At a glance.
- UK intelligence chief says Chinese tech poses threat to global security.
- US open source software bill advances.
- Financial Stability Board to speak on crypto regulation.
UK intelligence chief says Chinese tech poses threat to global security.
Jeremy Fleming, director of the UK Government Communications Headquarters, gave a rare speech in London on Tuesday warning the public that Beijing has “deliberately and patiently set out to gain strategic advantage by shaping the world’s technology ecosystems.” The spy chief said that Chinese Communist Party leadership has plans to use digital currency and satellites, among other existing and emerging technologies, to further its control over global markets and extend its surveillance capabilities around the world.
Fleming also claimed that Chinese efforts to build a central-bank digital currency could allow officials to monitor transactions and potentially evade future international sanctions. Describing the rising threat as “the national security issue that will define our future,” he also indicated that the Chinese government plans to leverage its tech exports to create “client economies and governments” and aims to spread its authoritarian practices to other nations. Fleming warned that unless lawmakers invest in emerging security technologies like quantum computing, “the divergent values of the Chinese state will be exported through technology.”
Mao Ning, a spokeswoman for China’s Foreign Ministry, denied Fleming’s claims at a Tuesday daily briefing, stating, “The remarks of the British official have no factual basis at all. China’s technological development is aimed at making lives better for the Chinese people. It does not target anyone, still less pose any threat.” Western officials have been sending warning signals about the potential use of equipment exported from Chinese tech leader Huawei Technologies Co. for digital espionage, but both Huawei and Beijing have denied these accusations.
US open source software bill advances.
In a bipartisan decision, the US Senate Homeland Security Committee has approved the Securing Open Source Software Act 2022, legislation that calls on the Cybersecurity and Infrastructure Security Agency (CISA) to create a “risk framework” regarding the use of open source code within the government and critical infrastructure agency. Prompted by the infamous Log4j vulnerability, the draft act requires CISA to hire experts who are able to identify and remediate vulnerabilities in open source code, and any open source software being used will be continuously monitored and checked by CISA. The act also directs some agencies to create in-house open source programs.
"This software needs curation to be secure and the responsibility for that curation lies firmly with the user, in this case our public sectors across the globe," Amanda Brock, CEO of not-for-profit group OpenUK, told Computing. However, as Brock noted, the bill is unclear about how CISA will coordinate this framework, especially when third-party services are involved. "Where there is payment associated with open source software, that is not for the software itself, and understanding that is key. Liability for these - as with any paid for services - rests with the provider, but these are part of the act of curation that all end users need to ensure," Brock added. The draft act will need to be passed by the full Senate before becoming law, but some experts say regardless, clouding companies might take it upon themselves to implement heightened security measures. "I strongly suspect the cloud provider industry will actually solve this meaningfully sooner than the government will,” said Michel Isbitski, director of cybersecurity strategy at cloud security firm Sysdig. “They have to because of the amount of open source software they use in their offerings. They also have the benefit of scale on their side."
Financial Stability Board to speak on crypto regulation.
US policymakers gathered yesterday in Washington, DC for Fintech Week, where the Financial Stability Board, which coordinates international financial regulation, is expected to share its plan for regulating the cryptocurrency market. The Washington Post explains that although the board has no power to set legislation, its recommendations have motivated lawmakers in the past. “It’s fair to say the US wants to lead on this globally and largely has been leading on it,” said Patrick Dougherty, a former Securities and Exchange Commission lawyer who is now on the board of the Global Digital Asset and Cryptocurrency Association. The White House is also calling for a crackdown on the illicit use of digital assets, and last week, the Financial Stability Oversight Council issued a warning urging lawmakers to restrict cryptocurrency use before it threatens global finance systems. The board will also examine issuing rules for the use of stablecoins after the fall of the Terra stablecoin in May led to a massive downturn in the crypto market. The cryptocurrency industry continues to push back at the possibility of regulation, with industry group the Crypto Council for Innovation warning that “a heavy-handed approach could cut this technology off at its knees.”