ICD Brief 115.
Greetings from a fractious nation’s capital! However, in terms of cyber, this takes on a more positive tone as the global multi-stakeholders begin to create the protocols of a new world order. Painful but clear progress from this time last year. There’s nothing like an incipient cyber war as an incentive.
Whose fault are all these attacks and what are we doing about them? This first edition brings you answers from the US, Brazil, China, the EU, Germany,Israel, Japan, Russia and the UK. We lead with an outstanding feature by Martin Giles.
“The hackers who claim to have breached a British insurer last year say their cache of pilfered files include confidential documents on the September 11 terrorist attacks.”
“H.R. 1, the gargantuan first bill the new House Democratic majority will unveil Friday, is an anti-corruption grab bag that most prominently tackles campaign finance, sexual harassment and voting rights. But election cybersecurity will quietly play a major role in the bill, too.”
“Verodin, a leader in validating the effectiveness of cybersecurity controls, announced it has been approved to deliver critical cyber capabilities in support of the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) Program.”
“The National Science Foundation calls cybersecurity “one of the defining issues of our time.” The U.S. is particularly vulnerable, according to Juniper Research, because of the substantial amount of national and international data located within a wide range of companies, governmental entities and institutions, with little regulation.”
“Six years after hackers stole millions of South Carolina tax records, the state has ended a program to monitor victims’ credit records, and is still working to improve cybersecurity.”
“Brazil’s new minister of science, technology, innovation and communications has taken over yesterday (2), citing intentions of focusing on cybersecurity and artificial intelligence and pledging to review key areas such as Internet of Things and broadband coverage.”
“China’s cybersecurity police announced a new campaign on Thursday targeting websites and web applications that spread what they called “negative information” on the internet.”
“The European Union is now offering model legislation to its member states, and via spill-over power to similar supranational projects elsewhere, particularly ASEAN, as well as the Organization of American States, the African Union, the Shanghai Cooperation Organization and the rest of the world.”
“Listen up, ethical hackers: the European Commission is looking for your help to discover security flaws in some of the most popular free and open source software around. The Commission will fund a total of 15 ‘bug bounties’, prizes for people who actively search for security issues. Fourteen of them will start in January and the remaining one in March next year.”
“The EU is looking to toughen scrutiny of potential security risks with Chinese technology companies in the wake of growing concerns about cyber theft and cyber espionage allegedly linked to Beijing.” [FT Subscription]
“Private data stolen from hundreds of German politicians, including Chancellor Angela Merkel, have been released online, the German government said on Friday.”
“As the US pushes allies to follow suit in closing the door to Chinese telecom firms, Berlin is finally waking up to cybersecurity risks. But some say Germany is still underestimating a wider threat.”
“Strengthening its cybersecurity measures against China and other potential state-sponsored threats, Japan is on track to impose domestic storage of electronic data generated by critical infrastructures like power and water suppliers.”
“Russia’s malware shows up on U.S. power grids, and its online trolls try to influence elections. China, meanwhile, stealsthe personal data and intellectual property of leading American corporations. The U.S., for its part, has its hackers on a war footing. So it may seem the prospects for dialogue — in this case, trialogue — are slim. Yet this is exactly what happened last month in Moscow among a group of former and current officials from China, Russia and the U.S.”
“The Foreign Secretary, Jeremy Hunt will visit the headquarters of BT Singapore today (4 January) to officially open their new office and see how UK excellence in cyber security is helping businesses and local government secure their operations for the digital age.”
“The Government has urged public authorities to develop workforce plans to address a “capability gap” in their cyber security skills.”
“A new cyber security standard for developing technology incorporated into self-driving cars has been released by the British Standards Institute.”
“On the first day of 2019, Vietnamese dissidents, human rights activists, and bloggers weren’t celebrating – they were worrying about the new cybersecurity law that went into effect that same day in Vietnam.”
The risks include AI-powered deepfake videos and the hacking of blockchain-powered smart contracts.
“ We’re going to see more mega-breaches and ransomware attacks in 2019. Planning to deal with these and other established risks, like threats to web-connected consumer devices and critical infrastructure such as electrical grids and transport systems, will be a top priority for security teams. But cyber-defenders should be paying attention to new threats, too. Here are some that should be on watch lists:”
“As governments increasingly find themselves needing information from networked sources for law enforcement, intelligence, and military purposes, one of the most difficult dilemmas they face concerns the use of so-called zero day vulnerabilities—previously unknown flaws or bugs that can sometimes be exploited to gain access to servers that house information or control networks and infrastructure. Governments often have researchers looking for these flaws, and sometimes, governments purchase them on the open market. But when governments find such vulnerabilities, should they quickly disclose these flaws and thus allow them to be fixed, or should they keep the information a secret for other national security purposes?”