In one look.
- Sanctions against Huawei are weighing on the company’s bottom line.
- The US Department of Homeland Security and the intelligence community are turning to supply chain security.
- Comment on the U.S. government’s plans to increase resilience.
- Resilience at the local level.
US sanctions against Huawei appear to be having an effect.
Washington’s anti-Huawei initiative is showing results, according to to the Washington Post, as international sales of smartphones and telecommunications technologies plummet and the company is forced to think nationally. The Trump administration’s ban on semiconductor factories using American tools to transact with Huawei was apparently the last straw. One leader admitted that it had been “a really difficult year” and that the US sanctions had had “a huge impact”. He added, however, that the policy would damage America’s reputation in the long run, a sentiment shared by some US semiconductor companies.
It’s not all bad news for Beijing, however. Huawei invests billions in R&D, focusing on emerging technologies such as autonomous vehicles. And the South China Morning Post touts the Chinese Communist Party’s new data security deal with the League of Arab States, the details of which are unclear but involve protecting citizens from surveillance and raising the opinions of developing countries. (The China Global Data Security Initiative, a response to Washington’s Clean Network initiative, “received a cold shoulder” from the West.) The League of Arab States said it was eager to strengthen technological links “with all partners”.
Noting that the Trump administration has brought Huawei ‘to its knees’, NPR considered President Biden’s position on the telecoms giant, concluding that he “seems to want to keep the pressure on”, for now. The threat to US industry runs counter to the tide, but the president does not want to appear “lenient on China” given the criticism of his opponents. A Huawei executive observed that unease over “China’s rise to power” is as much a factor in Huawei’s sanctions as security concerns.
The United States prioritizes software supply chain security.
The National Counterintelligence and Security Center (NCSC) announcement the fourth annual National Supply Chain Integrity Month, a ‘call to action campaign’ involving the Cybersecurity and Infrastructure Security Agency (CISA), Federal Communications Commission, Department of Defense Center for the development of excellence in safety and other stakeholders. The NCSC supply chain toolbox details threats and best practices.
In honor of National Supply Chain Integrity Month, CISA invite organizations to benefit from Information and Communications Technology Supply Chain Risk Management Working Groupfree resources of. The task force, which has studied more than two hundred supply chain threats over the past two years, plans to release additional tools to assess supplier reliability in the near future.
Supply chains are vulnerable to global disasters, trade disruptions, and malicious operations, as we have seen this year, with the US economy and security at stake. The NCSC recommends the following core principles :
- “Diversify supply chains”
- “Mitigate the risks associated with third parties”
- “Identify and protect the crown jewels”
- “Ensuring a commitment at the management level”
- “Strengthen partnerships”
Safety week double on the NCSC warning that foreign adversaries are targeting influential vendors, recalling NotPetya’s transit mode in an automated tax preparation tool update, and Holiday Bear’s recent bet.
Industry commentary on Department of Homeland Security’s plans to improve resilience.
The attention to the software supply chain as well as the security sprints that the Department of Homeland Security organizes are designed as steps towards greater resilience. Edgard Capdevielle, CEO of Nozomi Networks, gives the US federal government good reviews on its intentions, but notes that resilience will not be achieved overnight, nor without a lot of hard work:
“It is encouraging to see the White House, DHS, Congress and others in the US government taking action to strengthen efforts to protect our nation’s critical infrastructure from cyber threats. However, there is still a lot of work to be done to ensure we move forward with successful initiatives and best practices that protect our country within a reasonable time frame.
“The security of critical infrastructure has never been more important. In the face of so many threats and attacks, such as SolarWinds, Microsoft and the Florida water treatment plant hack, we must step up our efforts to develop effective coordination and collaboration between government agencies and with the private sector. . sector so that everyone can work together, not in a vacuum or against the grain.
“Public / private cooperation is also essential, and efforts to achieve this need to be carefully designed so as not to be too burdensome. New efforts must be effective without infringing on the right to privacy or unintentionally making it more difficult or even discouraging the private sector Partnership – and access to technological advances that often come from small private providers – are essential.
“Regarding the new jobs and infrastructure plan announced this week, if cybersecurity is not a key part of this new infrastructure, we will not meet all the requirements necessary to deliver the desired ‘resilience’ DHS and CISA need funding, municipalities need federal help When the proper financial resources are in place to enable these initiatives, that is when we will begin to move forward.
A questionable selection of targets and advocacy to strengthen the resilience of local communities.
ABC News reports that the Broward County School District in Florida has been affected by a ransomware attack. Chloé Messdaghi, Founder of WeAreHackerz, emailed us some thoughts on the implications of the incident. Broward County has a large school district, one of the largest in the United States, but that doesn’t necessarily make it a good target by the Willie Suttonesque standards criminals generally enforce. Responsible balaclavas are unlikely to get the big payoff they expect, as public school districts (even?) In the United States don’t have particularly deep pockets, but the attack will be damaging nonetheless, despite all the disappointment that criminal slippages are likely to cause. to live:
“This group of threat actors in particular are woefully under-informed and, based on their ransomware assumptions, are unlikely to originate from the United States.
“American school districts may seem like they have large budgets, but almost all of those budgets are spent on running expenses that are deeply and contractually committed. There is little or no discretionary budget, and even basic resources are underfunded. Not so long ago, my public textbooks were covered by years of corrections from other students and were written decades ago, in the ’70s and’ 80s.
“The fact that the threat actors asked for $ 40 million and said they had done their research just proved that they weren’t informed at all. Asking for such an amount and saying you’ve done the research shows it.
Demanding such high ransomware from a school district also shows the worst criminal intentions – particularly at a time when schools struggle to maintain education amid the pandemic, while taking on the added mission of achieving food insecure children and dangerous home lives. Every independent security researcher and legitimate hacker group is trying to prevent exactly this kind of problem. “
“This attack underscores why cybersecurity for our public schools and local government agencies must be part of the infrastructure bill being debated.
“Business and industry are learning that if they don’t invest in cybersecurity, they ultimately don’t have a product. The same goes for the public sector: if local and state governments do not invest in cybersecurity, they cannot effectively provide services and protect citizens’ data. Ultimately, this hinders their ability to serve democracy even at the most basic levels, including protecting the future of our children and providing fair and honest elections.
“School systems will remain priority targets, both because they don’t have the funds or resources to put safety first, and because children’s IPP can be very lucrative.
“Once the perpetrators of threats gain control of children’s identities, they can take advantage and endanger the lives and well-being of victims, both immediately and subsequently. The first clue a child might have that their identity has been stolen might be years later, when they are denied a college loan or credit. Children became automatic targets at a young age.
“Now more than ever, we need to support school infrastructure, including the development of urgently needed cybersecurity infrastructure.”
“It is heartening and heartwarming that the massive infrastructure bill currently being debated includes funding for cleaner, less plastic-laden water, safer transportation, tackling racial inequalities, cleaner air and more. other urgent needs. Securing children’s identities is another essential part of securing our future, and it begins with putting in place the cybersecurity infrastructure of our local school districts and local government cybersecurity. “