Cyber Week in Review: January 28, 2022

Biden administration announces new cybersecurity controls for federal agencies, move to zero trust 

The Biden administration released a new cybersecurity strategy to protect federal agencies against cybersecurity threats. The strategy expands on an executive order signed by President Joe Biden in May 2021 which outlined a move towards the concept of “zero-trust” in government technology infrastructure. Cybersecurity in federal agencies and the private sector companies they work with has been a priority in the aftermath of the attacks against technology vendor SolarWinds in 2020, which allowed Russian hackers to compromise the networks of federal agencies. The new strategy outlines a shift towards multi-factor authentication and other access controls along with an increased emphasis on ensuring that devices used in federal agencies meet standards set by the Cybersecurity and Infrastructure Security Agency. Agencies have sixty days to outline their plans to implement the new strategy and are expected to conform to the new standards by the end of fiscal year 2024. 

“Cyber Partisans” launch cyberattacks against Belarusian railways 

The Cyber Partisans, a group of pro-democracy Belarusian hackers, claim to have breached the Belarusian Railway’s computer network on January 24. The group encrypted the state-owned railway’s servers, databases, and workstations, demanding that the government bar the presence of the Russian military in Belarus and release fifty political prisoners needing medical attention. Russian troops entered the country last week to conduct joint military exercises in the wake of heightened tensions with Ukraine and threats of a Russian invasion. The Cyber Partisans have targeted President Alexander Lukashenko’s regime since Lukashenko’s disputed reelection in September 2020, and have released data on state officials, spies, police informants, and government wiretapping. After their claims were met with skepticism by some security researchers, Cyber Partisans released further details from the compromise of the railway system in an attempt to verify that the attack had taken place. 

Red Cross cyberattack compromises the data of over five hundred thousand people 

A cyberattack on the International Committee of the Red Cross (Red Cross) exposed the data of over five hundred thousand vulnerable migrants and asylum seekers last Friday. The data stolen came from the Restoring Family Links service, which the Red Cross uses to reunite families displaced by conflict, migration, and natural disasters and is hosted on external servers. The Red Cross has asked the hackers responsible to avoid misusing the data, and the director-general made a formal appeal saying, “Your actions could potentially cause yet more harm and pain to those who have already endured untold suffering… Please do the right thing. Do not share, sell, leak or otherwise use this data.”  

Biden administration threatens export controls on Russia’s strategic industries, including tech 

The Biden administration threatened aggressive new sanctions against the Russian Federation should the Russian military invade Ukraine. In particular, the White House warned that new export control laws, specifically an adjustment of the foreign direct product rule, could cut Russian companies off from important suppliers. The export controls will likely be felt most acutely in the technology sector, where Russian companies are reliant on semiconductor imports from companies like Intel. In addition, U.S. officials have said that the controls will target industries that Putin favors, such as civil aviation, defense, and high technology, and that the United States would also pursue Putin’s personal assets.  

China’s Ministry of Industry and Information Technology pledges support for SME innovation in Metaverse and other emerging fields 

On January 24, China’s Ministry of Industry and Information Technology (MIIT) held a press conference pledging support for the digital transformation of small- and medium-sized enterprises (SMEs). At the conference, MIIT leaders referenced a variety of strategies intended to bolster SME development, including investment and financing programs, subsidized research and development, and “maintaining competition” through the continued suppression of monopolistic actors. The MIIT elaborated that it hopes its emphasis on SMEs will enable the success of “little giants” in the emerging fields of metaverse development, blockchain, and artificial intelligence. As Beijing moves to regulate big tech, it is also stressing that the innovative capabilities of SMEs are an important tool in the continued competition with the United State over emerging technologies.