ICD Brief 16.
31.10.2016. – 06.11.2016.
“Corporate directors are spending more time discussing cybersecurity issues in the boardroom and more money to mitigate cyber risks than a year ago, but they are still reluctant to go public with information about attacks, according to a survey by BDO USA. Almost three quarters (74%) of 160 public-company directors said their boards are now more involved with cybersecurity than they were last year (see chart), and 80% have expanded their cybersecurity budget, by an average of 22%.”
“The U.S. government will always play an important role in cybersecurity, but it lacks the resources to fully defend the private sector in the digital realm, according to a new report from the GW Center for Cyber and Homeland Security. The report released Monday offers the most comprehensive assessment to date of the legal, policy and technological contexts that surround private sector cybersecurity and active defense measures to improve the United States’ responses to evolving threats.”
“Regulation should always be a last resort. Too many rules — or lack of coordination between federal, state and industry rules — can do more harm than good. But there are also times when minimum requirements make sense. When done right and in the right circumstances, rules can protect consumers and businesses.
New York’s new cybersecurity rules, currently in draft form, fall somewhere in between these two categories. On one hand, the ever-increasing amount of cyberattacks on financial institutions proves the industry needs minimum standards. On the other hand, the New York State financial regulators must change some of the specific requirements so that banks can avoid spending more time on compliance paperwork than actual security.”
“Virginia Gov. Terry McAuliffe issued a challenge to get the commonwealth’s students interested in cybersecurity careers. The governor Oct. 28 issued a statewide challenge to see which schools could rack up the most participation in NSA Day of Cyber, an online platform that allows students to explore National Security Agency careers and tools. The school with the highest participation through March 2017 will win a cash prize to fund its cybersecurity programs.”
“Federal officials have warned authorities in New York City, Texas and Virginia about an unspecific threat of attacks by al Qaeda militants around Election Day, putting local law enforcement on alert days before the vote, officials said on Friday. A U.S. government source in Washington said some federal agencies sent bulletins to local and state officials flagging the information but that the threat was relatively low level ”
“Federal and state authorities are beefing up cyber defenses against potential electronic attacks on voting systems ahead of U.S. elections on Nov. 8, but few are taking new steps to guard against possible civil unrest or violence. The threat of computer hacking and the potential for violent clashes is darkening an already rancorous presidential race between Democrat Hillary Clinton and Republican Donald Trump, amid fears that Russia or other actors could spread political misinformation online or perhaps tamper with voting.”
“Ohio is calling upon the National Guard to help defend the state’s election system from hackers. “Let’s face it: Cyberwarfare is a new front for the military, for business and now for elections,” said Ohio Secretary of State Jon Husted.
To combat that threat, Husted has done something unprecedented in the state’s history. He’s called on the Ohio National Guard’s elite cyberprotection unit to help secure the election.”
“U.S. intelligence officials are now preparing for an unprecedented effort to protect the country from cyber attacks on Election Day, amid growing concern hackers could create chaos as Americans go to the polls. Senior military and Department of Homeland Security officials confirmed with NBC News Thursday new measures are being considered to protect parts of the power grid. The possibility has emerged of hackers attempting to access the grid, in order to shut off power and disrupt polling places.”
“Voter registration databases (VRDB) are rich targets and may be an attractive target for computer intrusions. This problem is not unique to individual states—it is shared across the nation. The keys to good cybersecurity are awareness and constant vigilance.”
“Chinese authorities could freeze assets and take other actions against foreign hackers threatening the country’s infrastructure under a revised draft of a new cybersecurity law. The law has been submitted for its third and final reading by the Standing Committee of the National People’s Congress, China’s legislature, the official Xinhua News Agency reported.”
“November 3 – Expert System today announced that it has joined the European Cyber Security Organisation (ECSO). Founded in 2016 in Brussels, ECSO focuses on bringing together key stakeholders in a single organization to guide cyber security strategies at the European level. ECSO is committed to promoting research and innovation in digital security and to combatting all forms of crime that leverage digital channels.”
“The first edition of a new cyber security challenge organized by the “Pôle d’Excellence Cyber” cluster in partnership with Airbus Defence and Space and Thales will see its final competition on November 24 during European Cyber Week in Rennes from 21-25 November. This challenge for all grandes écoles and university students in France specialized in computer science aims to showcase the variety of professions in the high-growth sector of computer security (+ 10% a year on average).”
“A new report by the Israel’s State Comptroller Yosef Shapira has found that the nation is mostly unprepared to protect its civilian cyberspace in view of the growing intensity of cyber-threats globally. “The findings of this report suggest that there are gaps between the intensity of the threat to the entire civilian cyberspace and the rate of response in terms of organization and staging of the state’s defense, except for a few areas and sectors such as critical state infrastructure,” the report said.”
“Israel is seeking to forge “increased technological co-operation” with the Bahamas, an Israeli government representative said yesterday, who added that such a venture would be a “win-win” situation for both countries economically. Jonathan Peled, the Israeli ambassador to the Bahamas, told The Tribune that the Israeli government is interested in introducing and subsequently combining Israeli technology with “Bahamian talent” and “necessities,” the end result of which he said would prove to be a “benefit” to both governments.”
“Nigeria is planning to collaborate with Israel in tackling cyber crimes and providing Home Land Security in the country. The two countries, at a Sensitization Dinner on Thursday in Abuja, discussed the risks of cyber crime to all sectors of the country. They agreed to work together to tackle it. “Israel, as a country, has suffered from cyber attacks; it is not a problem for us but a challenge. This is because we have the technology and human resources to deal with the challenge,’’ Guy Feldman, the Israeli ambassador to Nigeria was quoted as saying by The Cable Friday.”
Liberia has been repeatedly cut off from the internet by hackers targeting its only link to the global network.
“Recurrent attacks up to 3 November flooded the cable link with data, making net access intermittent. Researchers said the attacks showed hackers trying different ways to use massive networks of hijacked machines to overwhelm high-value targets. Experts said Liberia was attacked by the same group that caused web-wide disruption on 21 October. Those attacks were among the biggest ever seen and made it hard to reach big web firms such as Twitter, Spotify, and Reddit.”
“For years, US government officials have warned of a “cyber 9/11,” a catastrophic hacking attack that would bring down the electrical grid or cause death and physical destruction. Apparent Russian attempts to sow discord in the U.S. election highlight both the risks of more mundane attacks and a new weapon in information wars: the disclosure of hacked information to influence policy or public perception.
“We tend to over-militarize everything and spend our time looking for a cyber 9/11, and Russia completely went around us on it,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “Our doctrine is very much about protecting critical infrastructure, and their doctrine is about information warfare.”
“Philp Hammond, the chancellor of the exchequer, is not a man given to making dramatic statements. Known as “Spreadsheet Phil” during his cost-cutting stint as defence secretary, he does dry better than the Sahara. Yet on November 1st, addressing a geeky conference hosted by Microsoft, Mr Hammond declared that not only was Britain developing its offensive cyber-capabilities, but it was doing so “because the ability to detect, trace and retaliate in kind is likely to be the best deterrent”. It was a statement of intent that few Western governments have been prepared to make so explicitly.”
“Russia poses an increasing threat to the stability of the UK and is using all the sophisticated tools at its disposal to achieve its aims, the director general of MI5 has told the Guardian.
In the first newspaper interview given by an incumbent MI5 chief in the service’s 107-year history, Andrew Parker said that at a time when much of the focus was on Islamic extremism, covert action from other countries was a growing danger. Most prominent was Russia.”
“The NHS is at risk of cyber attacks, a minister warns today as he says that hacking is “no longer the stuff of spy thrillers and action movies” but a clear and present threat. Ben Gummer, minister for Cabinet, says in an article for The Telegraph that “large quantities of sensitive data” held by the NHS and the Government is being targeted by hackers. ”
“Budding cyberspies will learn how to hack into drones and crack codes at a new cybersecurity boot camp backed by the government. Matt Hancock, the minister for digital and culture, said students would gain the skills needed to “fight cyber-attacks” and help keep the UK safe. The 10-week course has been “certified” by UK spy agency GCHQ. But some security experts raised questions about the need for the course and the intent behind it.”
“Challenge sees amateurs battle to protect energy firm from cyber attacks, both internal and external The UK’s effort to bolster its cyber security skills continues with the news that 42 amateur cyber security enthusiasts are competing in a Cyber Security Challenge UK event in East London. The challenge will see the contestants attempt to defend a fictional global energy firm from cyber attacks, launched externally and internally.”
“The October Mirai-based IoT attack demonstrated an important and often neglected consequence of technology’s expansion into every aspect of our daily lives, as well as into the systems that underpin our economies and societies. We have never been as exposed to cyberattacks and because technology’s pervasiveness in our lives the possible consequences of attacks, such as the one that occurred last month, are going to be more widespread and troublesome than in the past.”
“The latest documentary from director Alex Gibney, Zero Days is a fascinating, frightening look at the insidiousness of cyberattacks and our vulnerability to them. Airing Saturday on Showtime, the film begins with an investigation into Stuxnet, a malicious computer virus that incapacitated Iran’s nuclear centrifuges in 2009 and 2010.”