While recently speaking at a conference hosted by Vanderbilt University, Jen Easterly, the Director of the Cybersecurity Infrastructure Security Agency (CISA) urged the development of regulations around the use of artificial intelligence (AI). According to reporting by Reuters, Easterly recalled the lessons learned from the lack of security in the design of the Internet and
China
Chip Manufacturer ARM Won’t Sell its Latest Designs in China Due to Export Controls
Chip manufacturer ARM reportedly won’t sell its latest Neoverse V series computer chips to Chinese tech giant Alibaba due to concerns over U.S. and UK export controls on certain classes of powerful chipsets. Among the most advanced chips on the market, sale of the Neoverse V chips would likely violate trade restrictions intended to keep…
Chinese State Hackers Exploit Zero-Day Vulnerabilities in Citrix Networking Equipment
According to the National Security Agency, actors backed by the Chinese government are actively targeting a zero-day vulnerability in two commonly-used Citrix networking devices.
The exploit (CVE-2022-27518) affects Citrix ADC, an application delivery controller, and Citrix Gateway, a remote access tool. Both devices are standard in mid-to-large enterprise networks. Analysts at the National…
South Dakota Governor Bans State Workers from Using TikTok
It is estimated that some 80 million Americans and more than one billion people use TikTok. It is well known that TikTok has a direct connection to the Chinese Communist Party, which is a foreign adversary of the U.S. This week, South Dakota Governor Kristi Noem signed an executive order banning all state workers or…
Privacy Tip #350 – Let’s All Ban the Use of TikTok Voluntarily
I continue to marvel at how many Americans are using TikTok but are oblivious to the fact that they are being duped by one of our foreign adversaries—the Chinese Communist Party. Folks, listen to and heed the warnings of both state and federal governments on the dangers that the use of TikTok poses to national…
NIST Releases Guidance on Supply Chain Security
The National Institute of Standards and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain Security Guidance,” in response to directives set forth in President Biden’s Executive Order 14028—Improving the Nation’s Cybersecurity.
The guidance refers to existing industry standards, tools, and recommended practices that were previously published by NIST in SP800-161 “Cybersecurity…
Privacy and Cybersecurity Are Driving Compliance Initiatives According to Corporate Counsel
In a recent report by the Association of Corporate Counsel, a survey of chief legal counsels provided confirmation of what we’ve been saying for a while: expectations of increased regulatory enforcement, and privacy and cybersecurity are driving organizations to dedicate more efforts to compliance. In fact, 64 percent of those surveyed responded that they expected…
Privacy Tip #281 – Preparing for Cyber Warfare: A Survival List
The United States government, states, municipalities, and private companies all have been trying to defend themselves from cyber warfare from foreign adversarial governments, including Russia, China, and North Korea, for years—actually, for decades. Even when I started practicing full time in this area of law in the early 2000s, we were talking about not traveling…
The Endless Frontier Act: Shifting the Focus from Defense to Offense
For the past few years, the main mechanism used by the U.S. against China in the U.S.-Chinese tech war has been Executive Orders limiting (or even banning) certain software and drones manufactured and/or owned by Chinese companies from use by government agencies. Now, instead of only playing defense against Chinese technology, Senators Chuck Schumer (D-NY) …
Microsoft Urges Customers to Patch Exchange Server “Zero Day” Vulnerabilities
In a rare sharing of information about vulnerabilities in a blog post, Microsoft this week urged customers to download software patches to Microsoft Exchange Server after it detected “multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks.”
According to Microsoft’s Threat Intelligence Center, “[W]e are sharing…