In our latest Distilling Cyber Policy podcast episode, Alex Botting and Jen Ellis from the Center for Cybersecurity Policy & Law are joined by Lee Licata, one of the Deputy Chiefs of the Foreign Investment Review Section in the National Security Division at the Department of Justice (DOJ), and Grant Dasher, the Cybersecurity Division Architecture Branch Chief at the Cybersecurity and Infrastructure Agency (CISA). The conversation delves into the recently released Executive Order (EO) 14117 on "Preventing Access to Americans Bulk Sensitive Data and United States Government-Related Data by Countries of Concern." 

The EO is focused on prohibiting and restricting certain transactions involving Americans' bulk personal data, as well as sensitive government data, to specific countries of concern such as China, Russia, Iran, North Korea, Cuba, and Venezuela - as well as territories controlled by these nations, such as Hong Kong and Macau.

Alex and Jen pull the thread on the nature of the risks of adversarial nation states using commercial transactions of data in a way that could harm US national security. Lee and Grant dig into the next year of implementation, with the goal of establishing regulation using the ideas laid out in the EO and the associated Advanced Notice of Proposed Rule Making (ANPRM). While this ANPRM comment period has closed, there will be a Notice of Proposed Rule Making (NPRM) for further public input later this year, coinciding with the release of further details on the EO’s associated security requirements. You can read more analysis of the EO from our Venable colleagues here.  

In addition, this week, Alex and Jen are joined by a guest for the news section. Michael Daniel, president and CEO of the Cyber Threat Alliance discusses the latest happenings around the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). CISA has published a proposal detailing new cybersecurity reporting requirements for companies in order to comply CIRCIA, and there is an NPRM giving people the opportunity to provide feedback until June 3, 2024. Michael also stuck around to be our Mystery Trivia Master. 

Alex also flagged the Coalition to Reduce Cyber Risk’s recent report on the intersection of cybersecurity and digital trade: Guarding Global Commerce. 

There are a couple of other news items we weren’t able to cover on the podcast, but want to flag to you: 

• The Ransomware Task Force (RTF) celebrated its third anniversary with a one day event co-hosted by the Center for Cybersecurity Policy and Law in Washington DC. If you missed it, you can watch the recordings on YouTube. As part of the event, the Institute for Security and Technology (IST) published a review of the current policy landscape relating to ransomware, and the progress made on the RTF’s original recommendations. 
• Following the RTF event, IST and CCPL hosted the inaugural Cyber Policy Awards, with five recipients of the Cyber Policy Award of Merit. You can read more about the recipients here. 

You can find the latest Distilling Cyber Policy episode on Spotify and Apple. As always, if you would like to submit cyber policy trivia, or have topic ideas for upcoming episodes, please email iaj01@venable.com. 

‍