Despite the summer feeling, Congress is pretty active. Let’s get caught up on their latest moves.
Last week, the House and Senate passed that $280 billion semiconductor bill. The bill’s centerpiece is $52 billion that will subsidize domestic manufacturers of semiconductor chips, which power everything from cars and smartphones to weapons systems and medical equipment. With only 12% of essential chips made in the US, the push to move more production domestically has been raised as a national security issue.
Also passed the House and off to the Senate two bills. It would require the Energy Department to establish a grant program that would provide financial aid to graduate students and post-doctoral researchers studying digital security and energy infrastructure. And the Reporting Attacks from Nations Selected for Oversight and Monitoring Web Attacks and Ransomware from Enemies (RANSOMWARE) Act would require the Federal Trade Commission to submit biennial reports on ransomware incidents and other cyberattacks on U.S. targets conducted by a foreign group or government — with particular attention paid to Russia, Iran, China, and North Korea.
One that won’t make it – is the anti-trust bill. That vote won’t happen before the August recess.
The Department of Justice announced that it will begin using a controversial 2018 law meant to give law enforcement agencies in the U.S. and U.K. easier access to data from technology and telecom companies as part of criminal investigations. DOJ will use the “data access agreement” beginning in October with U.K. officials comes, more than four years after Congress passed what is known as the Clarifying Lawful Overseas Use of Data (CLOUD) Act in March 2018.
Justice also released their 120-day review of how they address threats in cyber. Two items of note. First, the report notes that The “failure of certain technology companies” to meet their legal obligations “is a major factor in allowing criminals to escape detection and apprehension.” The report also takes technology companies to task for “too often,” not proactively reporting signs of criminal activity to law enforcement. “In many cases over the last decade,” companies have “proactively taken independent actions” against cyber criminals without coordinating with U.S. law enforcement officials.
Second, the number of “cyber-specialized attorneys has remained roughly the same size over the last 15 years,” and indicates that Justice needs to write a new cyber hiring and retention strategy, and “the Department should initiate an internal campaign to educate managers and budgetary personnel regarding existing hiring and retention incentives,”
Democrats introduced legislation intended to restore net neutrality and the authority of the Federal Communications Commission to regulate broadband. The legislation would reestablish the FCC’s control over broadband infrastructure by reclassifying the internet service as a telecommunications service. Telcos indicate they are not opposed to codifying net neutrality but intend to fight any establishment of the FCC to regular broadband networks.
I’ll put this in legislation – CISA signed an agreementon Wednesday with its counterpart in Ukraine to strengthen collaboration on shared cybersecurity priorities. The memorandum outlines new priorities, including sharing cyber incident response best practices and critical infrastructure security protection data and conducting cybersecurity training and joint exercises.
And since we mentioned the UK, the Department for Digital, Culture, Media, and Support updated its proposal on cyber resilience. Of note is – the extensive definition of managed services providers, and much of that focuses on data access. There are exemptions for small and micro businesses that are equally applied to MSPs.
Why do we care?
Let’s start with the Justice Department. Two shots were fired – one across the bow of organizations who don’t report, and the second to themselves… to hire more lawyers.
And despite a tone of bemoaning government, the actions here make sense. There’s a debate over that collaboration with the UK, but the law was passed, so this is enforcing the tools they have. Fits right into the theme of continued motion around enforcement.
The semiconductor bill won’t make a difference soon… but it will change the landscape. With the supply chain now top of mind, companies may be more enthused by this change.

