At a glance.
- Germany's new surveillance policy.
- US approaches completion of AI guidance.
- China reacts to Sweden's ban on Huawei, ZTE.
- Advice on CCMP compliance for US Federal contractors.
- New sanctions against Russia's GRU, Iran's Qods Force.
Berlin weighs new surveillance policy.
Germany is reviewing legislation that would permit intelligence agencies to access encrypted messages, SecurityWeek reports. Reactions to the bill reflect the usual push and pull of privacy and security: on the one hand, fear that civil rights and journalism will become collateral damage, and on the other, the will to use available resources to combat crime and terror. Interior Minister Horst Seehofer called the move "an overdue step in the fight against terrorists and militant extremists.” Green party member Konstantin von Notz said the proposal goes too far.
Washington finalizing artificial intelligence guidance.
The Trump administration will soon release finalized guidelines for agencies with AI oversight after letting the initial proposal marinate for nearly a year, according to the Wall Street Journal. US President Trump aims to mitigate the AI’s risks without hampering the benefits innovation might bring. This approach stands in contrast to some European nations’ “heavier-handed” regulation, although “international cooperation” remains a US goal as well.
Competition with China looms in AI as it does elsewhere, and was a driving force behind 2019's American AI Initiative, which prioritizes artificial intelligence education and research. MIT's Project on Technology, the Economy, and National Security director David Edelman told Technology Review the guidelines will act as a “regulatory sieve,” filtering proposed rules, and represent “a very reasonable attempt to build some quality control into our AI policy.” The initial draft focused on ten concerns covering public involvement and confidence, risk analysis and cost/benefit calculation, impartiality, cross-agency collaboration, and adaptability.
Beijing reacts to Stockholm’s Huawei ban.
Wednesday we noted Sweden’s ban of Huawei and ZTE—now for China’s reaction. According to Reuters, foreign ministry spokesperson Zhao Lijian announced that “China expresses strong dissatisfaction with Sweden.” He recommended a course correction to prevent a “negative impact” on Swedish industry, specifically “the operations of Swedish enterprises in China.” The South China Morning Post said “the blunt reference to China as a threat to national security,” which diverged from other nations’ more roundabout bans, is what drew umbrage. Swedish international telecoms firm and Huawei rival Ericsson may be on the chopping block as a result. A director at the Mercator Institute of China Studies explained that “Europe is playing chicken” with China on 5G, and (to mix the metaphor) Sweden just stuck its neck out furthest.
Dark Reading explains the steps Defense Department contractors should take to protect controlled unclassified information (CUI) and ensure Cybersecurity Maturity Model Certification (CCMP) compliance. In addition to updating passwords and installing antivirus software, firms need to observe NIST 800-171 r2 rules, create a company-wide plan, log and evaluate their cybersecurity practices, and respond adaptively to evolving advanced persistent threats (APTs). In preparation for an audit, companies should study the rules, make sure their strategy includes a thorough breakdown of duties and procedures, take stock of their shortcomings, and determine if they’d prefer to outsource compliance.
Sanctions update: the GRU and Qods Force.
The EU and the UK have both levied sanctions against the GRU and two of its officers who engaged in hacking Germany’s Bundestag networks in 2015. This is regarded as a win, ZDNet reports, for the German government, which has been pushing its sisters in the EU to take an official position on the Russian hacking. Dmitry Badin and Igor Kostyukov are the two GRU officers singled out for travel bans and asset freezes, POLITICO says. Mr. Badin is an operator who’s been indicted by both Germany and the United States for other cyberattacks. Mr. Kostyukov is a bigger fish: he’s the First Deputy Head of the GRU, and he also commands the 85th Main Centre for Special Services, also known as Military Unit 26165, and doing business as, of course, Fancy Bear.
Elsewhere, the US Treasury Department yesterday announced sanctions against five Iranian organizations for their role in conducting disinformation operations aimed at the credibility of US elections. The five were the Islamic Revolutionary Guard Corps (IRGC), the IRGC-Qods Force (IRGC-QF), the Bayan Rasaneh Gostar Institute (Bayan Gostar—regarded as an IRGC front) and two media organizations, the Iranian Islamic Radio and Television Union (IRTVU) and International Union of Virtual Media (IUVM) (both of which, Treasury says, are owned or controlled by the Qods Force).