Modernization at Madrid: NATO’s Commitment to Cybersecurity
On Wednesday, NATO announced its intention to create a cyber rapid response force to deal with cyber threats resulting from the Russian-Ukrainian conflict. As detailed in a CyberScoop article, this decision came in the form of a formal declaration produced during the Madrid Summit, a meeting of heads of state from NATO and NATO partner countries in Madrid, Spain. The declaration also mentions the intent to foster more collaboration between military intelligence, civil society, and industry in order to combat cyber risks. NATO stresses cooperation as the key driving factor behind these new security measures, stating “We will significantly strengthen our cyber defenses through enhanced civil-military cooperation.” Most pertinent to current world events, the declaration aims to both shore up and maintain Ukraine’s critical cyber infrastructure, which has been under constant attack from pro-Russian groups. The language and steps detailed in this declaration have been lauded by some prominent members of the cyber security world, including Chris Painter (former senior cyber official in the Obama administration’s State Department), who stated its tone and urgency is appropriate for how important cyber security has become in recent years, and particularly in the present moment. Through this declaration and the steps it has taken to modernize its approach to cybersecurity, NATO has sent a message that it understands the complexities of modern international conflict and is prepared to deal with them from every angle.
Tik Tok Boom: TikTok Promises to Enhance Data Safeguards. Is it Enough?
In the wake of repeated criticism from US lawmakers and regulatory boards regarding their user data practices, TikTok announced in an open letter that they will be launching an initiative known as “Project Texas” to assuage security concerns. As reported in an article appearing on The Hacker News website, the letter states that while employees in China (where TikTok is based) have access to “non-sensitive” user data, it is subject to rigorous access protocols overseen by the US-based Oracle cloud infrastructure, and steps are being taken to ensure more stringent security controls are implemented and that backup American data stored on Singaporean servers is deleted. Furthermore, the company states that it has never been asked by the Chinese government to pass along US user data, and would never do so on principle. However, these assurances run counter to a report published by Buzzfeed News, in which it is alleged that ByteDance (the company that owns and manages TikTok) frequently mines and distributes data to Chinese receivers. ByteDance has called these reports false, but it does beg the question of how much a company can be trusted to self-regulate its operations in a foreign country. With millions of American users, TikTok is privy to a sizable stream of valuable user data, and despite these assurances towards tighter, US-centered security, questions remain regarding the accuracy of these claims.
Vacation Complications: Marriott Hit by Data Breach
This week, one of Marriott International’s properties was hit by a data breach. As detailed in an article from Bleeping Computer, malicious actors stole 20GB worth of files from the BWI Airport Marriott in Maryland. During the six hours the hotel’s network was compromised, internal business files and credit card information were stolen, and Marriott confirmed that an attempt was made to extort the chain by threatening to leak these files online. Marriott International stated it did not comply with these demands and is in contact with the FBI (as well as a third-party security firm) to remedy the situation but did admit that as many as 400 individuals were affected by this attack. Regrettably, this is the third confirmed data breach Marriott has experienced since 2018, a pattern in threat susceptibility that has seen the hotel chain lose the data of millions of hotel guests over their numerous worldwide properties, and be fined £14.4 million by the UK ICO for failing to secure customer data under the General Data Protection Regulation (GDPR). While this breach was comparably small compared to the other breaches that have befallen the hospitality giant, this pattern of lax security may give potential customers pause the next time they decide to book a vacation.