British investigative journalist Carole Cadwalladr gave a passionate speech at the TED conference in Vancouver this week. You should watch it.
In a special webinar event, TrustArc Senior Privacy Consultant Ralph O’Brien presented “Current State of Brexit and Data Protection Impact.” This blog post will give a brief summary of that webinar; you can listen to the entire webinar and download the slides here. The impact of a potential “Brexit” will play an important role on the data protection strategy of many companies and a lot will depend on what is decided in the next few days and weeks. This is why understanding the current state of Brexit is so critical right now. You will learn in this on-demand webinar: What … Continue reading Webinar Recap: Current State of Brexit and Data Protection Impact
The post Webinar Recap: Current State of Brexit and Data Protection Impact appeared first on TrustArc Blog.
TrustArc is proud to present a special webinar event: “Current State of Brexit and Data Protection Impact.” This webinar will take place this Thursday, March 28th at 12pm GMT | 8am ET | 5am PT. Don’t miss this opportunity to learn more about how Brexit will affect data protection – register today! Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar! Click here for answers to the most commonly asked webinar related questions. The impact of a potential “Brexit” will play an important role on the data protection … Continue reading Special Webinar Event: Current State of Brexit and Data Protection Impact
The post Special Webinar Event: Current State of Brexit and Data Protection Impact appeared first on TrustArc Blog.
Three nations in the intelligence alliance ‘Five Eyes’, the United States, Australia, and New Zealand, have effectively prohibited the installation of Huawei equipment within their generation telecommunications equipment, namely 5G networks. The remaining two members of "Five Eyes", the United Kingdom and Canada, are expected to state their position within the coming months. The UK's National Cyber Security Centre has published warnings about the Chinese company's security standards. Elsewhere, nations including France, Germany and India have expressed their concerns about the use of Huawei equipment within their telecommunications 5G upgrades.
On 4th February, a leaked draft 'Huawei Cyber Security Evaluation Centre' 2019 report, said the issues and findings it had raised previously had not been fully addressed by Huawei, and was critical about the security of Huawei's technology.
Then on 6th February 2019, a letter sent to MPs by Huawei was published. In it Huawei said it could take up to five years to address security issues raised by the Huawei Cyber Security Evaluation Centre, at a cost of $2bn (£1.5bn) of their own money. The president of Huawei's carrier business group also said the process of adapting its software and engineering processes to meet the UK's requirements was "like replacing components on a high-speed train in motion".
Huawei also made the following points in the letter to rebut the threat allegations, "Huawei is a closely watched company. Were Huawei ever to engage in malicious behaviour, it would not go unnoticed - and it would certainly destroy our business. For us, it is a matter of security or nothing; there is no third option. We choose to ensure security." The letter also addressed the Chinese 2017 National Intelligence Law, stating "no Chinese law obliges any company to install backdoors", a position they have backed up by an international law firm based in London. The letter went on to say that Huawei would refuse requests by the Chinese government to plant backdoors, eavesdropping or spyware on its telecommunications equipment.
The ball is now in the UK government's court, in the next couple of months we shall see if the UK Gov bans Huawei or continues to work with them to help assure the implied national security threat of their products. A ban could well result in Huawei pulling out of the UK market altogether, taking their billions of pounds of investment with them, and would likely negatively impact post Brexit trade deal negotiations between the UK and China, so we can expect the situation to become even more political in the short term.
Huawei Threat News Timeline
- Oct-12 United States congressional panel warns that Huawei and rival ZTE pose a security threat, following an investigation
- Jul-13 Huawei denies claims made by a former US Central Intelligence Agency (CIA) chief that it spied for the Chinese government
- Oct-14 Huawei banned for bidding on US government & US Military contracts
- 26-Jul-18 Mark Evans, chief executive of Telefonica UK, the company behind the O2 brand, said the operator was less reliant on Huawei than rivals BT and Vodafone.
- 23-Aug-18 Huawei and ZTE given 5G network ban in Australia
- 15-Oct-18 Ex-security minister Admiral Lord West calls for urgent UK government action after Chinese firms are banned in Australia and the US
- 6-Nov-18 Department for Digital, Culture, Media and Sport, and Ciaran Martin, the head of the National Cyber Security Centre, wrote to several telecoms groups to check security 5G suppliers, in a move that industry figures said was targeted at Huawei
- 23-Nov-18 US presses allies to ditch Huawei citing cybersecurity risks from China FBI Director Christopher Wry said the US government was “deeply concerned about the risks”
- 28-Nov-18 New Zealand government security agency bars Chinese firm on national security fears
- 3-Dec-18 M16 Chief Questions China's role UK tech sector
- 5-Dec-18 BT bars Huawei's 5G kit from core of network
- 6-Dec-18 Huawei finance chief Meng Wanzhou arrested in Canada, at the request of the US
- 7-Dec-18 At a court hearing, it is revealed that Ms Wanzhou is wanted in the US on fraud charges relating to the alleged breaking of US sanctions on Iran
- 7-Dec-18 EU's technology commissioner Andrus Ansip said countries "have to be worried“ about Chinese manufacturers
- 24-Dec-18 Huawei's kit removed from UK emergency services 4G network
- 27-Dec-18 UK Defence Secretary Gavin Williamson's said he has "very deep concerns“ about Huawei being involved in upgrading the UK's mobile network.
- 10-Dec-18 Huawei pledges to invest US$2bn into its security systems in the UK
- 28-Dec-18 China accuses the UK of 'pride and prejudice’ over security fears about Huawei
- 12-Jan-19 Huawei sacks an employee arrested in Poland on suspicion of spying.
- 14-Jan-19 Poland considers ban on Huawei products after spying arrest
- 15-Jan-19 Huawei founder Ren Zhengfei denies firm poses spying risk in rare interview
- 16-Jan-19 The US is reportedly investigating Huawei for "stealing trade secrets"
- 17-Jan-19 University of Oxford suspends new donations and sponsorships by Huawei
- 22-Jan-19 Huawei warns it may pull out of some countries
- 24-Jan-19 Prince's Trust suspends ties with Huawei
- 31-Jan-19 UK decision on Huawei ban expected in March
- 4-Feb-19 Leading security academic told The Times about the "risk of a Chinese takeover by stealth", appeared to have been “wholly ignored”
- 4-Feb-19 Huawei spying alert 6 years ago ‘wholly ignored’
- 6-Feb-19 Huawei offers to build cyber security centre in Poland
- 6-Feb-19 Huawei warns MPs it could take to five years to resolve hardware issues
- 12-Feb-19 Huawei blames ‘jealousy' for cybersecurity criticism
- 15-Feb-19 Mobile networks call for 5G security inspector
- 18-Feb-19 The US cannot crush us, says Huawei founder
- 18-Feb-19 Britain 'believes Huawei 5G security risks can be mitigated'
- 19-Feb-19 5G security risks remain even if Huawei gets the all clear
- 20-Feb-19 "Britain is vulnerable to 'ruthless' Chinese interference campaign and must block Huawei, report claims', says UK defense think-tank
- 20-Feb-19 Could Huawei threaten the Five Eyes alliance?
- 21-Feb-19 NCSC: UK has 'toughest and most rigorous oversight regime in the world for Huawei'
- 21-Feb-19 Huawei speeds up efforts to address security concerns as Trump leaves door open to US market
- 22-Feb-19 5G networks: Trump says US shouldn't block technology
- Chinese multinational conglomerate which specialises in telecommunications equipment, consumer electronics and technology-based services and products.
- HQ in Shenzhen, Guangdong
- Founded in 1987 by Ren Zhengfei, a former engineer in the People's Liberation Army
- Largest telecommunications-equipment manufacturer in the world
- Overtook from Apple in 2018 as the second-largest manufacturer of smartphones in the world
- 72nd on the Fortune Global 500 list
- 180,000 employees
- Chinese military remain an important customer for Huawei
- Invests Billions into R&D around world
- 3 Billions Customers Globally
- Operating within the UK for 18 years
- Made a five year commitment (2018 to 2023) to invest £3 billion in the UK.
- Allegations its equipment may contain backdoors to allow unauthorised surveillance and/or data theft by the Chinese government and the People’s Liberation Army
5G is expected emerge in the UK in late 2019 and early 2020, and will be much faster than 4G. The theoretical maximum speed for 4G is 1Gbps, while the theoretical maximum speed for 5G is 20Gbps, so 5G is potentially up to 20 times faster than 4G. Potentially faster than the UK average broadband speed, which stands at 18.57Gbps.
5G and the Evolution of Mobile Networks
Fifth generation networks, just like the preceding 4G LTE and WiMAX networks, are expected to greatly increase available bandwidth, with improved end-to-end performance providing a better end-user experience. In the most basic of terms, 4G LTE was the long-term evolution of Radio Access Networks (RAN); 5G is the next iteration.
Network Virtualisation Remains in The Early Stages
Virtualisation and Software Defined Networks (SDN) improvements are driving a shift from hardware to software. SDN is promising, but it’s not an instant solution, as purpose-built hardware still remains the preferred choice. NFV and SDN have offered service providers an alternative to existing methods, including dedicated appliances sitting idle. However, it’s safe to say that the age of virtualisation remains in the early stages.
Hardware manufacturers and service providers are now betting on the acceptance and success of virtualised functions. Software development continues at breakneck speed to meet timelines and demands for more integrated solutions, which easily scale and reduce operational overheads at the same time.
The 5G Revenue Opportunity
This reach extends from the cloud to the data centre environments and continues to drive capacity needs, supported by both legacy appliances and the ever-increasing virtual environments. This continued appetite for consumption has opened up opportunities for all facets of technology and associated vendors.
5G Mobile Network Evolution
Get ready for a world that will be changed forever with the next generation mobile networks on the horizon.
5.3 millions users of "make your own avatar" app Boomoji had their accounts compromised, after the company reportedly didn't secure their internet connected databases properly. "Question and Answer" website Quora also announced the compromise of 100 million of its user accounts following a hack.
A large data breach reported in Brazil is of interest, a massive 120 million Brazilian citizens personal records were compromised due to a poorly secured Amazon S3 bucket. This is not the first mass data breach caused by an insecure S3 bucket we've seen in 2018, the lesson to be learnt in the UK, is to never assume or take cloud security for granted, its essential practice to test and audit cloud services regularly.
Amongst the amazing and intriguing space exploration successes reported by NASA in December, the space agency announced its employee's personal data may had been compromised. Lets hope poor security doesn't jeopardise the great and highly expensive work NASA are undertaking.
It wouldn't be normal for Facebook not to be in the headlines for poor privacy, this time Facebook announced a Photo API bug which exposed 6.8 million user images
Away from the political circus that is Brexit, the European Parliament put into a law a new Cybersecurity Act. Because of the Brexit making all the headlines, this new law may have gone under the radar, but it certainly worth keeping an eye on, even after UK leaves the EU. The EU Parliament has agreed to increase the budget for the ENISA (Network & InfoSec) agency, which will be rebranded as the "EU Agency for Cybersecurity". The Cybersecurity Act will establish an EU wide framework for cyber-security certifications for online services and customer devices to be used within the European Economic Area, and will include IoT devices and critical infrastructure technology. Knowing the EU's love of regulations, I suspect these new best practice framework and associated accreditations to be turned into regulations further down the line, which would impact any tech business operating in European Union.
The UK Parliament enacted the "The Health and Social Care (National Data Guardian) Act", which also went under the radar due to all the Brexit political noise. The act requires the appointment of a data guardian within England and Wales. The data guardian will publish guidance on the processing of health and adult social care data for use by public bodies providing health or social care services, and produce an annual report.
Chinese telecoms giant Huawei had plenty of negative media coverage throughout December, with UK government pressuring BT into not using Huawei kit within BT's new 5G network, due to a perceived threat to UK's future critical national infrastructure posed by the Chinese stated-backed tech giant. The UK Defence Secretary Gavin Williamson said he had "very deep concerns" about Huawei being involved in new UK mobile network.
- BT bars Huawei's 5G kit from core of network
- Huawei's kit removed from emergency services 4G network
- What's going on with Huawei?
- Should we worry about Huawei?
- Why has the UK not blocked Huawei?
- Huawei to invest $2bn in UK security
- FBI swoops on ‘National Threat' ‘Hacks for hire’ websites
- Quora Hacked: 100 Million Users have their Personal Data Exposed
- Huawei: 'Deep concerns' over firm's role in UK 5G upgrade
- Security Firm Hijacks High-Profile Twitter Accounts
- Boomoji App Developer Leaves Customer Data exposed on Open Database
- Exposed S3 Bucket Compromises 120 million Brazilian Citizens
- Save the Children lost £795 thousand to BEC Scam
- PewDiePie Printer Hackers strike Again
- Citrix Forces Users to Change Passwords after Credential Stuffing Attacks
- NASA Servers with Employee PII Potentially Compromised
- Parliament Creates New National Data Guardian to Safeguard Health and Social Care Data
- FCA warns Banks against Over-Reliance on Third-Party Security Providers
- Facebook Photo API bug exposed 6.8 Million Users images
- EU New Cyber-Security Agency and Certification Framework
- Microsoft Patches 40 Vulnerabilities, including 9 Critical for Text-To-Speech, IE, Office Chakra, DNS, and .NET
- Adobe Releases Fixes for an Important Vulnerability for Acrobat and Acrobat Reader
- Microsoft issues out-of-band patch for Exploited Memory Corruption bug in Internet Explorer
- Mozilla Patches Vulnerabilities in Firefox and Firefox ESR
- NCSC Warns of Vulnerabilities in Office 365 being Exploited by Cyber-Criminals
- Apple releases security updates for macOS iOS, iTunes, iCloud, Safari and tvOS
- Logitech Keyboard App Patched to prevent Hackers Injecting Keystrokes
- Major Vulnerabilities found in IoT protocols MQTT and CoAP
- Virgin Media fixes multiple Security Flaws in Super Hub 3
- Second Google+ Bug Hastens Shutdown