TikTok; the second would bar the sale of personal data to adversary nations like China and Russia. I can’t resist weighing in, even though I’ll be doing an entire bonus episode (496) this week on a White House executive order to restrict data transfers to adversaries.

Download 495th Episode (mp3)

You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets

 

The post The National Cybersecurity Strategy – How Does it Look After a Year? appeared first on Reason.com.