At a glance.
- NIST introduces a new NICE framework.
- Operation Protected Childhood collars 113.
- Updates: Huawei and TikTok sanctions.
- Implementing Schrems II.
NIST simplifies NICE.
Yesterday NIST introduced the new and improved National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, also known as Special Publication 800-181: NIST SP 800-181 Revision 1, the Workforce Framework for Cybersecurity (NICE Framework). One goal of the revision is developing a standard vocabulary for inter and intraorganizational use. The new “streamlined” framework divides the problem of cybersecurity education into “the work” and “the learner,” describing the learner in terms of knowledge, skills, and competencies, and the work in terms of tasks. Indexes of relevant knowledge, skills, competencies, tasks, and roles will be regularly updated in separate documents.
Operation Protected Childhood nets 113 arrests.
HackRead reports that the seventh phase of the Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI) - Brazil Ministry of Justice and the Public Security (MJSP) Secretariat for Integrated Operation (SEOPI) Cyber Laboratory collaboration, initiated in 2015, brought the total number of Operation Protected Childhood arrests to seven-hundred-eighty-one. HSI has run eleven trainings on Child Protection Software in Latin America thus far, expanding international competencies.
Individuals suspected of creating and disseminating abusive material were apprehended earlier this month in the US and South America, with the help of officials in Panama, Argentina, Paraguay, and the US states of Florida, California, Colorado, North Carolina, Tennessee, and Pennsylvania. The US FBI and Secret Service also played a role, according to ICE, and Twitter, social media platform Kik, and the National Center for Missing and Exploited Children provided tips leading to arrests. Nine captures were made in the US, seventy-four in Brazil, twenty-three in Argentina, two in Paraguay, and five in Panama.
Updates on international Huawei and TikTok sanctions.
Sweden’s telecommunications authority paused its auction of 3.5 and 2.3 GHz bands, which was set to begin today, until “uncertainty” over the terms of the auction is cleared up, ETTelecom reports. The country’s Administrative Court granted Huawei a stay during “continued deliberations” on sections of a judgment that would exclude the company from 5G.
CNBC says Huawei is anticipating a “reset” in the US as well, under a Biden Administration that may prove more friendly to Beijing. President Trump’s sanctions shrank the company’s growth and profit margin.
As for TikTok developments, Gizmodo Australia’s headline cuts to the chase: “Australia Hasn’t Really Investigated Whether TikTok Is A National Security Risk As Far As We Know.” Earlier this year lawmakers worried the platform could be mining residents’ data, but in August the Prime Minister said, “Well, we have had a look…and there is no evidence.” That “look” apparently consisted of a single brief evaluation concerning Department of Home Affairs devices that did not consider how the app works, what it collects, and where that information goes. Security bureaus may have taken another look, but the details haven’t been disclosed.
Implementing Schrems II.
The Wall Street Journal summarizes draft EU privacy rules expected to drastically circumscribe how Europeans’ personal data must be handled when those data are moved outside the EU.
The draft guidelines are intended to implement the EU’s Court of Justice decision issued earlier this year in the Schrems II case that invalidated the former EU-US Privacy Shield regime. Cooley describes the new process for transferring data as consisting of six steps:
First, “Map any data transfers.”
Second, “Select a transfer mechanism.”
Third, “Determine whether your selected transfer tool works without supplementary measures.”
Fourth, “Adopt any necessary supplementary measures.”
Fifth, “Take any required procedural steps.”
And sixth, “Reevaluate at appropriate intervals.”
That’s of course a bare outline; there are many details in each step. If you handle European data, call your lawyer.