CyberJudicata Weekly Debrief (2/10–14)
This week's Weekly Debrief covers a variety of topics, including CISA's election security role, lessons learned from the Equifax breach, Huawei charged with stealing trade secrets, phishing, a Senate bill that would create a US data protection agency, and a Federal privacy bill might be around the corner.
"Officials from the Cybersecurity and Infrastructure Security Agency often describe their role in election security as helping to coordinate and advise the larger ecosystem of election stakeholders. In a newly released strategic plan, the agency lays out its strategy for protecting the 2020 elections by largely leaning into that facilitator role, breaking down its coordination activities across four lines of effort: elections infrastructure, campaigns and political infrastructure, the American electorate and warning and response."
"Time for a fresh edition of "learn from how others get breached" focusing on Equifax. The goal here is not blame, but rather to highlight specific missteps by an organization so that others can avoid making the same mistakes, hopefully making them less likely to fall victim to attacks."
"Last month, SpaceX became the operator of the world’s largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade. This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, U.K.-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months."
"The US Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI) charged Huawei with racketeering and conspiring to steal trade secrets from six US firms, in a significant escalation of a lawsuit against the Chinese telecom giant that began last year. Accusing Huawei and its affiliates of "using fraud and deception to misappropriate sophisticated technology from US counterparts," the new charges allege the company of offering bonuses to employees who obtained "confidential information" from its competitors."
"Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment."
"Europe’s data protection laws are some of the strictest in the world, and have long been a thorn in the side of the data-guzzling Silicon Valley tech giants since they colonized vast swathes of the internet. Two decades later, one Democratic senator wants to bring many of those concepts to the United States."
"We’ve seen a shift in attitudes regarding the prospects of a federal privacy bill. The Business Roundtable supports a federal privacy bill and the U.S. Chamber of Commerce has recognized that federal inaction has led states to fill the gaps.With privacy bills being debated in many states, there is a risk that 50 different “comprehensive” and conflicting privacy regimes could make conducting business on a nationwide basis extremely challenging. The solution would be a comprehensive federal bill that preempts state law."
. . .