Cybersecurity & Espionage Articles
https://www.chinabusinessreview.com/fact-sheet-communist-party-groups-in-foreign-companies-in-china/
Chinese Communist Party (CCP) officials are increasingly calling on companies to support the creation of party organizations among their employees. The potential for party groups to influence corporate decision making has raised concern among some US company executives: What are foreign companies obligated to do, and how should companies respond to requests to establish party organizations in their China subsidiaries? Legal requirements for foreign companies China’s laws governing foreign invested enterprises are silent on party organizations. China’s Company Law, which applies to domestic as well as foreign-invested companies (but not foreign representative offices), does address party organizations, but does not specify their role. Article 19 requires companies to provide the “necessary conditions” for the activities of party organizations, which shall be established within the company according to the CCP Constitution. Chapter 5 of the CCP Constitution requires the formation of a party organization in companies with three or more party members. The CCP Constitution lays out different expectations for the role of party groups in state-owned enterprises (SOEs) and private companies.
By design, party organizations in SOEs are more prominent and influential. Party regulations issued in June 2015 specify that the chairman or CEO of an SOE should serve as the secretary of the party group, and that other company executives should be included in the party group as well. The party in foreign-invested enterprises Based upon the Company Law, party organizations should be permitted to be established in a foreign-invested enterprise – JV or 100% foreign-owned – if it employs three or more party members. No management or governance role is required, however, and company best practices suggest these organizations are not required to hold a managerial function. For example, party organizations could serve as a channel or platform to coordinate local employee non-work activities or management-employee communications. Joint ventures, especially those with state-owned partners, may face different pressures regarding the role of party organizations, although it is USCBC’s understanding that they are not subject to any legal obligation to allow party groups decision-making power, based on the legal requirements analyzed above. Some USCBC companies have reported that their state-owned joint venture partners have recently approached them about altering their articles of association to support party groups within the joint venture, even going as far to request that they be amended to allow critical matters to be approved by the party organization before they are presented to the board. Some of these requests likely stem from a party directive issued in March 2017, though companies report receiving similar requests earlier than this. The 2017 directive, entitled “Notice About Firmly Promoting Writing SOE Party Building Work into Company Articles of Association,” requires state-owned enterprises to incorporate party-building principles into their articles of association. However, the notice does not represent a legal requirement and companies have reported successfully pushing back against such requests to allow a simple re-statement in the articles of association of the company’s obligations under the Company Law. In addition, the laws governing joint ventures specify that amendments to the articles of association require unanimous consent of directors present at the board meeting, meaning the Chinese partner cannot force such changes without the foreign partner’s agreement. In fact, these laws clearly state that the board of directors is the highest decision making body in the company. The Company Law does not specify any particular role for party organizations in foreign-invested enterprises, so any attempt to give a party cell a managerial or governance function can be challenged on this basis. Companies should be alert to pressures to form party organizations in their China subsidiaries, but also aware of the legal framework and best practices that may limit the impact of such organizations on governance and management. Consulting with legal counsel is always recommended when deciding on a strategy to respond to such requests.
0 Comments
Original article at UK.BusinessInsider.com
Original Article on SCMagazine.com
The Department of Homeland Security (DHS) and the Department of Transportation (DoT) joined forces to create a cybersecurity implementation and operational primer to secure federal vehicle fleets. Executive Order (EO) 13693, also known as “Planning for Federal Sustainability in the Next Decade” was issued in March 2015 and requires all federal fleet managers to implement telematics systems for all their vehicles, according to a May 15 press release. The DHS Science and Technology Directorate (S&T) and the DoT's Volpe Center joined forces to develop a tool to assist fleet managers to achieve this goal by designing telematics to collect and utilize data concerning fuel consumption, emissions, maintenance, utilization, idling, speed and location data. Original Article at InfoSecurity-Magazine.com
The findings showed that 90% of assessments discovered that negligent employees were transferring company data to unencrypted and unauthorized USB devices, with 91% indicating that negligent employees were expanding the phishing attack surface by accessing personal web mail accounts on company machines – a behavior up 4% in the last 12 months. What’s more, the research also highlighted issues surrounding the improper use of cloud apps such as Google Drive and Dropbox with 78% of assessments discovering instances of company data being accessible via the public web. In terms of malicious intent, 67% of assessments uncovered cases where employees were visiting inappropriate and risky gaming, gambling and pornography websites – up 8% from last year – whilst 60% identified instances where malicious employees were using anonymous and VPN browsing to bypass security controls or to research how to bypass controls. Original article at BetaNews.com
A new study from user behavior intelligence specialist Dtex Systems has uncovered active insider threats in all of the organizations it assessed. Failure to gain visibility is allowing malicious and negligent employees to engage in undetected high-risk activities on every endpoint, on and off the network. Malicious employees are users that intentionally harm their organizations through theft, sabotage, and blatant disregard for security. Negligent employees are those that hurt their organization due to a lack of defenses, lack of awareness, carelessness and error. Original article at SecurityBoulevard.com
It’s trite to write that the company’s data and customer base are the main assets of any business in the 21st century. However, the attitude to these assets is still careless: a sales manager can steal some part of the database and sell it, as well as sell himself too, as an option. Security in the corporate sphere is limping on both legs. This is happening all over the world, from London to Sydney. Employees and insiders are paying their revenge, making a profit on other people’s data, or just doing harm to their former bosses for their own reasons. The frequency of such events makes us stop, think, and sketch out Plan B. Original article at KrebsOnSecurity.com
I spent a few days last week speaking at and attending a conference on responding to identity theft. The forum was held in Florida, one of the major epicenters for identity fraud complaints in United States. One gripe I heard from several presenters was that identity thieves increasingly are finding ways to open new mobile phone accounts in the names of people who have already frozen their credit files with the big-three credit bureaus. Here’s a look at what may be going on, and how you can protect yourself. Original article at Independent.co.uk
There is a pressing need for a global cryptocurrency – but it will not be bitcoin, according to a former advisor to Donald Trump. Technological complications means that bitcoin is limited, but the technology powering it could become incredibly important, said Gary Cohn. The former chief economic advisor, who resigned from the Trump administration in early March, said in an interview on this week that bitcoin’s underlying blockchain technology was more interesting than the actual virtual currency. Original article at Inverse.com
This sombre graphic novel tells the story of Roberts, an army engineer working in Texas who’s been targeted by a militia eager to gain access to building codes in order to orchestrate a terrorist attack. With sophisticated A.I., the militia manipulate everything in Roberts’ life. The news he sees is curated to instill hopelessness and despair, and family members’ social media accounts are hijacked to distance Roberts from loved ones. Frustrated and alone, he eventually confesses security information to a “friend” he’s made online, allowing the militias the access they’ve been hoping for. Once they have what they want, Roberts’ social media is manipulated to make him look like a radicalized terrorist. When the attack occurs, he takes the fall. Original article at TechRepublic.com
With a cybersecurity talent shortage projected to hit 1.8 million unfilled roles by 2020, the industry must start attracting younger workers to fill jobs and protect businesses. However, the field faces a problem: Only 9% of millennials said they are interested in pursuing a cybersecurity career at some point in their lives, according to a Tuesday report from ProtectWise and Enterprise Strategy Group. The lack of interest in cybersecurity does not stem from a lack of interest in tech, the report found: Of the 524 millennials and post-millennials surveyed, 48% had been part of a STEM program during their K-12 education. A majority of respondents said they are interested in computer-related careers, including video game development (33%), computer sciences/software development (21%), engineering (15%), scientific research (13%), and information technology (11%). Instead, the issue seems to be a lack of awareness. Only 17% of respondents said someone in their family had ever worked in a cybersecurity field. Some 69% said they had never taken a class in school focused on cybersecurity, and 65% said that their school did not offer such a course. Original article at WarOnTheRocks.com
Last month, 34 technology and security companies signed what they call the Cybersecurity Tech Accord, “agreeing to defend all customers everywhere from malicious attacks by cybercriminal enterprises and nation-states.” The agreement is a remarkable initiative by a group of industry heavyweights, ranging from Cisco to Facebook, Microsoft to Nokia and Oracle, that usually tend to fight over customers or patents rather than form political alliances. It raises the question, what motivated these companies and why did they sign this agreement now? More broadly, it is only the latest sign that what norms govern cyber space and the global governance of cyber security – or, rather, the lack thereof – have captured the attention of corporate boardrooms around the world. |
Cyber-CyI find interesting articles on the web that are simple, down-to-earth, easy to understand, and (hopefully) informative for non-technical readers. Archives
November 2022
Categories |