In this episode of Distilling Cyber Policy, hosts Alex Botting and Jen Ellis engage in a riveting conversation with Kaja Ciglic, Senior Director of Digital Diplomacy at Microsoft. The discussion delves into the proposed UN Cybercrime Convention, including its origins and scope, as well as some of the treaty’s most contentious topics. The hosts and Kaja also touch on the role of industry and civil society in shaping cyber policy, emphasizing the importance of diverse voices in these critical conversations.News:National Cyber Strategy Issues Implementation Plan Acting National Cyber Director Withdraws NominationWhite House IoT Labeling ProgramEvaluation of the European Union Agency for Cybersecurity (ENISA) and the European Cybersecurity Certification FrameworkInterview Section:UN Cybercrime Convention DraftParis CallThe Budapest Convention on Cyber CrimeTrivia:Intelligence-Driven Incident Response, 2nd Edition by Rebekah Brown, Scott J. RobertsPPD-41

In this episode of Distilling Cyber Policy, hosts Alex Botting and Jen Ellis engage in a thought-provoking discussion with cybersecurity expert and Member of European Parliament, Bart Groothuis. The conversation centers around the Cyber Resilience Act (CRA), its implications for cybersecurity globally, and how to address untrustworthy vendors in European networks..MEP Groothuis, drawing from his experience as Parliament's cybersecurity rapporteur, sheds light on the extensive influence an individual can have in shaping legislation. He emphasizes the importance of understanding the subject matter and leveraging expertise to convince stakeholders, ultimately shaping the language and provisions of the CRA. This insightful perspective highlights the significant role of security professionals in driving meaningful change.The conversation then delves into the concept of software liability.  Groothuis explains how the legislation provides a framework for legal disputes arising from cybersecurity incidents. He emphasizes the need for clear legislation concerning risky vendors, particularly those associated with countries known for offensive espionage programs.  Groothuis advocates for de-risking practices and the incorporation of non-technical factors when evaluating software for critical infrastructure.Throughout the episode, Groothuis’ expertise and passion for cybersecurity legislation shine. His calls for stronger measures against risky vendors and his efforts to ensure the protection of critical infrastructure create a compelling narrative. Listeners gain valuable insights into the complex world of cybersecurity legislation and the vital role it plays in securing our digital landscape.Additional Resources:Europol press release on EncroChatAustralia’s New National Cyber CoordinatorGoogle Announces $20M for Cyber ClinicsCRA ProposalITRE Amendments:Amendments 124-404Amendments 405-546