View this email in your browser
Prague Security Studies Institute is pleased to introduce its first issue of TIDS Newsletter, 
which will provide you with the latest updates and analysis on Technology, Infrastructructure,  Data & Security in the context of the Czech Republic and Central Europe with a particular focus on cyber, economic & financial security.
  • In the framework of the  Cyber Security Month, PSSI organized, in cooperation with National Cyber and Information Security Agency (NCISA), the second edition of our Cyber Security Academy where participants from academia and the public and private sectors discussed some of the most pressing issues with renowned experts, including Keir Giles (Chatham House); Max Smeets (ETH Zurich); Merle Maigre (CybExer); Lauri Almann (ERA BHC); Oren Elimelech (IDC Herzliya) or Jakub Kalenský (Atlantic Council). 
  • At the end of the European Cyber Security Month, PSSI organized, in cooperation with American Center, a roundtable discussion on cyber security in the financial sector that featured Dominik Stroukal (CEVRO Institut); Alex Ivančo (Ministry of Finance); Milan Zrcek (ČSOB Bank) and Petr Dvořák (Czech FinTech start-up Wultra), who underlined current and prospective challenges in fighting financial crime, as well as the importance of cyber hygiene and cross-sectoral collaboration

  • RWR Advisory, a Washington-based consultancy founded by PSSI's Chairman Roger W. Robinson, Jr., has launched a complex Huawei Risk Tracker that provides visuals and research demonstrating Huawei's long-running and consistent track record of alleged abuses across these various categories. In an article published by Hillsdale College’s prestigious Imprimis, Roger W. Robinson, Jr. maps out the material risks associated with American investors unwittingly providing hundreds of billions of dollars to Chinese corporate “bad actors” (e.g. national security and human rights abusers) as well as sensible, achievable solutions.

  • PSSI has also published a first blog post on the geopolitical security risks associated with projects for new nuclear power plants. 

  • Currently, PSSI is preparing two upcoming projects: a risk-based analysis of Chinese technologies in national critical infrastructure in the Czech Republic and a short report on cyber security in the financial sector vis-a-vis new trends (and threats), including the emergence fintech startups, the development of alternative currencies and digitalization of banking sector.

  • Czech National Cyber and Information Agency (NCISA) published its annual report on the State of Cyber Security in the Czech Republic in 2018. The report warns against state actors whose primary goal is to gather strategic information through espionage operations in cyberspace and then use it to their advantage. In the case of the Czech Republic, according to the information available to the NCISA, this specifically means operations of actors linked to the Russian Federation and the People’s Republic of China. The report also points out the risks of cyber-espionage among China's suppliers to the power industry. Finally, the report concludes that it is likely (55-70%) that the large-scale attack on a strategically important Czech government institution was conducted by a Chinese actor. 

  • Deputy Director of Czech NCISA: China is the Most Aggressive, Interested in Data and Human Behaviour. In an interview, Lukáš Kintr, NCISA Deputy Director, names China as the most aggressive power in cyberspace and warns against coordinated and merging aims of hacker groups and state actors in China and Russia, as well as about their growing interest in collecting data about population behaviour.  

  • Prague Airport Rules Out Huawei Again in Seven Public Tenders. Huawei and ZTE have been ruled out from another seven public tenders by Vaclav Havel Airport in Prague. Both companies have not been allowed to compete for supply of camera-record servers and advanced airport hardware. Prague Airport acted in accord with NCISA warning against these Chinese companies. 

  • Czech Team Composed of NCISA and Military Intelligence Wins a Multinational Cyber Exercise co-hosted by US and Taiwan. Michal Thim, NCISA expert on China, explains that Czech Republic excelled as offensive ‘red team’ in an exercise simulating attacks on Taiwan’s financial sector, seeking to bolster Taipei’s defence capabilities against potentially crippling cyber attacks from China.


SPOTLIGHT: FIRRMA and the US Economic Security Environment 

Traditionally the world’s leading champion of free trade and unrestricted capital markets, the United States has recently expressed concerns about security threats stemming from foreign investments in sensitive economic sectors, particularly when these investments emanate from foreign governments or their state-owned enterprises. In August 2018, the US Congress passed the Foreign Investment Risk Review Modernization Act (FIRRMA) with broad bipartisan support, and the law is undergoing an implementation process to be completed by February, 2020. FIRRMA’s intent is to strengthen and clarify the role of the Committee on Foreign Investment in the United States (CFIUS), an interagency committee chaired by the US Treasury secretary responsible for reviewing security risks associated with foreign investments, and ordering modifications or rejections of these investments when deemed necessary. 

FIRRMA broadens the scope of CFIUS’ regulatory authority in two main areas: it is now tasked with proactively monitoring, reviewing, and regulating foreign investments in US companies associated with critical Technologies, critical Infrastructure, and/or sensitive Data (“TID businesses”), even if the investment does not involve acquisition of a controlling stake in the business, and it establishes new mandatory filing requirements with CFIUS for certain transactions. 

The Treasury Department has declared that it will issue a list of “excepted foreign states” to be granted exemption from the FIRRMA restrictions, provided that both governments and their national investors maintain “compliance with certain laws, orders, and regulations”. The list has not yet been issued, although a number of key US trade partners and allies have made recent changes to their investment screening regulations in apparent conjunction with the US, including the EU, Japan and Israel.

While the legislation has not yet been fully implemented, a number of cases have already emerged reflecting CFIUS’ enhanced scope and scrutiny, including:

  1. In March 2019, Beijing Kunlun Tech Co. Ltd. was ordered to sell its stake in Grindr LLC, the maker of a dating app, over concerns about its access to users’ personal data. 
  2. In April 2019, Chinese technology company iCarbonX was ordered to sell its stake in health research platform Patientslikeme, over concerns about its access to personal medical data. 
  3. In August, 2019, Russia-linked private equity firm Pamplona Capital Management was forced to sell the vast majority of its 47% stake in Cofense, a cybersecurity firm, after CFIUS raised concerns about its access to proprietary cybersecurity information and sensitive client data. 
  4. In November, 2019, CFIUS launched an investigation into Beijing ByteDance Technology Co after its $1 billion acquisition of, a video-sharing social media service. ByteDance has merged with its other video-sharing service, TikTok. The details of CFIUS’s motivations remain confidential but appear to involve concerns about access to personal video communications and other sensitive user data.

Summary data table showing that CFIUS reviews are on the increase (source: Bloomberg)

FIRRMA is not aimed exclusively at Chinese and Russian firms, but concerns about both governments’ degree of influence over their companies’ activities have been cited as a motivation for the legislation. Chinese investment in the US has declined significantly since 2016, and at least part of this decline appears to be attributable to CFIUS scrutiny. How it will affect investments from other countries is less clear, but the release of the excepted countries list and the cases addressed after the finalization of FIRRMA implementation in 2020 will say much about how the US aims to balance its diverse, open economy with national security interests in the years ahead. 
Copyright © 2019 Prague Security Studies Institute, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.