At a glance.
- DHS and 5G security.
- US State Department's first cyber ambassador.
- China's cybersecurity regulations.
US Department of Homeland Security’s quest to secure 5G tech.
SIGNAL Magazine offers a look at the US Department of Homeland Security’s (DHS)’s progress in filling security gaps presented by 5G technology identified by the Cybersecurity and Infrastructure Security Agency (CISA). 5G has become increasingly critical to DHS’s goals, and its Science and Technology Directorate leads the Secure and Resilient Mobile Network Infrastructure program (SRMNI) and the sister program Emergency Communications Research and Development. Brent Talbot, a program manager within the Science and Technology Directorate’s Office of Mission Capability and Support, explains, “CISA is our customer, and they are looking to get some research and development performed to fill some cybersecurity gaps in the mobile 5G infrastructure. They’re looking to secure those venues for not only the general public but for the government, for the nation. We’re trying to push the boundaries of what is known, and we’re looking to protect those communications venues, especially for our frontline workers, the emergency responders.” SRMNI’s goal is to provide solutions and knowledge that will help officials to make risk- and cost-informed decisions regarding capability gaps, threat identification, architectural frameworks and potential mitigations. Already, 4K Solutions LLC has developed GovSecure, a protected domain name system available on Google Play store and the Apple App Store that allows secure, untraceable communications for sensitive but unclassified messages.
US State Department names its inaugural cyber ambassador.
CyberScoop reports that the US State Department has selected Nathaniel Fick as its first Ambassador-at-Large for Cyberspace and Digital Policy, pending confirmation from the US Senate. Launched in April, the Bureau of Cyberspace and Digital Policy is focused on supporting the White House’s effort to provide digital aid to allies and US leaders as they set global cyber standards. Currently the general manager of information security for internet search company Elastic, Fick is also an author and a combat veteran, having served with the US Marine Corps as an infantry and reconnaissance officer. In 2008, Fick advocated for then-presidential candidate Barack Obama as a member of the Next Generation Veterans coalition, and even then his focus was on national security. He told GQ Magazine at the time, “When all this is over, I hope we will have done two things: elevated the national-security discussion above simplistic one-liners about victory or defeat and helped to end the fiction that only Republicans can talk about defense in a credible way.” The Bureau of Cyberspace and Digital Policy is currently led by Jennifer Bachus as a principal deputy assistant secretary, and Michele Markoff leads the cyberspace security team.
China’s new security rules for financial institutions could pose risk for the west.
In April, the China Securities Regulatory Commission (CSRC) released its draft Administrative Measures for the Management of Network Security in the Securities and Futures Industry, and leading lobby group the Asia Securities Industry and Financial Markets Association (ASIFMA) says the rules could make western companies easy prey for hackers. Western investment banks and asset managers like Morgan Stanley and JPMorgan are currently expanding their presence in China, and the new rules would make it mandatory for these companies to share data with CSRC, allow regulator-led testing, and set up a centralized data backup center. Reuters reports that in a letter sent to the CSRC in May, ASIFMA stated, "This not only poses huge risks to all core institutions and operating institutions on an individual basis, but also brings significant systemic risks for the sector in China and globally given the interconnectedness of the global financial sector, if the data is compromised or leaked.” CSRC offered a month-long public consultation on the proposals, but according to the commission, ASIFMA’s letter arrived two days after the close of the consultation window. “However, we still highly value the feedback forwarded by relevant associations," CSRC said, adding that it would keep communications open with ASIFMA going forward.