At a glance.
- Internet regulation in China.
- Internet censorship in Russia.
- NSA's 5G cloud security guidance.
- The US Strategic Intent Statement for the Office of the National Cyber Director.
Chinese official comments on internet regulation.
Reuters reports that on Wednesday Zhuang Rongwen, head of the Cyberspace Administration of China (CAC) told Chinese newspaper the Study Times -- published by the Communist Party training institution the Central Party School -- that developing a civilized internet is essential to building a “modern socialist country.” By “civilized,” Rongwen means using the internet as an instrument for spreading socialist values, as he and other like-minded officials feel the Party should use the internet's wide reach to “let the party's innovative theories 'fly into the homes of ordinary people.’” In an effort to regulate Chinese citizens’ activities on the internet, China's State Council published guidelines last month offering recommendations for using the internet to facilitate learning about the Communist Party and its accomplishments. Rongwen also expressed that the internet could be used to help teach young users about avoiding cyberbullying and other negative behaviors.
Russia’s approach to internet censorship.
Speaking of totalitarian (or at least authoritarian) regimes, the New York Times offers an in-depth look at Moscow’s intensified system of internet censorship. After demanding data from Russian internet and telecom providers on traffic numbers, equipment stats, and connection speeds, in 2019 government technicians began installing “black boxes” alongside the company’s servers, giving officials the power to block, filter, and even slow down websites they deemed undesirable. The deep packet inspection software filters data traveling through the internet, slowing down websites in the process and blocking unwanted content. The equipment has been installed in Russia’s largest telecom and internet service providers, including Rostelecom, MTS, MegaFon, and Vympelcom, and impacts almost all of Russia’s 120 million wireless and internet users. As Reclaim the Net explains, Moscow established a law in 2012 requiring ISPs to block thousands of undesirable sites, but finding the law too difficult to enforce, the government created “sovereign internet” law in 2019 which required ISPs to use “technical means of countering threats.” Officials say the software, installed in over five hundred locations, impacts all of the mobile internet and 73% of broadband. This spring, Twitter experienced such severe slowdowns that the platform felt compelled to give in to Moscow’s content removal demands. What’s worse, experts are concerned that other countries might follow in Russia’s footsteps. As Laura Cunningham, a former head of US State Department programs on internet freedom explains, “Russia’s censorship model can quickly and easily be replicated by other authoritarian governments.”
NSA releases 5G security guidance.
At 1:00 Eastern time this afternoon, the US National Security Agency (NSA) released, in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), the first installment of its promised four-part 5G cloud infrastructure security guidance. This one concentrates on detecting and containing lateral movement through networks. The guidance is the work of the Enduring Security Framework's 5G Cloud Working Panel. It's noteworthy, apart from the useful content, as another instance of the increasingly public engagement NSA has pursued over the last three years.
Foxes wanted. Hedgehogs need not apply.
The White House has published a Strategic Intent Statement for the Office of the National Cyber Director. The stated goal is a world in which "Americans are free to be enriched, empowered, and enlivened by digital connectivity instead of burdened by it." The document is striking in its recognition that cybersecurity is a complex set of many small problems, and not something addressable in a single moonshot.
There are no single, big points of failure addressing which would render the nation secure. "Cybersecurity today too often lacks intentionality," the document says. "Too many systems are not designed with security in mind, relying on technology end users to keep us safe. It does not have to be this way; if every contributor to our digital ecosystem knew how their part fit into the sum of the whole, and how to contribute responsibly, we could begin building an ecosystem defined by aggregating stability and resilience instead of compounding risk."
The Office of the National Cyber Director will work toward four outcomes: "coherence across U.S. government in cyber policy, action, and doctrine," "public-private collaboration to tackle cyber challenges across sectoral lines, "align[ment of] resources to aspirations," and, finally, "push forward initiatives across all available avenues in order to increase present and future resilience,"