At a glance.
- UK announces cyber reporting requirements for MSPs.
- Vanuatu recovers from cyberattack.
- US Treasury head warns TikTok is a threat to national security.
- Brazil joins Budapest Convention on Cyber Crime.
UK announces cyber reporting requirements for MSPs.
The British government on Wednesday announced a new mandatory cyber incident reporting obligation for managed service providers (MSPs), the Record by Recorded Future reports. MSPs will also be required to meet a set of minimum security standards, and non-compliance could result in fines of up to £17 million. The government warned that MSPs are “an attractive and high value target for malicious threat actors, and can be used as staging points through which threat actors can compromise the clients of those managed services.” Indeed, recent ransomware attacks like the one on US firm Kaseya and, closer to home, the UK’s National Health Service supplier Advanced, have demonstrated the devastating impact these incidents can have. Existing incident reporting requirements, which focus on whether the incidents impact the actual service the organizations provide versus the risks they impose, have been criticized for having such a high threshold that few attacks are actually considered severe enough to be disclosed.
The new obligations will be introduced through an update to the Network and Information Systems (NIS) Regulations, and the new thresholds will be set by sector-specific regulators in collaboration with the National Cyber Security Centre. Julia Lopez, the U.K.’s cyber minister stated, “The services we rely on for healthcare, water, energy and computing must not be brought to a standstill by criminals and hostile states,” adding that the new legislation would “better protect our essential and digital services and the outsourced IT providers which keep them running.”
Vanuatu recovers from cyberattack.
The government network of the South Pacific nation of Vanuatu suffered a cyberattack in early November that shut down emergency services, email, and phone lines for weeks. The Bangkok Post reports that government officials are continuing to work to restore operations, Prime Minister Ishmael Kalsakau said the tiny island nation has enlisted the help of cyber experts in neighboring Australia. Chief information officer Gerard Metsan said "70 percent of the government network" had now been restored, including crucial emergency lines for ambulance, police, and fire services. It remains unclear who is responsible for the attack; though data analysis of the hackers showed "persistent traffic" from Europe, Asia, and the US, the data is not enough to determine attribution. Kalsakau added that it’s suspected the source of the cyberattack was a non-secure government website managed by third parties and workstations with known security vulnerabilities.
US Treasury head warns TikTok is a threat to national security.
During the New York Times Dealbook Summit in New York on Tuesday, US Treasury Secretary Janet Yellen warned that the video-sharing app TikTok, owned by Beijing company ByteDance, poses "legitimate national security concerns” to the US. As Fox Business explains, TikTok and ByteDance are currently being investigated by the Treasury Department's Committee on Foreign Investment in the US (CFIUS) after concerns that the Chinese government could force the popular video-streaming platform to share American user data. Earlier this month, while testifying before the House Homeland Security Committee, Federal Bureau of Investigation Director Christopher Wray explained his concerns surrounding TikTok "include the possibility that the Chinese government could use it to control data collection on millions of users or control the recommendation algorithm, which could be used for influence operations if they so choose, or to control software on millions of devices, which gives the opportunity to potentially technically compromise personal devices."
Brazil joins Budapest Convention on Cyber Crime.
In a joint statement from the Brazilian Ministries of Foreign Affairs and Justice and Public Safety, Brazil announced yesterday that it will be joining the Budapest Convention. Also known as the Convention on Cyber Crime, the sixty-seven-member partnership grants members swifter access to electronic evidence produced under foreign jurisdiction in order to cooperate in fighting cybercrime. MercoPress reports that Brazil has submitted a letter of adhesion to the Strasbourg-based Council of Europe.