US-Iranian tensions may not have abated, but they appear at least not to have escalated. Observers see Washington's "maximum pressure" policy toward Tehran as entering a crucial phase (see, for example, this Washington Examiner op-ed), and most continue to expect a significant part of the conflict to play out in cyberspace. Congress is engaged in one of its periodic phases of asserting its Constitutional war powers, and in doing so it's being advised, WHBQ reports, to calculate cyber effects and consequences closely and carefully.
The Washington Post sees NSA’s disclosure of a flaw in Windows' CryptoAPI as representing a departure in policy. The Agency’s Cybersecurity Directorate head, Anne Neuberger, did say that it was a “change in approach,” even as she suggested that such disclosures should now be regarded as a matter of routine policy. While some observers have seen NSA as changing its ways to play nicely by disclosing bugs instead of weaponizing them, the real change was NSA’s decision to allow its disclosure to be made public. Fort Meade had disclosed vulnerabilities before, but there’s a new openness to the process now. And, of course, should there be grave reasons to do so, the Agency could move to retain its discoveries if its mission required it to do so.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Directorate (CISA) also issued Emergency Directive 20-02, which requires the agencies whose security CISA oversees (basically the dot-gov domain, minus certain "national-security systems") to apply the January patch within ten days. CISA also encourages state and local governments, private sector organizations, and the general public to do the same.
The Guardian reports that the British government is largely unmoved by the latest push from its American cousins to exclude Huawei from the UK's coming 5G build-out. A decision has yet to be reached, but it seems likely that the British government will decide that the risks Huawei kit poses are manageable, and that it can handle them without jeopardizing trans-Atlantic intelligence sharing.
In the US, the Federal Communications Commission seems ready to expand its ban on both Huawei and ZTE gear, JDSupra reports. According to CNBC, the US Commerce Department is considering stronger supply-side measures against the Chinese firms, with tighter export controls against them under consideration. Such controls would have an impact on third-countries as well. And a bipartisan group of Senators is, Florida Daily reports, introducing the “Utilizing Strategic Allied (USA) Telecommunications Act,” which would provide more than $1 billion to Western companies developing alternatives to Chinese 5G hardware.
Estonia and the US are cooperating more closely on cyber defense, as joint development of a cyber collaboration platform is announced.