UK restricts use of Hikvision cameras. FCC bans five Chinese tech companies over security concerns. NSA/Cyber Command evaluation delivers no recommendation.

Summary

By the CyberWire staff

At a glance.

His Majesty’s government prohibits use of Hikvision surveillance cameras in sensitive areas.
FCC bans five Chinese tech equipment companies due to security concerns.
NSA/Cyber Command evaluation panel delivers no recommendation.

His Majesty’s government prohibits use of Hikvision surveillance cameras in sensitive areas.

Speaking to the UK parliament on Thursday, Cabinet Office Minister Oliver Dowden said government departments had been instructed to stop deploying equipment produced by companies that are subject to the National Intelligence Law. The ban would include Hikvision, a leading Chinese surveillance camera company that has come under fire in recent months for allegations that its equipment poses a threat to British national security. Dowden added that government departments were advised to consider whether to “remove and replace such equipment where it is deployed on sensitive sites rather than awaiting any scheduled upgrades,” and that departments could determine whether sites not deemed sensitive should also consider removing such equipment.

On Friday, a Hikvision spokesperson told CNN it was “categorically false to represent Hikvision as a threat to national security.” The company went on to say, “Hikvision is an equipment manufacturer that has no visibility into end users’ video data. Hikvision cannot access end users’ video data and cannot transmit data from end-users to third parties. We do not manage end-user databases, nor do we sell cloud storage in the UK.” In 2019 the US government included Hikvision on a trade blacklist, prohibiting them from importing US technology due to similar security concerns.

FCC bans five Chinese tech equipment companies due to security concerns.

Following in the UK’s footsteps, the US Federal Communications Commission (FCC) released an order Friday banning Hikvision, as well as Chinese companies Huawei, ZTE, Dahua, and Hytera from selling electronics in the US. The decision came after a unanimous vote determining the products pose a risk to US data security. FCC Chair Jessica Rosenworcel said in a news release, “The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here. These new rules are an important part of our ongoing actions to protect the American people from national security threats involving telecommunications.”

As the Washington Post explains, the long-awaited decision was the most recent step in the US’s efforts to limit the influence of Huawei and other Chinese tech firms after Congress passed legislation calling for such restrictions last year. Though the companies have long denied they pose a security risk, Huawei allegedly helped African governments spy on political opponents, and the US Federal Bureau of Investigation allegedly discovered Huawei equipment on cell towers near US military bases, reportedly to capture and disrupt Defense Department communications.

Klon Kitchen, a senior fellow at think tank the American Enterprise Institute told Bloomberg, “This is a culminating action. Things that began under Trump are now being carried out. The Biden administration is continuing to turn the screws on these companies because the threat isn’t changing.” Still, experts note, there are limits to what the order can do. For the most part, the ban doesn’t apply to consumer or small business sales, and it doesn’t prevent the companies from rebranding their products in order to circumvent the rules. FCC Commissioner Brendan Carr said the FCC must “vigilantly monitor compliance with the rules we’ve established today, including by ensuring that entities do not make an end run around our decision by ‘white labeling’ covered gear — a process that involves putting a benign or front group’s name on equipment that would otherwise be subject to our prohibitions.”

NSA/Cyber Command evaluation panel delivers no recommendation.

Although the Biden administration last month concluded an evaluation of the leadership structure ruling US Cyber Command and the National Security Agency (NSA), no formal recommendation was made, according to anonymous sources who spoke with the Record by Recorded Future. The small study group led by former Joint Chiefs of Staff Chairman Joseph F. Dunford Jr. was tasked with examining the strengths and weaknesses of the “dual-hat” leadership structure which dictates that the same military officer, a role currently filled by Army General Paul Nakasone, lead both Cyber Command and the NSA. Some members of the intelligence community feel it is inappropriate for NSA to have a uniformed chief, and some lawmakers believe the responsibilities of each role have expanded enough to warrant two separate leaders. Ronald Moultrie, Under Secretary of Defense for Intelligence and Security, earlier this year told a House Armed Services Committee subpanel that the arrangement would be reviewed. The study group which was formed with input from both the Defense Department and the intelligence community and includes three administration officials who don’t have a vested interest in the study’s outcome, began their evaluation earlier this month and shared their findings with Secretary of Defense Lloyd Austin and Director of National Intelligence Avril Haines. Though no recommendation has been reached, the group plans to complete its work within the next two or three months.

Selected Reading

Canada to boost defence, cyber security in Indo-Pacific policy, focus on 'disruptive' China (Reuters) Canada launched its long-awaited Indo-Pacific strategy on Sunday, outlining spending of C$2.3 billion ($1.7 billion) to boost military and cyber security in the region and vowed to deal with a "disruptive" China while working with it on climate change and trade.

Law to protect businesses, the public in cyberspace (VietNamNet News) Ensuring safety in cyberspace is the task of all agencies, units and people, Deputy Minister of Information and Communications Nguyen Huy Dung said.

Online safety bill will criminalise ‘downblousing’ and ‘deepfake’ porn (the Guardian) Nonconsensual explicit images to be tackled in bill returning to parliament next month

UK bans Chinese surveillance cameras from 'sensitive' sites (CNN) Hikvision, a leading Chinese surveillance company, has denied suggestions that it poses a threat to Britain's national security after the UK government banned the use of its camera systems at "sensitive" sites.

US Bans Huawei, ZTE Telecom Equipment on Data-Security Risk (Bloomberg) Federal Communications Commission cites security concerns. Dahua, Hikvision, Hytera also among companies named by agency.

US effectively bans imports of Chinese telecoms products (Register) Part bureaucratic box ticking, part crackdown that makes even Wi-Fi routers and smartphones off limits

FCC steps up campaign against Huawei and other Chinese tech companies (Washington Post) FCC brings out the banhammer for Huawei and other China-based companies

Review of NSA, Cyber Command leadership structure ends without official recommendation (The Record by Recorded Future) The Biden administration’s evaluation of the leadership structure ruling U.S. Cyber Command and the National Security Agency finished late last month and did not make a formal recommendation about whether or not to end the long-standing arrangement, three sources familiar with the review told The Record.

Senate committee stamps privacy breach penalties (CRN Australia) Would substantially increase penalties for large or repeated privacy breaches.

The US Congress Is Starting to Question This Whole Crypto Thing (WIRED) Think Washington lawmakers have what it takes to tackle the volatile world of cryptocurrencies? Neither do they.

NSW passes state-based mandatory data breach notification (CRN Australia) Will apply to state agencies and departments, statutory authorities, local councils and some universities.

Guadeloupe kickstarts continuity plan after wide-ranging cyberattack (The Record by Recorded Future) The French island of Guadeloupe is dealing with the aftereffects of a cyberattack, according to a notice on the government’s website.

Juan Arratia Becomes Executive Director of the CISA Chief of Contracting Office (Homeland Security Today) Prior to joining DHS, Arratia was the Senior Procurement Executive at the Office of Personnel Management.