ICD Brief 18.
14.11.2016. – 20.11.2016.
Our ICD Brief 18 reports on a numerous changes in laws, new partnerships and increased attention to protect and innovate in the US, China, EU, Germany, Ireland, Israel, Poland, Russia, UK, Insurance and two Features.
“The new Trump administration could better protect the nation from cyber attacks by teaming with Silicon Valley to boost the cyber workforce and creating an agency to find new ways to safeguard digital security, UC Berkeley’s Center for Long-Term Cybersecurity said in recommendations unveiled Friday. Those ideas were among five major cybersecurity suggestions that the center’s experts offered during a panel discussion at the Bipartisan Policy Center. The University of California, Berkeley center has reached out to Trump’s transition team to offer its advice. Trump has not yet named a cybersecurity adviser.”
“Speaking at the Foundation for Defense of Democracies, retired Gen. Michael Hayden said the most powerful limiting factor in the cyber domain today is not technology but U.S. law and policy.”
“The Trump team is moving behind the scenes on cybersecurity recruitment. FCW has learned that Karen Evans, National Director of the U.S. Cyber Challenge, is working with the Trump transition team on cybersecurity issues. Evans was the administrator of E-Government and Information Technology at the Office of Management and Budget (a job now dubbed “federal CIO”) under President George W. Bush.”
“Cybersecurity concerns are front and center on Capitol Hill. Lawmakers have held three hearings so far this week and are grappling with how to respond to a summer of hacks and a massive web attack last month.”
“U.S. National Security Agency Director Admiral Mike Rogers is the leading candidate to become President-elect Donald Trump’s next director of national intelligence, the Wall Street Journal reported on Friday, citing two unnamed people familiar with the matter. Rogers met with Trump in New York on Thursday, members of Trump’s transition team said on Friday.”
“IBM Security has launched a network emulation environment where corporate teams can play out attack scenarios so they are better prepared for incidents they might face in the real world. The facility, called a cyber range (as in shooting range), provides a place for enterprises to practice incident-response, not only for their IT and IS staffs but also for company directors, C-level executives, corporate counsel, human resources pros, public relations staff – anyone who might be drawn into an actual cyber emergency.”
“Companies that make products for the Internet of Things must build security in at the design stage or face the possibility of getting sued, the Department of Homeland Security said in guidelines released Tuesday. Failing to bake security in at the earliest design phases and implement basic security measures “could be damaging to the manufacturer in terms of financial costs, reputational costs, or product recall costs,” states the department in a new publication, Strategic Principles for Securing the Internet of Things. “While there is not yet an established body of case law addressing IoT context, traditional tort principles of product liability can be expected to apply,” the document warns.”
“China’s Alibaba Group Holding Ltd (BABA.N) and Tencent Holdings Ltd (0700.HK) rallied behind Beijing’s recently-imposed cyber security law on Thursday, following criticism of it from overseas technology rivals. The country’s two tech giants also urged closer cooperation between the public and private sectors at China’s third World Internet Conference, which has focused on heightened threats to cyber security over the past year, including disruptions to financial systems and online terrorist radicalization.”
“On November 7, 2016, the Standing Committee of China’s National People’s Congress (NPC) voted to pass the Cyber Security Law (unofficial English translation). Its draft has gone through three rounds of readings and it will become effective from June 1, 2017. This legislation provides for the Chinese government’s supervisory jurisdiction over cyberspace, defines security obligations for network operators and enhances the protection of personal information. It also establishes a regulation regime in respect of critical information infrastructure and imposes data localization requirements for certain industries. This post outlines the key changes it will bring about and discusses the implications for businesses in China.”
“A Cloud Security Alliance survey report conducted in partnership with EY China, Cloud Adoption Practices and Priorities in the Chinese Financial Sector: Survey Report, looks to present a clearer picture of cloud adoption and potential gaps holding back the adoption of cloud within the FSI sector in China. Though the report has not been released in the U.S., the research proves useful for reporting on cloud adoption trends in non-U.S. markets vs. U.S. markets and demonstrates the uncertain future of foreign companies operating in China.”
“Last week (8-11 November), and for the second time since December 2015, the European Defence Agency (EDA) provided cyber awareness training to more than 100 staff from EUNAVFOR MED operation SOPHIA at the mission’s Operations Headquarters (OHQ) in Rome, Italy. The seminars were conducted with the support of the [NATO] Cooperative Cyber Defence Centre of Excellence (CCD COE) in Tallinn and from SYMANTEC Corporation.”
“DocuSign has opened a cybersecurity ‘center of excellence’ in Dublin to conduct research and develop tools that will strengthen the protection of its e-signature and digital transaction management platforms. The center’s initial focus will be security orchestration and automation technology, but will also work to bring together experts who can share intelligence and benefit the wider tech community.”
“German security officials have warned that Russia may try to interfere in Germany’s parliamentary election next year amid claims that Moscow meddled in this month’s US presidential poll. Hans-Georg Maassen, head of the domestic BfV intelligence agency, expressed concern that the Kremlin was seeking “to influence public opinion and decision-making processes” in Germany.”
“Joseph Carson, a cyber-security strategist at Thycotic, told the Dublin InfoSec 2016 conference at the city’s RDS that the island’s position as a key location in the international supply chain between the EU and the US made it a strong target for forces intent on disrupting trade between the two areas. Many US companies – such as call center giant Concentrix – have made Northern Ireland their European base. Mr. Carson issued his warning to the crowd at Ireland’s first annual cyber-security conference held at the RDS.”
“Israel’s Ministry of Defense has designated the coming year as the nation’s Year of Cyber Security Exports, as a cyber conference in Tel Aviv prepares to underline the need to protect governments and corporations from cyber terror. The ministry’s International Defense Cooperation Directorate (SIBAT) is a key partner in the 2016 HLS and Cyber conference which began Tuesday (Nov. 15) in Tel Aviv.”
“Thousands of top decision-makers, along with senior government and law enforcement officials from 80 countries, gathered in Tel Aviv this week for the fourth International Homeland Security and Cyber Conference.
The conference, which runs November 14 to November 17 at Tel Aviv’s Convention Center, focuses on the ever-changing challenge of protecting data from the merging of physical and cyber crime.”
“These days, cyber security is an issue that has to be factored into relations between states. It is already a recurring subject of discussions at multilateral forums like the UN, OSCE, EU and NATO” Deputy Minister Ziółkowski said in his address.
“International cooperation helps to improve national defence and cyber security, and to intensify dialogue with countries which don’t necessarily share our values and principles but are cyber space actors that can’t be ignored,’” said Deputy Minister Ziółkowski.”
“Russia’s communications regulator Roskomndadzor (Russian Federal Supervision Agency for Information Technologies and Communications) says LinkedIn will be blocked in Russia following a ruling by the courts that it violates a law that states data on Russian users should be stored on Russian territory; the company has initiated negotiations with Russian authorities as a result.”
“”Addressing the challenges of cybersecurity requires collaboration across the industry,” says Richard Wilding of BAE Systems Applied Intelligence. To achieve this, it’s crucial startups and large companies work together. Wilding, speaking at a WIRED Security conference breakfast panel, was joined by two cybersecurity startups, VChain and Drie, and Europe’s first cybersecurity accelerator, Cyber London (CyLon). The experts said the UK needs to have a stronger cybersecurity scene and should address the current skills shortage.”
“One of Britain’s biggest mobile phone companies has admitted to a major cyber-security breach which could put the personal data of millions of customers at risk. Three Mobile admitted that hackers have successfully accessed its customer upgrade database after using an employee login.”
“NHS trusts aren’t spending enough on cyber-security, putting patients at risk. That was the conclusion of a Sky News investigation which claimed that seven NHS trusts in England and Wales spent nothing on cyber-security in 2015. Earlier this month, the Northern Lincolnshire and Goole NHS Foundation Trust was forced to cancel operations at three hospitals for several days following a massive malware infection.”
“Two weeks ago, with much fanfare, the United Kingdom released a new strategy that sets out UK government’s approach to improving the country’s cybersecurity over the next five years. It follows the UK’s previous effort dating back to 2011, and allocates £1.9 billion ($2.36 billion) over five years, doubling the previous investment of £860 million ($1 billion). This newest five-year plan has the usual fare. It identifies the threats and vulnerabilities facing the UK, creates three pillars using alliteration (defend, deter and develop), and is filled with government-speak. There are four takeaways from the new strategy.”
“WRB recently formed Berkley Cyber Risk Solutions to emphasize on insurance and risk management products. The newly launched solution will address the demands of the changing cyber security vulnerabilities of organizations worldwide. “
“If hackers take out a local power station, the electricity may go out. But what else might happen? Could harmful software spread? Would water systems stop functioning? Will hospitals need power generators? What else could malicious hackers hit after turning off the lights?
That’s what two veteran cybersecurity researchers are setting out to discover. In a bid to help emergency responders mitigate potential damage after digital assaults on such industries as power suppliers, water facilities, or chemical factories, they’re attempting to chart the chain reactions of cyberattacks. “
“Recently a software company in Florida was hacked. The company, which brings in about $25 million in annual revenue, serves clients such as Wal-Mart and Big Lots. The hackers, based in Germany, got into the company’s database, stealing all of its customer information. Hiring a data-recovery firm to undo the damage cost $5 million.
Fortunately, the company’s owners, who do business internationally, understood the risks of hacking. They had bought cyberinsurance with a reputable company for $2,500 per year. Once they met their $10,000 deductible, the insurance company picked up the cost of the hacking, which included business interruption and digital media liability.”