Our interview is with Mark Montgomery and John Costello, both staff to the Cyberspace Solarium Commission. The Commission, which issued its main report more than a year ago, is swinging through the pitch, following up with new white papers, draft legislative language, and enthusiastic advocacy for its recommendations in Congress, many of
Another week, another Trump administration initiative to hasten the decoupling from China. As with MIRV warheads, the theory seems to be that the next administration can’t shoot them all down. Brian Egan lays out this week’s initiative, which lifts from obscurity a DoD list of Chinese military companies and excludes them from U.S. capital…
In this episode, Jamil Jaffer, Bruce Schneier, and I mull over the Treasury announcement that really raises the stakes even higher for ransomware victim. The message from Treasury seems to be that if the ransomware gang is the subject of OFAC sanctions, as many are, the victim needs to call Treasury…
John Yoo, Mark MacCarthy, and I kick off episode 329 of the Cyberlaw Podcast diving deep into what I call the cyberspace equivalent of a dumpster fire. There is probably a pretty good national security case for banning TikTok. In fact, China did a lot better than the Trump administration when it …
This Week in the Great Decoupling: The Commerce Department has rolled out proposed telecom and supply chain security rules that never once mention China. More accurately, the Department has rolled out a sketch of its preliminary thinking about proposed rules. Brian Egan and I tackle the substance and history of the proposal and conclude that the government is still fighting about the content of a policy it’s already announced. And to show that decoupling can go both ways, a US-based chip-tech group is moving to Switzerland to reassure its Chinese participants. Nick Weaver and I conclude that there’s a little less here than Reuters seems to think.
We open the episode with David Kris’s thoughts on the two-years-late CFIUS investigation of TikTok, its Chinese owner, ByteDance, and ByteDance’s US acquisition of the lip-syncing company Musical.ly. Our best guess is that this unprecedented reach-back investigation will end in a more or less precedented mitigation agreement.
The theme this week is China’s growing confidence in using cyberweapons in new and sophisticated ways, as the US struggles to find an answer to China’s growing ambition to dominate technology. Our interview guest, Chris Bing of Reuters, talks about his deep dive story on Chinese penetration of managed service providers like HP Enterprise – penetration that allowed them access to hundreds of other companies that rely on managed service providers for most of their IT. Most chilling for the customers are strong suggestions that the providers often didn’t provide notice of the intrusions to their customers – or that the providers’ contracts may have prevented their customers from launching quick and thorough investigations when their own security systems detected anomalous behavior originating with the providers. Chris also tells the story of an apparent “Five Eyes” intrusion into Yandex, the big Russian search engine.
Our News Roundup is hip deep in China stories. The inconclusive EU – China summit gives Matthew Heiman and me a chance to explain why France understands – and hates – China’s geopolitical trade strategy more than most.
Maury Shenk notes that the Pentagon’s reported plan to put a bunch of Chinese suppliers on a blacklist is a bit of a tribute to China’s own list of sectors not open to Western companies. In other China news, Matthew discloses that there’s reason to believe that China has finally begun to use all the US personnel data it stole from OPM. I’m so worried it may yet turn my hair pink, at least for SF-86 purposes.
And in a sign that it really is better to be lucky than to be good, Matthew and I muse on how the Trump Administration’s China policy is coinciding with broader economic trends to force US companies to reconsider their reliance on Chinese manufacturing.