Welcome to Codebook, the cybersecurity newsletter that will make "Alito: Battle Justice" jokes until they stick.
Poster for the film 'Help,' 1965. Photo: Buyenlarge/Getty Images
There is a critical shortage of cybersecurity experts working in public interest roles, including advising at-risk charitable groups, lawmakers and advocacy organizations. That's according to security expert Bruce Schneier, who will host the first symposium on the subject at March's RSA conference ("Bridging the Gap: Cybersecurity + Public Interest Tech").
Why it matters: We've written before about difficulties legislators have finding experienced advisers for tech issues and the detrimental effect that can have on policy debates. (Cliff notes: Recent Facebook and Google hearings did not go well.)
The big picture: There's plenty of need for hackers to serve in public interest roles — but groups are unaware they need the help, and there is little infrastructure to guide civic minded security pros to those groups.
Schneier sees the gap as two solvable problems: "There's a supply problem and a demand problem," he noted.
The demand problem can be especially complicated for protection positions.
Security tech doesn't work without a qualified person to run it, said Scott-Railton. This isn't a problem that can be solved without funneling new bodies into the sector.
RSA is a high profile conference attracting much of the field's talent. It's also a particularly business-focused event, making this a unique place to launch this initiative. Schneier said he doesn't know what size crowd to expect. But sometimes, he said, just getting the conversation started is enough.
A landmark year of Department of Justice actions against China did not immediately diminish Chinese hacking, according to CrowdStrike vice president of intelligence Adam Meyers, who spoke to Codebook in advance of the firm's new global threats report.
Why it matters: In the past year, the Department of Justice charged several Chinese agents with stealing intellectual property both in person and through digital means.
What they're saying: "It hasn't had an impact with China other than to cause their operators to be more careful," said Meyers.
Contrast that with Iran. After an Iranian espionage group was charged in 2018, "those guys disappeared," he said.
The CrowdStrike report compares how quickly different nations' hackers can "break out" of one account to infect the broader network. Russian hackers can complete the task in under 20 minutes. Across the rest of the world:
The English Session Orchestra performs the reveal of Huawei, Unfinished Symphony, Feb. 4, London. Photo: David M. Benett/Dave Benett/Getty Images for Huawei UK
Huawei got some rare good news over the weekend, with reports that U.K. intelligence determined that risks associated with the company's products could be mitigated without outright banning them.
The big picture: The Chinese telecom manufacturer is still embroiled in espionage, sanctions violations and intellectual property scandals.
Meanwhile: Huawei founder Ren Zhengfei told BBC, "There's no way the U.S. can crush us."
Ren, traditionally reclusive, has been doing a media blitz to counter the controversies. He said in an interview with CBS aired Tuesday that the firm wouldn't share information with the Chinese government. Critics have noted Huawei could be required by law to do just that.
Also: Chinese state media is suggesting that Chinese tourists will boycott New Zealand if a ban on Huawei products stays in place. China supplies the largest group of vacationers to New Zealand.
China is denying speculation it hacked Australian Parliament and political party systems.
Australia announced Monday that the parties and government systems had been hacked, with the attacks being caught early.
While the government has not officially attributed the attack to China, there have been reports that China is seen as a suspect.
Chinese Foreign Ministry spokesperson Geng Shuang told the Guardian the accusations were "baseless speculations," adding that “Irresponsible reports, accusations, pressurising and sanctions will only heighten tensions and confrontation in cyberspace and poison the atmosphere for cooperation.”
The Global Cyber Alliance, an advocacy group created by the governments of the cities of London and New York, released a free, broad toolkit for small businesses looking to protect themselves against digital threats.
Why it matters: It's hard for small businesses to navigate basic cybersecurity hygiene without a guide, or to get advice about cybersecurity tools that comes from a neutral party.
The tools, by and large, are already free. But they weren't collected in one, vetted place before now. Unless a small business already understood both the basics of cybersecurity (the need to patch systems, and how) and some of the finer points (DNS security, for example), they wouldn't know to search for any of them.
Insurance provider Coalition is launching a new insurance product aimed at the European Union's General Data Protection Regulation and other regulations — including fines not related to breaches. It appears to be the first such product sold for a mass market.
Why it matters: Cyber insurance can be a baffling thing. Not all policies protect against regulatory fines, and typically that coverage only covers fines related to a breach.
But GDPR and other regulations can fine companies for improper terms of service hoisted upon consumers. That has led to some uncertainty for small and medium-sized businesses, especially given the lack of accepted standards for what is covered by cyber insurance.
Codebook will be back on Thursday.