ICD Brief 74.
Most of this week’s ICD Brief 74 sees the tempo is rising to ACT together to meet newly acknowledged threats to the security, political and economic sectors.
The annual Munich Security Conference saw Siemens Leads Launch of Global Cybersecurity Initiative with a Charter of Trust
US Energy Department Forming Cyber Protection Unit for Power Grids Energy Secretary Rick Perry: the DOE “plays a vital role in protecting our nation’s energy infrastructure from cyber threats, physical attack and natural disaster, and as secretary, I have no higher priority.”
‘DHS’ cyber supply chain risk program shows that their leadership understands and prioritizes the concerns that come with a global economy. Given their role in providing cyber defense to the rest of the federal government, this is the right nexus to focus security on before the products are installed at other agencies.’offered ICD Advisor Jennifer Bisceglie, CEO, Interos Solutions & Vigillence; President, CEO, Quantum Leaps a leading pioneer in Government and Industry in all aspects of supply chain management.
The Olympic Games saw South Korea, Estonia Agree to Increase Cooperation in Cybersecurity “despite their small land area and scarce resources, they have achieved economic development based on talented human resources, and that the two countries have great potential for cooperation in digital sectors.”
MUMBAI (Reuters) – India’s City Union Bank (CTBK.NS) said on Sunday that “cyber criminals” had hacked its systems and transferred nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform.
“Congressional Democrats on Wednesday introduced legislation that would provide more than $1 billion to boost cyber security of U.S. voting systems, saying inaction has made elections vulnerable to more interference from Russian hackers.”
“The U.S. Department of Energy (DOE) said on Wednesday it is establishing an office to protect the nation’s power grid and other infrastructure against cyber attacks and natural disasters.”
Last July, the DOE helped U.S. firms defend against a hacking campaign that targeted power companies including at least one nuclear plant. The agency said that the attacks did not have an impact on electricity generation or the grid, and that any impact appeared to be limited to administrative and business networks.
“Supply chains for contemporary technology products can be excessively complex with computer hardware originating from numerous nations and software code written in dozens of different places or assembled from open source libraries with long and complicated histories of their own.”
“During a Senate Intelligence Committee hearing Tuesday, lawmakers and intelligence officials raised similar concerns about the Chinese telecom firms Huawei and ZTE and their affiliates becoming spying platforms for the Chinese government. Sens. Marco Rubio, R-Fla., and Tom Cotton, R-Ark., have introduced legislation that would bar those companies and their affiliates from government contracts.”
“This week, senior executives from more than 3,000 banks, insurers and other financial services companies doing business in New York will have to personally certify that their computer networks are protected by a cybersecurity program appropriate for their organization’s risk profile.”
“According to the Plan, the first 12 to 18 months of the strategy will witness a significant amount of work undertaken across three strategic themes. This initial period will form the foundation for the future deliverables and inform the first strategic plan review in early 2019.”
“Prime Minister Lee Nak-yon agreed Wednesday to increase cooperation with Estonia in cybersecurity and other areas during talks with his Estonian counterpart, Juri Ratas.”
“Cyber crime experts, who were here on Friday to judge the North India Cyber Security Hackathon conducted at the Indian School of Business (ISB) were of the view that cyber crime must be taught as a full-fledged subject in schools and colleges to curb the crime rate. It must be clubbed with moral lessons.”
“The new ‘Charter of Trust’ aims to make security a key element of the digital economy, critical infrastructure.
ICS/SCADA giant Siemens, along with IBM, Airbus, Allianz, Daimler, NXP, SGS, T-Mobile, and the Munich Security Conference, today outlined a new global effort aimed at making cybersecurity a default major component and philosophy for businesses and governments in order to protect critical infrastructure, businesses, and individuals worldwide.”
“Singapore is to have a new cybersecurity tsar with wide-ranging powers to seize confidential information and impose penalties under legislation passed by its parliament on Monday last week.”
The US and UK governments have publicly blamed Russia for a crippling cyber-attack last year that targeted Ukraine and spread around the world.
On Thursday, Sarah Sanders, the White House press secretary, said that the NotPetya ransomware attack in June 2017 “was part of the Kremlin’s ongoing effort to destabilise Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict.”
She added: “This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.” Sanders said it had caused billions of dollars of damage.
The statement came after the British defence secretary, Gavin Williamson, accused the Russian government of “undermining democracy” with the attack, which primarily targeted Ukraine’s financial, energy and government sectors before it spread across the world.
“This is the second Hiscox Cyber Readiness Report, conducted by Forrester Consulting, and it has been expanded to cover more than 4,100 organisations, large and small, in both private and public sectors, across five countries – the UK, USA, Germany, The Netherlands and Spain. It puts the spotlight not only on the financial consequences of individual cyber breaches but also on the enormous cost in terms of investment made to counter the threat. Above all, it measures the cyber readiness of respondents using a multi-dimensional model built on best practice in cyber strategy and execution.”
“ Black Hat, the world’s leading producer of information security events, opens Registration and Call for Papers (CFP) for Black Hat USA 2018. Returning to Las Vegas, Black Hat will host the latest in information security research, development and trends. Additionally, this year’s program will feature the new Community track, dedicated to programming that covers current topics affecting the wider InfoSec community. The event will span six days, beginning with four days of intense hands-on Trainings, followed by two days of its renowned Briefings, a Business Hall filled with leading solution providers, special events and more.”