At a glance.
- US CyberCom head endorses recent “hunt forward” missions.
- Ireland yields regulatory authority to European Commission under the DSA.
- Indian VPN providers required to store user data for at least five years.
- Biden signs executive order on quantum tech.
US CyberCom head endorses recent “hunt forward” missions.
In a speech given during a Vanderbilt University conference on Tuesday, National Security Agency (NSA) Director and US Cyber Command head General Paul Nakasone disclosed that CyberCom has carried out nine “hunt forward” missions this year in other countries. Nakasone explained, “These are countries that have asked for our assistance, deploying our defensive teams for being able to identify malware and tradecraft our adversaries were using and then sharing that broadly with a commercial provider.” CyberScoop explains that the General’s disclosure supports CyberCom’s recent endorsement of persistent engagement and Nakasone’s “defend forward” strategy. He stated that the US’s cyber support of Ukraine has also been built on his “continual action” philosophy, with a Cyber National Mission Force hunt-forward team traveling to the country in December. He also laid to rest arguments that Russia has levied little cyberaggression against Ukraine during the invasion. “This idea that nothing has happened is not right/ There have been destructive attacks, a series of infrastructure attacks [where] satellite communications have been targeted,” he said. At the same event, NSA Director of Cybersecurity Rob Joyce supported Nakasone’s claims, stating, “There was some really, extra-unethical cyber pressure brought to Ukrainian internet networks by Russia.”
Ireland yields regulatory authority to European Commission under the DSA.
The EU’s new Digital Services Act (DSA) gives the European Commission authority over the bloc’s cyber regulation, meaning Ireland’s Data Protection Commission (DPC) will no longer claim the status of the region’s main privacy watchdog. The Irish DPC oversaw the regulation of the many tech giants that chose to settle in Ireland due to its tax benefits, but over the years the Irish DPC has been accused of being too lax when it comes to investigating and penalizing violations of the General Data Protection Regulation (GDPR). According to the Irish Council for Civil Liberties, the DPC has delivered decisions in only 2% of EU-wide cases since the GDPR came into effect. Paul-Olivier Dehaye, founder of Swiss online privacy nonprofit Personal Data, told CNBC, “Ireland remains a severe roadblock for GDPR enforcement.” (The DPC refutes these claims, stating that recent reports including an independent audit demonstrate the commission’s performance.) An early draft of the DSA put individual member states in charge of enforcing violations, but EU members, worried this would slow the regulatory process, pushed for the European Commission to take on this responsibility. An Irish DPC spokesperson says that while the European Commission will serve as the main authority for “systemic” companies like Meta and Google, which have millions of users across the EU, Ireland and other EU members will still play an integral part in regulation as they “will be responsible for all other obligations in the DSA.”
Indian VPN providers required to store user data for at least five years.
India’s Ministry of Electronics and Information Technology (MeitY) and Computer Emergency Response Team India (CERT-In) have announced that they will require VPS and VPN service providers, intermediaries, and crypto exchanges to maintain user data (even for canceled subscriptions) for at least five years in order to “coordinate response activities as well as emergency measures with respect to cyber security incidents.” Providers will also be required to designate a Point of Contact for communicating with CERT-In. The new rules will come into effect in July, and companies found in non-compliance will face punitive action. NEWS9LIVE explains that many users rely on VPN services because they provide a shield of privacy, but the new rules will force providers to switch to storage servers, essentially lowering that shield while increasing prices for subscribers.
Biden signs executive order on quantum tech.
US President Joe Biden yesterday issued an executive order on “Enhancing the National Quantum Initiative Advisory Committee,” measures focused on advancing quantum technology in the US while also boosting the nation’s cybersecurity defenses against quantum supercomputers. Reuters explains, the National Quantum Initiative Advisory Committee is the government's independent expert advisory body for quantum tech, and the EO puts the committee directly under the authority of the White House. "The presidential directives being released will help us balance the scientific and economic imperatives to move fast with our obligation to protect our people, communications and investments," the senior White House official stated.
Kent Landfield, Chief Standards and Technology Policy Strategist at Trellix (formerly McAfee Enterprise and FireEye):
“We are pleased to see the White House issue an Executive Order and National Security Memorandum defining the challenges we face with the development of quantum computing technology. Specifying the steps the government will take to protect our nation’s critical infrastructure and communications is vital. This is not a run-of-the-mill 15-year crypto transition. The national security implications are too great. We have been proponents of NIST’s efforts on the transition to post-quantum crypto for quite a while, and it is good to see many of our original recommendations being incorporated into today’s national directions.”