ICD Brief 96.
This has been an exceptional week watched by billions – an unsettled week in global geo and cyber politics dominated by reactions to the Helsinki Summit, the 2018 World Cup in Russia, the NATO summit, Brexit uproar and cabinet resignations and the working visit to the UK. And the endless posing of questions, concerns, shock, fear and above all, anger.
It’s our good fortune that the annual Aspen Security Forum gives us a unique opportunity to bring you immediate reactions and answers from the global security elites who gathered July 18-21, 2018 in Aspen, Colorado. I’ve included the link to all the Aspen videos with several featured.
“The Federal Energy Regulatory Commission (FERC), an energy industry regulator, called for the power industry’s regulating body, the North American Electric Reliability Corp, to expand rules that require reporting of cyber security incidents to include attempts that might facilitate future efforts to disrupt the grid.”
“The Justice Department plans to alert the public to foreign operations targeting U.S. democracy under a new policy designed to counter hacking and disinformation campaigns such as the one Russia undertook in 2016 to disrupt the presidential election. The government will inform American companies, private organizations and individuals that they are being covertly attacked by foreign actors attempting to affect elections or the political process.”
Helsinki Aftershocks Jolt US Security Elite – Overview
“The agenda of the forum reflects current preoccupations. This time, that means Russia and cyber (and sometimes both together). One of the interesting shifts is the relative lack of emphasis on terrorism which has dominated American national security thinking since the September 11th attacks.
Other key messages were a constant warning that even though much of the current focus is on Russia, China remains the greatest challenge for US national security – including in its ability to exert economic and covert influence in America and around the world.”
“Microsoft recently stopped an effort to hack three US candidates up for election this year. The attack relied on a spoofed Microsoft domain to target the candidates’ campaign, company vice president Tom Burt said during a panel session at the Aspen Security Forum on Thursday.” More information in the video (11:50- 18:56): Defending Democratic Institutions: Election 2018 and Beyond- Tom Burt Microsoft
“New York is taking steps to ensure its elections infrastructure is protected from cyber attacks by foreign hackers. Governor Andrew Cuomo announced an initiative with the Board of Elections that will help county election boards strengthen their cybersecurity measures.”
“The Marine Corps has activated the first of its new defensive cyber companies. According to a Marine Corps news release, the company will perform include mission assurance actively hunting for advanced persistent threats that evade routine security measures.”
“The U.S. is ceding ground in the race to shape global standards and laws around cybersecurity, according to Eric’s new story for Pros. While Congress and multiple presidents have spent years supporting the tech industry’s aversion to new regulations, the EU and China have forged ahead with laws that are setting the tone for digital security and privacy regulations.”
“Cybersecurity is the top directors and officers (D&O) liability concern for organizations today, while claims brought by employees, including claims for harassment or discrimination, and regulatory enforcement risks are also critical D&O exposures.
According to Willis Towers Watson’s 2018 Management Liability (Directors and Officers) U.S. Survey, the top D&O risks “in the coming year” include cyber incident/cyber claims (80%), claims by employees (55%), and regulatory and enforcement risks (48%).”
“For digital businesses across all industries and markets, there are a number of risks that freelancers and contractors may face as a result of the new GDPR regulations. In this article, Janthantha Kaenprakhamroy, founder of on-demand insurer Tapoly explores what you need to consider when embarking on new projects, contracts and activities to ensure you not only protect yourself against any risks of regulation breaches, but remain an attractive candidate for future work.”
‘Cybersecurity products in which intellectual property rights are owned by firms or start-ups organised in India will get preference in all public procurement. The aim is to increase income and employment in the country.”
“Iran has positioned cyber weapons to hit private firms and infrastructure, but there is no suggestion an attack is imminent, say U.S. officials.”
“ISRAEL: National operator Israel Railways has awarded government-owned Rafael Advanced Defense Systems a US$8·2m contract for the development of a Cyber Security Operation Centre. This is intended to provide ISR with improved monitoring and control capabilities, and better protection against attempts to penetrate and attack its electronic systems. “
“A crucial part of operating a network providing connectivity to research and education is security. That is why many R&E networks have a Computer Emergency Response Team, CERT, to handle security incidents. And as cyber attacks increase steadily in frequency and scale, the importance of defending ones own network against attackers increases as well. In this effort R&E network CERTs collaborate closely, both with each other and with CERTs operated by commercial network providers.”
“In Singapore’s worst cyber attack, hackers infiltrated the databases of SingHealth, the largest group of healthcare institutions here. The personal particulars of 1.5 million patients, including the outpatient prescriptions of Prime Minister Lee Hsien Loong and a few ministers, were stolen.”
“Thailand 4.0 is an initiative to transform cities like Phuket, Chiang Mai, Khon Kaen and Bangkok into technology hubs. The Thai government aims to develop 100 smart cities within two decades.”
“A UK government report into Huawei’s broadband and mobile infrastructure equipment has concluded that it has “only limited assurance” that the kit poses no threat to national security
The investigation revealed shortcomings in the Chinese firm’s engineering processes, which it said ‘have exposed new risks in UK telecoms networks.’”