At a glance.
- MI6 on innovation and technological competition.
- China's new data privacy law.
- NDAA passage slows in the US Senate.
- The US Department of Homeland Security's cyber personnel policy.
- Down with Grinch bots?
MI6 steps up tech development with new investment fund.
Computing explains that the UK's Secret Intelligence Service, MI6, will be looking to tech industry leaders to become the Q to its James Bond. At a speech at the International Institute for Strategic Studies on Tuesday, MI6 head Richard Moore pointed out that without a film-worthy gadget maker at its disposal, MI6 will need to rely on external talent in order to keep up with international tech developments. “We can't match the scale and resources of the global tech industry, so we should not try,” he stated. “Instead, we should seek their help.” The National Security Strategic Investment Fund, a new government-supported investment program similar to the US Central Intelligence Agency’s In-Q-Tel, aims to help MI6 secure the support of industry, and £100 million has already been put toward UK tech startups.
Moore went on to say that he considers China, Russia, Iran, and international terrorism to be the four main priorities for western intelligence forces. In his first radio interview with the BBC, Moore detailed why he sees China as such a threat, explaining that the PRC has the ability to “harvest data from around the world” and uses “debt traps and data traps” to exert control over other countries, wielding power through its economic policies and its access to other nation’s critical data. "That's something which, I think, in the UK we are very alive to and we've taken measures to defend against," Moore stated.
Cooley looks at China’s new privacy law.
The experts at Cooley offer an overview on China’s new privacy regulation, the Personal Information Protection Law (PIPL), which came into effect on November 1. Enforced and administered by the Cyberspace Administration of China, the PIPL applies to any business or individual that processes the personal data of individuals in China, and requires personal information processors outside its borders to establish entities within China. Cooley says the main takeaway is that in order to avoid violating the PIPL, these processors should modify privacy policies and data subject rights request procedures, add the necessary clauses in contracts regarding personal data being transmitted outside of China, establish appropriate consent mechanisms for data processing activities, and update incident response plans to incorporate PIPL data breach notification requirements.
Senate struggles to agree on National Defense Authorization Act.
Disagreement among members of the US Senate regarding amendments to the 2022 National Defense Authorization Act resulted in Senate Republicans declining to vote for cloture. MeriTalk reports that a number of amendments filed for the bill are related to cybersecurity, including revamping the Federal Information Security Modernization Act, modifying mandatory cybersecurity incident reporting, and setting a five-year term for the Director of the Cybersecurity and Infrastructure Security Agency. Both Majority Leader Chuck Schumer and Minority Leader Mitch McConnell said they are confident an agreement can eventually be reached, noting that the defense spending act was passed by the Senate Armed Services Committee with a largely bipartisan vote.
The long road to DHS’s new cybersecurity hiring program.
The Federal News Network offers insight into the arduous development process for the US Department of Homeland Security’s (DHS) new cybersecurity talent management system (CTMS), an undertaking that took seven years of planning before launching last month. The aim was to create a recruiting process that was free of Congress’s traditional, rigid hiring and compensation practices in order to attract the country’s top cybersecurity talent. Angie Bailey, chief human capital officer for the Department of Homeland Security, explains, “We took the bold, brave step of completely walking away from OPM’s classification, OPM qualifications, the General Schedule, the way that we do pay, everything.” DHS collaborated with experts on topics like federal employment law and extensively researched cybersecurity and tech salaries in order to create a competitive compensation structure. One major hurdle was determining how employees hired under CTMS, who become part of the “cybersecurity service,” would progress through their careers, and DHS had to go as far as creating brand new code for the National Finance Center, the department’s payroll provider, in order to accommodate the new system. Now that CTMS is live, DHS is currently looking to fill one hundred fifty positions, with more opportunities to emerge in coming months.
Congress would outlaw Grinch bots.
Senator Richard Blumenthal (Democrat of Connecticut) is among Congressional leaders sponsoring a bill that would outlaw "Grinch bots," which is actually what the proposed act calls them. The Stopping Grinch Bots Act would seek to stop people from using bots to corner some or most of the market in popular toys. Once the bots had made their purchases, the controlling Grinches would, unless stopped by Federal law, presumably make a killing in a reseller's market that simply obeys the laws of supply and demand.
Daniel Gor, Bot Defender Product Manager at PerimeterX, commented on what amounts to toy scalping:
“Serious toy shoppers and resellers are tapping into a growing array of advanced tools to gain an unfair advantage and buy up as many limited edition, high-demand items as humanly possible. Or, really, as inhumanly possible, as it turns out. The most sophisticated buyers are leveraging a hidden but fascinating ecosystem of technology tools and platforms to stack the deck in their favor. What’s more, these tools are quickly evolving and improving in a constant cat-and-mouse game between the retailers and these aggressive scalpers.
When the most sought-after items drop online in a flash sale, two-thirds of the purchases can be malicious bots. Bots harm regular online shoppers by jacking up the prices. They also hurt the brands who dislike seeing their offerings go for such high prices on secondary markets and who want to ensure fairness and a good online experience for their customers. To combat bots and protect online inventory, legislation can be effective, as well as bot mitigation services that proactively monitor and block sophisticated bots.”
There's no word on concerns over secondary markets for rare Who roast beast.