At a glance.
- Intelligence-sharing: UAE and Israel.
- US Defense Department establishes bug-disclosure program for contractors.
- Pro-encryption plea in the Crypto Wars.
- Surveillance tech providers and potential supply-chain threats.
- The response to the SolarWinds incident and the surveillance impulse.
Emirati-Israeli intelligence sharing.
Haaretz says Jerusalem and Abu Dhabi have been swapping cyberintel, with Israel giving the UAE a heads up about Lebanese Cedar’s January attack. In another show of strengthening relations, for the first time, a top Israeli cyber event is convening beyond Israel’s borders, in Dubai. The states’ cybersecurity chiefs said “the ties forged in the Abraham Accords last August have matured into a ‘brotherly’ relationship between the two countries in the digital arena.”
Although the UAE has become a fresh cyber and influence campaign target for those who want the relationship to fail, the Emirates’ cyber chief stressed the “added-value,” in the form of increased capacities and readiness, brought by the collaboration. The nations’ main focus is sharing tactics, techniques, procedures, leads, and attack signatures, and the partnership extends to the states’ computer emergency response teams.
Questions remain about what role Israel will play in the Emirates’ new cyberdefense center, and concerns linger over the UAE’s reliance on Israeli spyware company NSO.
US Defense Department begins bug disclosure program for contractors.
SecurityWeek reports that the Pentagon has launched a twelve month pilot Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP). The pilot is distinct from the existing HackerOne VDP, but the HackerOne research cohort is encouraged to (carefully, and without accessing data) test participating vendors’ systems. Any findings will bolster defensive, not offensive, capacities.
A pro-encryption plea in the Crypto Wars.
Will Cathcart, Head of WhatsApp at Facebook, argues in Wired that “governments encroach more on our privacy” the more we connect digitally, and “[n]o matter how well-meaning the motivation, surrendering our privacy would paralyze us.”
Addressing potential threats from surveillance tech providers.
DesignNews wonders about security camera makers Hikvision and Dahua’s place in the US’ Entity List, while ClearanceJobs explains the rationale through the lens of “the re-emergence of great power competition.” The 2019 National Defense Authorization Act, for example, ordered Federal agencies and vendors “to identify and remove [foreign] hardware devices that may have been manufactured” with ill-intent. 5G supply chain vulnerabilities are currently a chief concern, but devices like routers, USB gadgets, monitors, and other hardware also present known risks.
SolarWinds and the surveillance impulse.
Noting that US Government leaders from NSA Director Nakasone to Deputy National Security Advisor Neuberger have “predictably” been “putting out feelers to gauge public receptivity to…more surveillance” in the wake of Holiday Bear’s rampage, EIN News maintains that the “existing surveillance apparatus” is “expansive” and “dangerous” enough as is.
Historical intelligence agency abuses of ambiguous authorities, with limited legislative or judicial oversight, worry some onlookers. EIN calls on the Government “to stop making excuses and get their own security practices in order,” listing failings like poor cyber hygiene, vendor insecurity, and Einstein’s inability to scan for novel threats—issues identified years ago. After all, the article concludes, the NSA failed to detect the hackers on systems where they do have surveillance authority.