Information Security News 1. Oracle Cloud security SNAFU latest: IT giant accused of pedantry as evidence scrubbedThe Register – Thomas ClaburnRead more 2. CoffeeLoader Malware Is Stacked With Viscous Evasion TricksDark Reading – Becky BrackenRead more 3. Phishing platform ‘Lucid’ behind wave of iOS, Android …
📄 Download Feature PDF Want to connect? Here is Daniela Fernandez’s professional profile. Feel free to say hello and show your support. 🔗 Connect on LinkedIn About the Author Saba Bagheri, PhD Cyber Threat Intelligence Manager at Bupa APAC Director at the Cybersecurity Advisors Network …
The Cybersecurity Advisors’ Network has recently added our name to three important pieces of advocacy urging reform of legislation that we feel significantly jeopardizes the safety and privacy of citizens and their data, and the free nature of the Internet.
The Internet Society and CyAN partner organization Global Encryption Coalition are leading a push to reform Sweden’s controversial proposal that, among other issues, would require encryption services to open access to their users’ data to law enforcement agencies. We previously expressed our opposition to this move. Backdoors, no matter how well intended, fatally undermine end-to-end encryption, thus endangering privacy, security, and trust online.
Link to the open letter: https://app.smartsheet.com/b/form/e3cf0c35c3a84837b0accdf21966a554
CyAN joins the Japanese Association for Progressive Communications (JCA-Net) in urging the scrapping of two Japanese bills (both links in Japanese, PDF format):
Similar to the Swedish proposal, these bills would allow law enforcement and intelligence agency access to information without the consent of data controllers. They go much further in authorizing cyber warfare and espionage outside of Japanese borders, which the Association and the letters signatories believe is not only unconstitutional, but actively dangerous by potentially stoking aggressive cyber conflict.
Link to the joint letter: https://www.jca.apc.org/jca-net/ja/node/449
US Senate bill S.146 (“TAKE IT DOWN”) is a well-intended, although overly broad and intrusive, attempt to curtail online propagation of illegal content, specifically “intimate imagery”, what CyAN partner organization STISA refers to as “image-based sexual abuse” (IBSA). While the bill provides exceptions for broadband and email providers, it would result in encryption backdoors being required for other secure services, such as peer-to-peer chat.
As we have pointed out in the past, backdoors not only do not work, they have significant negative impact on personal privacy. Backdoors dramatically increase the danger from cybercrime and government surveillance overreach alike, and damage trust, safety, online commerce, and digital democracy while yielding few real results – criminals do not respect such laws.
CyAN joins the Internet Society, the Center for Democracy and Technology, the Electronic Frontier Foundation (EFF), and several other respected industry and advocacy groups in calling for a revision of S.146, to significantly increase the use cases and providers exempted from its scope, and thus removing the mandate for harmful encryption backdoors.
Link to the joint letter: https://docs.google.com/document/d/1p5i9HifjzZXGs-nanjOb5V1aBQPqAJ3LFfJqsYYddI0/edit?tab=t.0
Featured image credit: Gerd Altmann (Pixabay Link)
📄 Download Feature PDF Want to connect? Here is Irene Corpuz’s professional profile. Feel free to say hello and show your support. 🔗 Connect on LinkedIn About the Author Saba Bagheri, PhD Cyber Threat Intelligence Manager at Bupa APAC Director at the Cybersecurity Advisors Network …
Information Security News Italian government approved use of spyware on members of refugee NGO, MPs told The Guardian by Angela Giuffrida & Stephanie KirchgaessnerItalian lawmakers have been informed that spyware was authorised against members of a refugee NGO, sparking fierce backlash over potential human rights …
In his thought-provoking article, “Digital Sovereignty: A Framework for the Internet Age,” Robin Berjon skilfully outlines the challenges and necessities of digital sovereignty. This article builds on his foundation, delving deeper into nuanced facets of digital sovereignty and highlighting critical issues such as the essential role of end-to-end encryption (E2EE), the economic and security risks posed by tariff wars, and the importance of competent digital governance in managing powerful digital tools.
Central to our discussion is Cory Doctorow’s concept of ‘enshittification’—the gradual degradation of systems as commercial pressures and scale erode their founding principles. This concept serves as a cautionary backdrop to our exploration, particularly as we examine how poor management and short-sighted policies can undermine the digital sovereignty of nations.
End-to-end encryption (E2EE) is foundational to digital security. As digital data increasingly underpins our societal functions, ensuring that such data remains encrypted and accessible only to intended recipients safeguards both individual privacy and national security. Advocating for the widespread adoption of robust, uncompromised E2EE is crucial for maintaining trust and integrity in international communications. This approach supports the digital sovereignty of nations by ensuring their communications remain secure from foreign interference.
In an era where digital borders are becoming as significant as their physical counterparts, there might be a temptation among policymakers to introduce data tariffs as a means of controlling and monetising the international flow of data. Such measures could be seen as attractive for countries looking to bolster their domestic tech industries or protect their data from foreign exploitation. However, the following section will explore why this seemingly bright idea might not shine in practice.
While some may argue that data tariffs could serve as economic levers or protective measures, history teaches us that tariff wars lead to economic inefficiency and often hurt more than they help. Imposing tariffs on data could backfire by isolating markets, increasing costs for consumers and businesses alike, and stifling innovation. To avoid these pitfalls, we must seek cooperative international agreements that support open data flows while respecting each nation’s right to digital sovereignty.
Data security extends beyond protecting personal information; it is an integral component of national security. In a world where data breaches can lead to significant economic, social, and political disruptions, securing our digital assets is paramount. Robust national and international frameworks that prioritise security without compromising global interoperability are essential for maintaining digital sovereignty and economic stability.
Cory Doctorow’s notion of ‘enshittification’—the degradation of systems as they scale—can be observed in the digital world when there is insufficient oversight and management of complex digital tools. This can lead to significant vulnerabilities in terms of security and user experience. Promoting a culture of careful stewardship and informed management across all levels of digital operations is crucial to prevent the decline in the quality and security of digital platforms.
Digital sovereignty challenges us to navigate complex territories of technology, policy, and human rights. By championing uncompromised E2EE, advocating against data tariffs, emphasising the national security implications of data security, and demanding knowledgeable handling of digital technologies, we can strive towards a balanced approach that protects both individual rights and national interests. Let’s commit to fostering an environment where digital sovereignty is balanced with global cooperation for a secure, open, and fair digital future.
Read more: Digital Sovereignty: A Framework for the Internet Age by Robin Berjon
Kim Chandler McDonald is the Co-Founder and CEO of 3 Steps Data, driving data/digital governance solutions.
She is the Global VP of CyAN, an award-winning author, storyteller, and advocate for cybersecurity, digital sovereignty, compliance, governance, and end-user empowerment.
CyAN is proud to announce our role as a Community Partner for the following prominent global cybersecurity and technology events. Mark your calendars! Supply Chain Cyber Security Summit (SCCS) 9–11 April 2025 | Lisbon, Portugal CyAN board member Bharat Raigangar will be speaking at this …
Information Security News US Weakens Disinformation Defenses, as Russia & China Ramp Up Dark Reading by Robert LemosAs geopolitical tensions escalate, the US has notably reduced its efforts to combat disinformation, especially from key adversaries like Russia and China. This rollback occurs despite increasing efforts …
Gate 15‘s Andy Jabbour joins us on this episode of CyAN’s Secure-in-Mind series, as we discuss a wide variety of topics. We cover information and intelligence sharing, geopolitics, US and European cybersecurity capabilities, information security investment, collective cyberdefence, adversaries, threats, and some nifty travel tips.
As always, we haven’t read all of these in their entirety, and the Wikipedia links are provided as-is, and only meant as a starting point for someone interested in more than just casual information.
02:12 Financial Services ISAC – https://fsisac.com
04:01 US Presidential Policy Directive (PPD) 21, “Critical Infrastructure Security and resilience” – https://www.cisa.gov/topics/critical-infrastructure-security-and-resilience/critical-infrastructure-sectors
05:14 https://eur-lex.europa.eu/eli/dir/2022/2555/2022-12-27/eng – “sectors of high criticality” are described in Annex I & II
06:09 “All-hazards” is a very broad term with numerous different definitions. Basically, it means “taking all types of risks and threats, and what you need to deal with them, into account”.
07:18 WannaCry – https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
07:32 Health ISAC – https://health-isac.org/
09:49 The EU ISACs website appears to be offline, but ENISA has some information: https://www.enisa.europa.eu/topics/state-of-cybersecurity-in-the-eu/national-cybersecurity-strategies-0/information-sharing-and
14:33 The US does not have any national cybersecurity law per se, but several federal agencies have essentialy mandated that critical sector firms join their respective sector ISAC. By contrast, the EU ISAC ecosystem is less mature, and less well supported and recognized by e.g. ENISA (the European Network and Information Security Agency), with no such mandates. Other countries tend to have information sharing initiatives built around government agencies – for example, the UAE financial sector’s cyber resilience exercises are organized by the central bank.
14:38 NY State Department of Financial Services – https://www.dfs.ny.gov/
17:44 UK NCSC Industry 100 – https://www.ncsc.gov.uk/section/industry-100/about
18:02 UP-KRITIS – https://www.bsi.bund.de/EN/Themen/Regulierte-Wirtschaft/Kritische-Infrastrukturen/UP-KRITIS/up-kritis_node.html
19:23 CISA recently dismantled the Cyber Security Review Board (CSRB) which was looking into the Salt Typhoon and Volt Typhoon groups in January of 2025: https://federalnewsnetwork.com/cybersecurity/2025/03/lawmakers-probe-dhs-cyber-typhoon-response-future-of-csrb/
19:30 E.g. https://www.reuters.com/world/us-suspends-some-efforts-counter-russian-sabotage-trump-moves-closer-putin-2025-03-19/
20:13 https://therecord.media/podcast
20:17 Specific episode on iTunes: https://podcasts.apple.com/us/podcast/is-trump-making-the-us-more-cyber-vulnerable/id1225077306?i=1000699608384
21:18 https://tribalhub.com/
23:23 https://bsky.app/profile/rgblights.bsky.social
23:37 https://breakingdefense.com/2025/03/ex-nsa-cyber-chief-warns-of-devastating-impact-of-potential-doge-inspired-firings/
23:46 https://www.theregister.com/2025/03/18/cisa_rehired_doge/
Obligatory whoopsie-doodle: https://bsky.app/profile/ericjgeller.com/post/3lkldrq7jek2z
24:58 FVEY – https://en.wikipedia.org/wiki/Five_Eyes
25:48 Obligatory plug to donate – https://u24.gov.ua/
26:36 https://www.washingtonpost.com/world/national-security/trump-revealed-highly-classified-information-to-russian-foreign-minister-and-ambassador/2017/05/15/530c172a-3960-11e7-9e48-c4f199710b69_story.html
26:45 For example https://ec.europa.eu/commission/presscorner/detail/en/ip_25_793
27:39 Locked Shields – https://ccdcoe.org/locked-shields/
28:39 Jen Easterly – https://en.wikipedia.org/wiki/Jen_Easterly
29:45 https://www.independent.co.uk/bulletin/news/europe-canada-portugal-f35-fighter-jets-trump-eurofighter-b2718770.html
29:49 Not really, but US control over spare parts, upgrades, and digital mission information is a serious concern
30:01 https://en.wikipedia.org/wiki/Saab_JAS_39_Gripen
30:40 https://www.theguardian.com/us-news/2025/mar/18/musk-starlink-internet-white-house
31:24 For example Eutelsat, part of the consortium deploying Europe’s IRIS² satellite constellation – https://defence-industry-space.ec.europa.eu/eu-space/iris2-secure-connectivity_en
32:51 Just in regards to cooperation with Romania, there are numerous examples, such as https://www.europol.europa.eu/media-press/newsroom/news/arrest-in-romania-of-ransomware-affiliate-scavenging-for-sensitive-data and https://www.fbi.gov/contact-us/field-offices/losangeles/news/romanian-police-serve-dozens-of-warrants-following-parallel-investigation-with-the-fbis-los-angeles-field-office
34:37 Alexander Litvinenko and Maxim Kuzminov for starters, plus the muder attempts on Sergei and Yulia Skripal
34:43 https://www.reuters.com/world/europe/threat-plot-murder-rheinmetall-ceo-was-part-sabotage-campaign-nato-says-2025-01-28/
34:45 https://en.wikipedia.org/wiki/2014_Vrb%C4%9Btice_ammunition_warehouse_explosions and
https://www.wsj.com/world/europe/russian-saboteurs-behind-arson-attackat-german-factory-c13b4ece
34:51 https://www.euronews.com/my-europe/2024/11/28/russian-attacks-on-undersea-cables-most-serious-threat-to-our-infrastructure-nato – see our two-part podcast on this topic, at https://cybersecurityadvisors.network/2024/09/10/subsea-cables-a-crunchy-target/
50:48 Which is still one of the greatest (and seriously, most technologically influential) multiplayer games of all time. It’s also a GPA killer sans pareil – https://en.wikipedia.org/wiki/Netrek
51:07 A classic – https://www.wilyhacker.com/
51:58 21°14’37.7″S 55°42’58.5″E -ish
54:36 That’s the one with the costumes that freak out all the Americans. If you know, you know.
You can find CyAN’s Secure-in-Mind YouTube channel at https://youtube.com/@cybersecadvisors. All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn – links on our Media page.
Information Security News Judge blocks Elon Musk’s Doge from accessing social security records The Guardian by Guardian Staff & AgenciesA federal judge has issued a restraining order preventing Elon Musk’s Department of Government Efficiency (Doge) from accessing Social Security Administration (SSA) records, citing privacy concerns …