Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Guest Blog Post

 

GUEST ESSAY: Why it’s worrisome that China has integrated Huawei switches into telecoms worldwide

By Sarina Krantzler

In the previous discussion, China’s 14th Five-Year Plan was summarized to capture relevant aspects of dual circulation, the Digital Silk Road (DSR), and the Belt Road Initiative (BRI) that aim to advance China as an economic, technological, and foreign policy powerhouse.

Related: Part 1. China’s 5 year digital plans

Both of those initiatives are well-funded, thoughtful, and strategic in their attempts to spread influence and widespread dependency on Chinese products.

The first blog concluded with a strong message of encouragement for the U.S. to evolve its own creative cybersecurity strategy leveraging strategic goals with economics and public policy to create a sustainable, secure cyber system consistent with Western ethical standards, our free market philosophy, and our democratic traditions.

The FCC’s Rip and Replace Model was introduced, by title only, to provide a glimpse into how the U.S. should, and is beginning to, take action to counteract intrusive Chinese technology within our critical infrastructure. To understand our options in this fight, however, we first need to understand who we’re up against.

Huawei Technologies, or Huawei for short, is a Chinese telecommunications firm that has been fed tens of billions of dollars in financial assistance by the Chinese government on a scale of subsidization that dwarfs the next closest competitors’ monetary receipt. To fuel their rise to the top of the global telecommunications landscape, Huawei had access to as much as $75 billion in state support as it grew from a little-known vendor of phone switches to the world’s largest telecom equipment company (Wall Street Journal).

Subsidies aside, since 1998, Huawei has received an estimated $16 billion in loans, export credits, and other forms of financing from Chinese banks for the firms’ operations and customers.

As referenced in the previous blog, Brazil was originally firmly in opposition of adopting Huawei technology into their infrastructure until the country became desperate amidst the COVID-19 pandemic.

GUEST ESSAY: How China’s updated digital plans impacts U.S. security and diplomacy

By Sarina Krantzler

In May 2021, China unveiled their updated Five-Year Plan to the world. This plan marks the 14th edition of their socioeconomic, political, and long-range objectives, and has set the tone for a Chinese-dominated supply chain that will be accomplished using antitrust, intellectual property, and standards tools to promote industrial policies.

Their plan poses a grave threat to the US.

Related: Part 2. The danger posed by Huawei switches

Despite this threat, the United States currently does not possess a similar strategic plan to combat China’s advancements or create a sustainably secure cyber system.

China is developing a self-reliant domestic economy supported by a domestic cycle of production, distribution, and consumption. Strategic investments made on behalf of the Chinese government to the technology industry, in the form of annual 7% increases and billion-dollar loans, will move China closer to their goals of technological independence and global influence.

The external aspect of this strategy attempts to secure their supply chains against pressures from the United States.

This portion of the strategy is integrated with China’s largest foreign policy known as the “One Belt One Road Initiative” (BRI), which includes offering critical infrastructure investment to cash-strapped nations and has led to an increasingly complex and prevalent alliance between China and its homegrown internet companies in the construction of their “Digital Silk Road” (DSR).

Both the BRI and DSR initiatives have been strategically positioned to facilitate secure trade and gain initial global footholds to accomplish the “Made in China 2025” goal.

Enormous subsidization efforts by the Chinese government, as part of their BRI initiative, allow internet giants such as Huawei and ZTE to conduct sweeping internet infrastructure strategies to secure rights to provide to poor or developing nations. Those providers will be discussed in detail in the following blog.

By embedding Chinese infrastructure in networks around the world, the Chinese government could have the ability to access information traveling across these networks … more

GUEST ESSAY: The Top 5 myths about SIEM –‘security information and event management’

By Allie Mellen

One of the most commonly repeated phrases in the security industry is, “Security teams hate their SIEM!”

Related: The unfolding SIEM renaissance

Security Information and Event Management (SIEM) is not what it was 20 years ago. Don’t get me wrong, SIEMs do take work through deployment, maintenance, and tuning. They also require strategic planning. Yet, much to the chagrin of everyone who believed the vendor hype, they fail to provide the “single pane of glass” for all tasks in security operations promised so long ago.

With all that said, there are some aspects of the SIEM that have improved significantly over the past 20 years, despite a barrage of security marketing suggesting otherwise.

Further, there are innovations happening in the market today to bring forth a new era for the SIEM. This evolution is more aptly named security analytics platforms, which not only handle log ingestion and storage, but also more effectively address the detection and response use cases SOCs need.

Security analytics platforms combine SIEM, SOAR, and UEBA to cover the complete incident response lifecycle from detection, investigation, and response, in conjunction with other important use cases like compliance.

GUEST ESSAY: Top 5 cyber exposures tied to the rising use of international remote workforces

By April Miller

While every business needs to prioritize cybersecurity, doing so is becoming increasingly complicated. With many employees now working remotely, securing company data isn’t as straightforward as it used to be. Things get even more complicated if you have an international remote workforce.

Related: Employees as human sensors

As of 2018, more than 2 million people were working abroad for U.S. companies in China alone. Since then, as remote work has become more popular and accessible, that figure has likely only increased. International workforces can be an excellent way to find top talent, but they can introduce unique security risks.

Here are five unique cybersecurity challenges you should know about.

•Inconsistent data regulations. Countries have different data security laws, and these can get in the way of one another. For example, suppose you have workers in the EU. In that case, you must abide by the General Data Protection Regulation (GDPR), which imposes fines on some activities that are perfectly legal in the U.S.

Having workers in multiple countries with laws like this introduces further complications. For instance, if you have employees in China and the EU, you’ll have to obtain Chinese government approval to provide data from China to EU authorities enforcing the GDPR. These conflicts and inconsistencies can make it hard to create a cybersecurity program that abides by all relevant laws.

GUEST ESSAY: Who do you think impacts privacy, free markets more: Big Government or Big Tech?

By Scott Cleland

Proposed bipartisan legislation to modernize U.S. antitrust law and enforcement standards for the 21st century digital marketplace calls for a fact-driven comparison of Big-Tech’s unchecked power relative to Big Government’s Constitutionally limited power.

Related: Apple vs. Facebook privacy war

Big-Tech has proven its monopoly and cartel power can be more powerful than Big Government.

Big Government’s Constitutional limits denied two impeachment attempts to remove President Trump from office and to prevent his ability to run again. In mid-January, Big Tech collusively cancelled President Trump, his eighty million online followers, and his right-of-center, competitive social media alternatives – with impunity.

When unchecked by antitrust law, Big-Tech monopoly gatekeepers together are dominant enough to determine what Americans see and say online. This means in 21st century America, there no longer is a real competitive marketplace for ideas, and no longer are public squares open to all political voices.

The political reality of Big-Tech monopoly intermediaries is that the public and politicians must go through, and trust, Big-Tech to not interfere with them, and to not dictate political discourse or outcomes. The most respected research on this problem, Dr. Robert Epstein’s seminal research on Big-Tech manipulation, shows how unmonitored Big-Tech has the power to manipulate elections.

GUEST ESSAY: Why online supply chains remain at risk — and what companies can do about it

By Aanand Krishnan

The Solarwinds hack has brought vendor supply chain attacks — and the lack of readiness from enterprises to tackle such attacks — to the forefront.

Related: Equipping Security Operations Centers (SOCs) for the long haul

Enterprises have long operated in an implicit trust model with their partners. This simply means that they trust, but don’t often verify, that their partners are reputable and stay compliant over time. Given the dynamic nature of websites today and the constantly changing integrations to a site, this implicit trust model no longer suffices.

So what does the average modern website look like? More than 70 percent of the content that loads on an end user’s browser does not come from the website’s server at all. Enterprises are designing client heavy applications that are executed through JavaScript at runtime, and these browsers are acting as modern day OSes.

Let’s discuss how the SolarWinds hack relates to a regular website supply chain. Web architecture from the past decade followed a trend where most web applications were server heavy, and enterprises’ data centers handled the bulk of the processing. The web browser was more of a graphical interface or a rendering engine.

Due to optimized speeds and improved computing capacity on client devices, the architecture has evolved over the last few years.

GUEST ESSAY: Data poverty is driving the growth of cybercrime – here’s how to reverse the trend

By Robert Panasiuk

Data poverty is real and it’s coming for your user accounts.

Related: Credential stuffing soars due to Covid-19

The current state of data in cybersecurity is a tale of The Haves and The Have-WAY-mores. All tech companies have data, of course, but the only data that’s truly valuable and provides insights—actionable data—isn’t as universal as it should be.

This “data poverty,” or dearth of actionable insights, is a problem for companies across many verticals. Cybersecurity should not be one of them. The sentinels working to prevent the next SolarWinds breach need all the Grade-A data they can get, and fast. Data democratization, on a privacy-compliant basis, is the only way they’ll get it.

The simple truth is that no cybersecurity company can compete with the data stacks of the FAAMG behemoths, which is why cybercrime is seeing a 63 percent boost over the past year.

It’s time to take steps to democratize data and fortunately there are examples of what this looks like in other industries that show how competing security outfits can link arms and still remain competitive.

Why can’t we be friends?

“Coopetition”—competing companies working together and sharing information—is not uncommon across other industries. Casinos trade intel on card counters. E-tailers partner with physical stores to increase their brick-and-mortar presence. Rival software companies exchanging data can involve more red tape, but fundamentally the information they share achieves the same goals: making more money and ensuring their customers receive the best possible service.