ICD Brief 24.
02.01.2017. – 08.01.2017.
There is a rush to organize the cyber sphere in every corner of the globe. The question has changed from Why? to How? This week we cite proactive growth: new laws, regulations, assumptions and growing business involvement with governments. We’ve linked headlines for the quickest read followed by linked summaries.
This effort remains personal and is our pro bono contribution to chart realistic growth, innovation and working partnerships. To subscribe just drop me a line at firstname.lastname@example.org with ICD Subscribe in the subject line with your name, title, organization and email.
“A new U.S. Government report explains many reasons for identifying and penalizing Russian hackers, the Russian intelligence services, and the Russian leadership in response to hacks on U.S. government, political and business targets. The report is best understood as a call to arms for U.S. private sector and government entities to strengthen their vigilance and defenses against Russian Intelligence Services and join DHS and FBI in their effort to counter them. The article answers the question on how the Russia vs. USA match in cybersecurity affects your business.”
The AFCEA Cyber Committee, which is made up of more than 40 experts in the field, has released a white paper identifying key concerns in the cyber realm and offering recommendations for the incoming administration.
The report, Key Cyber Issues and Recommendations: A Way Forward, identifies three needs in the cyber arena. The first is that the United States must approach cyber in a strategic and international context that incorporates diplomatic, information, military and economic elements of national power.
“The U.S. Department of Homeland Security on Friday designated U.S. election infrastructure as critical, widening the options the government has to protect voting machines from cyber attacks. The decision, announced in a statement by DHS Secretary Jeh Johnson, followed a 2016 presidential campaign marred by concerns that hackers could disrupt the election. Also on Friday, U.S. intelligence agencies released a report accusing Russian President Vladimir Putin of directing a campaign to hack Democratic Party computers in an effort to help Republican Donald Trump win the U.S. presidency.”
DHS Should House New Cyber Agency, Experts Tell President-Elect
“The Homeland Security Department has come a long way in the last decade in how it manages, assists, oversees and responds to cybersecurity incidents that the public and private sectors face daily. Now a group of experts are recommending to the President-elect Donald Trump to go even further by leading the national cyber defence.”
New York Revamps Proposed Cybersecurity Regulation for Financial Services and Insurance Entities
“On December 28, 2016, the New York Department of Financial Services (“DFS”) published in the State Register a revised proposed cybersecurity regulation (23 NYCRR 500). The deadline to submit comments on this version is January 27, 2017, and the proposed effective date of the regulation is March 1, 2017. This version of the proposed regulation took into account the over 150 comments received since the DFS first proposed the regulation in September. While maintaining the structure and subject matter of the original draft proposal, the revised cybersecurity regulation attempts to provide more flexibility and company customization.”
Congress to Step Up Its Own Cybersecurity Protections
“In the wake of charges that Russian hackers tried to destabilize the U.S. election, Congress will step up efforts to protect itself from cybersecurity attacks, including better training for lawmakers and staffers, said the head of the committee that oversees operations in the House.”
US Air Force Creates Group to Recruit Cyber Nerds for Weapons Programs
“The US Air Force is forming a troop of cyber geeks hand-picked from the commercial technology sector to solve software problems on troubled weapons programs, the service’s top civilian announced Friday.
‘Like the Pentagon’s Defense Digital Service (DDS) before it, the Air Force Digital Service (AFDS) will recruit engineers from the private sector for short-term stints working for the service, said Air Force Secretary Deborah Lee James, who jokingly called the group the “nerd cyber swat team.’”
Baltic News Agency Targeted By Cyber Attack
“A cyber attack disrupted services for 10 hours at the main Baltic news agency in Estonia, bosses said on Saturday. The Tallinn-based Baltic News Service said the attackers targeted “servers in the BNS network” at around 2pm on Friday. The agency said it managed to get the system up and running again around midnight on Friday, adding that its services were functioning normally on Saturday.”
Czechs Build New Cyber-Security HQ
“The Czech National Security Authority (NSA) is establishing a new headquarters for its National Cyber-Security Centre (NCSC) and plans to significantly increase the centre’s workforce. The plan was unveiled late last year (2016) by Martin Ayrer, a spokesperson for the government of Prime Minister Bohuslav Sobotka.”
Czech ‘Hybrid Threats’ Centre Under Fire From Country’s Own President
“A new Czech Interior Ministry team set up this week to monitor and analyse “hybrid threats” to security such as disinformation campaigns has come under fire from the office of the country’s own president. The Centre Against Terrorism and Hybrid Threats (CTHH) comprises a team of 20 officials tasked with identifying threats from political radicalisation and terrorism and from foreign disinformation campaigns targeting the public.”
French military to boost cyber defence in wake of hacking scandals
“Defence Minister Jean-Yves Le Drian said in an interview published Sunday that French infrastructure could be vulnerable to cyber attacks and that the country is looking to boost its defences with thousands of “digital soldiers” by 2019.
In an interview with French weekly Le Journal du Dimanche, Le Drian said the nation’s infrastructure – including water, electricity, transport, telecommunications and media outlets – remained vulnerable to intrusions in the run-up to French presidential elections in April and May 2017.
He said the number of cyber attacks against the defence ministry doubled each year, and that some 24,000 attacks had been thwarted in 2016 alone.”
Local talent can drive GCC’s cyber security industry
The Gulf Cooperation Council has the potential to develop its own cyber security industry rather than rely on international talent, according to two leading executives.
Speaking on the sidelines of an event in Abu Dhabi, the president of RSA Security, Amit Yoran, told Gulf Business that the advent of smart cities – an innovation being spearheaded by Dubai in particular – provides the opportunity to lead in knowledge development.
“’I wouldn’t underestimate the region’s ability to cultivate and grow its own talent,’” he said.
“’When you look at smart cities and the initiatives that are being undertaken in the region, it’s not like there’s a tremendous body of knowledge that exists in the US or elsewhere as to what that looks like.
“So I think there is an opportunity to cultivate and grow cyber security expertise in areas where it doesn’t exist elsewhere.’”
“India’s digital push has led to a rethink in the level of preparedness and resilience needed to ward of a cyber attack and India’s telecom, IT and law minister Ravi Shankar Prasad on Wednesday asked Google CEO Sundar Pichai to play a greater, ‘more meaningful’ role in countering threats. However, questions remain on the role Google can play in cyber security, if any. “
Hebrew U sets up team to tackle complex world of cyber-law
“Israel’s Hebrew University of Jerusalem has set up a team of legal and technology experts to tackle the challenges posed by the new digital world and cyber-warfare to legal systems around the world. The aim will be to come up with new legal blueprints that can be adapted by Israel and countries worldwide.”
Dutch Managed Cybersecurity Outfit DearBytes Snapped Up by Telecom Giant KPN
“Managed cybersecurity services firm DearBytes has sold out to Dutch telecom giant KPN. Founded in 2001 and based in Beverwijk in the north of the Netherlands, DearBytes offers products such as data protection and encryption, email and web security, endpoint protection, network security and security management, through vendor partners including Fortinet, FireEye, CyberArk and Intel Security. The deal will see DearBytes’ 85 employees join KPN’s security services arm, split across its existing office and the telecom giant’s headquarters in The Hague.”
A Third of Dutch Hospital Sites Have Poor Security: Report
“A third of Dutch hospitals’ websites do not have proper security and a quarter do not even use a secure internet connection, according to a study by Women in Cyber Security (WICS), Trouw reports. WICS examined the websites of 97 hospitals in the Netherlands. Of these, 25 do not use a secure HTTPS internet connection. ”
Inside the UK’s First Cyber Security Entrepreneur Boot Camp
“Many people go to boot camps and accelerator programmes to learn new skills and meet lots of people. HutZero is no different. The programme is the UK’s first ever boot camp set up to mentor cyber security entrepreneurs, funded by the UK government to reduce cyber threats in the country while also developing its position in security innovation.”
Government commits to EU GDPR data rules post 2018
“Businesses will be pleased to hear that the government is planning to persist with the EU’s upcoming General Data Protection Regulation (GDPR), stating in a new report that it will be “key” to protecting consumer data and creating a strong cyber security framework.”
British intelligence among first to sound alarm over Russia’s US hacks
“British intelligence was among the first to raise the alarm over Russia’s hacks of the Democratic National Committee (DNC), alerting their US counterparts in autumn of 2015, according to US intelligence officials.
US officials who helped prepare the classified government report on Russian hacking believe British intelligence was among the first to raise the alarm in autumn of 2015, The New York Times reported, citing two people familiar with the report’s conclusions.”
Business to Business
BlackBerry Signs Cybersecurity Deal With Giuliani
“BlackBerry has signed a cybersecurity deal with former New York Mayor Rudy Giuliani’s security management consulting firm. Under the deal, Giuliani Partners will use the company’s BlackBerry Secure platform in its cybersecurity consulting services for government, individuals and business customers. John Chen, CEO of BlackBerry, said that the partnership provides an opportunity for the company to offer its products and services to new customers and boost its software business.”
Insurers Tap Cyber Security Ratings to Limit Liabilities
“When a single cyber-attack brought down several major sites including Spotify, Twitter and the New York Times, it highlighted a problem insurers have been puzzling over: how do you predict whether large companies will fall victim to a cyber-attack all at once, like houses in a hurricane? The distributed denial of service attack on Dyn, a provider of domain name services to large companies across the world, showed how companies in different industries and different parts of the world can be reliant on the same infrastructure.”
Cyber Deterrence Should Be Key Focus For Trump Administration, Task Force Says
“Time for US to strengthen consequences for cyberattacks, CSIS says in recommendations to incoming administration. A Washington think tank, in an apparent rebuke of the Obama administration, issued a set of recommendations for the Trump Administration Thursday, advising against over-reliance on the private sector to fix national sector cybersecurity challenges and against assumptions the government will work as a single entity to execute on security initiatives.
The recommendations are contained in a document titled “From Awareness to Action: A Cybersecurity Agenda for the 45th President” that Senator Sheldon Whitehouse [D-RI] and House Homeland Security Committee Chairman Michael McCaul [R-TX] released publicly at a press conference Thursday.”