Crossroads Blog | Institute National Security and Counterterrorism

Cybersecurity, fbi, FTC, IoT

Cyber Round Up: Revised Cyber Executive Order; FBI says no change to encryption policy; FTC to test control over IoT manufacturers

  • Trump cybersecurity order morphs into 2,200-plus-word extravaganza (The Register):  The revised version of President Trump’s Executive Order on cyber security has broken the mold, a recent report says. Executive Orders are normally concise and set forth general policy objectives, but this one is over two thousand words and calls for 10 different reports, the article said.  The author compared this draft to one from President Obama, which was very long at over 3,000 words, but only called for 3 reports.  The article suggests that the detail oriented order reflects policy making by those with little experience.  The full article, which explains each report ordered, can be found here.   The text of the draft was posted by Lawfare and can be read here.
  • FBI official: No immediate change to encryption policy under Trump (The Hill):  Anyone hoping for changes to the government’s encryption policy shouldn’t hold their breath, a report earlier this week said.  FBI attorney James Baker said that changes have been discussed, but no major policy adjustments are expected in the near future.  In 2015, during the heat of the Apple v. FBI debate, Trump called for Apple to aid the FBI in its investigation.  The article was written following an encryption event hosted by CSIS, where there was a consensus between panelists about encryption needing to be addressed in advance of another incident like the San Bernadino shooting.  The full article can be read here.
  • Federal Trade Commission Case Will Test Its Power in Internet of Things Space (National Law Review):  Recent action in federal court in California will test the ability of the Federal Trade Commission (FTC) to regulate manufacturers of Internet of Things devices, an article today said.   The FTC filed a complaint in the Northern District of California against D-Link and its US subsidiary, the article said.  The complaint alleges that D-Link failed to take reasonable steps to protect its devices from “widely known and reasonably foreseeable risks of unauthorized access.”   While the complaint does not allege any actual harm arising from the security lapses, if the FTC prevails, IoT device manufacturers would suffer a big loss, the article suggests, because the mere existence of security flaws could render them liable.  The full commentary can be read here.

Leave a Reply

Bitnami