ICD Brief 42.
22.05.2017. – 28.05.2017.
Greetings from Washington DC on our Memorial Day 2017. We dedicate this week’s edition to the Cyberwarriors, CEO’s, Researchers, Legislators, Scientists, Entrepreneurs and a growing global community of engaged individual citizens. Risk is a balance between the Alexas as well as the WannaCrys. Our ICD Briefs share the progress of a world community involved in discovery and in the age-old threats of crime, espionage, disinformation and attack.
“The Trump administration’s newly-issued Executive Order on cybersecurity calls for public and private input on defending U.S. networks as well for an international cyber engagement strategy. The order is a small step in the right direction toward addressing systemic risk to the internet, but the time has come for real action. The interconnected and interdependent nature of today’s international system comes with it new risks of catastrophic failure and concrete steps must be taken to address them. This means better real-time coordination between a variety of security vendors, CERTS and internet service providers (ISPs), a stronger commitment to security from developers and end users, and better cross-border support between governments pulling in domestic private resources as needed. Nowhere is this need more striking than in our alliance with Japan.”
“To address the rising complexity of the threat environment, the Department of Homeland Security is looking for analytic approaches and data visualizations that can help stakeholders better understand of security risks. DHS’s Office of Cyber and Infrastructure Analysis works with public- and private-sector partners to provide analysis on a range of issues, including the effects of natural or human-caused events on critical infrastructure, the nexus between cyber and physical infrastructure and the impacts of cyber events on federal networks.”
“President Donald Trump’s proposed budget would allocate $1.5 billion to the Department of Homeland Security (DHS) for cybersecurity in the upcoming fiscal year in addition to a $228 million on federal IT modernization. “DHS would share more cybersecurity incident information with other federal agencies and the private sector, leading to faster responses to cybersecurity attacks directed at federal networks and critical infrastructure,” according to a budget blueprint released by the White House.”
“The Cyber Victoria program has been launched, as part of an effort to help the state become the first cyber-ready city in Australia. The program will be delivered by LifeJourney, the company credited with driving the Cyber Maryland program — an initiative that has seen Maryland, USA, develop a world-leading cybersecurity cluster.”
“The federal government has handed over AU$5.7 million to universities in Australia to develop technologies to be used by the Australian Defence Force (ADF). The AU$5.7 million funding will be spread between 22 universities, an average of only AU$259,090 per institution — or AU$100,000 per project.”
“Ten years ago, almost to the day, Estonia came under sustained cyberattacks, which targeted our banks, media and government. While the attacks themselves ultimately proved merely a nuisance, they raised global awareness of the vulnerabilities networked societies face and put a new, fundamental security challenge on the global agenda.”
“Just days before China’s new Cybersecurity Law goes into force, foreign companies are grappling with rules that could tighten what is already one of the world’s most restricted technology regimes. Recent changes to the language of the law ahead of its June 1 implementation, such as a broader definition of those affected, could drag in a wider array of services and products. While industry groups are lobbying for a delay, the government is moving ahead.”
“The EU cybersecurity agency ENISA will receive a makeover in September when the European Commission renews its mandate amid a whirlwind of new cybersecurity measures. The director of the Athens-based agency has been requesting a larger budget to deal with the rise in attacks on internet-connected devices.”
“ENISA – the EU Cyber Security Agency – aims to broaden its mandate in the next organisational review, due to take place in September. The vice president for the digital single market, Andrus Ansip, visited ENISA this month and said that a new approach to cyber-security was required because of the rising incidence of cyber-crime, especially attacks against IOT devices, businesses and critical infrastructure.”
“A 12-person delegation from Hessen, Germany, visited the information technology department at Madison College to study the information technology network security program. The two years, associate degree program prepares students to fill roles in information technology security departments of companies and government agencies.”
“India is set to enter into cybersecurity arrangements with Germany and Spain — with a view to combat online crimes including ransomware type situations as well as terrorism — during Prime Minister Narendra Modi’s back-to-back visits to Berlin and Madrid next week.”
“Rapid digitisation in all sectors in India has made the country critically prone to targeted cyber attacks and ‘WannaCry’ ransomware attack is “just the tip of the iceberg”, a cyber intelligence security company warned on Wednesday. “Owing to the government initiatives and efforts, coupled with booming penetration of smartphones, PCs and high-speed internet access, the challenges associated with such attacks amplify significantly — making India one of the hot favourite destinations for a targeted cyber attack,” Israel-based Vital Intelligence Group said in a statement.”
“U.S. computing giant Microsoft is said to have acquired Israeli cybersecurity startup Hexadite for $100 million, the Hebrew language website Calcalist reported on Wednesday. The deal, if confirmed, would be the latest in a string of Microsoft acquisitions of Israeli software companies, many in the field of cybersecurity.”
“Israel continues to produce an impressive number of highly successful tech companies for a country with a population of just 9 million people. The Middle Eastern country is sometimes referred to as “Startup Nation” thanks to the sheer number of entrepreneurs building businesses there, particularly in cities like Tel Aviv.”
“The NATO CCD COE series of reports on national organisational models for ensuring cyber security summarise national cyber security strategy objectives and outline the division of cyber security tasks and responsibilities between agencies. In particular, the reports give an overview of the mandate, tasks and competences of the relevant organisations and the coordination between them. The scope of the reports encompasses the mandates of political and strategic cyber security governance; national cyber incident management coordination; military cyber defence; and cyber aspects of crisis prevention and crisis management. This report focuses on Israel.”
“An assessment of The Netherlands’ preparations for cyber-crime and cyber-warfare has found the country is prepared on several fronts but there is still room for improvement. The report, The Netherlands Cyber Readiness at a Glance by Melissa Hathaway and Francesca Spidalieri, assessed the country against seventy unique indicators grouped into seven categories. Published by the Potomac Institute for Policy Studies in the US, the report is the eighth in a series that have also analysed the US, France, Japan, Germany, UK, India and Italy. There is also a foundational report, The Cyber Readiness Index 2.0: A Plan for Cyber Readiness.”
“GCHQ has demanded that directors start taking charge of cyber security, warning that they are “devolving responsibility” for protecting businesses from hackers. Ciaran Martin, the head of the agency’s National Cyber Security Centre (NCSC), said it is unacceptable for boards to plead ignorance about the threat from cyberattacks.”
“The WannaCry ransomware worm has raised the level of awareness about ransomware among the general public and it is also a major event for the cyber-security insurance industry that aims to help indemnify organizations against financial losses. The cyber-security insurance industry is a growing market, with forecasts predicting up to $5 billion in insurance premiums by 2020. The promise of cyber-security insurance is that in the event of a data breach, or ransomware event like WannaCry, organizations can make claims to help recover costs and remediate damage.”
“North Korea’s main spy agency has a special cell called Unit 180 that is likely to have launched some of its most daring and successful cyber attacks, according to defectors, officials and internet security experts. North Korea has been blamed in recent years for a series of online attacks, mostly on financial networks, in the United States, South Korea and over a dozen other countries.”
“Google tends to throw lots of ideas at the wall, and then harvest the data from what sticks. Right now the company is feasting on photos and videos being uploaded through its surprisingly popular app Google Photos. The cloud-storage service, salvaged from the husk of the struggling social network Google+ in 2015, now has 500 million monthly active users adding 1.2 billion photos per day. It’s on a growth trajectory to ascend to the vaunted billion-user club with essential products such as YouTube, Gmail, and Chrome. No one is quite sure what Google plans to do with all of these pictures in the long run, and it’s possible the company hasn’t even figured that out. But in a landscape fast becoming dominated by artificial intelligence, data — in this case, your photos — has become its own reward.”
“Experts estimate the cyber crime damage to the global economy in 2016 to have reached USD 650 billion. By 2020, it may increase to as high as USD 1 trillion, and cyber attacks may affect as many as 1.5 billion people. The cyber threat requires a joint preventive action, which is hampered by competition between national digital security programmes. The deeper the internet infiltrates our lives, the greater is the exposure to cyber attacks. According to Boston Consulting Group, 2016 saw almost 3.5 billion internet users and approximately 10 billion connected devices, and these numbers are expected to double by 2020.”