At a glance.
- The UK announces a National Cyber Force.
- It's not just 5G. It's undersea cables, too.
- US Entity List adds more Chinese companies.
- A Sarbanes-Oxley for cyber?
As you know, the US continues to grapple with the mess Russia's SVR left in American Government networks. But today we'll concentrate on some of the other policy stories you might have missed.
Britain gets a cyber command.
Army Technology reports the UK is drafting employees from intelligence and defense agencies to form a National Cyber Force that satisfies the country’s fusion doctrine “whole of nation” policy towards cybersecurity. The Defence Ministry, Government Communications Headquarters (GCHQ), Secret Intelligence Service, MI6, and Defence Science Technology Laboratory are contributing to the effort, which will have offensive, defensive, military, and civil capabilities. Concerns were raised about progressive “militarization of cyberspace,” but GCHQ veteran and cyber expert Marcus Willett said the situation resembles other battlespaces, where civilian rights have been preserved.
No free lunches: the security cost of Chinese telecom loss leaders around Guam.
Data Center Dynamics says Washington and Taipei are warning that Beijing’s “too-good-to-be-true” bid on a Pacific Internet project carries espionage risks. Huawei Marine, a separate entity from Huawei Technologies, submitted a discounted proposal to install submarine cables connecting island nations north of Port Moresby as part of the Kiribati Connectivity Project. Two years ago Canberra relieved the company of a Solomon Islands cable project over similar concerns.
US Entity List swells with Chinese companies.
Last week the US Commerce Department blacklisted chip manufacturer SMIC and scores of other Chinese companies citing defense and human rights considerations, according to Reuters. Leading drone maker DJI joined the list, as DroneDJ reports, apparently for participating in Xinjiang surveillance and assisting other “repressive regimes.” China reacted indignantly, but some US observers worried the move was just for show and left open loopholes. Commerce also announced the creation of a Military End User list, the first iteration of which will contain one-hundred Chinese and Russian firms, for exporters’ convenience.
Does cybersecurity need the Sarbanes-Oxley treatment?
Forbes recalls how the Sarbanes-Oxley Act “forced corporate boards to put financial experts into the boardroom for the first time” following debacles like Enron, theorizing recent high profile breaches could lead to a similar rejuvenation in corporate emphasis on cyber. As of a 2018 SEC rule change, executives and board members have been saddled with increased accountability for cybersecurity risks, with some firms facing federal fines of up to $5 billion for violations.