RCEP, cyber security cooperation and data sovereignty
The Regional Comprehensive Economic Partnership (RCEP) is the world’s largest-ever trade deal, covering 30% of global GDP, and it was signed by the ten members of the Association of South-East Asian Nations (ASEAN), plus Australia, China, Japan, New Zealand and South Korea this week.
Electronic commerce is an area of focus for the trade agreement with objectives to promote e-commerce and ‘create an environment of trust.’
Cyber security has a small nod within the legal text of the agreement: promoting the use of existing mechanisms to cooperate on cyber security. Information sharing on cyber incident response is also included. That will be important in a region where recent research has shown the majority of businesses that have experienced ransomware attacks choose to pay ransomware demands (see interesting stats below.)
The agreement goes on to say “No Party shall require a covered person to use or locate computing facilities in that Party’s territory as a condition for conducting business in that Party’s territory.”
That’s quite a big deal from a data sovereignty perspective and allows for computing facilities to be located anywhere within the bloc (though some exemptions exist for financial services and national security).
China in particular has long required businesses to set up shop within the ‘Great Firewall’ to access their domestic market.
That doesn’t mean spies are going to stop spying though, with reports surfacing this week of a state-sponsored campaign with ties to China, dubbed FunnyDream, having infected over 200 systems belonging to other Southeast Asian governments in the last two years.
That was probably in large to understand negotiating positions on this very treaty.
88% of Australian, 78% of Singaporean, 69% of South Korean, 62% of Chinese, and 57% of Japanese businesses that experienced a ransomware attack chose to pay the demands in full or part, according to a survey of 2,690 IT execs across the region conducted by Wakefield Research in September. zdnet.com
Other newsy bits
UK National Cyber Force announced
The United Kingdom’s National Cyber Force was officially launched in a speech by prime minister Boris Johnson this week, bringing offensive cyber operations conducted by staff from GCHQ and the Ministry of Defence under one joint command. The Defence Science and Technology Laboratory (DSTL) will support technical capabilities and the Secret Intelligence Service (MI6) will also contribute to undercover operations, providing “expertise in recruiting and running agents alongside its unique ability to deliver clandestine operational technology.”
theguardian.com, ft.com, theregister.com
Microsoft-designed trusted platform module to be built into CPUs
Microsoft’s ‘Pluton’ security chip, originally designed as part of the Xbox One, is to make its way into processors from Intel, AMD and Qualcomm. By providing a ‘hardware root of trust’ within the main processor they hope to help prevent Meltdown, Spectre style speculative execution vulnerabilities. The new chips will also tighten integration between hardware and Windows operating system. techcrunch.com
US Special Operations Command is buying location data
When buying what you need on the open market is more cost-effective than covert action: US Military buying access to location tracking data from data brokers Babel Street, X-Mode to augment special operations. A good read and interesting investigation from Jospeh Cox at VICA Motherboard. vice.com
Attacks, incidents & breaches
- Hadouken! Capcom confirms data breach following ransomware attack, including names, address, phone and date of birth info on 350,000 customers, security logs lost as part of the attack techcrunch.com
- Popular Android message app Go SMS Pro is exposing millions of users’ private photos and videos by using sequential IDs for sharing data with those not on the platform techcrunch.com
- Manchester United working to “minimise the ongoing IT disruption” of cyber-attack theregister.com
- Hackney Council struggling to restore services in wake of ‘advanced, criminal attack,’ and some services will be “unavailable or operate differently for months” hackney.gov.uk
- Lazarus malware targeting South Korean supply chains zdnet.com
- Cicada (aka APT10 / Stone Panda / Cloud Hopper) campaign uncovered by Symantec targeting companies with ties to Japan arstechnica.com
- Threat Modelling Manifesto set out patterns (and anti-patterns) of threat modelling threatmodelingmanifesto.org
Internet of Things
- NIST to produce federal security guidelines for Internet of Things as HR 1688 passes Senate vote zdnet.com
- The Global Commission on the Stability of Cyberspace (GCSC) - a group backed by Netherlands, Singapore, France - has published a report setting out proposed ‘norms’ to maintain the stability of cyberspace theregister.com
- Donald Trump has fired Chris Krebs, head of the US Cybersecurity and Infrastructure Security Agency (CISA) for disputing his claims of election hacking arstechnica.com
- White House publishes guidance on regulating artificial intelligence applications produced in the US zdnet.com
- FIN7 recruiter pleads guilty for role in notorious criminal group cyberscoop.com
Mergers, acquisitions and investments
- FireEye acquires Respond Software fro $186M, will fold the companies Analyst product into Mandiant Solutions platform techcrunch.com
Privacy-gaff leaves users recoiling