At a glance.
- NIST solicits public comment on consumer software cybersecurity.
- Rip-and-replace process for Huawei and ZTE systems begins in the US.
- CISA prepares to counter election disinformation.
- EU will update its Radio Equipment Directive.
NIST asks for public comment on guidelines for consumer software cybersecurity.
The US National Institute of Standards and Technology (NIST) has drafted criteria for a software cybersecurity labeling system for consumers, a component of President Biden’s Presidential Executive Order on Improving the Nation’s Cybersecurity, and has issued a request for public comment. The draft specifies baseline security criteria for consumer software, delineating the minimum requirements and desired characteristics and outcomes. NIST acknowledges that every provider is different, and as such aims to allow for various solutions from label providers depending on their devices and environments. Comment is due by December 16.
Huawei, ZTE “rip and replace” process begins.
Having declared that Chinese tech companies Huawei Technologies Co. and ZTE Corp are threats to national security, the US Federal Communications Commission (FCC) has opened the filing window for telecoms enrolling in the Secure and Trusted Communications Networks Reimbursement Program. FierceWireless explains that the plan, which some have dubbed the Huawei Rip & Replace Program, allows US providers of advanced communications services with 10 million or fewer customers to apply for subsidies to fund the removal of the elicit hardware from their networks, and firms must apply before January 14, 2022. Acting FCC Chairwoman Jessica Rosenworcel explained that the funds are meant to aid companies with the challenging process of removing the equipment, adding “We also want our communications companies to have the opportunity to use promising and innovative alternatives, like interoperable open radio access network solutions, as we build tomorrow’s networks.” Bloomberg adds that as soon as a firm is approved and receives their first reimbursement payment from the government, they have just one year to eliminate the equipment, which for some will be no easy task. President of Alabama’s Pine Belt Communications John Nettles, notes that the program should be dubbed “replace and rip,” as firms must first have new systems in place before removing the unwanted software in order to avoid service gaps, predicts it will take a four-person crew a week to get his relatively small company’s towers up to code.
Election Day misinformation prevention efforts from CISA.
With Election Day this week for more than thirty US states, Dark Reading reports that the Cybersecurity and Infrastructure Security Agency (CISA) is hosting an election situational awareness room as a way to foster collaboration between federal officials, state and local election administrators, private sector election partners, and political organizations. The hope is that, by opening up channels of communication, officials can better help voters to avoid mis-, dis-, and malinformation. In an official CISA email, the agency specified the following sources for reliable information:
- An election disinformation toolkit: created to support election officials with a suite of infographics designed to “pre-bunk” misinformation
- A rumor control website: clarifies which details are rumor and which are reality regarding election processes
- The Resilience Series: a series of CISA-created graphic novels drawing attention to the dangers of spreading misinformation on the web
EU to update cybersecurity rules for wireless devices.
Updating 2014’s Radio Equipment Directive, the European Commission will be adopting new cybersecurity standards for EU radio and wireless equipment such as smartphones, tablets, and other smart IoT devices. The Record by Recorded Future explains that device manufacturers selling products in the EU will have to adhere to three new security measures regarding product design. The rules revolve around improving network resilience, protecting consumer privacy (especially when it comes to minors), and reducing the risk of monetary fraud when making electronic payments. The new rules will come into effect by mid-2024, allowing for a thirty-month transition period for device makers.