The FCC’s 5-0 vote last year to deny China Mobile an application to enter the U.S. market (see 1905090039) and subsequent actions reflect the U.S. “whole of government” approach to 5G security, Chairman Ajit Pai said Friday in a speech at CyFy 2020. “This decision was made after a lengthy Executive Branch review of the application and consultation with the U.S. intelligence community,” Pai said: “This is one of many examples of how we are working across the entire U.S. government to tackle the real and documented dangers posed by insecure networks.” Pai stressed the importance of open radio access networks and said “international cooperation is critical if we are to protect our 5G infrastructure.” The FCC International Bureau sent letters to DOJ asking that the Committee for the Assessment of Foreign Participation in the U.S. Telecom Services Sector address arguments by China Unicom Americas, Pacific Networks and ComNet on why the FCC shouldn’t begin a proceeding to revoke and terminate their domestic and international authorizations. The letters (see here and here) were listed in Friday’s Daily Digest. China Unicom Americas argues it's “not subject to the exploitation, influence, or control of the Chinese government for a number of reasons,” and “none of the company’s senior management or board members [were] appointed by the Chinese government,” the bureau said: Pacific Networks and ComNet contend “neither Company has been asked by the Chinese government or the Chinese Communist Party to take any action that would ‘jeopardize the national security and law enforcement interests of the United States’ or would suggest that the Companies are vulnerable ‘to the exploitation, influence, and control of the Chinese government.’”
Thousands of K-12 students were affected by 99 reported data breaches July 2016 to May 2020, GAO said Thursday. Fifty-eight involved academic records, “including assessment scores and special education records,” GAO said. Data including personally identifiable information like Social Security numbers was in 36 breaches. Staff was responsible for 21 of 25 accidental breaches, and students for 27 of 52 intentional breaches, most often to change grades, with the remaining 22 of “unknown intent,” GAO said: “Reports of breaches by cybercriminals were rare but included attempts to steal PII.”
Acting Department of Homeland Security Secretary Chad Wolf said Wednesday DHS is “working with our interagency and industry colleagues to protect our information and communications infrastructure from intellectual property theft and nefarious data collection by China.” In a “state of the homeland” address, Wolf said he ordered the launch of a China Working Group and singled out the work of the Cybersecurity and Infrastructure Security Agency, which “is at the forefront guarding against nation-state actors’ cyber-enabled espionage and malicious influence activity aimed at all levels of government and industry.”
Silicon Labs hardware and software got IoT security certifications from PSA Certified and the ioXt Alliance, said the company Wednesday. Its Secure Vault, a set of security features designed to guard against IoT security threats in connected devices, will be available in the company’s multiprotocol wireless SoCs, due Sept. 9, it said. The EFR32MG21B SoC is the first radio to get PSA Certified Level 2 accreditation for providing protection against scalable software attacks, said Andy Rose, chief system architect. Silicon Labs' xG22 Thunderbird and EFR32MG21B development kits got SmartCert security certification status from the ioXt Alliance. IoT security threats are “continuously evolving, and the demands on IoT product developers to keep up can be difficult -- particularly in low cost, resource-constrained IoT products,” said Matt Johnson, senior vice president-IoT. Customer data and cloud-based business models are “increasingly targeted for costly hacks, and IoT security requirements are quickly becoming law.”
Ongoing participation and development of international standards topped the security and privacy agenda for the National Institute of Standards and Technology in 2019, the agency reported Tuesday. The 2019 NIST/Information Technology Laboratory Cybersecurity Program Annual Report outlines NIST’s research agenda. Enhancement of privacy and security risk management models, “advancement of cryptographic technologies” and “preparation for post-quantum cryptographic methods” were included on the agenda. NIST also highlighted the goal to improve “infrastructure protection in areas such as zero trust architectures and advanced networking security.”
Security vulnerabilities abound in five models of video doorbells tested, reported Consumer Reports Thursday: Eufy, GoControl, LaView and Netvue devices had susceptibilities that could expose user data, email addresses and passwords, it said. Eufy told the organization it released an app update to fix the problems on its T8200. CR said GoControl didn't respond to its request for a fix on the GC-DBC-1, and parent Nortek didn’t respond to our questions Friday. CR said LaView disagreed with the severity of issues found with the LaView One Halo LV-PDB1630-U. LaView didn’t respond to our questions. Netvue described the issues as “low-risk hidden dangers," saying it will try to provide a better user experience. It encouraged owners to use the latest version of the mobile app. Tests showed most video doorbells lack two-factor authentication. The only video doorbell brands offering two-factor authentication are Arlo, August, Google Nest, Ring and SimpliSafe, CR said. Blue by ADT told the group its doorbell will get the feature by year-end. CR said many manufacturers fail to minimize the amount of data they collect and don’t offer consumers an easy way to request a copy of their data or to delete it.
The U.S. can’t allow tech industry encryption to blind law enforcement and block investigation of serious crimes, Attorney General William Barr said Thursday, supporting a lawful access bill. Rep. Ann Wagner, R-Mo., introduced the Lawful Access to Encrypted Data Act, companion to a bill introduced by Senate Judiciary Committee Chairman Lindsey Graham, R-S.C. (see 2006240064). Children are at particular risk, and the tech industry hasn’t done enough, so legislation is necessary, Barr said: “I am confident that the tech industry can design strong encryption that allows for lawful access by law enforcement. Encryption should keep us safe, not provide a safe haven for predators and terrorists.” The legislation “properly balances privacy, public safety, and our Fourth Amendment rights by requiring due process before any encrypted data or devices are accessed,” Wagner said. The National Center on Sexual Exploitation said the bill gives “law enforcement the ability to take reasonable, and constitutional, steps to investigate criminality on encrypted platforms.”
The Commerce and Homeland Security departments have collaborated on more than 50 activities “led by industry and government” for countering botnet threats, NTIA reported Thursday. It said those efforts include the National Institute of Standards and Technology’s IoT device manufacturer guidance and NTIA’s draft guidance for software bill of materials (see 1902200061). The Council to Secure the Digital Economy’s anti-botnet guide was also highlighted (see 1908130047). “Stopping botnet threats is an ecosystem-wide challenge that will take significant cooperation over time to accomplish,” NTIA said.
The wireless industry is making “significant progress” in addressing security risks of the diameter protocol, FCC Chairman Ajit Pai said Monday. The protocol was a Communications Security, Reliability and Interoperability Council focus, and carriers earlier say they are working with the agency and following best practices (see 2003120030). “We found widespread adoption across the industry, with implementation of these measures either completed or underway by most providers,” said Public Safety Bureau Chief Lisa Fowlkes.
China’s Foreign Affairs Ministry blasted Tuesday’s indictment of two Chinese nationals on charges of running a decade-long hacking campaign targeting intellectual property and confidential business information, including on COVID-19 research. The Chinese government is a “staunch defender of cybersecurity,” said a ministry spokesperson Wednesday. “We urge the U.S. to immediately stop slandering China under the pretext of cybersecurity.” Citing unspecified reports U.S. hackers are expanding their scope of cybertheft under Trump administration authorization, the spokesperson said: “The U.S. accusing other countries of cyberattacks is like a thief crying, ‘Stop the thief.’”