By Dain Oh, The Readable
Dec. 15, 2023 9:19PM GMT+9
“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
Hello! This is Dain Oh reporting from South Korea. The new edition of The Readable’s quarterly magazine, which marks its third volume, has just been published. If you would like to receive a copy, please let us know by writing us an email at firstname.lastname@example.org. Moreover, a new reporter has joined The Readable. You can see Sylvie Truong’s powerful articles starting this week. In this briefing, I highlighted four cybersecurity news items as well as one opinion article. Lastly, I will be reporting from Japan next week, covering the 7th International Conference on Mobile Internet Security, or “MobiSec 2023,” which will take place for three days in Okinawa. Enjoy our stories, and we wish you a wonderful weekend!
1. Hackers launch cyberattacks on US drinking water systems
The United States is experiencing an increase in cyberattacks targeting industrial control systems (ICS). Critical infrastructure like water treatment systems rely on ICS to ensure the safety of drinking water.
A joint security advisory was released on December 1 in response to ongoing cyberthreats against U.S. water systems and other sectors. The advisory was co-authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Environmental Protection Agency (EPA), and the Israel National Cyber Directorate (INCD).
On November 25, the Municipal Water Authority of Aliquippa (MWAA) in Pennsylvania discovered they had been targeted in a cyberattack by hackers linked to Iran. Matthew Mottes, the chairman of MWAA, told local news outlet Beaver Countian that the hackers did not access “anything in our actual water treatment plant—or other parts of our system—other than a pump that regulates pressure to elevated areas of our system.” Mottes told the news outlet that the hacked pump was on a separate network from the primary network. READ MORE
2. South Korea seeks to expand IoT secure devices in Asia Pacific
South Korea is seeking to expand its security-certified Internet of Things (IoT) devices globally as it takes its first step towards broadening its market in the Asia Pacific region.
On December 14 in Singapore, the Korea Internet & Security Agency (KISA) and the Cyber Security Agency of Singapore (CSA) signed a memorandum of understanding concerning safety standards for IoT devices. In the coming months, the two nations will collaborate to establish shared IoT safety protocols. Once approved, devices certified as safe in one nation will automatically receive the same designation in the other, which will ease trade in such devices between the countries.
South Korea has been operating its security certification system since late 2017 to protect consumers from security risks inherent to internet-connected digital devices. Each level is based on the product’s software complexity; for instance, devices with minimal software are advised to pursue ‘lite’ certification, while consumer electronics are encouraged to obtain the ‘standard’ certification. Although obtaining certification is not mandatory under the law, South Korean government agencies encourage manufacturers to conform to these standards in the areas of smart homes, transportation, medical devices, manufacturing, financial services, and the communications industry. READ MORE
3. Prosecutors target ex-Samsung employee for leaking chip secrets to China
A former senior employee of Samsung Electronics is facing criminal charges for allegedly transferring semiconductor-related technology from the South Korean tech-giant to a Chinese company. The nation has been grappling with the issue of trade secret theft over the past year amid a string of high-profile cases involving prominent employees of Samsung Electronics.
On December 13, the Seoul Central District Prosecutors’ Office applied for a warrant to take the former senior Samsung employee into custody for violating the nation’s industrial technology protection law. The accused, who has not yet been identified except by the last name ‘Kim,’ resigned from Samsung Electronics and later joined a Chinese semiconductor company in 2016. Prosecutors suspect that Kim transferred the “integral” semiconductor technology while he was employed at the Chinese firm.
The prosecutors further applied for a warrant to arrest Kim’s accomplice, an individual employed by a firm that partners with Samsung Electronics, for the crime of assisting Kim in leaking top secret information and technology to China. The officials did not explicitly name the company by whom the suspect was employed, but they did reveal the last name of the accused, which is ‘Bang.’ The court is expected to decide on December 15 on whether or not to approve the arrest warrant. READ MORE
4. EU reaches deal on comprehensive regulation of AI
The world’s first comprehensive body of rules on artificial intelligence has taken a big step toward becoming reality as European Union negotiators clinched a political deal on the regulation of AI technologies.
On December 9, EU policymakers announced that they had reached a provisional agreement on governing the use of AI technologies after a three-day intensive debate. Lawmakers from three branches of the EU’s primary governing bodies—the European Parliament, the Council of the European Union, and the European Commission—agreed on the flagship legislation, named the AI Act. The new rule is intended to protect citizens of the EU from suffering possible harm due to the influence of AI technologies.
According to the press release from the EU governing bodies, the AI Act seeks to regulate AI systems according to a risk-based assessment approach. If any AI technology can be seen as threatening significant harm to society, the level of restriction it will face will be severe in proportion to its danger. Specifically, the EU lawmakers established a three-stage classification system for the level of threat an AI technology might pose: minimal risk, high-risk, and unacceptable risk. READ MORE
5. Opinion: Breaking data silos between observability and security empowers organizations
In recent years, many organizations have struggled to manage the increasing volume of data in their systems, particularly for observability and security teams. According to an ESG report, organizations capture hundreds of terabytes (32%) and even petabytes (6%) of data per month. This deluge of data presents dual challenges.
First, this data gets locked within certain organizational systems, hampering the wider visibility and actionability necessary for informed decision-making and robust security practices. Second, as revealed in the same report, most organizations (69%) said they don’t gather all desired data sources because processing and storing this amount of data is costly. This is a problem if there's an incident and the organization has incomplete data for a comprehensive analysis and quick response.
Telemetry data, including metrics, events, logs, and traces, comprise a majority of the application data volume. This data can enable observability teams to understand application performance and helps security teams improve detection and response efforts. However, without effective data management strategies, both teams struggle to extract timely, actionable insights. To address this issue, organizations need to manage data as an enterprise asset and bridge the gap between observability and security data silos. READ MORE
The cover image of this article was designed by Areum Hwang. This article was copyedited by Arthur Gregory Willers.
Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expertise in leading media outlets to success. Prior to establishing The Readable, Dain was a journalist for The Electronic Times, a prestigious IT newspaper in Korea. During her tenure, she extensively covered the cybersecurity industry, delivering groundbreaking reports. Her work included exclusive stories, such as the revelation of incident response information sharing by the National Intelligence Service. These accomplishments led to her receiving the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology, a well-deserved accolade bestowed upon her through a unanimous decision. Dain has been invited to speak at several global conferences, including the APEC Women in STEM Principles and Actions, which was funded by the U.S. State Department. Additionally, she is an active member of the Asian American Journalists Association, further exhibiting her commitment to journalism.