Jen Easterly, director of CISA, stated it is too early to determine the impact of a recent Supreme Court ruling on the agency’s new cyber incident reporting rule under CIRCIA. The ruling overturned the Chevron doctrine, raising concerns about potential lawsuits against federal regulations. CISA is currently analyzing the implications of the ruling and aims to finalize the CIRCIA rule by late next year, hoping organizations will view it as beneficial for improving cybersecurity rather than as strict regulation.
The White House is developing a cyber insurance policy proposal for catastrophic incidents, collaborating with the Department of Treasury and CISA. National Cyber Director Harry Coker, Jr. emphasized the need for a policy that manages risk, not avoids it and aims to stabilize insurance markets to enhance cybersecurity practices. The proposal, expected by year-end, will address gaps in the insurance market’s response to catastrophic cyber events and seek input from various stakeholders.
From NextGov, Congressional agencies are making progress in adopting artificial intelligence tools guided by voluntary federal recommendations. A report from the House Administration Committee highlights the identification of AI use cases and the establishment of guardrails focusing on human oversight, policy clarity, testing, transparency, and education. Agencies like the U.S. Capitol Police and the Smithsonian are utilizing the NIST AI risk management framework to develop their strategies, with the Smithsonian forming a working group for AI policy development and the Architect of the Capitol planning to appoint a chief AI officer.
The FCC has launched a three-year cybersecurity pilot program for schools and libraries, providing up to $200 million in funding to enhance their cybersecurity measures against increasing cyberattacks. Applications will open on August 29, and the program aims to help institutions protect their broadband networks and sensitive data. This initiative is separate from the existing E-Rate program and addresses the rising threat of ransomware and other cyberattacks targeting educational institutions.
Why do we care?
How much authority will CISA have in the future may be an open question, although Easterly notes in the interview that their guidance may be different. Considering how uneven the cyberinsurance market has been, establishing a base policy for catastophies may be a solid step forward.
If you work with schools or libraries, there’s a new program to consider for your customers.