At a glance.
- China calls for internet security barrier.
- Advice for companies to keep pace with federal privacy requirements.
- US considers establishment of a Cyber Force.
China calls for internet security barrier.
Chinese president Xi Jinping has ordered officials to establish a government-controlled "security barrier" around the country’s internet. In remarks given after a cybersecurity meeting in Beijing over the weekend, Xi stated, "Work must be done to forge a strong cybersecurity barrier and give full play to the role of information technology as a driving force for development. It is imperative to govern cyberspace, run websites and apps, and carry out online activities according to the law.” At the same event, Secretariat of the Communist Party of China Central Committee Cai Qi voiced his agreement with Xi’s orders, stating, "The Party's supervision over the internet must be maintained, and its overall leadership over the internet and information technology work strengthened.” Although the leaders’ speeches lacked specificity regarding what this security barrier would entail, the Register notes that the term brings to mind the Great Firewall, which refers to China’s history of censorship of online content that is foreign in origin or does not align with the principles of the Communist Party.
Advice for companies to keep pace with federal privacy requirements.
Earlier this month the White House released the National Cybersecurity Strategy Implementation Plan, and one of the pillars of this strategy is shifting responsibility for data security to corporations and developers, as opposed to customers and end users. This means companies will be required to adhere to tighter privacy policies, and the Federal News Network offers six steps organizations can take now to prepare for this transition, and much of it is connected to cloud computing. While cloud services provide obvious benefits for managing corporate data, organizations must consider whether they should allow cloud providers to own key management, or whether they should keep key management internal in order to maximize security. Internal key management also makes it easier to adhere to zero trust policies. When it comes to protecting data, key management backed by strong encryption algorithms is crucial. Immutable and centralized logging are also paramount, which means organizations should consider options beyond what public cloud providers can supply. Automation is one such option, because it allows for exponentially greater efficiency when it comes to security concerns like data classification, risk assessment, and policy enforcement. Anand Kashyap, CEO at Fortanix and author of the article, concludes, “While keeping workloads on-premises helps reduce risk, it may mean that an organization needs to catch up on the innovations that the cloud service providers have become known for. In my mind, however, reducing data security risk as much as possible trumps everything else.”
US considers establishment of a Cyber Force.
The US Senate is scheduled to begin talks on the 2024 National Defense Authorization Act this week, and one proposal calls for the Pentagon to consider the creation of a Cyber Force. As Air & Space Forces Magazine explains, the provision calls for an analysis of the armed forces’ current ability to meet the cyber requirements of combatant commands, including the recruitment of cyber operators. Questions include whether a completely separate cyber force should be established, or if it should be part of an existing military department, following the model for Space Force’s creation in 2019. The provision is the result of many lawmakers’ desire for more data on the issue in order to make an educated assessment. Some national security experts, like chairman of the House Armed Services Committee’s cyber, innovative technologies and information systems subcommittee Mike Gallagher, worry the establishment of an independent cyber force could increase bureaucracy. Supporters of an independent force feel it will better allow the nation to stay ahead of the evolving threat landscape. If passed, the Secretary of Defense would be required to enter into an agreement with the National Academy of Public Administration within sixty days, and the academy would be expected to deliver a report 210 days later.