ICD Brief 102.
Greetings from sunny Haymarket (Virginia)! Next week, I’ll be under an umbrella close to Haymarket Station in Edinburgh.
A year ago, I’d lead with the Facebook breach. Today, you will see a change: from reaction to anticipation, from unknown values to probabilistic risk models, from a vacuum of governance to a growing body of best practices and emerging rules of engagement, from voluntary guidance to regulations and laws.
“The biggest technology companies, finance firms and technology giants — including Facebook which now reports up to 50 million user accounts may have been taken over by criminal hackers — invest many millions in cybersecurity and still fall victim to significant attacks.”
“The military is facing a shortage in cyber talent and the Army is considering changing the way it trains its cyber soldiers to deal with the shortfall. The cyber realm is demanding an increasing number of civilian and military experts for defensive, offensive and maintenance jobs.”
“Research Triangle Park, North Carolina USA (25 September 2018) – The ISA/IEC 62443 series of standards, developed by the ISA99 committee as American National Standards and adopted globally by the International Electrotechnical Commission (IEC), is designed to provide a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACS).”
“The Defense Department lost thousands of civilian cyber workers in the past year, mainly in IT management and computer science-related positions, a senior defense official testified at a Sept. 26 Senate hearing.”
“The Port of San Diego is facing the storm surge of a cyberattack against its computer systems. On Wednesday, the Port of San Diego’s CEO, Randa Coniglio, said in a statement that it suffered a “serious cybersecurity incident,” which it first learned about on Tuesday. A spokesperson for the port told sister site ZDNet that the attack was a ransomware infection, but didn’t provide further details.”
“As protecting critical infrastructure from cyberattacks has become a national priority, the electric power industry and U.S. government agencies have strengthened their partnership in order to better tackle energy grid cybersecurity.”
“Summer 2018 was dominated in the EU by the General Data Protection Regulation (GDPR), and in the US, by the California Consumer Privacy Act of 2018 (CaCPA, otherwise known as California GDPR). Both of these regulations on data represent a significant shift in how the business community manages and protects consumer information. If you read the fine print, both of these regulations will ultimately drive more action oncybersecurity.”
“Lights which know when you are awake, doors which can sense if it is a stranger, and a houseful of such ‘connected devices’ controlled by a single app, and you know there is a likelihood of a digital apocalypse in the near future if we don’t have set laws. To avoid a future catastrophe, California Governor Jerry Brown has signed a cybersecurity law covering smart devices, making the state a first with such a law, The Verge reported.”
“Today, the NSW government launched its new cyber security strategy. The strategy is aimed at boosting public sector capability across government departments and agencies. It comes off the back of a call earlier this year by the NSW auditor-general for urgent action to improve the ability of state government agencies to detect and respond to cyber security incidents.”
“New legislation introduced in Australian parliament to weaken encryption laws in order to allow law enforcement greater access to encrypted communications is raising concerns over privacy and the country’s cybersecurity.”
“Estonia jumped two places after an update by the country’s ministry of defence, notifying the national cyber security index team of the recent establishment of the Cyber Command at the Estonian Defence Forces.”
“A collaborative fintech platform in Belgium has launched an innovative new program aiming to improve cyber-security for start-ups. Trusted Fintech, which was launched by B-Hive Europe during the Digital Finance Europe conference in Brussels, will deliver a five-module program focused around people, process and technology. When a start-up successfully completes the program it then obtains the ‘Trusted Fintech’ label – a safety guarantee which B-Hive hopes will encourage further investment.”
“European Union politicians appear set to demand audits of Facebook by Europe’s cyber security agency and data protection authority in the wake of the Cambridge Analytica scandal. A draft resolution submitted on Thursday to the EU Parliament’s civil liberties and justice committee urged Facebook to accept “a full and independent audit of its platform investigating data protection and security of personal data”.”
“This post looks at the implications of the E-Privacy Regulation for IoT manufacturers starting with a short summary of the GDPR and some of its effects.”
“A cyber defense training pact has been signed by Deutsche Telekom and Germany’s Bundeswehr. Their deal expands a network of commercial and federal information security hubs centered in Bonn.”
“Israeli Ambassador to Italy Ofer Sachs, speaking at the Cybertech Europe conference on Wednesday in Rome, said his country is among those receiving the most cyberattacks worldwide.”
“Both parties agreed to cooperate on mutual response tocybersecurity incidents and information-exchange oncybersecurity threats, policies and technologies. The Philippines is also seeking to sign MoUs with other countries, similar to Russia’s, to further strengthen its cybersecurity posture.”
“Amid a rise in such attacks last year, Serbia plans to tighten its cyber-security and form special units to combat high-tech crime. According to the Cybercrime Strategy, Serbia will establish several units within the police, military and customs to fight online crimes. Civil servants will participate in training, which will be also held for parents, in schools, in the media, and for bank clients, focusing also on child pornography and internet security. “