NTIA needs to “upgrade its privacy practices to protect the personal information of US users,” Sen. Ron Wyden, D-Ore., and Rep. Anna Eshoo, D-Calif., wrote the agency Wednesday with several other members. They claim NTIA hasn’t updated its privacy guidelines for contractors handling domain registration information since at least 2005. “The automatic public disclosure of users’ personal information puts them at enhanced risk for becoming victims of identity theft, spamming, spoofing, doxxing, online harassment, and even physical harm,” they wrote. They recommended requiring affirmative consent for the transfer of user data to third parties, warrants for agencies requesting data and alerts for users when foreign adversaries like Russia and China access information. NTIA didn’t comment.
Russia export controls and sanctions
The use of export controls and sanctions on Russia has surged since the country's invasion of Crimea in 2014, and especially its invasion of Ukraine in in February 2022. Similar export controls and sanctions have been imposed by U.S. allies, including the EU, U.K. and Japan. The following is a listing of recent articles in Export Compliance Daily on export controls and sanctions imposed on Russia:
The House voted 361-69 Tuesday to pass the Russia Cryptocurrency Transparency Act (HR-7338), Securing Global Telecommunications Act (HR-8503) and Countering Untrusted Telecommunications Abroad Act (HR-8520) as part of an en bloc package. The three measures originated in the Foreign Affairs Committee and mandate new State Department actions on cryptocurrency and telecom security matters (see 2209190058).
The FCC expanded its list of "covered" equipment suppliers -- deemed to present security concerns -- adding Chinese companies PacNet/ComNet and China Unicom (Americas) Tuesday. That brings the number on the list to 10, all Chinese except for Russia’s AO Kaspersky Lab. Additions were last made in March (see 2203250067). Both companies “have been determined by Executive Branch interagency bodies to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons,” said a Public Safety Bureau notice. The Chinese government’s “majority ownership and control of PacNet and its wholly-owned subsidiary ComNet … combined with Chinese intelligence and cybersecurity laws, raise concerns that PacNet/ComNet will be forced to comply with Chinese government requests for communications intercepts, without the ability to challenge such requests,” the bureau said: “The Executive Branch entities have determined that services provided by China Unicom associated with its international section 214 authorization pose a substantial and unacceptable risks to the national security of the United States and its people.”
The House was to vote as soon as Monday night on three telecom and cryptocurrency bills from the Foreign Affairs Committee under suspension of the rules: the Russia Cryptocurrency Transparency Act (HR-7338), Securing Global Telecommunications Act (HR-8503) and Countering Untrusted Telecommunications Abroad Act (HR-8520). HR-7338 would require the State Department to appoint a digital currency security director within the Office of Economic Sanctions Policy and Implementation to assist in developing sanctions enforcement mechanisms resilient to malevolent actors’ use of digital currencies. The measure would also require the department to notify Congress when it pays out rewards in cryptocurrencies. HR-8503 would require State to develop a comprehensive strategy to promote trusted vendors of critical telecom infrastructure components. It also orders a report to Congress on Chinese and Russian efforts to advance their interests at the ITU. HR-8520 would require publicly traded companies to disclose whether they contracted to use untrusted telecom equipment or services. It would also direct the State Department to report on U.S. collective defense allies using untrusted telecom equipment or services in their 5G networks.
Additional money to fully fund the FCC’s Secure and Trusted Communications Networks Reimbursement Program and a short-term extension of the FCC’s expiring spectrum auction authority both remain under consideration as additions to a planned continuing resolution to extend federal appropriations past Sept. 30, but talks remain highly fluid, lawmakers and lobbyists told us last week. Senate Commerce Committee ranking member Roger Wicker, R-Miss., Communications Subcommittee Chairman Ben Ray Lujan, D-N.M., and other committee leaders left open the possibility of a short-term auction authority renewal as a stopgap, telling us they hadn’t reached a deal during the August recess on a broader spectrum legislative package.
The U.K. and Ukraine began talks on a new digital trade agreement during a meeting Tuesday between British Trade Secretary Anne-Marie Trevelyan and Ukraine's First Deputy Prime Minister Yuliia Svyrydenko. The agreement will seek to drop barriers to digital trade in a bid to boost Ukrainian jobs following Russia’s invasion, said the U.K. Department for International Trade Wednesday. The U.K. decided earlier to eliminate import tariffs on all goods from Ukraine.
A new report by the President’s National Security Telecommunications Advisory Committee (NSTAC) says the Cybersecurity and Infrastructure Security Agency should require all federal agencies to maintain real-time inventories of all operational technology (OT) devices, software systems and other assets they use. NSTAC approved the recommendation as part of a report on “Information Technology and Operational Technology Convergence” during a meeting by telephone Tuesday. DOD already is required to maintain a similar inventory.
ASPEN, Colo. -- Governments’ prioritization of data localization turns out to be a bad idea in times of crisis, with vital government data one of the early Russian targets in its invasion of Ukraine, tech security experts said Tuesday at the Technology Policy Institute’s Aspen Forum. A panel on Ukrainian connectivity focused repeatedly on the need for rebuilding the country's communications networks to use providers not controlled by authoritarian regimes. Ruth Berry, acting deputy assistant secretary, State Department's Bureau of Cyberspace and Digital Policy, said there's wide agreement there's not enough diversity and resilience in the telecom network supply chain, which is why Open RAN is such an imperative.
Nearly seven in 10 cybersecurity professionals cite an increasing number of cyberattacks since Russia invaded Ukraine in late February, reported VMware Monday. The company canvassed 125 “incident responders” in June, finding two out of three reporting “malicious deepfakes” used as part of an attack, a 13% increase from last year, “with email as the top delivery method,” it said. Deepfake attacks use AI to create realistic video and audio content to trick victims into disclosing sensitive information. VMware said “burnout” among cybersecurity professionals “remains a critical issue.” Slightly fewer than half of respondents reported having experienced burnout or extreme stress in the past 12 months, down slightly from 51% in a similar survey last year, it said: “Of this group, 69% (versus 65% in 2021) of respondents have considered leaving their job as a result.”
With 90% of the world’s semiconductor manufacturing capacity in Taiwan, mobile carriers need a plan of action if China invades the island nation, Strand Consult said in a Tuesday report. “China is not the same country it was 10 years ago, and Taiwan … has geopolitical significance,” Strand said: “Just as Russia exploits Europe’s dependence on gas, China will exploit the world’s dependence on its information technology industry. Just as Russia threatens to turn off the gas, China can also turn the screws with its IT products and services.”