ICD Brief 38.
17.04.2017. – 23.04.2017.
Priorities, Gearing up, Exercises, Competitions, Partnerships and Advice appear in most of our reports this week from the US, Australia, Estonia, Denmark, the EU, India, NATO, Poland, Singapore and the UK. And that’s in both the light and dark domains.
Challenge and Risk undergird these actions. Under Investment, you have a fascinating report from NASDAQ’s Ryan Gianotto on Artificial Intelligence and Cybersecurity:
And finally, our Feature this week from PWC US is
“The US Senate Commerce Committee recently advanced a bill, titled the MAIN STREET Cybersecurity Act of 2017 (the Bill), under which the National Institute of Standards and Technology (NIST) would disseminate “clear and concise resources for small business concerns to help reduce their cybersecurity risks.” Given that small businesses constitute a substantial portion of the economy, cyberattacks can ruin small businesses and spill over into related parties and critical infrastructure, and small businesses often have limited cybersecurity budgets and expertise, NIST would be charged with bringing Silicon Valley to Main Street.”
“John Kelly, secretary of the Department of Homeland Security, has said DHS has collaborated with industry to update outdated information technology systems as part of efforts to safeguard the federal government’s data infrastructure from cyber attacks. Kelly said in a speech delivered Tuesday at George Washington University’s Center for Cyber and Homeland Security such a partnership with the commercial sector seeks to build up cyber resilience in the country’s physical and digital infrastructure. “By integrating their cutting-edge, commercially-available technology with our interagency partner’s unique capabilities, we can aggressively defend our federal networks against the endless stream of cyber attacks.””
“The Department of Human Services has laid down the challenge to Canberra’s biggest IT shops to go head-to-head in simulated cyber wargames this September. The department’s CISO Narelle Devine says this is likely the biggest and first-of-its-kind security training exercise the government has staged.”
“Homeland Security Secretary John Kelly laid out the new administration’s priorities for his department Tuesday, listing cybersecurity alongside defending the nation’s borders and stopping terrorist attacks — but providing far fewer details about the online defensive mission than about the other two.”
“The Federal Government launched its Cyber Security Sector Competitiveness Plan on 20 April, kicking off an initiative aimed at strengthening the Australian cyber security sector and boosting overall revenue in the sector locally. According to the government, the new plan will help Australia’s cyber security solutions sector realise its full potential in a rapidly-growing global market, expected to be worth US$170 billion by 2020.”
“According to the Australian Cyber Security Growth Network, that so many young businesses feel like they need to flee overseas to get their companies up and running. The ACSGN – the not-for-profit set up under the government’s cyber security strategy to promote local industry – has today launched its first cyber industry competitiveness plan. It is eyeing off a $4 billion increase in Aussie cyber security revenues – from today’s $2 billion, up to $6 billion – in the coming decade.”
“Estonia is to host one of the world’s largest technical cyber defence exercises, Locked Shields 2017, from 24-28 April. According to the Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence, the main organiser of the event, this year the size and scope of technologies, networks and devices used in the exercise has increased considerably. “Reflecting on the current key trends in cyber security significant focus will be placed on specialised systems,” the organiser said in a statement.”
“Businesses need to focus on data and cyber security, not simply because of the costs and the reputational damage breaches cause, but also because of incoming legislation which steps up security and breach reporting requirements and provides sanctions for non-compliance. The EU Commission has reached an agreement on two key data protection regulations – the General Data Protection Regulation (GDPR) and the Network and Information Security Directive (NISD), also known as the Cyber Security Directive.”
“Cybersecurity is the only panacea for immunity in the digital age against cybercrimes, according to a study by KPMG. The study analysed cyber landscape, examined the readiness of the framework to adopt new technology, emergence of the Fintech industry and preventive measures that need to be taken to avoid frauds. Here are some of the key findings.”
“Gamers beware: hackers offering free virtual trinkets don’t care about your passwords or personal data, but your employer’s most closely guarded secrets. An employee at a Japanese high-tech company learned this the hard way, duped by a fake giveaway for 300 magic stones for the smartphone game Puzzle & Dragons. “Congratulations,” began the email promoting free in-game currency for the first 100 lucky takers: “Click here!” That initiated a drive-by download that surreptitiously installed remote access software.”
“Any news about cybersecurity is usually negative. Stories about rising threats, unprecedented data leaks and crippling ransomware attacks are becoming commonplace. But despite these trends and challenges, cyberspace remains the greatest enabler of our century and it is possible to effectively protect private networks for attacks, says Suleyman Anil, the Former Head of Cyber Defence at NATO. Speaking at CLOUDSEC Singapore, Anil shared his view on the current state of cyber defence and his recommendations regarding where organisations should focus their investments. You can either read the summary below, which includes Forgie’s key recommendations, or watch the video at the end of the article. ”
“With the NIS directive on protecting national network and systems in place since last year, EU countries are now having to streamline their cybersecurity efforts. The directive requires them to set up computer security incident response teams (CSIRTs) and computer emergency response teams, or CERTs, if they don’t already have them, and ensure these bodies coordinate with one another for maximum effectiveness.”
“The 2017 UK Govt produced Cyber Security Breaches Survey is out and it says nothing new. Across 66 pages it repeats what businesses and the industry already know. Businesses are under prepared, under skilled and prone to cyber security breaches. What is worrying is that this is a situation that is not getting better.”