At a glance.
- Industry groups push for US COVID-19 relief appropriations to address cybersecurity.
- Maurer joins US DHS as cybersecurity advisor to Secretary Mayorkas.
- Government requests for Google data rose last year.
- Myanmar junta's proposed cyber regulations draw international criticism.
- DPKR cyberespionage collects against COVID-19 vaccine development and distribution.
COVID-19 relief for cyber?
Referencing Solorigate, ransomware, critical infrastructure, the vaccine rollout, and remote work, groups like the Cybersecurity Coalition and Computing Technology Industry Association are advocating for the next pandemic aid bill to include over $10 billion in funding for state and Federal cybersecurity, according to the Washington Post. The Software Alliance, Alliance for Digital Innovation, Better Identity Coalition, Internet Association, Chamber of Commerce, and CompTIA also back the proposal.
The Senate has already trimmed $9 billion apportioned to Federal infotech renovations, a move one Representative attributed to “a lack of understanding of why these investments are [mission critical].” “We're going to end up spending double or more with the next attack that comes from underinvestment,” he said.
Department of Homeland Security hires cybersecurity advisor.
CyberScoop reports that Carnegie Endowment for International Peace Cyber Policy Initiative Director Tim Maurer will serve as Homeland Security Secretary Mayorkas’ Senior Counselor for Cybersecurity. Former Cybersecurity and Infrastructure Security Agency (CISA) Director Krebs and current CISA Acting Director Wales previously held the post. Mauer’s experience covers influence operations, international financial networks, and “the gray space between war and peace,” per his profile at Carnegie.
Google shared “record number” of user’s data with governments last year.
Calling the present plight of Internet privacy “tremendously troubling,” Atlas VPN observes that Google disclosures of user data to governments around the world have increased dramatically over the past several years. Various international laws permit agencies to request data for “civil, administrative, criminal, and national security purposes.” In the first half of 2016, roughly 77 thousand users were impacted, while in the first half of 2020, around 235 thousand users were affected. As government applications have increased, so has Google’s approval rate. Included among the information officials can solicit are location history and keyword search history.
Proposed Myanmar cyber regulations draw international odium.
ZDNet flags Myanmar’s draft cybersecurity legislation, put forward by the new military State Administration Council, as “repressive” and “draconian.” The law would direct in-country platforms to preserve user information for years in government-specified locations, grant officials easy access to the stockpile, and allow the state to terminate accounts. Onlookers are concerned about both human rights and foreign investment, given the data security implications of the bill and its transgression of international laws like the GDPR.
Groups ranging from the Myanmar Centre for Responsible Business to Human Rights Watch have condemned the proposals, with Norwegian telecom firm Telenor commenting, "We are concerned that the proposed bill does not…promote and safeguard digital safety and rights,” a concern that seems, in the context of the country's current state of military rule, an understatement. A Reporters Without Borders representative encouraged “digital actors operating in Myanmar, starting with Facebook, to refuse to comply with this shocking attempt.”
What's Pyongyang up to with cyberespionage directed against COVID-19 vaccine developers?
Yonhap and others have reported a North Korean cyberespionage campaign directed against COVID-19 vaccine development and distribution programs. The precise motivation for the espionage isn't clear, but ComputerWeekly notes that COVID-19 vaccine information is currently among the most valuable forms of intellectual property.
CrowdStrike’s SVP of Intelligence Adam Meyers commented in an email:
“Public reporting yesterday indicates that DPRK tried to hack into the servers of U.S. drug makers Pfizer to steal COVID-19 vaccine information, South Korean intelligence officials have said. CrowdStrike has observed multiple DPRK adversaries—including LABYRINTH CHOLLIMA, VELVET CHOLLIMA, and SILENT CHOLLIMA—target entities engaged in COVID-19 vaccine research. DPRK-sponsored targeted intrusions against international vaccine producers have been observed by CrowdStrike Intelligence since summer 2020.
"Additionally, the country has an established infrastructure for producing biological and chemical weapons that could be repurposed for medical uses. Kim Jong-un has repeatedly emphasized an interest in science and technology as well as economic self-sufficiency—a North Korean COVID-19 vaccine would showcase achievements in both areas.”