Articles

China’s PIPL privacy law imposes new data handling requirements

The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.

As part of the country’s growing scrutiny over the tech sector, China enacted on August 21 a sprawling and comprehensive data privacy law, the Personal Information Protection Law (PIPL), which goes into effect on November 1, 2021. In combination with China’s newly enacted and still little-understood Data Protection Law, which goes into effect on September 1, 2021, this law promises to impose a host of new data privacy, security, and protective obligations on all US and global companies doing business in China.

These significant laws fit into China’s broad “informatization policy,” which Chinese President Xi Jinping has described as the modern equivalent of industrialization. However, the data protection law comes closer to serving more as a cybersecurity law than the PIPL. In his efforts to boost China to” cyber superpower” status, President Xi has famously said that “cybersecurity and informatization are two wings of one body, and two wheels of one engine.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Biden administration, US allies condemn China’s malicious hacking, espionage…

Global coalition calls on China to curtail its cyber activities. For the first time, the US blames China directly for ransomware attacks.

Following a  push by the White House to address the ransomware crisis emanating from Russia and the imposition of sanctions on Russia for its spree of malicious cyber actions, the Biden administration has launched a multi-part strategy to shame another digital security adversary, China, into halting its digital malfeasance.

First, the administration formally accused China of breaching Microsoft’s Exchange email servers to implant what most experts consider reckless and damaging surveillance malware. Although Microsoft has long attributed that incident to a Chinese hacking group it calls HAFNIUM, the White House has now finally and officially acknowledged China’s role in that supply chain attack.

In a statement, the White House said it is attributing “with a high degree of confidence that malicious cyber actors affiliated with PRC’s MSS conducted cyber-espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.”

Secretary of State Anthony Blinken said in a statement that “the United States government, alongside our allies and partners, has formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber-espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Nick Fewings on Unsplash

Alejandro Mayorkas

Experts fear that Biden’s cybersecurity executive order will repeat…

President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.

Since December, the US has been in a cybersecurity crisis following FireEye’s bombshell that Russian hackers implanted espionage malware throughout US private sector and government networks through the SolarWinds supply chain hack. Despite growing pressure from Congress, the still-new Biden administration has released few details on how it plans to respond to this massive intrusion or the more concerning discovery in January of widespread and scattershot attacks by Chinese state operatives on Microsoft Exchange email server software.

Although the administration reportedly won’t release a formal executive order (EO) addressing these and other cybersecurity matters for weeks, Alejandro Mayorkas, the new head of the Department of Homeland Security (DHS), did reveal that the administration is working on nearly a dozen actions for the order. Meanwhile, some details of the order have leaked, generating mostly skepticism among many top cybersecurity professionals.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Mackenzie Weber on Unsplash

 

Articles

Why the Microsoft Exchange Server attack isn’t going away…

For some victims, patching and proper forensics will be difficult, plus new threat actors are now exploiting the same Exchange Server vulnerabilities.

On March 2, Microsoft revealed a critical cybersecurity offensive launched by a foreign adversary against organizations in the United States. The company attributed the attacks to a Chinese advanced persistent threat group it calls Hafnium. Microsoft quickly announced patches for the four previously unknown vulnerabilities in Exchange Server that the malicious actors had exploited.

Reports circulated last week that the hackers compromised at least 30,000, and likely hundreds of thousands, of unpatched Exchange servers. As a consequence, incident responders are working around the clock responding to this latest threat, which they consider an actual attack on public and government IT infrastructure, unlike the still-ongoing, primarily espionage-oriented SolarWinds hack.

The Biden Administration, already grappling with the fallout from the massive SolarWinds hack, which became public in December and has been widely, although not officially, attributed to Russian hackers, said it would take” a whole of government response to assess and address the impact.” Anne Neuberger, the deputy national security adviser for cybersecurity, leads that effort.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Clint Patterson on Unsplash

 

Articles

New US IoT law aims to improve edge device…

lead centered=”no”
The Internet of Things Cybersecurity Improvement Act will require device manufacturers to meet new security standards for government contracts. Carryover effect expected for the private sector.
/lead

As the world moves toward interconnection of all electronic devices, the proverbial internet of things (IoT), device manufacturers prioritize speed to market and price over security. According to Nokia’s most recent threat intelligence report, IoT devices are responsible for almost a third of all mobile and Wi-Fi network infections.

This ratio will likely grow dramatically as the number of IoT devices continues its exponential growth. A recent report from Fortinet warns that the rapid introduction of edge devices will create opportunities for more advanced threats, allowing sophisticated attackers and advanced malware to “discover even more valuable data and trends using new EATs edge access Trojans and perform invasive activities such as intercept requests off the local network to compromise additional systems or inject additional attack commands.”

The Internet of Things (IoT) Cybersecurity Improvement Act, passed by the House in September and unanimously approved by the Senate last week, is a step toward warding off these threats and providing greater security in IoT devices. The act is headed to the desk of President Trump, who is expected to sign it into law.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Michał Jakubowski on Unsplash

Articles

China’s exclusion from US 5G market likely to continue…

lead centered=”no”
Telecom insiders discuss supply chain security and call for better communication, collaboration, and transparency from the federal government about threats within their industry.
/lead

As China’s Huawei faces ongoing banishment and retrenchment in Europe, the question arises whether Huawei and its peers, including telecom gear maker ZTE, will get a reprieve under the incoming Biden administration. Huawei clearly thinks it has a shot of improving its relationship with its European customers in the post-Trump era: Huawei Vice President Victor Zhang has been lobbying UK Prime Minister Boris Johnson to revisit the ban against using his company’s technology in Britain’s 5G network build-out.

Huawei landed in its current predicament due to the Trump regime’s fears that the company works with the Beijing government to implant malware in its equipment. It might not fare better under a Biden administration.

China’s likely continued exclusion from US markets even under a Biden administration was a top topic at a webinar on supply chain security hosted by US Telecom and Inside Cybersecurity. “The cybersecurity policies overall between the Obama Administration and to Trump and now to president-elect Biden should be relatively consistent,” Norma Krayem, vice president and chair of the Cybersecurity, Privacy and Digital Innovation Practice at Van Scoyoc Associates, said. “I think that’s important for the private sector to see that there is that theme.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Kamil Kot on Unsplash

Articles

TLS attacks and anti-censorship hacks

lead centered=”no”
Despite safeguards in TLS 1.3, China is still censoring HTTPS communications, according to a new report. There are workarounds to this. Plus, how TLS can be used as an attack vector.
/lead

The Transport Layer Security (TLS) protocol emerged as a focal point of attention for the information security world during August as the Chinese government updated its censorship tool, the Great Firewall of China, to block HTTPS traffic with the latest TLS version. The topic got even more attention when security researchers offered workarounds to TLS-enabled censorship and demonstrated potential TLS-based attacks at DEF CON: Safe Mode.

TLS is a widely adopted protocol that enables privacy and data security for internet communications, mostly by encrypting communications between web applications and servers. TLS 1.3, the most recent version, was published in 2018. TLS is the foundation of the more familiar HTTPS technology and hides communications from uninvited third parties, even as it does not necessarily hide the identity of the users communicating.

TLS 1.3 introduced something called encrypted server name indication (ESNI), which makes it difficult for third parties, such as nation-states, to censor HTTPS communications. In early August, three organizations — iYouPort, the University of Maryland and the Great Firewall Report — issued a joint report about the apparent blocking of TLS connections with the ESNI extension in China.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Data security risks threaten approval of Chinese undersea cable…

lead centered=”no”The US government’s “Team Telecom” wants to partially deny a proposed undersea cable connection between the US and Hong Kong over surveillance, data theft concerns./lead

On June 17, the intergovernmental group known as Team Telecom filed on behalf of the Executive Branch a recommendation to the Federal Communications Commission (FCC) to partially deny an undersea cable system application by a Chinese company called Pacific Light Cable Network (PLCN). Team Telecom (recently renamed as the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector) consists of the Department of Homeland Security )DOH) and the Department of Defense (DOD) led by the Department of Justice’s National Security Division, Foreign Investment Review Section. In its filing Team Telecom specifically urged the commission to reject that part of the application that involves a direct connection between the US and Hong Kong.

The rationale for the recommended rejection echoes similar recent moves by the Trump Administration to push Chinese technology out of the US telecommunications system and power grid supply chains. The White House, along with Team Telecom, has stepped up its arguments that China poses a digital and technology security threat, a contention that is occurring against a backdrop of soured trade negotiations and a politically deteriorating relationship between the US and China.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Senate subcommittee blasts FCC and Team Telecom approach to…

lead centered=”no”
A report claims that oversight of Chinese telecoms for security threats to the US communications supply chain is lacking and without adequate authority.
/lead

The Senate Permanent Subcommittee on Investigations released on Tuesday a report, “Threats to US Networks: Oversight of Chinese Government-owned Carriers.” The document slams the current government review process that oversees how Chinese telecom companies operate in the United States for not rigorously monitoring Chinese tech providers. It outlines a Senate investigation that began shortly after the Federal Communications Commission (FCC) in May 2019 denied a China Mobile USA application to provide international telecom services.

The subcommittee said it reviewed more than 6,400 pages of documents and conducted more than ten interviews, including interviews with representatives from the FCC, Department of Justice (DOJ), Department of Homeland Security (DHS), China Telecom Americas, China Unicom Americas, ComNet, AT&T, Verizon and CenturyLink. The subcommittee also said it met with researchers who analyzed the Chinese government’s use of telecommunications carriers to hijack communications.

The subcommittee’s investigation found that the FCC and “Team Telecom,” a formerly informal group composed of representatives from the DOJ, DHS and Department of Defense, have failed to adequately monitor three Chinese government-owned carriers, China Telecom Americas, China Unicom Americas, and ComNet since they began operating in the United States in the early 2000s.

This article appeared in CSO Online. To read the rest of the article please visit here.