Friday Five: Biden’s Cybersecurity Strategy, CISA’s Warnings, & Chinese Cyber Threats
In this week’s Friday Five, catch up on the latest warnings from CISA, the Biden Administration’s new cybersecurity strategy, the actions of Chinese-backed hackers, and much more.
WHITE HOUSE RELEASES NEW U.S. NATIONAL CYBERSECURITY STRATEGY BY SERGIU GATLAN
The Biden administration released its national cybersecurity plan this past week that focuses on shifting the responsibility of defending the country's cyberspace towards the most capable software vendors and service providers. According to President Biden himself, "We must rebalance the responsibility to defend cyberspace by shifting the burden for cybersecurity away from individuals, small businesses, and local governments, and onto the organizations that are most capable and best-positioned to reduce risks for all of us." Read more about the details of Biden's plan and who will be seen as the nation's top cybersecurity threats moving forward.
CISA SOUNDS ALARM ON CYBERSECURITY THREATS AMID RUSSIA'S INVASION ANNIVERSARY BY RAVIE LAKSHMANAN
With the one-year anniversary of Russia's military invasion of Ukraine coming and going this past week, CISA urged organizations and individuals to increase their cyber vigilance, warning that "the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord." The Computer Emergency Response Team of Ukraine (CERT-UA) revealed that Russian nation-state hackers breached government websites and planted backdoors as far back as December 2021, prompting CISA to release their warning and recommend that organizations implement cybersecurity best practices, increase preparedness, and take proactive steps to reduce the likelihood and impact of distributed denial-of-service (DDoS) attacks.
CHINA IS RELENTLESSLY HACKING ITS NEIGHBORS BY MATT BURGESS
According to a recent cybersecurity alert, hackers working on behalf of China were stealing thousands of emails and sensitive details from the Association of Southeast Asian Nations (ASEAN), an intergovernmental body made up of 10 Southeast Asian countries, including Singapore, Malaysia, and Thailand. The attackers reportedly stole more than 10,000 emails in the cyberespionage campaign, making up more than 30 GB of data. Read more about ASEAN, the motives behind the hacks, what may have been compromised, and what China's neighboring countries are doing to prevent future attacks in the full story from Wired.
CISA DIRECTOR URGES TECH SECTOR TO STOP SHIPPING UNSAFE PRODUCTS BY CHRISTIAN VASQUEZ
Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, called on technology companies to take greater responsibility for the cybersecurity of their products, claiming that “as we’ve integrated technology into nearly every facet in our lives, we’ve unwittingly come to accept as normal that such technology is dangerous by design.” As an example, Easterly cites Americans' willingness to constantly update their personal devices' software, saying that “the burden is placed on you as the user and that’s what we have to collectively stop.” Read more about how the current norms could negatively impact U.S. policy and public opinion in the future if not addressed.
WHITE HOUSE TO OFFICIALLY BAN TIKTOK FROM GOVERNMENT DEVICES WITHIN 30 DAYS BY CHRIS RIOTTA
According to new guidance released by the Office of Management and Budget this past week, TikTok must be removed from all government-issued devices and information technology infrastructure within 30 days due to privacy ad security concerns. Additionally, agencies reportedly must include contractual language banning the use of the app on all devices within 90 days. This change comes after TikTok COO Vanessa Pappas' congressional testimony this past September and only months before TikTok CEO Shou Zi Chew's testimony this month.