Security News for the Week Ending April 23, 2021
USTRANSCOM Starts CMMC Lite Now
The DoD’s transportation command, the folks who are in charge of getting all the stuff that the military needs from where it is to where it needs to be, has announced that they are implementing a light version of CMMC NOW instead of waiting for the five years that it is going to take DoD to fully roll CMMC out. The plan for TRANSCOM is to be able to confirm or deny cyber compliance, they say. This is even though the DoD delayed its report to Congress on vendors’ compliance with CMMC. It was due in March but now won’t be ready until June. TRANSCOM’s plans come at the same time that some are complaining that security is too hard and too expensive – even though they have been certifying for three years that they were fully compliant with the standard. Now that someone is actually saying “prove it”, they are saying it is hard. The move to actually protect own nation’s service members and information from our adversaries will not be easy, as we learned when the SolarWinds attack was revealed, but that doesn’t mean that we should not do that. Credit: Federal Computer Week
FCC Allocation of New Bandwidth for WiFi – A Duel to the End
Last year, as WiFi usage skyrocketed, the FCC allocated 1200 MHz of bandwidth in the 6 GHz range for unlicensed WiFi. But the problem is that someone’s ox will always get gored since there is no “unallocated” bandwidth. While this is great news for WiFi 6, the new WiFi standard (and WiFi 6E in particular), the people who currently use that bit of spectrum (like some carriers and first responders), are not thrilled. Last October, the DC Circuit Court of Appeals denied a request for an emergency stay, even though the court said that they would hear the arguments later. Last month the arguments started in court, saying that this FCC order would interfere with them. Now oral arguments begin. No one knows how this will end, but the fight is just starting. If, however, the courts refuse to issue a stay, it is going to be a moot point.
After Google gets you Hooked, they Are Changing the Rules
For Google Photos, effective June 1, 2021 and for Google Drive, effective February 1, 2022, All that free unlimited storage is gone. NEW files uploaded to your account after the effective dates will count to your storage quota, whatever that quota is. To ease the sticker shock, existing files will be grandfathered in. You can see what your storage usage is, here.
Google and Microsoft are Fighting – Can You Imagine That?
Google is trying to figure out how to track people to sell advertising as state privacy laws make that more difficult. Their newest invention is something named Federated Learning of Cohorts. It has been widely criticized by privacy folks. In short, it puts users in anonymous (supposedly) buckets by behavior and tries to show you ads based on what FLoC you are in. It is turned on in Chrome 90 and I don’t see a way to turn it off. Microsoft did not include it in their new build of Edge. Take that Google! Credit: Bleeping Computer
EU Creates AI Rulebook
The European Commission released a draft version of a new regulation on the use of AI – the first time a regulator has proposed to do this. The EU says this rule is to create transparency in the use of AI and ban “systems considered a clear threat to the safety, livelihoods and rights of people”. Whatever that means. It also is proposing stricter rules on the use of biometrics such as facial recognition. Here is the draft rule.