The next National Defense Authorization Act (the NDAA FY’18) is nearing the finish line. A Conference Report is now available, and so the time has come for a closer look at some of the key provisions of interest to Lawfare readers. My colleague Scott Anderson is going to post a broad overview shortly. For my part, I’d like to walk you through the “Cyberspace-Related Matters” section (sections 1631-1649C).
Latest in Cybersecurity: Legislation
The U.K’s new Green Paper, takes a stronger stance on internet regulation. The policies outlined, and those anticipated, will change the face of private sector internet operations.
The proposed bill from Sens. Mark Warner, Cory Gardner, Ron Wyden and Steve Daines is a good first step in securing the Internet of Things and U.S. government systems in particular.
The Senate moves to limit the Trump administration's ability to unilaterally roll back sanctions against Russia.
Today a bipartisan group of lawmakers introduced in both the House and Senate a bill that would formalize the Vulnerability Equities Process (VEP) into law.
Bobby Chesney raised a number of issues regarding the Active Defense Certainty Act, and I’m just getting into it now. I think Bobby’s comments are spot on, but I want to amplify some of his concerns.
Some thoughts on Representative Tom Graves's discussion draft of a bill that would create a defense to liability under the Computer Fraud and Abuse Act (CFAA) (18 USC 1030) for “active cyber defense measures."
Russia sanctions legislation has been introduced in both houses of Congress. Here's a breakdown of the two leading bills.
A reminder that Congress can exert significant power when it comes to the roles, responsibilities, and authorities of executive branch agencies. That includes the Department of Defense's approach to military cyber operations.
Why is cybersecurity so hard for the Federal government? Sometimes its just old ways of thinking and acting that resist updating. Case in point—the FLRA's determination that agencies may not restrict access to external emails without permission from the employees' union.