Last week, the US Senate approved the CISA or Cyber Security Information Sharing Act. Among the bill’s main provisions is a proposal to expand liability protections to companies that voluntarily share threat information with the government. The bill managed to evade a series of last minute privacy amendments, passing with strong bipartisan support in a 74–21 vote. Congress will now have to work to reconcile the differences between CISA and a similar, earlier version of the bill, the Protecting Cyber Networks Act, which passed the House in April. Once the two have been merged, the White House is expected to rubber stamp the finished product.
The New York Times has published an interesting piece on the issue of export controls on surveillance technology. Last month two men were fined by the US Department of Commerce for illegally exporting surveillance technology to Syria via an elaborate Middle East distribution network. The US has enacted specific bans on the export of American surveillance technology to both Syria and Iran, where it’s feared they can be deployed to crackdown on dissidents and opposition parties. But moves to introduce a wider licencing arrangement for the export of surveillance technology have been met with stiff resistance by the US tech sector. Other countries including Germany and Switzerland successfully passed mandatory licensing laws on the export of surveillance technology earlier this year, and in September the European Parliament agreed to a non-binding resolution calling for similar tech safeguards.
Japan’s Minister in charge of the Tokyo Olympic and Paralympic Games recently met with the head of the London Olympics organising committee, Sebastian Coe. The get-together aimed to share insights into the types of cyber-attacks tackled during the 2012 games and to communicate lessons learnt with the Tokyo 2020 organising committee. The meet follows the announcement that the Tokyo Metropolitan government will establish its own computer security incident response team (CSIRT) to assist in the protection of critical infrastructure in the lead-up to and during the games.
Chinese hackers behind the breach were motivated by a desire to understand how the US delivers health care, say insiders close to the investigation of the Anthem health insurance hack. The Chinese government has vowed to provide universal access to healthcare by 2020 but there’s widespread frustration domestically as to the quality, availability and cost of care. While Chinese intelligence agencies might have been interested in US government employee information, it’s believed that the theft of intellectual property and trade secrets was the main target for the infiltration. A US government official told the Financial Times, ‘Knowledge is power. How is it set up? What are they insuring? Why is this procedure covered but not that one? All of that is useful information.’
Last week Thai military chiefs publically called for the creation of a whole-of-government body to help ensure ‘cyber readiness’ at the national level. Special adviser to the permanent secretary for the Defence Ministry General Bunjerd Tientongdee warned that Thailand only maintained preparedness within the military and the Information and Communications Technology Ministry. Deputy chief of the Air Forces’ Cyber Warfare Division called for the creation of a ‘one-stop service’ to handle national cybersecurity issues. Earlier in the week Prime Minister General Prayut Chan-o-cha moved to distance Thailand’s military cyber set-up from the controversial ‘single gateway’ proposal after new questions were raised by the public surrounding the militaries involvement in domestic surveillance.