At a glance.
- EU's Data Act.
- Development of PRC's cyberespionage capabilities.
- New Zealand's Information Security Manual.
Proposed Data Act will regulate access to EU industrial data.
Last week, the European Commission released its proposal for the Data Act, a new regulation focused on giving stakeholders more control over their industrial data. By making the data more readily available for innovative use, the intent of the new law is to increase the value of such data and allow for more competitive pricing. As cyber/data/privacy insights explains, it’s predicted that the Data Act will add €270 billion to the GDP in the next six years. By clarifying who can create value from industrial data, the Data Act is to serve as a complement to the Data Governance Act, which outlines the processes for data sharing by companies. The proposal will now be discussed by the Council of the EU and the European Parliament, and once negotiations are completed, the Data Act will be immediately applicable in all EU member states.
China-linked malware Daxin hides communications in plain sight.
Cybersecurity researchers at Symantec have discovered a highly sophisticated China-linked malware called Daxin that allows threat actors to communicate across infected machines. What sets Daxin apart is its ability to hijack legitimate connections to camouflage its communications in normal network traffic. This stealthiness has allowed the malware to be deployed against global governments for the last decade without detection. Daxin is just the latest example of how, over the past ten years, China has become a leader in cyberwarfare, exploiting more zero-day vulnerabilities than any other nation. As the MIT Technology Review recounts, the country’s rise to cyber greatness has been led by President Xi Jinping, who restructured the nation’s military and intelligence agency to make cyber a main priority. At a congressional testimony discussing China’s cyber capabilities earlier this month, Harvard research fellow Winnona DeSombre stated that the nation’s “cyber defensive capabilities are able to detect many US operations—in some cases turning our own tools against us.”
New Zealand updates its Information Security Manual.
New Zealand’s Government Communications Security Bureau (GCSB) has just released the latest update to the New Zealand Information Security Manual (NZISM), a collection of cybersecurity best practices that aims to support “the clarification of governance requirements, role and authority of the chief and of senior executives, and further clarity on the principal assurance process – the certification and accreditation framework.” Used as a guide by all of the country’s government agencies, this is the manual’s first update since September 2020. KPMG Cyber Security Services partner Philip Whitmore explains, “NZISM is an important contribution, as it provides a technology neutral set of standards that all organizations can adopt to provide a good foundation for cyber security.” Security Brief outlines the NZISM’s evolution since it started out as the New Zealand Security of Information Technology policy in the 1990s. Notable additions in the most recent update include strategies for securing cloud services, an introduction to zero-trust policies, guidance on accepting action system vulnerability reports from the public, and guidance about the impact of quantum computing on cryptography.