At a glance.
- Swiss government to mandate reporting of attacks on critical infrastructure.
- Germany will not ban Chinese telecom equipment.
- US officials announce investigation of Lapsus$ cybergang.
- US dismisses charges against Huawei CFO.
Swiss government to mandate reporting of attacks on critical infrastructure.
Reuters reports that the Swiss government is planning to approve legislation making it mandatory to report cyberattacks impacting critical infrastructure. The new measure would also more clearly define the role of the National Cybersecurity Centre (NCSC) as the central watchdog for cyberattacks. A statement from the Swiss Federal Council reads, "Successful cyberattacks can have far-reaching consequences for the availability and security of the Swiss economy. The general public, authorities and companies are exposed to the risk of cyberattacks on a daily basis. There is currently no overall picture of what attacks have taken place where, because reporting to the NCSC is voluntary.”
Germany will not ban Chinese telecom equipment.
A spokesperson from Germany’s Economy Ministry has declared that the country will not be imposing a blanket ban on Chinese telecom equipment makers. Unlike the US, where the Federal Communications Commission last week banned approvals of new equipment from Huawei and ZTE because they pose "an unacceptable risk" to national security, Germany will instead make these decisions on a case-by-case basis. Russia’s invasion of Ukraine cast a spotlight on the relationship between Berlin and Beijing, as Germany’s reliance on Russia for energy made officials concerned about Germany’s dependence on China for trade. A German Economy Ministry strategy paper seen by Reuters references 2020 legislation that, instead of fully banning such equipment, places restrictions on suppliers that make false declarations, do not support security audits, or neglect to address vulnerabilities promptly. The paper suggests the possibility of placing a ban on components and products for the telecom industry or other critical infrastructure made by suppliers in authoritarian states. Huawei has commented, "Secure use of networks is independent of a provider's country of origin and can only be ensured by means of global standards in international cooperation between industry and regulatory authorities.” Representative Michael McCaul, top Republican on the U.S. House Foreign Affairs Committee said Germany’s reluctance to ban Huawei was "jeopardizing its own national security and that of Europe's.”
US officials announce investigation of Lapsus$ cybergang.
The US Department of Homeland Security (DHS) on Friday announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with cyber-extortion group Lapsus$. “The CSRB will develop actionable recommendations for how organizations can protect themselves, their customers, and their employees in the face of these types of attacks” which will then be sent to US President Joe Biden, the announcement explains. As Bleeping Computer explains, Lapsus$ was found to be behind attacks on Microsoft, Nvidia, T-Mobile, Samsung, Uber, Vodafone, Ubisoft, Okta, and Mercado Libre, and several of the attacks resulted in the publication of stolen proprietary data and source code. CBS News notes that London Police earlier this year arrested seven individuals, many in their teens, believed to be connected to Lapsus$, and the US Federal Bureau of Investigation also announced it’s looking for intel on members of the gang connected to breaches of US organizations. DHS Secretary Alejandro Mayorkas explained, "With its review into Lapsus$, the Board will build on the lessons learned from its first review and share actionable recommendations to help the private and public sectors strengthen their cyber resilience."
US dismisses charges against Huawei CFO.
On Thursday US prosecutors asked to dismiss charges against Meng Wanzhou, the chief financial officer of Huawei Technologies, CBC News reports. The Huawei head struck a deal with the prosecutors last year for the charges against her to be dismissed on December 1, 2022, which marks four years from the date of her arrest in Canada on a US warrant. Meng was accused of bank fraud and other crimes for misleading global bank HSBC Holdings about Huawei's business in Iran in order to obtain banking services that would violate US sanctions. As part of her deal, Meng acknowledged that she had made false statements during a 2013 meeting with an HSBC executive. The dismissal marks the end of a case that negatively impacted China’s relationship with the US and brought Canada into the middle of the dispute. As the Register explains, China considered Canada's arrest of Meng a diplomatic affront, and Beijing’s later arrest of a pair of Canadian nationals accused of espionage was rumored to be payback. Though charges against Meng have been dropped, Huawei is still charged in the case and is accused of crimes including bank fraud, sanctions violations, and conspiracy to steal US trade secrets.