ICD Brief 15.
24.10.2016. – 30.10.2016.
“The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has issued an advisory to financial institutions on cyber events and cyber-enabled crime. FinCEN said cyber criminals target the financial system to defraud financial institutions and their customers and to further other illegal activities. Financial institutions can play an important role in protecting the financial system from these threats through thorough and timely reporting of cyber attacks, the advisory said.”
“The Financial Systemic Analysis and Resilience Center, or FSARC, is being launched by eight large U.S. banks — Bank of America, BNY Mellon, Citigroup, Goldman Sachs, JPMorgan Chase, Morgan Stanley, State Street and Wells Fargo — according to an announcement Monday.”
“Nasdaq, Innovation Endeavors and Team8 hosted their second annual cybersecurity thought leadership event, Rethink Cyber, in New York at the Nasdaq MarketSite yesterday as part of Cybersecurity Awareness Month. The exclusive event presented eight prominent enterprise security and strategy leaders, each of whom had eight minutes to challenge current cybersecurity paradigms and explore new, powerful directions for trends and innovation.”
“One of the most tech-savvy members of Congress said industry needs to educate him and his colleagues so they can make better cyber policy decisions.
Sen. Mark Warner (D-Va.) made a fortune in the 1980s as co-founder of the company that became Nextel and as a technology investor, but he said cyberspace is a daunting challenge even for him.”
” ‘In the last year alone, nine separate congressional committees held more than 20 hearings on cyber-related issues,’ ” he said. Despite all that activity, ” ‘the Congress of the United States has only passed one significant piece of legislation regarding cyber [since 2000], and that was a relatively watered-down…voluntary information-sharing bill.’ ”
In an effort to change that, Warner co-founded the Cybersecurity Caucus, which seeks to look across committee lines and approach policy on a more holistic basis.”
“Obama administration officials sought on Monday to reassure the public that it was taking steps to counter new types of cyber attacks such as the one Friday that rendered Twitter, Spotify, Netflix and dozens of other major websites unavailable. The Department of Homeland Security said it had held a conference call with 18 major communication service providers shortly after the attack began and was working to develop a new set of “strategic principles” for securing internet-connected devices.”
“Automakers should make shielding the electronic and computer systems of vehicles from hackers a priority, developing layers of protection that can secure a vehicle throughout its life, U.S. regulators said on Monday. The cyber security guidelines issued by the U.S. National Highway Traffic Safety Administration are recommendations, not enforceable rules. However, they mark a step toward establishing a road map for industry behavior as lawmakers and consumers pressure automakers to show how they will protect increasingly connected and automated vehicles from cyber attacks.”
“On Friday, The United States, mostly the east coast, and some parts of Europe faced one the biggest coordinated and sophisticated hacking attacks to date, according to many IT analysts. This attack, which is still currently under investigation, sets the stage for the kind of battles that Israel will be fighting in the coming years. Though Israel’s military computers are well protected, according to Haaretz, their civilian and commercial infrastructure is still quite vulnerable. This is especially concerning, since these latest attacks primarily effected private enterprises.”
“Over the past year, the number of job postings in the UK for positions requiring skills in Internet of Things (IoT) related technologies has increased by 70 percent – and that’s just the tip of the iceberg. Demand for IoT skills rose 120 places in the ranking of IT jobs but there were massive jumps in demand for other disciplines, too. Gemalto found a surge in demand for applicants with skills in Big Data, artificial intelligence and data analytics. The UK has experienced growth in cyber-security vacancies of 73 percent over the past 12 months.”
“The UK’s new National Cyber Security Centre (NCSC) in London is a step in the right direction, according to critical national infrastructure security expert Barrie Millett. “Essentially this is moving forward with the government’s cyber security information sharing partnership [Cisp], which has been the starting point of sharing best practice, challenges and collectively trying to bring a plan together,” he told Computer Weekly.”
“Local authorities spend eight times more money on health and safety training, than they do on IT and cybersecurity training for their employees, according to new research. Citrix has sent a Freedom of Information request to 129 local authorities, and 109 responded.
On average, they spend £27,818 on health and safety training, almost double what they spent last year (£14,061). For IT and security training, they gave £3,378 per local authority, mostly revolving around cyber-attacks and data protection. ”
“TALLINN – The work-related email addresses of multiple senior Estonian state officials and their cloud service passwords have been leaked via Dropbox, indicates an overview of cyber security incidents last month compiled by the cyber security service of the Estonian Information System Authority (RIA).”
“Chinese electronics manufacturer Xiongmai is recalling some older versions of its webcams sold in the US after they were linked to the “botnet” attack that disrupted internet services from Twitter to the New York Times on Friday. Hangzhou Xiongmai Technology said that it would recall earlier versions of the webcams after cyber security researchers identified them as a contributor to the network that hackers used to flood Dyn, a domain name service provider, with traffic.”
“U.S. network security experts say Chinese hackers recently launched a network attack targeting people attending a U.S.-Taiwan Defense Industry Conference. Officials say the attempted attack took place this month at the conference in Williamsburg, Virginia, attended by defense officials, defense industry representatives, defense security experts and think-tank scholars.”
“A UKRAINIAN GROUP calling itself Cyber Hunta released emails October 28 from aides close to Vladimir Putin that show Russia heavily influencing the separatist movement in Ukraine.”
“Bulgaria and NATO will boost their cooperation on cyber defence. A new Memorandum of Understanding, signed during NATO Defence Ministers’ meeting in October 2016, will facilitate information-sharing on cyber threats and best practices, improve the prevention of cyber incidents and increase Bulgaria’s resilience to cyber threats. Furthermore, the new arrangement will facilitate assistance between NATO and Bulgaria’s cyber defence authorities in case of need.”
“Allied Defence Ministers discussed practical steps to take forward NATO’s cooperation with the European Union on Thursday (27 October 2016). Ministers were joined by the EU High Representative Federica Mogherini, as well as the Defence Ministers of Finland and Sweden.”
“Today, ministers addressed ways to deepen NATO-EU cooperation in the areas of countering hybrid threats, cyber defence, coordinated exercises and supporting partners. “
“AIG Malaysia Insurance has partnered IT service provider Dimension Data (Malaysia) to offer its clients cyber security tailored to their risk profiles. Dimension Data will assess the risk level of an organisation’s IT systems and, based on the assessment, AIG will provide insurance cover known as CyberEdge, access to tools and best practices.”
“Norton by Symantec has done two proactive things. First, it has released a new independent survey of over 1000 Australian SMEs (small to medium enterprises from 1 to 250 employees) revealing that 19% have experienced a cyberattack, with expectations that that number will increase over the next 12 months. Second, it is throwing its commercial weight behind ways to make it easier for SMEs to get cyber insurance to help recover from attacks.”
Scott Malcomson reviews Fred Kaplan’s latest book in the context of his emerging cyber library.
“In August 2016, the director of the National Security Agency’s Information Assurance Directorate (IAD) told reporters that his division—responsible for cybersecurity in government and, to a degree, the private sector—would soon merge with the NSA’s other, much larger division, Signals Intelligence (SIGINT).”
“Almost everything the United States does in cyberspace requires a blurring of the line between public and private. Private firms own the networks necessary for attacking and defending the telecommunications, energy, and financial sectors. More than 90 percent of American military and intelligence communications travel over privately owned backbone telecommunications networks. Many of the most talented programmers are in the private sector or academia. . . . The demands nation-states make on the technology companies are ever expanding. Not only do these companies innovate, commercialize technologies, and provide new services, but they also defend against cyberattacks, uncover espionage campaigns, and help the Pentagon become cooler. And now, US and European governments expect tech companies to help them deliver their diplomatic messages and disrupt those of extremists, jihadists, and rogue states.”
“Can the world wide web survive the internet of things? It’s a question many are asking after a vast attack on US and European internet structure last week, likely led by “smart” DVR players and webcams, that has left the tech industry reeling. And according to experts, unless hardware and software manufacturers band together to improve the security of the open internet – and quickly – more attacks are imminent.”