At a glance.
- Update on EU cyber security legislation.
- The CISA Toolkit provides guidance for US election officials.
- EU responds to Twitter whistleblower claims.
- Twitter whistleblower to testify before Congress.
Update on EU cyber security legislation.
Mondaq provides an overview of two recent developments in EU legislation aimed at improving operational resilience and cyber security. The Digital Operations Act, or DORA, aims to improve existing risk management requirements for information communication technology (“ICT”) used by financial entities, including credit institutions, investment firms and insurance undertakings. Under DORA, for the first time several major ICT service providers will officially fall under the supervision of the European Supervisory Authorities. The Directive on measures for a common high level of cybersecurity across the Union, commonly known as the Network and Information Security Directive 2 or NIS2, extends the scope of NIS1 by moving away from the distinction between operators of essential services and providers of digital services, instead. distinguishing between “core” entities, which include banking, energy, transportation, health, cloud computing and space sectors, and “significant” entities, which include digital service providers and entities in food, medical devices, pharmaceutical and vehicle sectors.
The CISA Toolkit provides guidance for US election officials.
In preparation for the 2022 midterm elections, the US Cybersecurity and Infrastructure Security Agency (CISA) has released “Protecting US Elections: A CISA Cybersecurity Toolkit”. Described as a “one-stop catalog of free services and tools available to state and local election officials,” the toolkit was developed through CISA’s Joint Cyber Defense Collaborative, a partnership of public and private organizations that strengthen collective action in all sectors. American City and County explains that the resource provides guidance to election officials on how to assess their risk, protect voter data and platforms, and defend against various types of cyberattacks. As CISA director Jen Easterly stated, the toolkit aims to “help [election officials] in their continued efforts to ensure that American elections remain secure and resilient.” The release of the toolkit follows an advisory from the Federal Bureau of Investigation warning that election systems are at increased risk of cyber aggression.
EU responds to Twitter whistleblower claims.
As we noted yesterday, Peiter “Mudge” Zatko, Twitter’s notorious hacker and former head of security, released a statement earlier this week claiming that the social media giant’s user data protection has “extreme and scandalous deficiencies”. ABPLive reports that Twitter CEO Parag Agrawal has released an internal email refuting the whistleblower’s claims, saying, “What we’ve seen so far is a false narrative about Twitter and our privacy and security practices.” data that is riddled with inconsistencies and inaccuracies and lacks relevance. context.”
Mudge’s mission was referred to EU regulators, alleging the social media giant misled regional watchdogs in Ireland and France about data sets used to train the platform’s machine learning algorithms and mis-sharing of cookie functions, and national data protection authorities are investigating these claims. Ireland is Twitter’s lead supervisor for the General Data Protection Regulation (GDPR), and data protection commissioner Graham Doyle told TechCrunch, “We became aware of the issues when we read the media stories. [yesterday] and have engaged with Twitter on this matter.” A spokesperson for the French watchdog, CNIL, also stated, “CNIL is currently investigating the complaint filed in the US. At this time we are unable to confirm or deny the accuracy of the alleged violations. If the allegations are true, the CNIL can carry out checks that can lead to an order to comply or a sanction if violations are found. In the absence of a violation, the procedure will be terminated.”
Twitter whistleblower to testify before Congress.
Meanwhile stateside, Twitter whistleblower Peiter “Mudge” Zatko is scheduled to testify before the US Senate Judiciary Committee about his claims that the social media powerhouse has neglected user data privacy. Set for September 13, the hearing was announced yesterday, just a day after Mudge’s complaints came to light. As the Washington Post notes, the whistleblower claims raised concerns about privacy and national security from lawmakers on both sides of the aisle, and were especially timely given that lawmakers are working to pass legislation that would keep them social media companies such as Twitter responsible for their handling. US User Data. According to his attorney John Tye, Zatko has already had three meetings on Capitol Hill with Judiciary Committee staff. “We are encouraged that the US Congress is taking this so seriously,” Tye said.
The Washington Post also provides an account of Zatko’s journey from amateur kid hacker breaking digital copyright locks on video games to a member of L0pht, considered by many to be the first US hackerspace, testifying before Congress in the 90s for the security issues discovered in the new World Wide Web. Zatko was hired by Twitter founder Jack Dorsey after the platform experienced a data breach in 2020, but less than two years later he was fired by new CEO Parag Agrawal. Twitter claims Mudge was fired for “poor performance and leadership,” but according to Zatko, he was let go because he tried to draw attention to the security issues detailed in his complaint.
