ICD Brief 56.
02.10.2017. – 08.10.2017.
Gloves are off this week. Nations, governments and organizations are facing the next phase of execution. And this phase comes with a lot of “buts”. DHS needs more staff to meet its objectives. EU Digital signed the Tallinn E-Governance declaration but could face significant economic damage from the Max Shrem privacy court case. SecDef Mattis testifies that China seeks to weaken US position in the Indo-Pacific as the State Department hosts its 4th and final US China Diplomatic and Security Dialogue. Chubb Insurance’s Cyber Services for Loss Mitigation: Online Cyber Security Education program wins the 2017 Business Insurance Innovation Awards.
We see growing recognition that accountability, responsibility and innovation are linked in a delicate balancing act as the global community shares approachs, mistakes and new insights. There are no clear wins or losses in this process.
“As hacks, data breaches, and other cyber-enabled crime become increasingly commonplace, this year’s National Cyber Security Awareness Month is an important reminder of the need to take steps to protect yourself and your family when using the Internet. Launched in 2004 by the Department of Homeland Security and the National Cyber Security Alliance, the annual campaign held every October is designed to help the public stay safe online and to increase national resiliency in the event of a cyber incident.”
“Stupid.” “Unprecedented.” “Shocking.” “Completely lacking.” “Deserves to be shamed.” Those were just some of the phrases members of the House Digital Commerce and Consumer Protection subcommittee flung at Equifax, the breached credit reporting company. Forcibly retired former Equifax CEO Richard Smith visibly flinched a few times during his testimony Tuesday as he was grilled over the hack that was first made public on Sept. 7.”
“The U.S. Consumer Financial Protection Bureau (CFPB), one of Wall Street’s top regulators, must strengthen its protections against hacking, according to a report the agency’s internal inspector released on Wednesday as the financial sector reels from recent revelations of two major data breaches.”
“Russian government-backed hackers stole highly classified U.S. cyber secrets in 2015 from the National Security Agency after a contractor put information on his home computer, two newspapers reported on Thursday. As reported first by The Wall Street Journal, citing unidentified sources, the theft included information on penetrating foreign computer networks and protecting against cyber attacks and is likely to be viewed as one of the most significant security breaches to date.”
“Senate Intelligence Committee Chairman Richard Burr said late Wednesday night he wants to mark up legislation to renew foreign surveillance programs this month. Emerging from an all-Senate briefing on the spying programs authorized under Section 702 of the Foreign Intelligence Act — which will sunset at the end of the year without congressional action — told Martin that he hoped to take up a bill to reauthorize the programs after the next congressional recess. The North Carolina Republican is working with his Intelligence Committee ranking member, Sen. Mark Warner, Sen. Dianne Feinstein, the top Democrat on the Senate Judiciary Committee, and Sen. John Cornyn on a bipartisan bill to keep the tools from expiring.”
“As the Department of Homeland Security’s cybersecurity responsibilities continue to expand, the agency is beginning to show signs that it may not have the resources to keep up. Although the department has made significant progress on programs designed to defend federal networks from malware, many key leadership positions remain unfilled, the hiring process for new talent is dangerously slow and the enterprise cybersecurity strategy that was due in March is now six months late with no estimate of when it will be complete.”
“AUSTIN, Texas — Cybersecurity was perhaps the most consistent thread running through all the programming at the annual NASCIO conference this week. It’s on the minds of state CIOs, and many have well-developed strategies to protect state IT systems and constituent data, combat current threats and build strong cyber defenses. Here’s a look at a few state programs.”
“Yesterday, The Hon Julie Bishop MP, Minister for Foreign Affairs of Australia officially announced the launch of the country’s International Cyber Engagement Strategy, which outlines Australia’s cyber affairs agenda for the next 3 years.”
“WASHINGTON: China is focused on weakening the US’ position in the Indo-Pacific region even as it is working with America on the issue of North Korea, US defence secretary Jim Mattis has said. Meanwhile at the Foggy Bottom headquarters of the State Department, deputy secretary of state John Sullivan hosted the inaugural US-China Law Enforcement and cyber security Dialogue. Attorney general Jeff Sessions and acting secretary for homeland security Elaine Duke co-chaired the dialogue along with the Chinese state councillor and minister of public security Guo Shengkun.”
“A European Union court case ostensibly to keep personal data private could backfire and cause great damage to the continent, say industry leaders and legal experts.
This week, Irish courts referred the latest chapter of a longstanding legal challenge between activist Max Schrems and Facebook to the European Union courts. At issue are “model” contractual clauses Facebook uses that are supposed to replicate the protection EU citizens have within Europe.”
“Tallinn Declaration was signed under the auspices of the ministerial conference on e-government where European digital ministers, business people, e-government experts and civil society representatives met to discuss the future technologies of e-government and share existing user experience across countries. Among the e-government technologies, the conference focused on artificial intelligence, virtual reality and solutions against fake news, already important in the day-to-day work of governments and even more important in the future, as experts predict, the Ministry of Economic Affairs and Communications said.”
“City-based Seqrite Cyber Intelligence Labs, the enterprise security wing of Quick Heal Technologies, has tracked an advertisement on DarkNet claiming to have access to 6,000 email IDs Indian public and private companies, besides their internet protocol information, servers and databases.”
“A survey conducted by cyber security firm ESET in the Asia Pacific region in 2016, found that Indian SMEs have been the most vulnerable to cyber attacks in the past three years.
In less than a year, Indian businesses have seen a spate of ransomware attacks—WannaCry, GoldenEye, Petya and the latest, Locky. Ransomware is a malware that hijacks computers, encrypts important files, denies access to them, and then asks the victim to pay ransoms to have the files decrypted. Though very few businesses disclose cyber attacks due to fear of loss of reputation, experts believe Indian businesses have been hit hard by ransomware since they are ill-prepared to ward of cyber threats.”
“The army has encountered two worrisome, secondary developments: The motivation to serve in combat units has fallen mainly among the most desirable soldiers and there is a decline in demand for infantry units. In 2013, two of every three draftees who were fit for infantry service asked to serve in an infantry division, but by this year, that figure dropped to one out of two.”
“Toronto-Dominion Bank is opening an office in Tel Aviv with the aim of bolstering the company’s cybersecurity programs and research and development capabilities. “Customers and employees need to transact with confidence in the digital era,” said Colleen Johnston, group head of the Canadian bank’s direct channels, technology, and marketing. “In Israel, TD will tap into one of the world’s deepest pools of talent and know-how in cybersecurity, and further strengthen our ability to build new, secure applications.”
“The Japanese government is putting together a set of guidelines designed to prevent internet-connected self-driving vehicles from being hijacked by hackers. The Cabinet Office will compile the new data security guidance during the fiscal year starting in April, incorporating results from mock cyberattacks on self-driving vehicles.”
“Japan will encourage companies to inform investors about their cybersecurity measures, aiming to promote broader awareness of the issue in the private sector as the spread of the “internet of things” raises new security risks.”
“A new study has analysed the cyber-security of 11 different markets and it seems Singapore is among the best in the world – however, there’s still room to improve.”
“Many data network outages occur because employees “don’t know how to respond when something happens,” when knowing how to do so “will help reduce the exposure to a loss when an incident occurs,” said Russ Cohen, Chubb Ltd.’s Philadelphia-based vice president for cyber services. Chubb’s Cyber Services for Loss Mitigation: Online Cyber Security Education program, a 2017 Business Insurance Innovation Awards winner, is intended to help employees avoid the errors that can have a significant impact when data is lost, stolen or becomes unavailable, Mr. Cohen says.”