CISA issues supply chain security guidelines. Social media censorship? Deterrence by denial. Crypto wars update. Anti-trust suit coming?

Summary

By the CyberWire staff

At a glance.

CISA's supply chain security guidelines.
Turkey fines social media platforms.
Deterrence by denial, persistent engagement.
Crypto Wars update: EU and counterterrorism.
Report: FTC likely to file anti-trust action against Facebook in November 2020.

CISA releases supply chain security guidelines.

CISA’s Building A More Resilient [Information Technology and Communication] Supply Chain: Lessons Learned During The COVID-19 Pandemic scrutinizes inventory management along with supply chain diversity, mapping, transparency, and chokepoints. Given that a commodity “may be designed in New York, built in Vietnam, tested in Taiwan, stored in Hong Kong, and sent to China for final assembly” before global distribution, the taskforce identified three primary areas of vulnerability to supply chain disruption: lean inventory approaches, undiversified suppliers, and ignorance of lower tier suppliers. The report mentioned “active policy discussions as to whether firms should be provided with various incentives to bring manufacturing home” and recommended the following series of resilience measures.

“Proactive Risk Classification
“Map the Corporate Supply Chain
“Broaden Supplier Network and Regional Footprint
“Potential Development of Standardized Mapping and Other Illumination Tools
“Work to Shift the Optimal Amounts of Inventory Held
“Plan Alternatives in Logistics and Transportation”

CISA referred to the pandemic as a “wake-up call,” and noted that there is at present no standard procedure for charting junior suppliers.

Turkey fines social media Goliaths.

Al Jazeera reported last week that Ankara penalized Twitter, Facebook, Instagram, YouTube, TikTok, and Periscope over $1 million each for breaking a new law requiring large platforms to store residents’ data within the country, quickly censor objectionable materials, and assign someone answerable to the justice system. Companies that fail to comply will face a $3.5 million fine in addition to an advertising embargo and bandwidth restrictions up to ninety percent. Some worry that compliance will “muzzle dissent.” This summer Turkish President Recep Tayyip Erdogan said the platforms should be “cleaned up” after social media users insulted his family.

Deterrence through denial and persistent engagement.

The US didn’t experience much foreign election interference this year thanks to improved federal, state, and local planning, the Heritage Foundation says. Unlike in 2016 when FBI and Department of Homeland Security (DHS) warnings did not “provide enough information or go to the right people,” according to a Senate Select Committee on Intelligence report, CISA partnered tightly with election officials. DHS categorized voting infrastructure as critical infrastructure, allowing this closer relationship and facilitating enhanced awareness and competence at the state and local levels. US Cyber Command and international allies along with the NSA, National Guard, academics, and private industry are also due credit.

EU's proposed restrictions on encryption gain prominence after Vienna terror attacks.

After last week's Islamist terror attack in Vienna, the European Union is said to be considering restriction of end-to-end encryption. Eric Moeschel, reporting on Radio FM4, says that Europe's Council of Ministers intends to enforce a ban on encrypted chat. Signal and WhatsApp are specifically mentioned in the reportage. The killings in Vienna are said, on both Radio FM4's site and various Twitter threads, to have prompted the proposed restrictions, but that's not the case: the proposals antedate the Vienna attacks by some months. At most the terrorist incident may have heightened concerns over encryption: the Electronic Frontier Foundation wrote on October 6th that such a measure was under consideration. Deliberations have framed the move in terms of its utility for child protection.

Report: FTC plans anti-trust action against Facebook this month.

The US Federal Trade Commission (FTC) is said, by POLITICO's sources, to be preparing an anti-trust suit against Facebook. The agency is thought likely to file the action before the end of November, and is thought likely to keep it "internal," that is, not to have state attorneys general join the suit. The FTC is believed to regard that strategy as more likely to succeed.

Selected Reading

Curaçao takes innovative approach against bullying and cyber-bullying in school (MENAFN) On the occasion of the First International Day against Violence and Bullying in Schools, including Cyberbullying, the Curaçao National Commission for UNESCO celebrated the day under the theme 'Together against Bullying in school'/'Huntu kontra Bullying den skol'/ 'Samen tegen pesten op school'. During UNESCO's 40th Genera

Auf den Terroranschlag folgt EU-Verschlüsselungsverbot - fm4.ORF.at (fm4.ORF.at) Im EU-Ministerrat wurde binnen fünf Tagen eine Resolution beschlussfertig gemacht, die Plattformbetreiber wie WhatsApp, Signal und Co künftig dazu verpflichtet, Generalschlüssel zur Überwachbarkeit von E2E-verschlüsselten Chats und Messages anzulegen.

Brazilian telecoms snub U.S. official over Huawei 5G pressure: source (Reuters) Brazil's top four telecom companies have decide not to meet with a visiting senior U.S. official who has advocated excluding China's Huawei Technologies Co [HWT.UL] from the Brazilian 5G equipment market, an industry source said on Friday.

Joint Parliamentary Panel Seeks Information On Data Breach Check Protocols From Mobile App Companies (Swarajyamag) Representatives from Airtel and Truecaller appeared in front of the committee on Friday.

UK-Japan trade deal threatens UK citizens' online privacy, ORG warns (Computing) Adopting a 'free flow of data' approach would be a radical departure from the UK's current position, argues the Open Rights Group

Biden Term Could Spell Sanctions, Boost Data Transfer Deal (Law360) Joe Biden's presidency could lead to tougher sanctions for state-backed actors who target the U.S. with cyberattacks and carve out an easier path for a key transatlantic data transfer deal, industry experts say.

The Cybersecurity 202: Biden will get tougher on Russia and boost election security. Here's what to expect. (Washington Post) President-elect Joe Biden is expected to dramatically shift how the government handles cybersecurity threats when he takes office in January.

ICT Supply Chain Lessons Learned Covid 19 (CISA) This analysis report, Building A More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic, examines how the COVID-19 pandemic impacted the logistical supply chains of information and communication technology (ICT) companies and provides recommendations on how organizations can increase their supply chain resilience from future risks.

Fmr. CIA chief Gen. Hayden: Biden should start getting daily presidential intel brief 'Now' (American Military News) On Friday, retired U.S. Air Force general and former CIA and NSA director Michael Hayden said Democratic presidential candidate Joe Biden should start receiving the daily presidential intelligence briefing.

Debt collectors will soon be allowed to reach you by text or on Facebook (CBS News) New federal rule doesn't limit how many times a debt firm can send emails or message you on social media.

Debt Collection Practices (Regulation F) (Bureau of Consumer Financial Protection) The Bureau of Consumer Financial Protection (Bureau) is issuing this final rule to revise Regulation F, which implements the Fair Debt Collection Practices Act (FDCPA) and currently contains the procedures for State application for exemption from the provisions of the FDCPA.

Connected cars must be open to third parties, say Massachusetts voters (Ars Technica) The ballot initiative passed with overwhelming support.

FTC likely to sue Facebook on antitrust violations by end of November (POLITICO) But the agency may keep the case internal, stymieing states that want to team up.

Huawei takes Swedish regulator to court over 5G ban (Capacity) Huawei is taking the Swedish telecoms regulator to court over its ban on operators from using its equipment in 5G networks.

Europe nurtures ties with the United States to boost expertise in cybersecurity (CORDIS | European Commission) Research expertise in cybersecurity is fragmented and the exchange of this knowledge is lacking. For Europe to remain at the forefront of such know how, it needs to foster collaboration with top-notch institutions in the United States.