from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: June 12, 2015

Kaspersky labs CFR Net Politics Cyber
Kaspersky labs CFR Net Politics Cyber

June 12, 2015

Kaspersky labs CFR Net Politics Cyber
Kaspersky labs CFR Net Politics Cyber
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

  • Kaspersky announced it was the victim of a recent cyber espionage campaign, where the intruders sought access to the company’s newest technologies. Eugene Kaspersky, the company’s CEO, baptized the attack “Duqu 2.0” after a strain of malware that previously infected industrial control systems and is believed to be related to Stuxnet, but refrained from attributing the attack. Wired’s Kim Zetter argues Israel is probably the culprit, which most experts agree made the original Duqu. While Duqu 2.0 infected Kaspersky, the security company says that the malware’s real purpose was likely to spy on the Iranian nuclear negotiations.
  • In the wake of last week’s data breach at the Office of Personnel Management, the Obama administration is receiving criticism for its unwillingness to publicly accuse China for the breach and failure to tighten the screws on Beijing. In response, a White House official on Tuesday explained the difficulty of attributing cyber activity. This attack in particular has brought cyber issues to the forefront of the political arena, rendering the topic a potential political liability for 2016 hopefuls. Democratic Party presidential candidate Martin O’Malley argues in Foreign Policy for improved cybersecurity measures and Republican hopeful Mike Huckabee threw caution to the wind and said he would "retaliate with strength."
  • Senate Majority Leader Mitch McConnell failed in his effort to attach cybersecurity legislation as an amendment to an annual defence spending bill. McConnell tried to use the OPM incident to rush the passage of the Cybersecurity Information Sharing Act (CISA), which incentivizes the two-way exchange of cyber threat indicators between government and the private sector. CISA is controversial with the privacy community, who argue that it lacks adequate civil liberties protections. While CISA has bipartisan support in the Senate, many Democrats and libertarian Republicans argued that the bill should be considered on its own.
  • The U.S. tech industry sent two high-profile letters to elected representatives this week. First, the Information Technology Industry Council and the Software and Information Industry association, whose members include Google, Apple, Facebook and IBM, called on the White House to oppose any legislative measures that would allow the FBI or NSA to gain lawful access to data by undermining encryption. Second, the CEOs of AT&T, IBM, Microsoft, Intel, and others urged the House of Representatives to grant President Obama "fast track" authority to finalize the negotiation of the Trans-Pacific Partnership. According to a letter obtained by the Washington Post, the CEOs argue that the TPP is required to remove the "digital trade barriers that constrain the ability of U.S. companies" to sell their wares in the Asia-Pacific region.
  • France’s data protection regulator claims that EU citizens’ right to be forgotten online applies to all search engine results, not only those in Europe. As a consequence of last year’s right to be forgotten ruling, Google and other search engines operating in Europe are required to comply with user requests to remove search results if the information is inaccurate, inadequate, irrelevant, or excessive. Since the ruling, Google has argued that it only needs to remove requests for its European sites, like in France or in Germany. The French data authority has requested that it remove data upon requests from its search results in other jurisdictions, and has given the search giant fifteen days to comply.