At a glance.
- Updates on Huawei, ZTE restrictions.
- The pandemic as analogy.
- Singapore considers tougher penalties under its data protection law.
- Contact tracing and public policy.
Huawei's and ZTE's fortunes in the US and Germany.
Yesterday US President Trump extended the strictures last year's Executive Order effectively imposed on Chinese hardware companies Huawei and ZTE, ComputerWeekly reports. The two companies have fared better this week with authorities in Germany, who've adopted a more permissive approach to allowing the Chinese vendors into German markets.
The US Department of Commerce has also taken steps to choke off Huawei's ability to evade the consequences of its placement on the Entity List Commerce maintains pursuant to the Executive Order. The Department says it's extended restrictions to prevent such evasion by "amending its longstanding foreign-produced direct product rule and the Entity List to narrowly and strategically target Huawei’s acquisition of semiconductors that are the direct product of certain U.S. software and technology."
The news for Huawei isn't entirely bad, even in the US. The Department of Commerce also issued a ninety-day extension that will give US operators, principally telecom companies serving rural areas, a bit more time to switch to other suppliers. But this amounts at best to a temporary reprieve.
The pandemic as analogy: how a medical emergency can inform preparation for a cyber emergency.
The US Cyberspace Solarium Commission, whose report led with an introductory work of fiction that imagined Washington laid low by a massive cyberattack against infrastructure, the Capital reduced to a hellscape that could be safely viewed from no closer than Reston, sees lessons in preparation from the pandemic. The co-chairs of the Commission, Senator Angus King (Independent of Maine) and Representative Mike Gallagher (Republican, Wisconsin 8th), are ready to talk to Congress as the COVID-19 emergency begins to abate, and they hope, according to the Washington Post, that legislators get the lesson that it's important to prepare for a disaster before it hits.
“I think covid has taken public attention away [from cybersecurity], but for policymakers it’s underlined the importance of having a comprehensive strategy in place and really strengthened the case for the actions we recommended,” Senator King told the Post. “We’re in the middle of a crisis that has shaken people to say we can’t go back to business as usual.” And there are some signs that Congress may be willing to listen, at least a little. Two of the Commission's recommendations—creation of a national lead for cybersecurity in the White House with a significant budget and staff, and both planning and spelling out clearly the consequences adversaries will face should they mount a serious cyberattack against the US—appear to have gained traction with lawmakers over the past month. That second recommendation is reinforced by the emergence of a more hawkish consensus about China that's emerged during the pandemic.
The Post quotes Representative Gallagher on both points. “You look back on the 9/11 Commission and you realize how much good work was being done [before the attack] but it was all siloed at different agencies. We want someone who’s in charge and coordinating efforts across the government, forcing discussions across agencies about different scenarios and how we can prepare for an attack.” He also said, “I think if nothing else when the dust settles on coronavirus, it will harden the hawkish consensus on China and add energy to this effort to wean ourselves off our dependency on certain things produced in China.”
The Cyberspace Solarium Commission is expected to release by the end of this month a follow-on report summarizing the lessons it's drawn from the COVID-19 emergency.
Singapore mulls tougher penalties under its data protection law.
Singapore is considering amending its Personal Data Protection Act to increase possible penalties to include fines of up to 10% of a company's annual gross turnover or $1 million, whichever is higher, the Straits Times reports.
Contact tracing in the UK and elsewhere.
At the end of a week in which NHSX's contact-tracing system faced skepticism about both its legality and its efficacy, NHS gets some good news from the pilot being conducted on the Isle of Wight: the Telegraph reports that more than half the people there with smartphones have downloaded the app. 50% has generally been regarded as representing the floor of adoption rates that might actually make a difference in controlling the spread of the disease.
The Telegraph also has an overview of the various technical adjuncts to traditional quarantine and contact tracing various nations have tried. The approaches fall on spectra of voluntariness and intrusiveness: Bluetooth-based exposure notification to GPS-based movement tracking, thermal cameras in public places to nearly ubiquitous facial recognition surveillance, and so on.