At a glance.
- US Commerce Department will halt most TikTok and WeChat transactions on Sunday.
- US Federal Energy Regulatory Commission seeks comment on supply chain risks to bulk power distribution.
- A European tracker taxonomy.
- Tracking cyber risk mitigation in the financial services sector.
US Commerce Department will ban TikTok and WeChat transactions this coming Sunday.
The US Department of Commerce this morning announced that most transactions with WeChat and TikTok will be banned, effective Sunday. Commerce explained the decision as follows: "While the threats posed by WeChat and TikTok are not identical, they are similar. Each collects vast swaths of data from users, including network activity, location data, and browsing and search histories. Each is an active participant in China’s civil-military fusion and is subject to mandatory cooperation with the intelligence services of the CCP. This combination results in the use of WeChat and TikTok creating unacceptable risks to our national security." The action was taken pursuant to Executive Orders 13942 and 13943.
FERC opens comments on proposed bulk power security measures.
The US Federal Energy Regulatory Commission (FERC) is soliciting comments on risks to the nation's power grid highlighted in May's Executive Order on Securing the United States Bulk-Power System. FERC specifically mentions Huawei and ZTE as examples of supply chain threats to the national security. The Commission is interested in comments on:
- "the extent to which equipment and services provided by such entities are used in the operation of the bulk electric system;
- "the risks to bulk electric system reliability and security posed by the use of equipment and services;
- "whether the current Critical Infrastructure Protection (CIP) Reliability Standards adequately mitigate the identified risks; and
- "possible actions the Commission could consider to further address the identified risks."
EU develops tracker taxonomy.
Cordis reports on an EU-backed project called “Citizen Scientists Investigating Cookies and App GDPR compliance” (CSI-COP) exploring the scope of online tracking. Among their initiatives is a cookie-free website intended to encourage others to design for privacy and have a hard think about what constitutes “legitimate business purposes.” CSI-COP champions “human rights in the digital age” and will develop workshops, a course, and a “web-based open-access knowledge-resource” in partnership with “AI research scientists, technology and privacy lawyers, gender experts, historians, philosophers, digital humanities, and open science experts.” The resource will feature a searchable taxonomy of trackers and targeted profiles for the benefit of everyone from parents to GDPR regulators.
"Treasury Needs to Improve Tracking of Financial Sector Cybersecurity Risk Mitigation Efforts."
The US Government Accountability Office (GAO) has rendered its report on the financial sector, and on Federal oversight of the cybersecurity of this portion of the national critical infrastructure. This particular inquiry focused on cyber risk mitigation. While GAO found some positive signs of progress, on balance it found that the US Department of the Treasury had plans that were out of date, and that it lacked the ability to track risk mitigation in the institutions it oversees. "However, Treasury does not prioritize or track the progress of sectorwide risk mitigation efforts, and does not explicitly link sector efforts to the goals in the sector specific plan, which is the primary sector planning document," the report concluded.
Regulatory Report says that, with some reservations about its authority to collect the sort of information GAO would have it obtain, the Treasury Department generally agreed with GAO's findings.