|
|
|
|
|
Cyber Daily: European Cloud Restrictions Could Limit U.S. Providers’ Reach
|
|
|
|
|
|
Good day. Europe is getting serious about where its residents’ data is being stored, and that could be bad news for U.S. cloud providers.
A new certification system being developed by EU cybersecurity authorities will mandate that security-sensitive data must be held by European companies, according to a draft document seen by my colleague Catherine Stupp. This system would be voluntary, but experts say that other incoming laws for critical infrastructure providers could make it a de facto regulatory requirement.
Also today: Hackers claim to compromise AMD; TikTok is under scrutiny again; and Roe v. Wade’s overturn might affect federal privacy bill talks.
|
|
|
CONTENT FROM OUR SPONSOR: Netscout
|
|
Don’t just secure your network. Defend it.
You’ve heard of network flooding. Now learn why taking the Domain Name System (DNS) infrastructure for granted could be opening the floodgates for a “water torture” attack.
Read More
|
|
|
|
|
|
|
|
|
A view of Paris from the Montmartre district. Domestic cloud security rules in France were updated this year to include new restrictions for essential data.
PHOTO: ANITA POUCHARD SERRA/BLOOMBERG NEWS
|
|
|
|
European cybersecurity authorities are drafting a new certification system for cloud services that could limit the amount of critical data held by American providers.
Companies and tech associations are concerned that the coming European Union system will require that data considered critical or in need of high security measures must be stored in cloud services run by European companies, limiting businesses’ use of major U.S. providers such as Microsoft Corp., Alphabet Inc.’s Google Cloud or Amazon.com Inc.’s cloud unit.
A recent draft circulated among European officials specified that security restrictions should “prevent and limit possible interference from states outside the EU,” according to a document viewed by WSJ Pro Cybersecurity. Certain high-risk data should only be stored in the EU, accessed by employees who have gone through screening and are located in an EU country, and be subject to contracts governed by European law, the document says.
The EU system would be voluntary, but corporate technology experts worry that a separate coming law governing cybersecurity for critical infrastructure providers could be used to require some sectors to use only cloud providers that meet the high-level EU certification.
Under that law, individual EU countries could decide to require the certification for critical data within their jurisdiction, potentially leading to a complex “regulatory hodgepodge” where multinational firms follow the rules in some parts of Europe and not in others, said Steven Heckler, deputy head of digitalization and innovation policy at the Federation of German Industries, a trade group representing a range of industrial sectors.
Read the full story.
|
|
|
|
|
A group of lawmakers, including Sen. Roger Wicker (R., Miss.; pictured) are concerned that restrictions on TikTok owner ByteDance haven't been enforced.
PHOTO: MARKUS SCHREIBER/ASSOCIATED PRESS
|
|
|
|
Senate Republicans press Biden administration over TikTok security. A group of senators led by Sens. Roger Wicker (R., Miss.) and Tom Cotton (R., Ark.) wrote a letter to Treasury Secretary Janet Yellen saying the administration hasn’t enforced an August 2020 order requiring ByteDance, the Chinese parent company of TikTok, to divest its American assets and destroy data it acquired through TikTok. Security reviews haven’t been published one year after the order took effect, they wrote. The senators asked for details on how TikTok will protect privacy through a third-party U.S. company. Reports that Oracle will store TikTok’s U.S. data won’t address national security concerns because the Chinese company would still own a social media platform active in the U.S., they wrote. (The Hill)
|
|
|
PHOTO: JUSTIN SULLIVAN/GETTY IMAGES
|
|
|
Ransomware group claims to extort chip maker AMD. The U.S. company said it is investigating claims that hackers have its data. The cybercrime group RansomHouse posted on the website where it leaks data, saying that it compromised the company because its employees used weak passwords. AMD didn’t disclose if it received a ransom demand. RansomHouse also claimed responsibility for a cyberattack this month on Shoprite, Africa’s largest retailer. The group says it targets companies with weak cybersecurity measures. (TechCrunch)
|
|
|
South Korea will join U.S.-led cyber exercise for the first time. U.S. Cyber Command’s Cyber Flag exercise will include more than 20 South Korean participants when it takes place this October in Virginia. The exercise aims to strengthen the U.S.’s and allies’ abilities to identify and respond to a cyberattack. Teams from countries including Canada, Germany, Lithuania and Sweden participated in last year’s exercise. President Biden and South Korean President Yoon Suk-yeol agreed in May to expand cybersecurity cooperation and confront North Korean cyber threats. (Korea Herald)
|
|
|
$61.9 Million
|
The annual cybersecurity budget for New York State, where Gov. Kathy Hochul appointed Colin Ahern its first chief cyber officer Monday.
|
|
|
|
|
|
|
PHOTO: ERIC LEE/BLOOMBERG NEWS
|
|
|
Abortion ruling could scramble privacy talks. The Supreme Court’s decision to strike down federal abortion rights has put more pressure on bipartisan privacy legislation moving through Congress. Some Democratic lawmakers and privacy advocates have warned in recent days that the move to overturn Roe v. Wade creates new risks for women’s personal information that is collected by technology companies. Now, a key Democratic lawmaker’s staff argues that the court’s decision highlights existing weaknesses in how the bipartisan proposal aims to enforce potential privacy abuses. (Washington Post)
|
|
|
|
|
|
|
|