ICD Brief 32.
Welcome. Ten months ago, I decided to create a personal weekly newsletter for friends and colleagues to chart realistic growth, innovation and working partnerships in the cyber realm. Our readers range from teens to great grandparents; most are friends and colleagues. You are scientists, lawyers, academics, policy makers, experts in dozens of fields. You live in 42 countries. About half are true cyber experts.
This week we feature a Blockchain and Bitcoin Primer from basic questions and videos to a series of Harvard Business Review reports and a section on the investment market for cryptocurrency. We update on progress and problems in the US, Australia, China, EU, Finland, India, Israel, NATO, Singapore and the UK.
Howard Schmidt, a pioneer in federal cyber, passes away
The federal IT and cyber community lost one of its own last week. Howard Schmidt, the first cyber czar for President Barack Obama and a special advisor for cybersecurity under the President George W. Bush administration, passed away March 2 at his home in Muskego, Wisconsin.
Schmidt’s impact on federal cybersecurity and on the people who are a part of it today remains strong and clear.
Report: Electrical Grip Cybersecurity Effort Across US Government Are ‘Fragmented’
“Though federal efforts remain “fragmented,” the U.S. government has made significant progress in developing policies, programs and technologies that help protect America’s electrical grid, according to a Government Accountability Office report released Friday. Since 2013, the Department of Energy, the Department of Homeland Security and the Federal Energy Regulatory Commission have worked together to implement 27 electrical grid resiliency programs, which are designed to address a variety of security concerns.”
Sens. Peters & Perdue Introduce Bill to Enhance Cyber Security Coordination
“U.S. Senators Gary Peters (D-MI) and David Perdue (R-GA) today announced they have introduced bipartisan legislation to help state and local governments combat cyber threats by increasing coordination with the Department of Homeland Security (DHS). The State and Local Cyber Protection Act requires DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to provide assistance and training for state, local and tribal governments in preventing, preparing for and responding to cyber threats.”
New Bill Would Expand DHS Cyber Aid to State and Local Governments
Congress Wants More, Better Federal Cyber Workers Despite Hiring Freeze
“House and Senate staff members working for committees overseeing federal cybersecurity efforts are placing a bigger focus on the makeup and training of agency workforces this year. Both the House Homeland Security Committee and the House and Senate intelligence committees want more action from agencies in how they hire and train their workforces to deal with cybersecurity. And the oversight is for good reason. As Bill Evanina, the national counterintelligence executive said, 90 percent of all successful hacks are because of spear phishing, and federal employees are more at risk from clicking on links than from sophisticated attacks.”
“Australia’s first cyber security ambassador, Tobias Feakin, will lead the development of a public strategy to promote the country’s cyber agenda abroad, which will be published this year. The paper will guide the way diplomats pursue the government’s digital security agenda on the international stage over the coming years, and will cement Australia’s stance on a number of hot global topics like the norms and laws that should apply to state-based electronic espionage, transnational cyber crime, and the promotion of free and open internet across the board.”
“China listed peace, sovereignty, shared governance, and shared benefits as its basic principles and included brief explanations as to how they pertain to the cyberspace in its first cyberpolicy paper entitled “International Strategy of Cooperation on Cyberspace.” The goal of the paper is to provide a comprehensive explanation of China’s policy and position on cyber-related international affairs as well as the basic principles, strategic goals and plan of action in its external relations, according to an English translation of the policy published by the state-run news agency Xinhua.”
“Passed in December 2016, the new law will place a host of fresh compliance burdens upon all multinational companies with operations in China – among them, heftier data localisation requirements and an expanded definition of the ‘critical information infrastructure operators’, or CIIOs, that will face more intense regulatory scrutiny. However, despite its far-reaching potential impact on multinationals in China, a recent survey from Consilio revealed that hardly any professionals in legal tech have prepared for the new legislation – or even heard of it.”
“China wants India and other BRICS countries to accept its idea of “cyber sovereignty” that would allow each country to govern the cyber space in the manner they want without facing interference from other countries. Beijing plans to move a proposal for cross-border agreement on the issue at the next BRICS summit, which China will host, later this year.”
“The EU Agency for Network and Information Security (ENISA) warned of the potential overlap between incident reporting obligations in the Network and Information Security (NIS) Directive and the data breach notification rules in the General Data Protection Regulation (GDPR) in new guidance it has issued. ENISA confirmed that DSPs could have to report the same data breach incidents to different authorities under the NIS and GDPR regimes, but also explained that some data breaches will not be subject to notification by DSPs under the NIS Directive.”
EU Needs Common Approach on Testing Banks’ Cyber-Risks – Dombrovskis
“European Union countries should test bank defences against cyber-attacks using a common set of requirements, a senior EU official said on Tuesday, as the bloc plans measures to boost the retail market for financial products. Cyber attacks against banks have increased in numbers and sophistication in recent years, raising questions on lenders’ capacity to protect their customers.”
“Several NATO and EU countries are planning to establish a center in Helsinki to research how to counter “hybrid” warfare, a senior Finnish government official said on Monday. Finland has a 1,300-km (800-mile) border with Russia, which has been accused of mounting “hybrid” campaigns in the Ukraine conflict – combining conventional and unofficial military means with cyberwarfare, propaganda and other indirect tactics.”
“The Reserve Bank of India set up an Inter-disciplinary Standing Committee on Cyber Security on Tuesday. The formation of a cyber security committee was proposed in the last monetary policy review outing of the central bank. The 11-member inter-disciplinary committee on cyber security would review the threats inherent in the existing/ emerging technology, study adoption of various security standards/ protocols, interface with stakeholders, and suggest appropriate policy interventions to strengthen cyber security and resilience.”
“More than $680 million was invested in cybersecurity companies in 2016. But it wasn’t in Silicon Valley. It was Israel. Israeli cybersecurity firms own roughly 10 percent of the worldwide $11.9 billion market today, and the country is home to some 300 cybersecurity companies. In 2016 alone, 83 new cybersecurity start-ups were founded, according to YL Ventures, an investment firm with offices in Silicon Valley and Tel Aviv. One of the most active investors: the Israeli army.”
“NATO and partner countries are sharing R&D in the development of cyber-security tools to achieve economies of scale, including the CIICS (Cyber Information and Incident Coordination System) which has just been deployed in the Alliance’s 24/7 cyber operations centre. CIICS was developed by NATO Communications and Information Agency (NCI Agency), NATO’s IT and cyber arm, as part of the Multi National Defence Capability Development (MN CD2) project to share intelligence, detect and thwart cyber-threats at a faster pace and across multiple countries, with Finland set to join the coalition within weeks.”
“The Defence Ministry (Mindef) will set up a cyber command to beef up its defence against cyber attacks, and rope in National Servicemen (NSmen) to play a bigger role in safeguarding the nation’s military networks. This will help tackle the growth in cyber threats against countries, especially in light of the Singapore Armed Forces (SAF) becoming an increasingly networked and technologically-centric force.”
“The UK government’s new Digital Strategy, which ministers say has been developed in consultation with the tech industry to carry Britain through to the other side of Brexit, has been criticised by some within the security industry for a lack of concrete details when it comes to cyber-security. The concerns expressed by the cyber-security sector echo the concerns of the broader tech industry which has criticised the strategy as a whole in similar terms.”
Blockchain and Bitcoin Primer
What is Bitcoin? Blockchain Educational Network (video)
“The block chain is a shared public ledger on which the entire Bitcoin network relies. All confirmed transactions are included in the block chain. This way, Bitcoin wallets can calculate their spendable balance and new transactions can be verified to be spending bitcoins that are actually owned by the spender.
Harvard Business Review
“Contracts, transactions, and the records of them are among the defining structures in our economic, legal, and political systems. They protect assets and set organizational boundaries. They establish and verify identities and chronicle events. They govern interactions among nations, organizations, communities, and individuals. They guide managerial and social action. And yet these critical tools and the bureaucracies formed to manage them have not kept up with the economy’s digital transformation. They’re like a rush-hour gridlock trapping a Formula 1 race car. In a digital world, the way we regulate and maintain administrative control has to change.
Blockchain promises to solve this problem.”
February 28, 2017
“Many of the technologies we now take for granted were quiet revolutions in their time. Just think about how much smartphones have changed the way we live and work. It used to be that when people were out of the office, they were gone, because a telephone was tied to a place, not to a person. Now we have global nomads building new businesses straight from their phones. And to think: Smartphones have been around for merely a decade.
We’re now in the midst of another quiet revolution: blockchain, a distributed database that maintains continuously growing list of ordered records, called “blocks.” Consider what’s happened in just the past 10 years:”
March 1, 2017
“Our global financial system moves trillions of dollars a day and serves billions of people. But the system is rife with problems, adding cost through fees and delays, creating friction through redundant and onerous paperwork, and opening up opportunities for fraud and crime. To wit, 45% of financial intermediaries, such as payment networks, stock exchanges, and money transfer services, suffer from economic crime every year; the number is 37% for the entire economy, and only 20% and 27% for the professional services and technology sectors, respectively. It’s no small wonder that regulatory costs continue to climb and remain a top concern for bankers. This all adds cost, with consumers ultimately bearing the burden.”
March 2, 2017
To understand the transformation that’s being brought about by blockchain technology, it’s useful to start with its largest implementation to date: bitcoin.
In the fall of 2014 my colleague Catherine Tucker and I conducted a large-scale experiment at MIT, in which 4,494 undergraduate students were offered access to bitcoin. The vast majority of students ended up hoarding the cryptocurrency, in the expectation that it would increase in value. Initially distributed to the students at $350 per bitcoin, the digital currency is now worth more than $1,100 per bitcoin, suggesting that many of the students realized that one of bitcoin’s first use cases would be speculation.
“Bitcoin: It’s a red-hot asset that’s now being used as a retirement investment. But its extreme volatility should give pause, says The Wall Street Journal.”
“As the year kicks off with an all-time high market cap for Bitcoin on its eighth birthday, 2017 promises to be an exciting year for Bitcoin, digital currency and blockchain technology in general.
In this first week of the new year, Bitcoin Magazine reached out to a variety of thought leaders and stakeholders in the industry, to offer a look ahead”
Christian Science Monitor
“Bitcoin certainly doesn’t glitter, but that isn’t stopping it from catching the eye of traders around the world.
Worth less than a tenth of a cent in 2009, the value of a single bitcoin reached a high of about $1,293 on Friday, surpassing the value of an ounce of gold for the first time. The surge of interest hinges on optimism that the Securities and Exchange Commission will approve the first US bitcoin exchange-traded fund this coming week, lending an unprecedented level of credibility to the crypotocurrency.”
“THE SECURITIES AND Exchange Commission has approved a plan from online retailer Overstock.com to issue company stock via the Internet, signaling a significant shift in the way financial securities will be distributed and traded in the years to come.
Over the past year, Overstock and its freethinking CEO, Patrick Byrne, have developed technology for issuing financial securities by way of the blockchain, the vast online ledger underpinning the bitcoin digital currency. The blockchain is essentially an enormous database that runs across a global network of independent computers. With bitcoin, this ledger tracks the exchange of money. But it can also track the exchange of anything else that holds value, including stocks, bonds, and other financial securities. Overstock has already used the blockchain to issue private bonds, which did not require explicit regulatory approval. Now, the SEC has told the company it can issue public securities in much the same way.”