At a glance.
- Estonia's "Huawei Law."
- Espionage and counterespionage during the pandemic.
- Contact tracing apps: privacy and efficacy.
- CISA releases list of ten most exploited vulnerabilities.
Estonia's "Huawei Law."
Estonia's parliament yesterday passed a new Electronics Communications Act that mandates security reviews for the development of electronic communications systems, US News reports. The law is generally regarded as directed against the risk posed by equipment provided by Huawei.
Espionage and counterespionage during the pandemic.
A joint warning issued by the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) says the Bureau is actively investigating "the targeting and compromise of U.S. organizations conducting COVID-19-related research by PRC-affiliated cyber actors and non-traditional collectors." The "PRC" is of course the People's Republic of China, and "non-traditional collectors" has in earlier US Government advisories referred to students and researchers already in place at institutions who are being activated to collect. Think of non-traditional collectors as, for the most part, forming a specific kind of internal threat. Thus the espionage has allegedly moved beyond the password-spraying attacks CISA and its UK counterparts in the National Cyber Security Centre warned against last week.
Contact tracing apps: privacy and efficacy.
In the European Union, the European Telecommunications Standards Institute (ETSI) is working on a set of standards designed to ensure the efficacy and interoperability of any technology developed to help contain COVID-19 through data collection and analysis, ComputerWeekly reports. The aim is "to enable the development of interoperable systems to automatically trace and inform potentially infected users in addition to manual notification methods, while preserving users’ privacy and complying with relevant data protection regulations." This goal is predicated on the conviction that the most effective way to contain the spread of the disease is by using contact tracing to break the chain of transmission from infected to uninfected persons.
A critical view may be found in Foreign Policy, which offers a long, skeptical take on how likely contact tracing apps are to help control the pandemic. The essay claims that too little is known about modes of transmission to enable them to do much to help. If the technology got prognosis and transmission right, they'd be helpful, if enough people adopted the technology and used it properly. But the essay claims that the three success stories widely touted (Singapore, South Korea, and Australia) turn out to be, on closer inspection, less successful than they at first seem.
Privacy and security also remain concerns, as the EU policy shops indicated. In the UK, where trials of an NHSX-developed app have been in progress on the Isle of Wight, Parliament's Joint Committee on Human Rights has asked Health Secretary Matt Hancock to support proposed legislation that would put privacy safeguards in place for the technology. The proposed Contact Tracing (Data Protection) Bill 2020, ComputerWeekly writes, provides for the “regulation of the processing of information in respect of contact tracing for Covid-19, and for connected purposes.” It would appoint a new Digital Contact Tracing Human Rights Commissioner responsible for overseeing the privacy aspects of technologies deployed to track the spread of the disease.
CISA releases list of ten most exploited vulnerabilities.
The US Department of Homeland Security has released a list of the ten vulnerabilities most exploited by foreign threat actors, including the intelligence services of Russia, China, Iran, and North Korea. The good news is that there are patches or upgrades available that take care of all of them. The bad news, evidently, is that organizations continue to overlook patching enough to make these bugs attractive targets for exploitation.