ICD Brief 50.
17.07.2017. – 23.07.2017.
In addition to our lead articles, we bring you a mega edition of significant news of from the US, Australia, the EU, India, Singapore, the UK as well as two feature stories. You will find the links underthis letter and the full edition with summaries on our website HERE .
Two sidebar notes: You still have time to register for the Early Bird rate for Cyber Security Summit 2017 in Minneapolis October 23-25. I joined the Advisory Board after speaking there in 2016; it drew 700 participants from 22 states and 7 countries. Please email me at email@example.com if you plan to take advantage of the early bird rate. Finally, on behalf of the Advisors and Staff, the ICD congratulates Merle Maigre who becomes the Director of the NATO Cooperative Cyber Defence Centre of Excellence in September, 2017.
“Two major law enforcement operations, led by the Federal Bureau of Investigation (FBI), the US Drug Enforcement Agency (DEA) and the Dutch National Police, with the support of Europol, have shut down the infrastructure of an underground criminal economy responsible for the trading of over 350 000 illicit commodities including drugs, firearms and cybercrime malware. The coordinated law enforcement action in Europe and the US ranks as one of the most sophisticated takedown operations ever seen in the fight against criminal activities online.”
A new offensive by Microsoft has been making inroads against the Russian government hackers behind last year’s election meddling, identifying over 120 new targets of the Kremlin’s cyber spying, and control-alt-deleting segments of Putin’s hacking apparatus. How are they doing it? It turns out Microsoft has something even more formidable than Moscow’s malware: Lawyers.
“OWL Cybersecurity, a Denver-based cybersecurity company offering the world’s largest commercially available database of darknet data, today announced the upcoming release of the Black Hat USA 2017Darknet Index, ranking all 283 exhibitors by exposed data on the darknet and security threat levels.”
“The FBI on Monday warned parents of privacy and safety risks from children’s toys connected to the internet. In an advisory posted on its website, the Federal Bureau of Investigation said that such toys may contain parts or capabilities such as microphones, cameras, GPS, data storage and speech recognition that may disclose personal information.”
“The U.S. Coast Guard (USCG) and the U.S. Department of Homeland Security (DHS) recently issued a new Navigation and Vessel Inspection Circular (NVIC) specifically on cybersecurity asking for comments by Sept. 11, 2017. This follows the updates issued in December 2016, which added cybersecurity into the list of “security” items that are covered by Maritime Transportation Security Act (MTSA) traditional security mandates.”
“On Tuesday, a Senate Appropriations subcommittee will mark up a funding bill that covers key cyber components at the Commerce and Justice departments. That same funding bill will go before the full appropriations committee on Thursday. The House version of that bill cut money for the government’s main cyber standards agency, the National Institute of Standards and Technology, but by less than President Donald Trump requested. It also raised funding for the FBI’s cyber crime division.”
“Mobile security continues to be top priority for the Department of Homeland Security, and new initiatives are underway to address threats to federal mobile devices. In August, DHS will announce a new Science & Technology Directorate research program for mobile application security. “Whether you consume a mobile application or you develop one for the government, we’re going to have security baked in,” Vincent Sritapan, program manager in the Homeland Security Advanced Research Projects Agency’s Cyber Security Division, said at FCW’s July 18 Mobility Summit.”
“Synopsys, Inc. (Nasdaq: SNPS) today announced it will host codenomi-con USA 2017, an exclusive event that gathers an elite group of cybersecurity experts, on Tuesday, July 25, during Black Hat USA in Las Vegas, NV. In addition to networking and entertainment, codenomi-con USA 2017 includes a thought leadership program with presentations on DevOps security, IoT security across verticals, and how to build security into the software development lifecycle (SLDC). The cybersecurity experts will also discuss the current state of application security. This is a private event and attendees must register online.”
“Prime Minister Malcolm Turnbull will appoint his cyber security advisor Alastair MacGibbon as the head of the country’s Cyber Security Centre following a recommendation from a review of Australia’s security agencies. MacGibbon was appointed as special advisor on cyber security within the Prime Minister’s department last year as part of the national cyber security strategy released in early 2016.”
“EU digital chief Andrus Ansip wants to set up a new office to certify the cybersecurity level of technology products — which would make them more competitive globally — as part of an overhaul of the bloc’s rules in September.”
“European Commission President Jean-Claude Juncker heaped praise on Estonia’s cybersecurity expertise during a press conference in Tallinn on Friday (30 June). The Baltic country could help the EU to move ahead on technology policies, Juncker said one day before the country takes over for a six-month leadership role.”
“Palo Alto Networks, the next-generation security company, today announced the results of its report entitled ‘The State of Cyber security in Asia-Pacific’, which revealed that cyber security budgets have increased for 92 %per cent of organizations in India.”
“Cyber is a great business. It’s growing geometrically because there is never a permanent solution, it’s a never-ending business,” said Benjamin Netanyahu, Israel’s Prime Minister, at Tel-Aviv University’s 7thAnnual Cybersecurity Conference. Thomas Bossert, Assistant to the U.S. President for Homeland Security and Counterterrorism, announced at the event the creation of a US-Israeli bilateral cyber working group that will develop “innovative cyber defenses we can test here and then take back to America.”
“According to the June 15, 2017 Wall Street Journal, six Israeli startups (three in the cybersecurity sector) are among the top 25 tech companies, which may be the global leaders of tomorrow. According to Forbes Magazine, Israel has become a cybersecurity powerhouse, creating more than 300 cybersecurity startups, exporting in 2016 $6.5BN in cybersecurity products, convincing more than 30 multinationals to establish local research & development centers in Israel and attracting foreign investors. What is behind their success?”
“NATO and the Jordanian armed forces held a ceremony to inaugurate the creation of the Computer Emergency Response Team for cooperation on cybersecurity. CERT is a unit of the Jordanian armed forces tasked with helping prevent and deal with cyberattacks on Jordanian civil and military networks. It helps provide training and workplace development to help safeguard critical infrastructure.”
“Singapore’s Ministry of Communications and Information (MCI) and the Cyber Security Agency (CSA) have recently proposed a Cybersecurity Bill, which is open for public feedback from 10 July to 3 August 2017.”
“Britain’s National Cyber Security Centre said on Tuesday it had never certified products from Russian cyber security firm Kaspersky Lab. “The NCSC certifies products through a range of initiatives, and vendors apply to have their products certified via one of our accredited lab partners,” the NCSC, which is part of Britain’s GCHQ eavesdropping security agency, said.”
“Northern Ireland is sharing in a massively under-reported UK-wide cyber crime wave costing this province £100m per year, with one Belfast expert affirming that as few as 1% of offences may be resulting in prosecution, an investigation by the Johnston Press Investigations Unit can reveal.”
“The UK energy sector is likely to have been targeted and probably compromised by nation-state hackers, according to a memo from Britain’s National Cybersecurity Centre. The NCSC, a subsidiary of GCHQ, warned that it had spotted connections “from multiple UK IP addresses to infrastructure associated with advanced state-sponsored hostile threat actors, who are known to target the energy and manufacturing sectors,” according to Motherboard, which obtained a copy of the document.”
“A major cyber security challenge, aimed at educating and inspiring the next generation of cyber defenders from across the UK and US, will be held at the University of Cambridge from July 24-26. The Cambridge2Cambridge cyber security competition, backed by government and industry, is the brainchild of the University of Cambridge and the Massachusetts Institute of Technology in the US and will see talented pupils pitted against each other in a three-day showdown.”
“In the Asia-Pacific (APAC) region, country-level cybersecurity commitments have been strengthening. Singapore claimed the top spot globally in terms of its commitment to combating cyber threats, according to the Global Cybersecurity Index 2017; other APAC countries such as Malaysia (3rd), Australia (7th), Japan (11th) and South Korea (13th) also scored well on the index.”
“In June, a global cyberattack crippled computer systems across multiple continents for the second time in less than a month. The ransomware attack – called ‘GoldenEye’ – struck across the globe yesterday, taking down servers at Russian oil giant Rosneft and computers at multinational businesses, including the Australian offices of a global law firm. This alarming incident put the spotlight not just on the state of cybersecurity awareness, but the kind of training that organisations are providing to ensure that the next time around, they are better prepared.”