Cyber Week in Review: September 21, 2018
Here is a quick round-up of this week’s technology headlines and related stories you may have missed:
1. Are you deterred now? The Trump administration released a National Cyber Strategy, which it is billing as the first in fifteen years. The strategy identifies four pillars that will guide the administration’s cybersecurity efforts: protecting Americans and "the American way of life," promoting American prosperity, promoting and enforcing cyber norms (which the strategy calls "preserving peace through strength”), and advancing U.S. influence. Much of the strategy continues efforts under previous administrations to promote norms for cyberspace and internet freedom, and repeats existing Trump administration priorities, such as modernizing the U.S. government's IT infrastructure and enforcing the norms it promotes. As part of that enforcement effort, the strategy notes that the U.S. government will launch a Cyber Deterrence Initiative to “develop a collation and tailored strategies to ensure adversaries understand the consequences of their malicious behavior.” Expect more collective denunciations similar to those in the WannaCry and NotPetya cases.
2. If you’re not deterred, then we’ll defend forward. The Department of Defense (DoD) unveiled a summary of its new cyber strategy. Starting from the premise that it is “engaged in long-term strategic competition with Russia and China,” the strategy argues that the United States must maintain the ability to “fight and win wars” in cyberspace. Unlike the previous Pentagon cyber strategies under the Obama administration, this one is less risk-averse. It calls for the military to “defend forward” to “disrupt or halt malicious cyber activity at its source,” instead of stopping malicious traffic when it hits Pentagon networks. It also says DoD will “preempt, defeat or deter malicious cyber activity targeting U.S. critical infrastructure.” Writing for War on the Rocks, Nina Kollars and Jacqueline Schneider compare the new strategy to its 2015 counterpart, concluding that it moves the United States toward a “a mature, if aggressive, articulation of cyber defense for a nation.”
3. A plan with no name. The Chinese government has ordered state media to censor mentions of the Thousand Talents Plan, its flagship program for recruiting top scientist and entrepreneurial talent to relocate to China. Over the years, Beijing has made no secret of its desire to charm top Chinese talent to returning to China in order to contribute to the country’s development. However, the Thousand Talents Plan has long drawn scrutiny in the U.S. intelligence and law enforcement communities, which consider it a vector for espionage and intellectual property theft. In early August, police arrested Xiaoping Zheng, a Chinese-American engineer and Thousand Talents recruit, for stealing proprietary information from his employer, the General Electric. More than just bad press for Beijing, the case highlights the ways in which Beijing is reeling from growing suspicion of its intentions abroad.
4. Alexa, why does the EU not like us? In a press conference, EU Competition Commissioner Margrethe Vestager said she was conducting a preliminary antitrust investigation into Amazon’s role as both a retailer and a platform for the third-party merchants it competes with. As Amazon expands its own offerings, third-party sellers have worried that Amazon could use the sales data it collects about them to determine what products consumers want, and sell them itself at a lower price under its Amazon Basics line. The European Union has taken the lead in investigating the potential use of data by large corporations to gain an unfair advantage over competition. Last year, Ms. Vestager fined Google $2.9 billion over the way it uses search results to promote its product offerings over the competition.
5. A strongly worded note. Industry associations representing some of the world’s biggest tech companies such as Google, Salesforce, and Wipro are lobbying against a proposed data localization law in India. The proposed law is one of many recommendations the Telecom Regulatory Authority of India (TRAI) made in July, which would, among other things, bring EU General Data Protection Regulation-style rules to the world’s second largest country. In a letter to be sent to India’s information technology minister, the U.S. Information Technology Industry Council, techUK, and India’s NASSCOM express fears that it would “negatively impact the flow of foreign investments,” and “impact the business models of several Indian as well as global companies” by forcing them to increase spending on local infrastructure.