Welcome to Codebook, the 100% organic cybersecurity newsletter.
Do you like taking surveys? Click here to take Axios' annual reader survey. It's the only way we know what we're doing resonates with you. It's a really good survey, promise.
Today's newsletter is 1,365 words, about a 5-minute read.
Illustration: Aïda Amer/Axios
China is applying tougher cybersecurity standards more widely as of Dec. 1, requiring companies to open their networks and deploy government-approved equipment. The changes worry international organizations and underscore the difference between U.S. and Chinese approaches to cybersecurity.
The big picture: China already has a law, applying to the most secure networks, that allows the government to audit private business networks and mandates the use of government-approved security equipment. That law will now apply to all networks.
Background: China's cybersecurity law has been on a slow rollout since 2017. Clarifications of standards serving as de facto regulations were introduced in May this year.
This puts a burden on U.S. companies that American companies are not used to. "Chinese companies won't bat an eye at it," Sacks said.
But, but, but: Those worst-case scenarios might not be the problem immediately at hand, said James Lewis, who currently heads cybersecurity at the Center for Strategic International Studies and formerly served in several federal positions evaluating and negotiating with China.
The most immediate problem may be that the cost of compliance can become prohibitive for some firms to operate in the country. "If you are a smaller company, you may think twice about moving into China," said Segal.
Chinese firms have a poor record on cybersecurity, said Lewis. The tougher law, at least ostensibly, addresses a very real issue.
The U.S. faces similar issues, but it addresses them differently. The U.S. operates using fewer top-down security requirements, choosing instead to emphasize trade groups setting industry standards.
One thing the U.S. and China have in common: "In China, network operators have to submit to 'black box' security reviews. We have no idea what it takes to pass," said Sacks. "I'm beginning to see that from the Trump administration."
After Rockets GM Daryl Morey tweeted support for Hong Kong protesters, he received just under 170,000 angry tweets in response. But an analysis by experts in the Wall Street Journal suggests a massive chunk of the outrage came from a coordinated effort by sham accounts.
Why it matters: It's not immediately clear that the response effort was run by the Chinese government — though, at the numbers involved, that seems likely. But if it was a government-led effort, it marks a substantial change in China's modus operandi in dealing with global news events.
China typically focuses its disinformation efforts inward, toward the citizens of mainland China and its disputed territories.
By the numbers:
A wooden sculpture made of linden representing Russian President Vladimir Putin riding a bear at a souvenir shop in Saint Petersburg. Photo: Mladen Antonov/AFP via Getty Images
Cozy Bear, the less-discussed of the two Russian hacker groups that breached the Democratic National Committee in 2016, had been thought to be scaling back operations since that election, but a new report finds the group instead became more covert.
The big picture: The report, from cybersecurity firm ESET, shows that Cozy Bear switched to a different toolkit after 2016, continuing to target the ministries of foreign affairs in at least three European countries and the Washington, D.C., embassy of a European country.
Background: Cozy Bear, also called APT29 and The Dukes, has been associated with the Russian Federal Security Service and the Foreign Intelligence Service. Fancy Bear, its more famous cousin, is connected to the Main Directorate of the General Staff of the Armed Forces.
Cozy Bear didn't disappear completely after 2016, but its attacks appeared to dramatically decline. There were flurries of breaches linked to the group in 2017 against U.S. think tanks, as well as several attacks around the 2018 elections against defense contractors, media and other verticals.
What's happening: ESET found evidence that the group maintained some of its anonymity since 2018 by using four previously undocumented strains of malware.
As with previous Cozy Bear malware, the new strains used publicly available internet services like Reddit, Twitter and OneDrive to communicate and take instruction from operatives running the campaign.
Twitter says some rules apply to world leaders (Twitter): "We want to make it clear today that the accounts of world leaders are not above our policies entirely," wrote Twitter in a blog post Tuesday.
An app explaining Xi Jinping's ideology is a security nightmare (Open Technology Fund): An official app described as Chinese President Xi Jinping's equivalent of Mao's Little Red Book allows the app substantial access to the phone's functions, including: