ICD Brief 30.
ICD 30 brings updates on progress through cooperation and collaboration in the US, Germany, India, Israel, NATO, Netherlands and the UK. We report on three major world security conferences: CyberTech in Tel Aviv, RSA in San Francisco and the Munich Security Conference.
We feature the rational for a multi faceted bi partisan bill Getting prepared for a ‘cyber-Pearl Harbor’ by U.S. Rep. Derek Kilmer, D-Gig Harbor,Washington and announce that SAVANNAH, Ga. |Gov. Nathan Deal approved the building of the $50 million Georgia Cyber Innovation and Training Center on the banks of the Savannah River.
“The regulation, believed to be the first of its kind adopted by a U.S. state, highlights continuing frustration over data breaches and concern about whether private industry is moving fast enough to erect defenses against hacking. The regulation includes requirements that financial and insurance institutions retain a CISO, report cybersecurity incidents within 72 hours and use multifactor authentication. After input from private industry, the state eased off some of its more prescriptive proposals, such as a sweeping definition of what constitutes non-public information and specific requirements for technology vendors (see Critics Blast New York’s Proposed Cybersecurity Regulation).”
Fitch: Cyber Insurance Rules May Be Costly
“In a major policy speech aimed at rising nationalism, Microsoft president Brad Smith said tech companies must declare themselves neutral when nations go up against nations in cyberspace. “Let’s face it, cyberspace is the new battlefield,” he told an overflow audience in the opening keynote at the RSA computer security conference.” Brad Smith RSA 2017 Keynote video
“While no new date has been set for signing the cyber order, executives attending a security conference in San Francisco this week said the administration has sought input to help smooth the rollout.”
“Given IT auditors’ increasing information and cyber security responsibilities, and the widening cyber security skills gap, global technology association ISACA is providing expanded resources to help auditors make a greater impact on their organizations’ cyber security programs.”
Munich Security Conference 2017
Estonia’s former Minister of Foreign Affairs Marina Kaljurand will chair a high-level commission, set to be announced at the Munich Security Conference this weekend, focused on the stability of cyberspace, Daily Postimees wrote. “The deputy chairmen of the Global Commission on the Stability of Cyberspace (GCSC) will be Michael Chertoff, former Secretary of the U.S. Department of Homeland Security from 2005-2009 and one of the authors of the USA PATRIOT Act, and former Deputy National Security Adviser of India Latha Reddy. Other members of the committee will include for example Harvard professor, former high-ranking official of the Clinton administration and author of the “soft power” concept Joseph Nye, former MI6 deputy chief Nigel Inkster, annual hacking conference DEF CON founder Jeff Moss, Corporate Vice President for Microsoft’s Trustworthy Computing Group Scott Charney, internet founder and pioneer Vint Cerf and former Swedish Prime Minister and Minister of Foreign Affairs Carl Bildt.
The goal of the committee is to compile a thorough report in three years regarding what specifically must be done to increase the security of cyberspace. The GCSC will offer proposals to the international community — including states, organizations and businesses — which will not be compulsory.”
“At a time when cyber threats are on the rise for banks for increasing cashless transactions and effects of demonetization, insurers see rise in demand for cyber insurance and cyber liability insurance, in particular. This is despite the fact that the industry base for cyber insurance is currently as low as Rs 60 crore.”
“This year, more than 10,000 people representing 67 countries amassed in Tel Aviv, Israel is making a name for itself, and that name is Cyber Nation. A 2011 government resolution created the National Cyber Bureau as an advising body for the Prime Minister. The bureau’s main mission is to bolster Israel’s national cybersecurity defenses, but a secondary mission is to promote research and development in the cyber field and encourage the commercial cyber industry in Israel.”
“The North Atlantic Treaty Organization (NATO) and Finland are stepping up their cooperation on cyber defense in the face of increased threats in cyberspace and a resurgent Russia. NATO and Finland on Thursday signed a political framework agreement on cyber defense cooperation that will allow them to better protect and strengthen their networks.”
“The North Atlantic Treaty Organization (NATO) confirmed today it hired Belgian telecoms operator Proximus an agreement to fight cyber threats. through the exchange of information between the parties. That pact is the tenth of a series of agreements of industrial association signed by the Agency of Communication and Information (NCI) of NATO with big companies to collaborate in the detection, prevention and quick response to cyberthreats.”
“The Netherlands must work on diplomacy, defense and development in order to tackle the growing threat of cyber attacks from hostile countries and criminals, according to the International Cyber Strategy that Minister Bert Koenders of Foreign Affairs sent to Dutch parliament on Sunday. Koenders wants international law to be supplemented to suit the needs of the new digital world, the Telegraaf reports.”
“The UK and China have, “agreed to regular coordination on cyber-security related issues in order to prevent cyber-commercial espionage and related transnational criminal activity. I welcomed China’s openness to signing-up to the WeProtect global alliance on preventing child sexual exploitation online,” said Sir Mark Lyall Grant, the UK’s national security adviser.”
“The British government officially launches its National Cyber Security Centre on Tuesday, designed to protect the authorities and companies against cyberattacks. The unit, which has been operating since late last year but gets an official launch Tuesday, is part of GCHQ, the U.K.’s security and intelligence agency. Its job is to discover vulnerabilities in public sector websites, help government departments better protect their email, and take down phishing sites that could harm users. It has already taken down “tens of thousands” of such sites, a government statement said.”
“The UK government is to provide cyber security training to teenagers in schools as part of its plans to address the cyber security skills shortage. The new Cyber Schools Programme aims to teach and encourage school children aged between 14 and 18 to develop key skills needed to work in the growing cyber security sector.”
“A new Civil Nuclear Cyber Security Strategy has been issued by the Department for Business, Energy and Industrial Strategy in the UK. BEIS says the strategy helps ensure the UK has a secure and resilient energy system “by ensuring that the civil nuclear sector is able to defend against, recover from, and is resilient to evolving cyber threats”.
“Search engine companies Google and Bing have signed up to a voluntary code of practice aimed at preventing users from visiting disreputable content providers.The code, the first of its kind in the UK, will accelerate the demotion of illegal sites following notices from rights holders.”
U.S. Rep. Derek Kilmer, D- Gig Harbor.
“Are you one of the 22 million Americans who had personal information stolen because of a cybersecurity breach of the U.S. Office of Personnel Management? Over the last few years, have you had to get a new credit card because hackers stole your information from a private company?
That’s why I’m working on a bipartisan bill that would establish a cybersecurity grant program within the Department of Homeland Security. It would provide states with funds to develop cyber-resiliency plans so they can outline key issues and target how to fix them. Cyber resiliency requires exceptional coordination and planning across all levels of govrnment.”
“Deal said he wants the new center to open in 18 months. “We’re funding the cyber academy with cash, rather than going through the bond process,” he said. “We’re fortunate to have enough revenue to be able to do that. That gives us a jump-start on it.”
Augusta University will run the center through an agreement with the Georgia Technology Authority. The University System of Georgia Board of Regents voted this week to turn the nearly 17 acres over to the authority, which is building the center, to accelerate planning.”.