Profile picture
, 12 tweets, 7 min read
My Authors
Read all threads
The congressionally chartered Cyberspace Solarium Commission released its long-awaited report today at solarium.gov.

The report makes more than 75 recommendations to reorganize and improve govt cyber functions & strengthen private-sector security.

A few highlights...
First up, the big structural reforms. The report recommends creating an Office of the National Cyber Director inside the White House, creating cybersecurity committees to consolidate oversight, and reviving Congress's Office of Technology Assessment.
The report also suggests promoting @CISAgov's director to the equivalent of a deputy Cabinet secretary and floats the idea of turning the CISA Assistant Director positions into career roles.
Among the report's more ambitious recommendations: making tech companies liability for damages from preventable vulnerabilities, requiring vuln handling transparency, regulating data collection, and mandating data breach notification.
The report encourages Congress to create a Commerce Department bureau that would track and publish statistics about cybersecurity incidents, to put some empirical evidence behind future policy decisions.

Other agencies and many companies would be required to submit data to it.
One of the more eyebrow-raising recommendations: creating a government-wide intelligence-sharing platform for cyber threat data.

This will be a nonstarter with the many powerful agencies that already run their own platforms.
The report focuses a lot on critical infrastructure — not only new protections for it, but also new obligations for its operators.
To improve private-sector cybersecurity, the report recommends creating an Energy Star–esque cyber certification and labeling scheme, so companies can attest to following best practices.

It also recommends studying several possible strategies for incentivizing patching.
Several of the report's recommendations are geared toward recovering from true crises: creating a plan for restarting key sectors of the economy, or empowering the government to "rapidly mobilize" security companies like it can with other industries.
The last section of the report deals with military cyber operations. Recommendations include adding joint cyber ops to the Five Eyes arrangement; studying the creation of military cyber reserve; and ensuring the digital security of the nuclear triad.
There is a special focus on the defense industrial base, a top target for U.S. adversaries. The report recommends requiring DIB firms to share threat data with DoD and conduct threat hunting on their networks.
These are just the biggest recommendations in the report, plus a few others that I threw in because they caught my eye. You can read the full report here: drive.google.com/file/d/1ryMCIL…
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Eric Geller

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @ericgeller see all

Profile picture
Eric Geller
@ericgeller
The Iowa caucus app debacle highlights something about journalism (and especially risk-focused beats like cybersecurity) that I want to expand on for a minute.
Part of my job is to ask people about the risks they're taking and the criticism they've received from experts who specialize in studying and mitigating those risks.

This inevitably leads to a lot of bland reassurances and sharp dismissals, especially from spokespeople.
Reassurances:

"We're confident in our security."

"We've consulted with leading experts."

"We've taken countless precautions."

"We've tested that."

Dismissals:

"Your sources don't know how we do things here."

"That's not a realistic scenario."
Read 9 tweets
Profile picture
Eric Geller
@ericgeller
Oh, good morning folks.
Compare the reassurances I got from the Iowa Democratic Party, about both app training and the phone line, to the reality experienced by at least one Iowa county. washingtonpost.com/politics/iowa-…
Again, compare the talking points that IDP gave me and other reporters to the reality. nytimes.com/2020/02/03/us/…
Read 18 tweets
Profile picture
Eric Geller
@ericgeller
Scoop: @PollPad, whose e-poll books are used in 25 states & D.C., uses "1234" as the tablets' default password, per docs I obtained from @weareoversight.

Major security risk, given that the devices (which handle voter data) often connect to the internet.

subscriber.politicopro.com/article/2019/1…
In docs I obtained, one election official in GA (where the docs came from) voices concern.

"I do hope this password is going to change for the election, since it's been out there for the demos/training and sent thru email."
Neither KnowInk nor the Georgia secretary of state's office responded when I asked about this issue.

Several local officials on the email chain in the docs declined to say whether they'd changed the password.
Read 7 tweets

Related threads

Profile picture
Farzad Mostashari
@Farzad_MD
1/ Federal health agencies just released the long-awaited rules that could represent a huge step forward in data sharing to patient, between hospitals and between different types of electronic medical record systems.

This will shape the health data landscape for the next decade.
2/ this @WSJ article by @annawmathews and @_melaevans captures the opportunities-and controversies- well.

During my time in the federal government (2009-2014) we pushed hard on adoption of electronic health records, and adoption rose rapidly
wsj.com/articles/embar…
3/ Doctors who remember trying to find a lost paper chart (or waiting for it to come back from radiology) will concede that there is an advantage to switching from paper to digital.

And nurses and pharmacists (and patients) appreciate not having to try to read our handwriting.
Read 22 tweets
Profile picture
Arapaho415
@arapaho415
@PortlusGlam @WendySiegelman @brazencapital @clliday @DerWouter @mrspanstreppon @deuxwrite @Sasseenaqs1 @ninaandtito 1/ Samantha Ravich has a page on DOE's website: (more...)
@PortlusGlam @WendySiegelman @brazencapital @clliday @DerWouter @mrspanstreppon @deuxwrite @Sasseenaqs1 @ninaandtito 2/ "Dr. Samantha Ravich is a defense and intelligence policy and tech entrepreneur. She is the Chair of the Center on Cyber and Technology Innovation at the 👉Foundation for Defense of Democracies and its Transformative Cyber Innovation Lab👈... (con't)
energy.gov/seab/contribut…
@PortlusGlam @WendySiegelman @brazencapital @clliday @DerWouter @mrspanstreppon @deuxwrite @Sasseenaqs1 @ninaandtito 3/ ...the Vice Chair of the President’s Intelligence Advisory Board; and a Commissioner on the Congressionally-mandated Cyberspace Solarium Commission. Dr. Ravich is also a managing partner at A2P, LLC and a Board Governor at GIA*. (con't)
*does anyone know what GIA is?
Read 7 tweets
Profile picture
Robert Patrick Lewis
@RobertPLewis
Thread: The IG Report, Proof that Both the FBI and Media Need a Reckoning

At 129pm on Monday the OIG released the long-awaited report on FISA abuse perpetrated by the FBI against members of the Trump campaign and their Crossfire Hurricane spying operation.
The media had been doing their best to pre-emptively draw people’s attention away from it, and have since been in full spin mode, while their coworkers in the DNC have been providing every distraction they can come up with.
But no matter how much spin they put on it, anyone who has read the report for themselves, is an honest broker or listened to the AG Barr interviews the day after the report dropped will tell you the same thing: it’s damning.
Read 30 tweets
Profile picture
CSM
@usacsmret
Obama and Biden: Three Scandals, One Day – American Greatness bit.ly/38o9fm7
The American public often is reminded, usually by Barack Obama, Joe Biden, and their loyalists in the American news media, that Obama’s eight-year reign was “scandal-free.” Of course, that is nowhere near the truth.
From the “Fast and Furious” gun-running scam and IRS targeting of Tea Party activists to the egregious Benghazi terror attack cover-up two months before the 2012 election, the Obama Administration was among the most corrupt in U.S. history.
Read 40 tweets
Profile picture
Karol Cummins
@karolcummins
🍑ImpeacmentEve🍑

"Trump is THE CENTRAL PLAYER in this scheme."

DEMs 9 am announcement: two articles of impeachment
📌abuse of power
📌obstruction of Congress

The IG report just blew up Trump’s lies.

Crossfire Hurricane opened with sufficient lawful predication.
🍑Eve2🍑

RU FM Lavrov meets Trump tomorrow—Zelensky still awaiting an invite.

In order to increase pressure on Ukraine to announce the politically motivated inv’nsTrump wanted, he withheld the coveted Oval Office meeting & $391 M of essential military aid from Ukraine
🍑Eve3🍑

Trump used the power and influence of his office to pressure & induce Zelensky to interfere in the 2020 presidential elex for his personal & political benefit

Trump’s conduct sought to undermine our free & fair elections & poses an imminent threat to our NatSec.
Read 77 tweets
Profile picture
Laura Kuenssberg
@bbclaurak
Long awaited - report that will help set govt immigration policy after Brexit - see for yourself here gov.uk/government/pub…
Loads in it, but main relevant political headline is that after we leave EU it shouldn’t be any easier for anyone from Europe to come to UK than from anywhere else in the world
That view will find lots of friends in high places (the Home Secretary for example and maybe the former one too but.....
Read 4 tweets

Trending hashtags

#BRI #Netherlands #Gaza #HandHygiene #TOC #photos #ElizabethWarren #HealthForAll #WorldPatientSafetyDay #ShitShow #curesrulecms #cyber #APT3 #Texas #TeamPatriot #Nakba70 #NewSpeak #asylum #GazaFence #Israel #InformationBlocking #IMPOTUS45 #TrumpTweet #GazaFance #correction

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!