At a glance.
- The US Cyberspace Solarium Commission's recommendations on supply chain security.
- US State Department designates six Chinese media outlets as "foreign missions."
- Ukraine passes a law intended to foster better intelligence.
- Public-private partnership against TrickBot.
Recommendations on supply chain security policy.
The US Cyberspace Solarium Commission’s white paper on supply chain security sees China as the principal threat. “Dependency on China and other adversary countries for some of our most critical supply chains threatens to undermine the trustworthiness of critical technologies and components that constitute and connect to cyberspace. This dependency also risks impairing the availability of these same critical technologies and components and compromises American and partner competitiveness in global markets in the face of Chinese economic aggression.”
It outlines five “pillars” in its proposed approach to supply chain security, a mix of ensuring domestic supplies and providing accurate, actionable intelligence on threats to supply chains:
- First, the commission recommends “Identifying key technologies and equipment through government reviews and public-private partnerships to identify risk.”
- Second, “ensuring minimum viable manufacturing capacity through both strategic investment and the creation of economic clusters.”
- Third, “protecting supply chains from compromise through better intelligence, information sharing, and product testing.”
- Fourth, “stimulating a domestic market through targeted infrastructure investment and ensuring the ability of firms to offer products in the United States similar to those offered in foreign markets.”
- And fifth, “ensuring global competitiveness of trusted supply chains, including American and partner companies, in the face of Chinese anti-competitive behavior in global markets.”
Thus pillars one and three concentrate on intelligence, pillars two and four support development and maintenance of a strong domestic market, and the fifth pillar supports closer ties with allied countries’ producers.
US designates more Chinese outlets as propaganda machines.
Yesterday the US State Department labeled six new Beijing media channels “foreign missions,” according to the Hill. Economic Daily, Xinmin Evening News, Yicai Global, Social Sciences in China Press, Beijing Review, and Jiefang Daily are accused of distributing Chinese propaganda, and must inform State about in-country staff and operations. Beijing answered the last round of designations, which the CyberWire covered earlier, by revoking accreditations for three US publications. State spokesperson Morgan Ortagus said the goal is to “ensure the American people know whether their news is coming from the free press or from a malign foreign government. Transparency isn’t threatening to those who value truth.” In the background of course are disputes over trade, Covid-19, Xinjiang, Taiwan, Tibet, Hong Kong, and election interference.
Kyiv’s new Law on Intelligence.
Ukrainian President Volodymyr Zelensky has signed a new law meant to “facilitate the timely detection, prevention, and neutralization of threats” and advance NATO dealings, UNIAN reports. The law supports Zelensky’s agenda of bolstering national intelligence capabilities and affirms his authority over intelligence agency structure and leadership. The country’s Foreign Intelligence Service along with certain Security Service, Defense Ministry, and border protection units are designated as intelligence agencies variously covering cyber, technical, industrial, international, environmental, and military interests. In a signing ceremony Zelensky stressed that “intelligence materials are the basis for making important government decisions,” so the country “needs to significantly strengthen the strategic and operational components of intelligence, improve analytical work and the quality of information obtained.”
Clock ticks on Trickbot?
As discussed last week, Microsoft and US Cyber Command think Trickbot, the world’s leading ransomware distributor, will make attempts on the upcoming US election. CPO Magazine says the attempts could take the form of ransomware or distributed denial of service attacks on voter rolls, or, as has been seen in the financial industry, self-propagating, malware-delivering, email-spoofing, credential-harvesting Trojans. Microsoft and Cyber Command’s recent jab and cross might have “bought the whole of the US valuable time in which to improve defenses” against the botnet, with experts reporting an order of magnitude decrease in daily Trickbot essays. US forces are looking into longer-term solutions like cornering and neutralizing all command-and-control servers and hunting down the brains of the operation.