ICD Brief 31.
Our ICD Brief 31 reports on encouraging progress in creating new laws, new partnerships and innovation in the US, Australia, India, Israel, Japan and the UK. Deloitte report warns insurers to change their approach to underwriting cyber risk.
This week’s featured article reveals why a more aggressive Russian government uses cyber attacks as a part of its ongoing campaign of influence and disinformation.
“Since the 2015 hack of France’s TV5Monde, the Kremlin-backed APT 28 has become bolder in its choice of targets. Russian leaders such as Vladimir Putin, above, have often talked in terms of a broader information war.” by: Sam Jones
“On Wednesday, Russian defence minister Sergei Shoigu confirmed the existence of “information troops”, rumoured for years but long denied by officials. “Propaganda must be smart, literate and effective,” he told the lower house of parliament. Russia spends $300m annually on its “cyber army” of about 1,000 people annually, according to the Kommersant business newspaper.
“Putin and his team are the heirs of the Tsarist, and particularly the Communist secret services,” says Chris Donnelly, founder of the Institute for Statecraft and former adviser to successive Nato secretaries-general. “Their understanding is one of permanent conflict with the west in which information has always been a very important issue. Influence and subversion and the whole issue of what they call active measures, or dirty tricks, anything short of declared war, is there to be run.”
“Amid a whirlwind of executive orders and activity that characterized Donald Trump’s first month in the White House are the nascent rumblings of cybersecurity policy, but no definitive strategy or path to bolster the nation’s cyber posture. A recent NetSkope survey of 100 IT security professionals attending RSA found flagging confidence in how cybersecurity will fare under Trump with 32 percent believing that cybersecurity will be worse than in past administrations. Only 12 percent see a brighter future for cyber. More than a fifth of respondents, 21 percent, said that the administration’s proposed cyber policies put their data at greater risk and 68 percent believe the U.S. will see an uptick in nation-state actors as a result of the administration’s nationalistic rhetoric – only 11 percent don’t believe there will be an increase in attacks.”
“The Department of Homeland Security is dishing out nearly $1 million in competitive awards to five startups developing cybersecurity technologies for the Internet of Things. The five companies are getting the money as they advance to phase two of the Silicon Valley Innovation Program, or SVIP, run by the Cybersecurity Division of the Science and Technology Directorate. The program uses a special government acquisition authority called an Other Transaction Solicitation to help “non-traditional” contractors to develop technology solutions to “some of the toughest threats facing DHS and the homeland security mission,” according to a release out Tuesday.”
“A study has found gaps in cyber security readiness in American oil and gas industry even though 68% of the companies faced at least one security compromise in the past year. The study conducted by the Ponemon Institute and sponsored by Siemens, polled opinion of 377 executives in the US who are responsible for securing or overseeing cyber risk in the operational technology (OT) environment-including upstream, midstream and downstream applications.”
“The New York State Department of Financial Services (NYDFS) recently issued cybersecurity regulations that require New York banks, insurance companies and other financial institutions to create and maintain a cybersecurity program designed to protect consumers and the financial services industry at large, according to a report by Monday.”
“The Australian government launched its first Joint Cyber Security Centre in Brisbane on Friday, aiming to boost cybersecurity resilience in the country by bringing industry, government, and law enforcement together to share relevant threat information under the one roof. The Brisbane centre is the first stage of the AU$47 million program that will also see similar centres established in Sydney, Melbourne, Adelaide, and Perth.”
“IoT Alliance Australia (IoTAA) has released its Internet of Things Security Guideline [PDF] in a bid to promote a “security by design” approach to IoT development in Australia. It is the first in a series of documents on IoT security and network resilience that IoTAA will be publishing in the coming months. IoTAA believes the Internet of Things will contribute more than AU$120 billion to Australia’s economy by 2025. However, according to the IoTAA, the proliferation of IoT means cybercriminals have more attack surfaces and personas that they can manipulate.”
“Israel, with a population of just eight million people, has become a powerhouse in cybersecurity. Only the United States has greater strength in the field. “In Israel, there are 420 companies in the field of cybersecurity that get funded by venture capital,” said Lior Div, chief executive and co-founder of Cybereason, a company with offices in Boston and Tel Aviv. A good number of the Israeli companies have one thing in common: Their founders emerged from an elite division of the Israel Defense Forces known as Unit 8200, a legendary high-tech spy branch that also has become a prolific technology incubator.”
“The competition, titled Magshimim Ultimate Challenge, will bring together 12th-grade students from Tel Hai in the north to Yeruham in the south who are in the third and final year in the program. The event will be attended by Rashi Foundation board members and senior representatives of Check Point and the military and security establishment.”
“Israel today offered to provide latest technologies to Andhra Pradesh government for homeland security, cyber security and Internet of Things, agriculture and water management. It also offered to collaborate with the state in setting up desalination plants, a press release from the Chief Minister’s Office said.”
“White-hat” hackers who spot a security vulnerability in a computer system or network may be one of the most sought after professions in Japan today with technology firms struggling with increasing threats of cyberattacks. In an effort to strengthen education on system security and train ethical hackers, a state-run Japanese college has launched a bug-hunting contest among its students.”
“On February 17, Japan’s NEC Corporation announced that it had secured a contract from Japan International Cooperation Agency (JICA) to help boost Southeast Asian cyber capabilities. The move is just the latest in a series that highlights Tokyo’s ongoing efforts to expand its security role in the sub region, including in the cyber domain.”
“Why don’t airplanes have square windows?”, was the question posed by Dr Ian Levy, technical director of the National Cyber Security Centre (NCSC) at SC Congress London 2017. In a talk, curiously titled, ‘Tackling the winged ninja’, Levy explained that after a series of plane crashes during the 1950s, airplane manufacturers started investigating. Analysing the crashes, investigators found stress fractures going diagonally across those square windows.”
“Insurers need to rethink their approach to cyber insurance if they are to break a “vicious circle” that is holding back the market, according to a report. Cyber cover is one of the fastest-growing parts of the insurance world, as a stream of attacks on companies raises the profile of what was once a niche product. About $2bn was spent on cyber insurance worldwide in 2015 — but Allianz thinks that figure could be 10 times larger by 2025”