關於 cyber security measures ，我們在網路上蒐集到這些相關的討論、資訊與評價

Breaking‼️

美東時間1月5日傍晚，川普以國家安全為由，用行政命令方式禁止阿里支付寶、微信支付、QQ錢包在內的8款中國應用程式（App)。

行政命令發佈後45天，禁止任何人與實體與這8款中國應用程式（App）進行交易。

按照日程，美國下任政府將在15天後，1月20日上任。

—

美國商務部長在同一時間發聲明表示，已指示商務部按行政命令執行禁令，「支持川普總統保護美國人民隱私與安全，免於受到中國共產黨的威脅。」

—

▫️8款App:

支付寶（Alipay）、掃描全能王(CamScanner)、QQ錢包（QQ Wallet）、茄子快傳（SHAREit）、騰訊QQ（Tencent QQ）、阿里巴巴旗下海外短視頻應用VMate、微信支付（WeChat Pay）和辦公型App WPS Office。

圖三：美國商務部聲明

圖四：美國國安顧問聲明
—

▫️白宮行政命令全文：

The White House
Office of the Press Secretary
FOR IMMEDIATE RELEASE
January 5, 2021
EXECUTIVE ORDER



- - - - - - -



ADDRESSING THE THREAT POSED BY APPLICATIONS AND OTHER SOFTWARE DEVELOPED OR CONTROLLED BY CHINESE COMPANIES



By the authority vested in me as President by the Constitution and the laws of the United States of America, including the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.) (IEEPA), the National Emergencies Act (50 U.S.C. 1601 et seq.), and section 301 of title 3, United States Code,

I, DONALD J. TRUMP, President of the United States of America, find that additional steps must be taken to deal with the national emergency with respect to the information and communications technology and services supply chain declared in Executive Order 13873 of May 15, 2019 (Securing the Information and Communications Technology and Services Supply Chain). Specifically, the pace and pervasiveness of the spread in the United States of certain connected mobile and desktop applications and other software developed or controlled by persons in the People's Republic of China, to include Hong Kong and Macau (China), continue to threaten the national security, foreign policy, and economy of the United States. At this time, action must be taken to address the threat posed by these Chinese connected software applications.

By accessing personal electronic devices such as smartphones, tablets, and computers, Chinese connected software applications can access and capture vast swaths of information from users, including sensitive personally identifiable information and private information. This data collection threatens to provide the Government of the People's Republic of China (PRC) and the Chinese Communist Party (CCP) with access to Americans' personal and proprietary information -- which would permit China to track the locations of Federal employees and contractors, and build dossiers of personal information.

The continuing activity of the PRC and the CCP to steal or otherwise obtain United States persons' data makes clear that there is an intent to use bulk data collection to advance China's economic and national security agenda. For example, the 2014 cyber intrusions of the Office of Personnel Management of security clearance records of more than 21 million people were orchestrated by Chinese agents. In 2015, a Chinese hacking group breached the United States health insurance company Anthem, affecting more than 78 million Americans. And the Department of Justice indicted members of the Chinese military for the 2017 Equifax cyber intrusion that compromised the personal information of almost half of all Americans.

In light of these risks, many executive departments and agencies (agencies) have prohibited the use of Chinese connected software applications and other dangerous software on Federal Government computers and mobile phones. These prohibitions, however, are not enough given the nature of the threat from Chinese connected software applications. In fact, the Government of India has banned the use of more than 200 Chinese connected software applications throughout the country; in a statement, India's Ministry of Electronics and Information Technology asserted that the applications were "stealing and surreptitiously transmitting users' data in an unauthorized manner to servers which have locations outside India."

The United States has assessed that a number of Chinese connected software applications automatically capture vast swaths of information from millions of users in the United States, including sensitive personally identifiable information and private information, which would allow the PRC and CCP access to Americans' personal and proprietary information.

The United States must take aggressive action against those who develop or control Chinese connected software applications to protect our national security.

Accordingly, I hereby order:

Section 1. (a) The following actions shall be prohibited beginning 45 days after the date of this order, to the extent permitted under applicable law: any transaction by any person, or with respect to any property, subject to the jurisdiction of the United States, with persons that develop or control the following Chinese connected software applications, or with their subsidiaries, as those transactions and persons are identified by the Secretary of Commerce (Secretary) under subsection (e) of this section: Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, and WPS Office.

(b) The Secretary is directed to continue to evaluate Chinese connected software applications that may pose an unacceptable risk to the national security, foreign policy, or economy of the United States, and to take appropriate action in accordance with Executive Order 13873.

(c) Not later than 45 days after the date of this order, the Secretary, in consultation with the Attorney General and the Director of National Intelligence, shall provide a report to the Assistant to the President for National Security Affairs with recommendations to prevent the sale or transfer of United States user data to, or access of such data by, foreign adversaries, including through the establishment of regulations and policies to identify, control, and license the export of such data.

(d) The prohibitions in subsection (a) of this section apply except to the extent provided by statutes, or in regulations, orders, directives, or licenses that may be issued pursuant to this order, and notwithstanding any contract entered into or any license or permit granted before the date of this order.

(e) Not earlier than 45 days after the date of this order, the Secretary shall identify the transactions and persons that develop or control the Chinese connected software applications subject to subsection (a) of this section.

Sec. 2. (a) Any transaction by a United States person or within the United States that evades or avoids, has the purpose of evading or avoiding, causes a violation of, or attempts to violate the prohibition set forth in this order is prohibited.

(b) Any conspiracy formed to violate any of the prohibitions set forth in this order is prohibited.

Sec. 3. For the purposes of this order:

(a) the term "connected software application" means software, a software program, or group of software programs, designed to be used by an end user on an end-point computing device and designed to collect, process, or transmit data via the Internet as an integral part of its functionality.

(b) the term "entity" means a government or instrumentality of such government, partnership, association, trust, joint venture, corporation, group, subgroup, or other organization, including an international organization;

(c) the term "person" means an individual or entity;

(d) the term "personally identifiable information" (PII) is information that, when used alone or with other relevant data, can identify an individual. PII may contain direct identifiers (e.g., passport information) that can identify a person uniquely, or quasi-identifiers (e.g., race) that can be combined with other quasi-identifiers (e.g., date of birth) to successfully recognize an individual.

(e) the term "United States person" means any United States citizen, permanent resident alien, entity organized under the laws of the United States or any jurisdiction within the United States (including foreign branches), or any person in the United States.

Sec. 4. (a) The Secretary, in consultation with the Secretary of the Treasury and the Attorney General, is hereby authorized to take such actions, including adopting rules and regulations, and to employ all powers granted to me by IEEPA, as may be necessary to implement this order. All agencies shall take all appropriate measures within their authority to implement this order.

(b) The heads of agencies shall provide, in their discretion and to the extent permitted by law, such resources, information, and assistance to the Department of Commerce as required to implement this order, including the assignment of staff to the Department of Commerce to perform the duties described in this order.

Sec. 5. Severability. If any provision of this order, or the application of any provision to any person or circumstance, is held to be invalid, the remainder of this order and the application of its other provisions to any other persons or circumstances shall not be affected thereby.

Sec. 6. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:

(i) the authority granted by law to an executive department, agency, or the head thereof; or

(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.

(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.



DONALD J. TRUMP



THE WHITE HOUSE,

January 5, 2021.

Smart cities rely on a variety of devices & systems to operate; making cyber security more vital than before and measures must be taken to ensure the devices, data, and systems’ security.

Featured in this edition of #InnoVEX Editorial are #InnoVEX2018 exhibitors: #ThunderDNS and I.X

During the Smart City Summit, #InnoVEX will hold another Saloon on the relationship between cyber security, AI, and big data in digital transformation. Join us by signing up here:
https://www.accupass.com/event/1902220216395377806270

【ITS 擱置使用 HKUVPN 登入 HKU Portal 之計劃】

資訊科技服務部門 Information Technology Services （下稱 ITS）於今日（一月二日）向港大師生發出電郵，指於校園外登入 HKU Portal 的方式將維持不變，師生不必使用 HKUVPN 新措施。

ITS 於電郵中表示在宣佈延遲新措施後，他們採取了一些額外措施以解決網絡攻擊的問題。故此，經過評估後決定沿用現行方法在校園外登入HKU Portal，亦即是師生不一定需要使用 HKUVPN 也能登入網站。但 ITS 指網絡攻擊千變萬化，他們會盡力保護校園網絡環境，同時建議師生使用 HKUVPN 以防止未來的網絡安全威脅。

電郵全文：
Dear students,

On 21 December 2017, we informed you of a move of requiring the use of HKUVPN as the tightened protection for users to gain access to HKU Portal from outside of the University Campus Network. It was because our HKU Portal at that time had been under a wave of newly identified hacking attacks through which hackers could potentially intrude into and damage our systems while we were still uncertain if our mitigation solutions under development could be in place for guarding against the attacks throughout the Christmas holidays. With our colleagues' diligent effort, we successfully effected a measure for interrupting the hacking process and then announced to defer the use of HKUVPN as a tightened protection measure on 22 December 2017.

Since then, we have continued our work on extra measures in tackling the attacks identified. With reference to our latest assessment, we are pleased to inform you that the existing means of external access to HKU Portal will remain unchanged. In other words, staff and students will not necessarily be required to make use of HKUVPN for gaining access to HKU Portal for the time being.

On the other hand, we should understand that the sophistication of cyberattacks always changes. While ITS would endeavor to enable the University's IT environment to be safe and convenient, assured information security and guarding against data breaches are always our top priorities. Hence, HKUVPN (with two-factor authentication) would remain a readily deployable means for mitigating cyber-security threats under certain acute situation in future. In this regard, it is advisable for our users to set up HKUVPN connectivity for their PCs/mobile devices early.

To use HKUVPN, please

1. Register for two-factor authentication (2FA) via http://www.its.hku.hk/2fa/student-dept-register (please skip this step if you have already registered).
2. Complete the one-time configuration needed (configuration procedures at https://www.its.hku.hk/documenta…/…/network/remote/hkuvpn2fa).
3. Initiate HKUVPN connection as needed (connection procedures at https://www.its.hku.hk/…/g…/network/remote/hkuvpn2fa/connect).

Finally, I wish you all a successful new year of 2018.

Yours sincerely,

P T Ho
Director of IT Services

Skype has just been removed from the app stores here and now is part of the long list of apps and websites blocked by the Great Firewall of China (Golden Shield Project)

Internet censorship in China is extreme due to a wide variety of laws and administrative regulations. More than sixty Internet regulations have been created by the government of China, which have been implemented by provincial branches of state-owned ISPs, companies, and organizations. The apparatus of China's Internet control is considered more extensive and more advanced than in any other country in the world. The governmental authorities not only block website content but also monitor the Internet access of individuals;[4] such measures have attracted the derisive nickname "The Great Firewall of China."

Amnesty International notes that China "has the largest recorded number of imprisoned journalists and cyber-dissidents in the world" and Paris-based Reporters Without Borders stated in 2010 and 2012 that "China is the world's biggest prison for netizens." The offences of which they are accused include communicating with groups abroad, signing online petitions, and calling for reform and an end to corruption. The escalation of the government's effort to neutralize critical online opinion and organizing comes after a series of large, anti-pollution, anti-corruption protests, and ethnic riots, many of which were organized or publicized using instant messaging services, chat rooms, and text messages. The size of the Chinese Internet police force was reported by the state government to be 2 million in 2013.

Carrie Gracie wrote that local Chinese businesses such as Baidu, Tencent, and Alibaba, some of the world's largest internet enterprises, benefited from the way China has blocked international rivals from the market, encouraging domestic competition.

Since May 2015, Chinese Wikipedia has been blocked in China. This was done after Wikipedia started to use HTTPS encryption which made selective censorship impossible or more difficult.

Support me on Patreon: http://www.patreon.com/serpentza
Join me on Facebook: http://www.facebook.com/winstoninchina
Twitter: @serpentza
Instagram: serpent_za
My other channel: https://www.youtube.com/c/advchina