At a glance.
- Nepal passes new cybersecurity policy.
- Could Japan’s active cyber defense initiatives violate the constitution?
- US Senate holds K-12 school cybersecurity summit.
- UK preps for curbing investment in Chinese equipment.
Nepal passes new cybersecurity policy.
Khabarhub offers a closer look at Nepal’s National Cyber Security Policy 2023, passed earlier this month. The measure details forthcoming strategies for the public and private sectors and offers an overview of the current state of Nepalese cybersecurity. Previously, Nepal addressed cybercrime in accordance with the Electronic Transactions Act, 2063BS (2008). Since that legislation was passed, cyberincidents have increased at an unprecedented rate, with the cyber bureau receiving over 16,000 complaints over the past four years.
Attacks have highlighted weaknesses in Nepal’s cybersecurity infrastructure and led to disruptions at government offices. The new policy aims to better address emerging threats and adopts a multi-stakeholder approach which, the writer explains, “entails embracing fundamental principles such as an open and secure internet, safeguarding individual privacy, upholding credibility, neutrality, accountability, interoperability, and partnership.” As well, the new strategy calls for the establishment of the Cyber Security Center, an entity dedicated to maximizing the effectiveness of the policy’s initiatives.
Could Japan’s active cyber defense initiatives violate the constitution?
In an editorial in the Mainichi, the author posits that if the Japanese government implements countermeasures to protect itself from foreign cyberattacks, it could violate communications privacy rights guaranteed under the constitution. An expert panel has said the government is considering "active cyber defense" initiatives that would require companies that have suffered cyberattacks to submit details about the incidents and allow the government to infiltrate their networks to eliminate threats. The author suggests that if this intel is intercepted by bad actors, it could undermine national security. Also, forcing companies to share data on users could be a violation of Article 21 of the Japanese Constitution, which states "No censorship shall be maintained, nor shall the secrecy of any means of communication be violated."
US Senate holds K-12 school cybersecurity summit.
US K-12 schools continue to be pummeled with cyberattacks, and officials are focused on helping these institutions protect themselves. Yesterday the Senate Subcommittee on Emerging Threats and Spending Oversight held a field roundtable in the state of New Hampshire aimed at improving government collaboration with the education sector. Senator Maggie Hassan, a Democrat from New Hampshire, served as chair, and attendees included representatives from the Cybersecurity and Infrastructure Security Agency (CISA), officials from the State of New Hampshire Department of Information Technology, and school board members.
Senator Hassan stated, "As we prepare for the new school year, it's an important time to take a look at the cybersecurity of our school systems.” WMUR reports that representatives from the Secret Service were also in attendance to discuss special training the law enforcement agency can provide to learning institutions at no cost. Schools have limited resources to put toward cybersecurity, and Richard Rossi, New Hampshire’s CISA cybersecurity advisor, explained why investing in cybersecurity is key. "Forty-eight percent of schools were putting less than 2% of their IT budget toward cybersecurity, and 12% weren't dedicating anything to cybersecurity," Rossi said. "Obviously, that's not a tenable solution." Rossi and his team have been conducting on-site cybersecurity assessments to identify the threats and vulnerabilities plaguing New Hampshire schools. Rossi stated, "We take a look at where a district is [and] work with them where they're at instead of where they should be, and help get them on a roadmap to progress them towards a more secure posture." Nextgov.com notes that earlier this month the White House hosted its first federal summit focused on school cybersecurity. At the gathering, several initiatives were unveiled, including a CISA program aimed at providing K-12 schools with new cybersecurity training and exercises, and a $20 million grant program with Amazon Web Services to provide schools with cyber incident response assistance.
UK preps for curbing investment in Chinese equipment.
As the British government considers following in Washington’s footsteps by cracking down on tech connections with China, UK officials are asking private firms about their investments. As Politico explains, British companies have been asked to complete a survey “designed to build a collective understanding" of investment flows “in sensitive sectors.” While the government’s interest in Chinese investments is no secret, the survey also aims to learn about investment in various countries including Australia, Bermuda, Canada, Hong Kong, Mexico, and the US. The British government recently pledged to “more closely align” with the US on policies preventing the export of tech equipment to China, and just last week US President Joe Biden issued an executive order regulating such investments. While British officials have stated they plan to curb investment into China's semiconductor, artificial intelligence, and quantum computing technology, officials must also consider how such curbs might impact the British economy. Some firms are worried the government might cast too wide a net and impose restrictions that could damage money flows. One source stated that while companies are “not sitting here thinking we can stop everything, or think things are going to go back to the way they were,” they are “approaching it with extreme trepidation.”