Anti-trust action and tech mergers. Twitter’s open access strategy. CISA’s 2023 goals. Japan plans a more assertive cyberstrategy.

Announcement

Join the Q4 Cybersecurity Analyst Call.

As 2022 comes to a close, join the CyberWire on Thursday, December 15th at 2PM EST, to take a look at exactly which developments and topics were the most important this year. Join Rick Howard, the CyberWire's Chief Analyst, and our VP Editor, John Petrik for an insightful discussion about the events from this year that materially impacted your career, the organizations you're responsible for, and the daily lives of people all over the world. This live event is typically a CyberWire Pro exclusive, but will be open to all readers and listeners. Be sure to submit questions and/or topics with your registration. Register now.

Summary

By the CyberWire staff

At a glance.

Anti-trust action puts the brakes on tech mergers.
Twitter’s open access strategy could backfire.
CISA’s goals for the new year include launch of corporate responsibility subcommittee.
Japan submits plans for more aggressive cyberstrategy.

Anti-trust action puts the brakes on tech mergers.

The US Federal Trade Commission (FTC) has decided to block Microsoft’s plans to purchase video game company Activision Blizzard, stating the deal would harm competition. The FTC noted that Microsoft has a history of acquiring game companies and curbing competition by withholding content from rivals. Holly Vedova, director of the FTC's Bureau of Competition, explained, "Today we seek to stop Microsoft from gaining control over a leading independent game studio and using it to harm competition in multiple dynamic and fast-growing gaming markets." Experts say the decision could have repercussions for future deals of a similar nature. William Kovacic, a former FTC chair and current law professor at George Washington University told S&P Global, "It does indeed mean that if you are a large tech enterprise and you seek to carry out a transaction, you are going to face close scrutiny from the FTC. This is the most important instance to date where the FTC has sought to fulfill its promise to enforce merger policy more aggressively. This is the biggest test to date of their efforts." The FTC must now provide proof of harm, but it’s possible the deal could go through if Microsoft can demonstrate it has safeguards in place.

Meanwhile, sources say antitrust regulators will be launching a larger investigation into the proposed $61 billion acquisition of cloud computing company VMware by US chip-maker Broadcom. Reuters explains that the deal would be the second-largest globally this year, and Broadcom met earlier this week with European Commission officials, whose initial review of the purchase is set to close in December. The company was hoping cloud computing competition from bigwigs like Amazon and Microsoft would convince the EU to allow the deal to continue as planned, but some insiders have warned that the purchase could lead to massive price increases and other issues for customers.

Twitter’s open access strategy could backfire.

Following his recent purchase of Twitter, Elon Musk has made the controversial decision in recent days to give select reporters insider access in order to expose what Musk views as evidence that the social media giant was mishandling its content moderation. Dubbed the Twitter Files, the data dumps have, in most experts’ opinions, revealed little surprising information about Twitter’s innerworkings, and by opening the door to journalists, Musk might have done himself more harm than good. A spokesperson for Ireland’s Data Protection Commission (DPC), Twitter’s lead data protection regulator in the EU, told TechCrunch that the DPC has asked Twitter for more details on this outsider access. “The DPC has been in contact with Twitter this morning. We are engaging with Twitter on the matter to establish further details,” the spokesperson stated. As well, former Facebook CISO Alex Stamos says that a Twitter thread posted yesterday by one of the reporters given access by Musk “should be enough for the FTC to open an investigation of the consent decree.” The FTC decree he references was established in 2011 and is connected to allegations that Twitter misrepresented the “security and privacy” of user data over several years.

CISA’s goals for the new year include launch of corporate responsibility subcommittee.

As we previously noted, last week the US Cybersecurity and Infrastructure Security Agency (CISA) held the last quarterly meeting of the Cybersecurity Advisory Committee (CSAC) of the year to discuss the group’s strategic goals going into 2023. Meritalk reports that CISA Director Jen Easterly has asked the CSAC to establish a new subcommittee focused on corporate cyber responsibility. The move would be part of CISA’s efforts to ramp up its cyber “civil defense” capacity. During last week’s meeting, Easterly explained the strategic approach to sustainable cybersecurity “includes a technology ecosystem that is secure by design and by default,” and that corporate responsibility on the security front is an important element of that approach. Easterly stated, “It’s essential that the CSAC does focus on how industry effectively manages cybersecurity risks. It’s really about what tech companies and software providers have to do to move away from technology superhighways that have become unsafe [and] can decrease safer products and stop placing the burden of security on consumers.” Easterly also stated that the Transforming the Cyber Workforce Subcommittee will be working on developing a cyber talent management ecosystem that supports a people-first culture. In addition, the Turning the Corner on Cyber Hygiene Subcommittee will focus on providing support to target-rich cyber core sectors like oil and water facilities and small businesses, and the Protecting Critical Infrastructure from MDM information Subcommittee will work to ensure election officials across the country have the support to defend the security and resilience of the nation’s election infrastructure.

Japan submits plans for more aggressive cyberstrategy.

According to proposed National Security Strategy revisions submitted on Saturday, the Japanese government will be given “counterstrike capability,” which will allow officials to monitor the activities of potential attackers and launch defensive cyberattacks if signs of a potential risk are detected. Nikkei Asia explains that under current laws, such actions can’t be taken unless there’s an emergency warranting the deployment of Japanese defensive military forces, and previous Cabinets have said Japan has no need for a counterstrike capability as it relies on ally the US for defense. If approved, the revisions would be the first changes made since the National Security Strategy was established in December 2013, and could mark a shift to more assertive stance for Japan's cyber defense. As the Japan Times notes, the move comes as North Korea ramps up its nuclear program and China beefs up its military forces. The revisions are poised to be approved by the cabinet before the end of the month.

Selected Reading

Taiwan weighing nationwide ban on TikTok (Taiwan News) Inter-ministerial meeting slated for this month to discuss banning TikTok | 2022-12-12 12:19:00

Japan to upgrade cyber defense, allowing preemptive measures (Nikkei Asia) Revised National Security Strategy to open doors for proactive response

Japan to include 'counterstrike capability in key security documents (The Japan Times) Tokyo will pledge in the documents to continue "to commit to its exclusively self-defense-oriented security policy" and "to not become a military power."

As wiretap claims rattle government, Greece bans spyware (AP NEWS) Lawmakers in Greece on Friday approved legislation banning commercial spyware and reforming rules for legally-sanctioned wiretaps following allegations that senior government officials and journalists had been targeted by shadowy surveillance software.

The Autocrat in Your iPhone (Foreign Affairs) How mercenary spyware threatens democracy.

WhatsApp could abandon UK if government bans E2E encryption (Computing) Meta-owned WhatsApp is willing to see its messaging app blocked in the UK rather than weaken its encryption.

Vietnam to block ads on 'toxic' online content in further crackdown (Nikkei Asia) State's blacklist may affect Facebook and YouTube users as well as TikTok stars

Senate Passes Senators Hassan and Portman’s Bipart... | U.S. Senator Maggie Hassan of New Hampshire (Maggie Hassan) WASHINGTON – Today the U.S. Senate passed Senators Maggie Hassan (D-NH) and Rob Portman’s (R-OH)...

Solarium leader Gallagher tapped to lead China select committee; new GOP chairs named for two House panels with cyber roles (Inside Cybersecurity) Rep. Mike Gallagher (R-WI), a co-chair of the Cyberspace Solarium Commission, will lead a new panel focused on security and economic challenges posed by China, as House Republicans continue sorting through committee leadership assignments for the incoming 118th Congress.

CISA Director Eyes Cyber ‘Civil Defense’ Capacity, 2023 Goals (Meritalk) Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly wants the agency’s Cybersecurity Advisory Committee (CSAC) to stand up a new subcommittee focused on corporate cyber responsibility as part of a move to build a cyber “civil defense” capacity.

Stakeholders want more than AI Bill of Rights guidance | TechTarget (CIO) The White House's AI Bill of Rights provides ethical AI adoption guidance to federal agencies and companies, but still lacks enforceability.

Opinion Democrats and Republicans agree on this tech privacy bill. But can it pass? (Washington Post) With Republicans poised to take over the House next year, a divided Congress looms. The result could be two years of partisan strife and gridlock. But between the GOP investigations and other legislative fireworks to come, there might be room to get a few things done — if lawmakers are willing to accept success.

U.S. Targets Chinese Fishing Vessels, Russian Detention Camps, With Human-Rights Sanctions (Wall Street Journal) The U.S. on Friday imposed a swath of sanctions targeting corruption and human-rights abuses in Russia, China and elsewhere, including on a network of China-based fishing vessels officials said were involved in alleged illegal fishing throughout the Pacific.

How US police use counterterrorism money to buy spy tech (MIT Technology Review) A new report shows that federal aid from FEMA is often used to buy surveillance equipment, without the public knowing much about it

FTC's block of Microsoft's Activision acquisition could thwart other tech deals (S&P Global) The agency argues that Xbox would gain control of top video game franchises, enabling it to harm competition in high-performance gaming consoles and subscription services by denying or degrading rivals' access to its popular content.

Broadcom faces EU antitrust probe into $61 bln VMware deal - sources (Reuters) U.S. chipmaker Broadcom is set to face a setback in its $61 billion bid for cloud computing company VMware with EU antitrust regulators poised to open a full-scale investigation into the deal, people familiar with the matter said.