Articles

China’s PIPL privacy law imposes new data handling requirements

The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.

As part of the country’s growing scrutiny over the tech sector, China enacted on August 21 a sprawling and comprehensive data privacy law, the Personal Information Protection Law (PIPL), which goes into effect on November 1, 2021. In combination with China’s newly enacted and still little-understood Data Protection Law, which goes into effect on September 1, 2021, this law promises to impose a host of new data privacy, security, and protective obligations on all US and global companies doing business in China.

These significant laws fit into China’s broad “informatization policy,” which Chinese President Xi Jinping has described as the modern equivalent of industrialization. However, the data protection law comes closer to serving more as a cybersecurity law than the PIPL. In his efforts to boost China to” cyber superpower” status, President Xi has famously said that “cybersecurity and informatization are two wings of one body, and two wheels of one engine.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Biden administration, US allies condemn China’s malicious hacking, espionage…

Global coalition calls on China to curtail its cyber activities. For the first time, the US blames China directly for ransomware attacks.

Following a  push by the White House to address the ransomware crisis emanating from Russia and the imposition of sanctions on Russia for its spree of malicious cyber actions, the Biden administration has launched a multi-part strategy to shame another digital security adversary, China, into halting its digital malfeasance.

First, the administration formally accused China of breaching Microsoft’s Exchange email servers to implant what most experts consider reckless and damaging surveillance malware. Although Microsoft has long attributed that incident to a Chinese hacking group it calls HAFNIUM, the White House has now finally and officially acknowledged China’s role in that supply chain attack.

In a statement, the White House said it is attributing “with a high degree of confidence that malicious cyber actors affiliated with PRC’s MSS conducted cyber-espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.”

Secretary of State Anthony Blinken said in a statement that “the United States government, alongside our allies and partners, has formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber-espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Nick Fewings on Unsplash

Articles

China’s exclusion from US 5G market likely to continue…

lead centered=”no”
Telecom insiders discuss supply chain security and call for better communication, collaboration, and transparency from the federal government about threats within their industry.
/lead

As China’s Huawei faces ongoing banishment and retrenchment in Europe, the question arises whether Huawei and its peers, including telecom gear maker ZTE, will get a reprieve under the incoming Biden administration. Huawei clearly thinks it has a shot of improving its relationship with its European customers in the post-Trump era: Huawei Vice President Victor Zhang has been lobbying UK Prime Minister Boris Johnson to revisit the ban against using his company’s technology in Britain’s 5G network build-out.

Huawei landed in its current predicament due to the Trump regime’s fears that the company works with the Beijing government to implant malware in its equipment. It might not fare better under a Biden administration.

China’s likely continued exclusion from US markets even under a Biden administration was a top topic at a webinar on supply chain security hosted by US Telecom and Inside Cybersecurity. “The cybersecurity policies overall between the Obama Administration and to Trump and now to president-elect Biden should be relatively consistent,” Norma Krayem, vice president and chair of the Cybersecurity, Privacy and Digital Innovation Practice at Van Scoyoc Associates, said. “I think that’s important for the private sector to see that there is that theme.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Kamil Kot on Unsplash

Articles

TLS attacks and anti-censorship hacks

lead centered=”no”
Despite safeguards in TLS 1.3, China is still censoring HTTPS communications, according to a new report. There are workarounds to this. Plus, how TLS can be used as an attack vector.
/lead

The Transport Layer Security (TLS) protocol emerged as a focal point of attention for the information security world during August as the Chinese government updated its censorship tool, the Great Firewall of China, to block HTTPS traffic with the latest TLS version. The topic got even more attention when security researchers offered workarounds to TLS-enabled censorship and demonstrated potential TLS-based attacks at DEF CON: Safe Mode.

TLS is a widely adopted protocol that enables privacy and data security for internet communications, mostly by encrypting communications between web applications and servers. TLS 1.3, the most recent version, was published in 2018. TLS is the foundation of the more familiar HTTPS technology and hides communications from uninvited third parties, even as it does not necessarily hide the identity of the users communicating.

TLS 1.3 introduced something called encrypted server name indication (ESNI), which makes it difficult for third parties, such as nation-states, to censor HTTPS communications. In early August, three organizations — iYouPort, the University of Maryland and the Great Firewall Report — issued a joint report about the apparent blocking of TLS connections with the ESNI extension in China.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Data security risks threaten approval of Chinese undersea cable…

lead centered=”no”The US government’s “Team Telecom” wants to partially deny a proposed undersea cable connection between the US and Hong Kong over surveillance, data theft concerns./lead

On June 17, the intergovernmental group known as Team Telecom filed on behalf of the Executive Branch a recommendation to the Federal Communications Commission (FCC) to partially deny an undersea cable system application by a Chinese company called Pacific Light Cable Network (PLCN). Team Telecom (recently renamed as the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector) consists of the Department of Homeland Security )DOH) and the Department of Defense (DOD) led by the Department of Justice’s National Security Division, Foreign Investment Review Section. In its filing Team Telecom specifically urged the commission to reject that part of the application that involves a direct connection between the US and Hong Kong.

The rationale for the recommended rejection echoes similar recent moves by the Trump Administration to push Chinese technology out of the US telecommunications system and power grid supply chains. The White House, along with Team Telecom, has stepped up its arguments that China poses a digital and technology security threat, a contention that is occurring against a backdrop of soured trade negotiations and a politically deteriorating relationship between the US and China.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Senator Warner seeks “grand alliance” to protect against surveillance…

lead centered=”no”
The senator believes Chinese companies will be required to aid surveillance of the US, especially as 5G networks roll out.
/lead

When it comes to technology policy, Senator Mark Warner (D-VA), Vice Chairman of the Senate Intelligence committee, is clearly concerned about the power China holds, particularly when it comes to trusting China’s leading tech suppliers and the prospect of a China-dominated build-out of global 5G networks. “My beef is with the presidency, the Communist party. It is not with the Chinese people. I have no interest in trying to go back to some cold war bifurcated world, us against China,” the former telecom entrepreneur said during a panel discussion at the Cybersecurity and Infrastructure Security Agency’s (CISA) second annual Cybersecurity Summit this week.

“I would argue that the Chinese people don’t want this regime as well. Look at what is happening in the streets of Hong Kong,” he said. “The kind of surveillance state that China is using in terms of their tech companies would make George Orwell’s 1984 look simple.”

This article appeared in CSO Online. To read the rest of the article please visit here.