Starting today with roundups of what lawmakers have been up to.
Two updates from within CISA. The Agency is finishing the long-awaited cyber incident reporting requirement for critical infrastructure companies, which Congress mandated in the fiscal 2022 spending bill. CISA Director Jen Easterly stated that the rule should be out later this year or early next year, and the agency intends to move faster than the timetable due to concerns about future hacks. The upcoming rule follows the Securities and Exchange Commission’s adoption of rules in July that require public companies to disclose breaches within four days.
Peiter “Mudge” Zatko, former head of security at Twitter and a high-profile hacker and security whistleblower, has been hired by CISA as a senior technical adviser. Zatko will focus on CISA’s voluntary “secure by design” principles, which require tech companies to bake security into their software from inception. The hire brings more muscle to an agency that relies heavily on partnerships and key hires to make changes and encourage program participation.
And two out of California.
California Governor Gavin Newsom signed an executive order to study the development, use, and risks of generative artificial intelligence. The order includes directives to state agencies and departments to analyze AI’s threat to California’s energy infrastructure, provide AI training for state government workers, and develop a framework to analyze generative AI’s impact on vulnerable communities. This is the state’s first step towards understanding how to govern AI, primarily dealing with the government’s use of generative AI.
The California State Assembly’s Appropriations Committee has approved the California Delete Act, which would allow individuals to block data brokers from collecting and selling their information without consent. This bill would allow individuals to block data brokers from collecting and selling their information without their consent. The bill now heads to the full Assembly for a floor vote, which must occur by September 14. If passed, data brokers would have to register with the California Privacy Protection Agency and disclose what personal information they collect on consumers.
And one for the FCC. The Senate has confirmed Anna Gomez as the fifth commissioner of the Federal Communications Commission, breaking a deadlock that has lasted for most of President Joe Biden’s first term in office. Gomez’s confirmation comes roughly two months after she was nominated in May. As a Democratic commissioner, she’s poised to help Chair Jessica Rosenworcel pass parts of the Biden administration’s agenda that have no support from Republican commissioners, particularly restoring net neutrality rules rolled back under the Trump administration.
Why do we care?
By year’s end, we’ll have new cyber incident reporting and likely some new AI guidelines, plus expansions of California’s privacy laws, which seems to be the only way we’ll get privacy laws in the US. 45% of Americans are extremely concerned about their online privacy, and over 90% of Americans believe privacy scores should be made commonplace. This is popular.
And valuable services, considering implementing these requirements, will be IT’s job.