ICD Brief 103.
Greetings from Edinburgh! Here’s what greeted us on our arrival yesterday: All Under One Banner Edinburgh rally: Tens of thousands take part in pro-independence march.
This week’s trend seems to be growing outrage over cyber espionage and cybercrime and a gathering of alliances to prepare and combat it.
“A Bloomberg BusinessWeek report that Chinese equipment manufacturer Super Micro may have allowed microchips used for spying into U.S. data center equipment run by AWS, Apple and others is likely to stoke trade tensions between the two nations over alleged espionage.”
“The U.S. government on Wednesday warned that a hacking group widely known as cloudhopper, which Westerncybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.”
“The U.S. Department of Homeland Security (DHS) is warning managed services providers (MSPs) and cloud services providers (CSPs) that cyber gangsters are exploiting them to creep unnoticed into their customers’ networks.”
“The Senate on Wednesday passed a key cyber bill that solidifies the Department of Homeland Security’s role as the main federal agency overseeing civilian cybersecurity.”
“A month out from the 2018 midterms, all eyes are on the Department of Homeland Security as it approaches its first real test since being given a broader election security mandate in the wake of the 2016 presidential elections.”
“The private sector—which owns and operates the vast majority of U.S. critical infrastructure in cyberspace—and the U.S. government are in lockstep that cyber threats to critical infrastructure have national-security consequences. What more, they agree that both must do more to defend critical infrastructure in cyberspace. On Sept. 20, JPMorgan Chase CEO Jamie Dimon told CNBC that “cyber” represents the biggest threat to the global financial system. But as Dimon sounded the alarm, the Pentagon’s 2018 cyber strategy summary put the ball at least partly in his industry’s court, stating that the private sector is “on the frontlines of nation-state competition in cyberspace.”
“John Zangardi knows cybersecurity is the emerging battle of the 21st century, and chief among his concerns is how to hire the experts needed to fight it.”
“The U.S. has worked alongside cyberdefense experts within the government of Montenegro over the past several weeks to build cyberdefense capabilities.”
“As far as technology and ministerial events go, the third ASEAN Ministerial Conference on Cybersecurity (AMCC) that met during Singapore International Cyber Week 2018 was relatively low-key. The conference was a major step forward on cyber issues in uncharacteristically quick terms for ASEAN. However, as the regional grouping looks to produce meaningful deliverables for its upcoming summit in November, it will be challenged by parallel developments in a domain that is continually being stress-tested in many ways.”
“ANZ, Australia Post and NAB are turning their websites and social channels black and white from tomorrow, as part of a week-long campaign for the Australian Cyber Security Centre.The new campaign is created by Icon Agency, and seeks to build awareness around cybersecurity.”
“Under the new rule, effective from November 1, central and local public security authorities can enter the premises of all companies and entities that provide internet services and look up and copy information considered relevant to cybersecurity.”
“In April the offices of the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague were targeted by a hostile cyber operation carried out by the Russian military intelligence service (GRU). This operation was disrupted by Dutch intelligence services in partnership with the United Kingdom (UK). In addition, the UK government has indicated earlier today that it has identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the Russian military intelligence service (GRU).
We express serious concerns about this attempt to undermine the integrity of the Organisation for the Prohibition of Chemical Weapons (OPCW), a respected internationalorganisation, hosted by the Netherlands. This aggressive act demonstrated contempt for the solemn purpose of the Organisation for the Prohibition of Chemical Weapons (OPCW), which works to eradicate weapons worldwide under a United Nations mandate. We deplore such actions, which undermine international law and international institutions. The EU will continue to strengthen the resilience of its institutions and those of its Member States, and international partners and organisations in the digital domain.”
“October 2018 is the sixth annual European Cyber Security Month (ECSM), an EU-promoted awareness campaign aimed at promoting cyber security and educating the public on how to protect themselves from online attacks.”
“Bret Hartman is the vice president and chief technology officer, Security Business Group at Cisco. He has more than three decades of experience in building information security solutions for major enterprises and institutions across the globe. Hartman began his career as a United States Air Force officer assigned to the US National Security Agency. At the agency, he helped in the creation of the ‘DoD Trusted Computer System Evaluation Criteria’ (Orange Book). An alumnus of the Massachusetts Institute of Technology (MIT), Hartman talks to THE WEEK about different aspects ranging from preparedness of organisations to dealing with cyber security threats, data privacy concerns and how visibility and control can go a long way in preventing cyber attacks.”
“New research from the Indian Computer Emergency Response Team (CERT-In) provides some distressing news. In 2017 alone, Indian organizations reported 53,000 security incidents, or one new reported security incident every 10 minutes—and these are only those that have been reported.”
“An interview with Zohar Rozenberg. Zohar Rozenberg (Col. Ret.) is VP, Cyber Investments at Elron Electronic Industries. Zohar serves, as board Member of several companies and a member at R.D.C, Rafael Advanced Defense Systems’ commercialization
“China’s tough new cybersecurity legislation is causing headaches for Japanese companies doing business there as authorities demand more protections for customer information and look to keep data within the country.”
“Mattis said to reporters at a meeting of NATO defence ministers on 3 October that the US will make its cyber warfare capabilities available to NATO as the allies denounced an alleged Russian bid to hack the Organisation for Prohibition of Chemical Weapons. He noted that the attempted attack showed how cyberattacks were becoming “more frequent, more complex and more destructive”. ‘This is why the United States, like the United Kingdom, Denmark, the Netherlands, Estonia will provide national cyber contributions to help NATO fight in this important domain,’Mattis said.”
“TALLINN – Estonia is prepared to make its cyber capabilities available to NATO if necessary, Defense Minister Juri Luik said on Thursday.”
“Defense Minister Levan Izoria participated in the NATO-Georgia Commission meeting on October 3, held in the frames of the NATO Defense Ministerial in Brussels on October 3-4.”
“Russia summoned the Dutch ambassador to Moscow to account for the Netherlands’ deportation of four Russian spies who were planning to hack the Organization for the Prohibition of Chemical Weapons (OPCW), RTL Nieuws reports.”
“A gang of digital bank robbers working for the North Korean government stole millions of pounds in a string of “complex and destructive” heists, researchers say.” Inside the North Korean Hacking Operation Behind SWIFT Bank Attacks
“A new Act on the National Cybersecurity System entered into force in Poland on 27 August 2018. The Act is designed to implement the measures laid down in the NIS Directive (Directive (EU) 2016/1148) and is another step (as well the GDPR, which reinforces protection of personal data) in extending the duties of companies in relation to cybersecurity.”
“Singapore can play an “important role” in cybersecurity for the Southeast Asian region, particularly in the area of thought leadership, said FireEye CEO Kevin Mandia on Thursday (Oct 4).”
“Start-up CyberShell Solutions has developed early stage security analysis technology that alerts software developers to potential vulnerabilities. Unlike most cybersecurity software, which identifies problems as or after they happen, the Dundee company’s CyberSuite product helps developers address and mitigate issues before their software is commercially deployed. Company chief executive Tayyaba Nafees, who completed a cybersecurity PhD at Abertay, said she was targeting global firms with the product. “
“Britain’s cybersecurity agency, the National Cyber Security Centre (NCSC) has backed US technology businesses Apple and Amazon in their denials of a recent story that claimed Chinese hackers had managed to infiltrate their servers.”
“A new scheme to help develop the next generation of cyber security experts and protect our nation against sophisticated and evolving threats has been announced by Defence Secretary Gavin Williamson today.”