At a glance.
- Germany says money is no object when it comes to removal of Huawei equipment.
- Australian Cyber Security Centre pledges support for cyberattack victims.
- How the EU’s new tech laws will impact companies.
Germany says money is no object when it comes to removal of Huawei equipment.
Germany’s Interior Ministry is conducting an audit of the country’s 5G mobile network to determine what percentage of its components come from Chinese-based tech giants Huawei and ZTE. As the South China Morning Post explains, many other EU countries and the US have banned equipment from these two companies due to national security concerns. However, despite pressure from the US, Germany has chosen to avoid a full ban, instead announcing that all components considered “critical IT infrastructure” would require certification from authorities. There have been concerns that rooting out dangerous equipment and replacing it with non-Huawei or ZTE components could be cost-prohibitive, but Germany's Interior Minister, Nancy Faeser, says this will not impede the process. “We will prohibit components if they pose a serious security risk,” Faeser said. “The network operators will have to act and dismantle the components.”
Australian Cyber Security Centre pledges support for cyberattack victims.
Abigail Bradshaw, head of the Australian Cyber Security Centre (ACSC), is letting organizations know they can turn to the ACSC for support in the event of a cyberincident. Though the ACSC is not a regulator, the Australian Financial Review notes, it is the government’s lead responder to cyber incidents. Bradshaw urged organizations to join the agency’s threat intelligence sharing platform and cyber defense partnership program, which now boasts 140,000 members. The ACSC, which is under the Australian Signals Directorate (ASD), is offering this coordinated support to both civil and defense agencies as part of the whole-of-government resilience effort discussed in Australia’s recently released Defence Strategic Review. “We are not a regulator, so the primary purpose for the Australian Cyber Security Centre’s assistance is harm minimisation,” Bradshaw stated. “So any contact that we have from an entity, whether it’s a government entity or a private entity, our first priority is remediation and recovery of that entity, and then to use that advice to the extent possible to protect others who might be using the same system or vulnerable to the same threat actor.” She added that over the next four years the ASD will double in size and triple its offensive cyber capabilities. “We [the Signals Directorate] have a legal jurisdiction to disrupt cyber criminals where they emanate from offshore and AFP [Australian Federal Police] have similar jurisdiction onshore,” Kris Lovejoy, global security and resiliency leader at US tech advisory firm Kyndryl, says firms need to dedicate more resources to recovery. “It’s not just about security, it’s also about resilience, it’s about bouncing back once that happens…Invariably, organisations who have not prepared to recover are stuck…It’s not just about the proactive prevention, it’s also about the reaction.” His recommendations include backing up key support systems like usernames and passwords and devices that control key manufacturing or product systems.
How the EU’s new tech laws will impact companies.
The EU’s new tech rules, approved back in July, are set to take effect starting next week, and US tech giants like Meta and Apple are prepping for some sweeping changes. Aimed at regulating content and increasing competition, the new laws are considered the largest expansion in digital regulation in the West and come with the threat of fines for noncompliance. In late August new social media and search engine rules under the Digital Services Act will come into effect, and in early September the EU will determine which of tech services will fall under the competition rules of the Digital Markets Act. Martin Husovec, an associate professor of law at the London School of Economics, told the Wall Street Journal, “The key change is that big tech is losing its monopoly on how it designs services and interprets rules it sets for users.” In preparation, Apple is working on a way to allow users to install apps from non-Apple app stores, and Google is developing a new choice screen that will make it easier for users to select their browser.
Kent Walker, Google’s president of global affairs, stated, “More or less every different provision of these laws requires a process change, an architectural change, or both. Senior people across the company are focused on this.” No doubt the new rules’ financial penalties for noncompliance are a key motivator, and organizations found in violation of the online content rules could be fined up to 6% of global revenue. Repeated breach of the digital competition rules could cost a company a whopping 20% of revenue, and the EU has the power to force a non-compliant company to break up its operations. That said, officials admit enforcement could be difficult, and an additional 230 staff members will likely be needed to enforce the new laws alongside a newly established center in Seville, Spain tasked with analyzing the technical data companies will be reporting.