Drawing on terms first proposed in a series of stalled-out data privacy bills that date back to at least 2018, the Government Surveillance Reform Act of 2023 (GSRA) narrows the focus specifically to warrantless government interception at all levels from federal to local.
Microsoft has traced the signing key theft back to a "crash dump" error. A breach of a Microsoft engineer's work account by the Chinese hackers then yielded access to the crash dump and the embedded signing key.
The National Cybersecurity Strategy Implementation Plan (NCSIP) establishes 65 high-impact initiatives that agencies will be required to meet within set timelines for each. A greater degree of public-private partnership is also being promoted.
Microsoft reports a long-term campaign by Chinese hackers that has burrowed into a number of different aspects of US critical infrastructure, with the eventual goal being the creation of a system of widespread disruption that could be 'switched on' during another global crisis or a conflict between the two nations.
CISA notified 93 critical infrastructure organizations of the presence of a vulnerability that could lead to ransomware attacks, and plans to scale up the program and provide more warnings in the coming months.
A health data breach appears to have exposed the sensitive personal information of members of Congress and their employees. DC Health Link is used by many (but not all) members and their assorted staff.
The EPA memo frames vulnerabilities in public water systems as a potential point of contamination, and thus a public health threat. The new cybersecurity requirements are part of an order to include new elements in periodic sanitary surveys.
The White House has ordered federal agencies to remove TikTok from government devices within 30 days. The TikTok ban includes any app made by parent company Bytedance, and extends to government contractors to be implemented over a longer period of time.
Much of the new cybersecurity strategy addresses critical infrastructure companies, which were already in the administration's crosshairs, but software creators are also facing the prospect of a much greater degree of liability than in the past.
The central objection raised is a predictable one, and one that some analysts believe will inevitably cause the EU-US data transfer proposal to fail yet another court challenge if it makes it to implementation: the lack of a federal-level data privacy law in the US.