At a glance.
- South Korea to take part in US cyber drill exercise.
- US states establish cybersecurity task forces.
- White House focuses on cybersecurity.
- US senators seek answers on TikTok security review.
South Korea to take part in US cyber drill exercise.
Yonhap News reports that the South Korean military will be participating in US Cyber Command’s Cyber Flag drill exercise scheduled for October. The decision comes on the heels of May talks between South Korean President Yook Suk-yeol and US President Joe Biden, where the two leaders agreed to strengthen cooperation in regards to cybersecurity. Colonel Moon Hong-sik, the ministry’s deputy spokesperson, stated, “Our military has been carrying out and promoting various measures to cope with evolving cyber threats. We plan to participate proactively in multinational cyber exercises.” Moon added that South Korea is also hoping to join a NATO-hosted cyber exercise to be held in September.
US states establish cybersecurity task forces.
GovTech offers an overview of state-level cybersecurity task forces in the US. In recent years, over thirty states have created a task force, commission, or working group focused on cybersecurity threats, and at least eight of those groups were the result of legislation. Last August Idaho Governor Brad Little established the state’s nineteen-member cybersecurity task force with representatives of institutions including the Idaho National Laboratory, the Idaho Department of Commerce, and the Idaho Office of Emergency Management, as well as state lawmakers. Tom Kealey, director of the state’s commerce department, explained, “As we started looking at going from sort of agrarian or advanced manufacturing to more of a digital economy, the cyber risk increases, so we thought about creating the task force and announced it last summer.” In Virginia, the Commonwealth Cyber Initiative’s goal is to create a state-wide ecosystem of innovation in the areas of cybersecurity, autonomous systems, and data. As well, Virginia has formed a Cyber Incident Reporting Work Group “designed to bring together state-level leadership, localities, state agencies, school systems, higher education institutions and more to build a comprehensive cyber ecosystem to learn more about collective strengths and opportunities and be ready to respond to cyber threats, if necessary,” according to an agency spokesperson.
White House focuses on cybersecurity.
Cybersecurity is at the front of US lawmakers’ minds at a federal level as well, and C4ISRNET provides an overview of the Biden administration’s efforts. Though the war in Ukraine has yet to produce the large-scale, state-sponsored cyberattacks experts have anticipated, the crisis has led to an increase in citizen cyber hacktivist incidents, as well as cybercriminal groups using the war as a JUMPING PAD for money-laundering schemes, possibly as a proxy for nation-state threat actors. The federal government has used the omnibus bill and the Infrastructure Investment and Job Act as an opportunity to strengthen the cybersecurity of critical infrastructure.
The Cybersecurity and Infrastructure Security Agency (CISA) will also be releasing guidance to help states and cities take advantage of a new $1 billion cyber grant program focused on strengthening cyber maturity at the state and local level. Coordination and communication across borders and sectors will be crucial. In his 2021 cyber executive order, President Biden incorporated guidelines directing services providers on sharing intel with the government, and the Cyber Incident Reporting for Critical Infrastructure Act requires that critical infrastructure providers notify CISA of significant cyber incidents in a timely fashion.
US senators seek answers on TikTok security review.
On Friday a GROUP of Republican senators asked US Treasury Secretary Janet Yellen for an update on the ongoing national security review of TikTok. Two years ago, motivated by concerns that US user data could end up in the hands of the Chinese government, the Committee on Foreign Investment in the United States (CFIUS) ordered the social media platform’s Chinese parent company ByteDance to divest TikTok. Reuters notes that last week TikTok said it had completed migrating US user data information tp servers at Oracle Corp, but the senators in question say the US government “has seemingly done nothing to enforce” the August 2020 divestiture order,” and that TikTok’s plans to store US user data without ByteDance access “would do little to address the core security concerns.” They asked to see the results of the security reviews carried out thus far, and requested assurance that TikTok will adequately protect US data. They’re asking for concrete answers to questions such as whether TikTok will be locally managed in the United States, and whether the US government will be given regular access to the algorithm’s source code. A spokesman for Yellen declined to comment, but sources say CFIUS has been in extensive discussions with TikTok.