China enacted the Personal Information Protection Law (PIPL) on August 21, 2021 as part of that country’s growing scrutiny of its high tech sector. This law goes into effect on November 1, 2021 and will impose a new set of obligations for data security, especially when combined China’s Data Protection Law. Both of these laws fit into China’s information policy, which Chinese President Xi Jinping has described as the modern equivalent of industrialization. The PIPL will have a significant impact on the way foreign companies in China handle data.
National and Public Interests
The PIPL is partially based on the European Union’s (EU’s) General Data Protection Regulation (GDPR), which is a precedent-setting piece of legislation for data protection. However, the PIPL also has a focus on national security that’s lacking in the GDPR and similar privacy frameworks like the Consumer Privacy Act (CPA) in California. The PIPL further diverges from other data privacy legislation by addressing China’s digital sovereignty. The purpose of these provisions is to limit the ability of foreign organizations to infringe on the privacy rights of Chinese citizens. More…
Critical Infrastructure Security Month 2021
“Critical Infrastructure Security and Resilience: Build it In”
Each November is celebrated as Infrastructure Security Month (ISM). This is the Cybersecurity and Infrastructure Security Agency’s (CISA) annual effort to educate and engage all levels of government, infrastructure owners and operators, and the American public about the vital role critical infrastructure plays in the nation’s wellbeing and why it is important to strengthen critical infrastructure security and resilience.
Throughout Infrastructure Security Month, CISA will highlight how, as a nation, we have travelled a great distance in infrastructure security, while also experiencing a significant shift in the threat landscape over the past several years.
Infrastructure Security Month 2021 will focus on the umbrella theme “Critical Infrastructure Security and Resilience: Build it In” as a reminder to all audiences how important it is to consider infrastructure security and resilience from design concept all the way through development and implementation.
Each week throughout November, we will spotlight a different way to think about how we build in critical infrastructure security and resilience.
- Week 1 (November 1-7): Interconnected and Interdependent Critical Infrastructure: Shared risk means building in shared responsibility.
- Week 2 (November 8-14): Plan for Soft Target Security: Build in security for mass gatherings starting with your planning.
- Week 3 (November 15-21): Build Resilience into Critical Infrastructure
- Week 4 (November 22-30): Secure our Elections: Build resilience into our democratic processes.
As such, during this year’s Infrastructure Security Month, we ask every stakeholder to:
- Remember if you share risk, you must also share the responsibility to reduce that risk.
- Reevaluate your preparedness plans on securing public gatherings and make sure they are up to date with the latest techniques and tactics.
- Consider ways to make resilience part of the design when upgrading or building new critical infrastructure.
- Help people understand and identify misinformation, disinformation, and conspiracies appearing online related to election security COVID-19, 5G, or other infrastructure-related issues.
Join us this November and take action to ensure our critical infrastructure is safe, secure, and resilient. More…
The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May.
Your workers need connectivity that’s both fast and redundant if they’re going to get their work done. For a lot of remote employees, that means relying on the local cable company or ISP. Is that really a good idea for business? More…
Cybercrime: Europol arrests 12 people for ransomware activities possibly affecting 1,800 victims in 71 countries
The European police force stated the ransomware activities targeted critical infrastructures and mostly large corporations. More…
While “doxxing” has been around since the 1990s, in recent years, doxxing attacks have become increasingly common, with celebrities and lay people alike falling victim. In this article, I go into detail about what doxxing is and its real-life consequences. In addition, I’ll explain how you can protect yourself from doxxing attacks.
“Doxxing” is when someone finds personal information about someone else, usually an internet user, and publishes it online for the world to see. That’s why it’s called “doxxing” – referring to “documents,” shortened to “doc” and then changed to “dox.”
The information that’s published can include the real name, home address, email address, telephone number, photos and other personal information of the victim, leading to attacks that can move from the online world to the physical one. More…
Original release date: November 3, 2021
CISA has issued Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities to addresses vulnerabilities that establishes specific timeframes for federal civilian agencies to remediate vulnerabilities that are being actively exploited by known adversaries. To support this Directive, CISA has established a catalog of relevant vulnerabilities. This catalog will be updated regularly, and organizations can sign up for notifications when new vulnerabilities are added.
CISA strongly recommends that private businesses, industry, and state, local, tribal and territorial (SLTT) governments prioritize mitigation of vulnerabilities in CISA’s Directive and sign up for updates to the catalog.