ICD Brief 121.
Greetings from Washington DC, Canberra, Tallinn, Vilnius, Beijing, Brussels, Athens, Paris, Munich, Delhi, Tokyo, Moscow, Singapore and London where increased activity and spending reflects concerns around elections, espionage, hacking attacks, privacy and thefts.
Congratulations to ICD Co-Founder Richard Stiennon who will launch his latest book Secure Cloud Transformation: The CIO’s Journey March 4 at the 2019 RSA Conference in San Francisco.
“Protecting the 2020 election from hackers and foreign influence campaigns is a top priority for the Department of Homeland Security, the agency said Thursday.”
“The Consolidated Appropriations Act–the bill agreed to by House and Senate negotiators that could avert another partial government shutdown–features more cybersecurity-related funding for the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA), but also further obligations to report to Congress in the coming months on key security-related issues.”
“Two U.S. Senators have expressed concerns that federal government employees may be jeopardising the nation’s security by using Virtual Private Networks (VPNs) made by foreign companies, William Chalk takes up this tale of cyber espionage.”
“Microsoft has removed from the official Microsoft Store eight Windows 10 apps that had been caught mining the Monero cryptocurrency behind users’ backs for the benefit of the apps’ developers.”
“In the bid to consider and plan for an evolving cybersecurity landscape to maintain patient safety, the Therapeutic Goods Administration (TGA) has released a draft regulation guidance on cybersecurity for medical devices, in line with the existing regulatory requirements.”
“Estonia is the first member state in the European Union that might be called Extremely Online. Over the past decade, the Baltic republic of 1.3 million people fully digitized its government services and medical data.”
“The Chancellery of the Lithuanian Government held training and tabletop exercises earlier this week, dedicated to countering cyber threats during elections.”
“New provisions made to China’s Cybersecurity Law last November gives state agencies the legal authority to remotely conduct penetration testing on any internet-related business operating in China, and even copy and later share any data government officials find on inspected systems.”
“The telecoms industry has called on European governments to join mobile operators in establishing a testing regime to protect network security without having to resort to the disruptive step of excluding vendors from the market.”
“Cybersecurity experts have met with government officials ahead of the Munich Security Conference to discuss the vulnerabilities in our critical infrastructure — and many ask when Europe will finally shore up its gaps.”
“Last January ENISA released its annual report with the ’15 top cyber threats and trends’ in Europe. The European Union Agency for Network and Information Security (ENISA) is a center of network and information security expertise for the E.U., its Member states, the private sector and European citizens. Its prime concern is to provide recommendations on cybersecurity, support policy development and its implementation and collaborate with operational teams throughout Europe.”
“European Union member states are considering a possible joint response to cyber attacks allegedly conducted by a Chinese state-linked hacker group after the UK presented evidence last month about network infiltration, according to people familiar with the matter.”
“The personal details of up to 2,200 French cybersecurity professionals may have been compromised following a data security oversight at CLUSIF, a Paris-based information security society.”
“MUNICH (AP) — The Latest on the international security conference taking place in Munich (all times local): 10 p.m.
German Chancellor Angela Merkel has drawn lengthy applause for her spirited defense of a multilateral approach to global affairs and her support for Europe’s decision to stand by a nuclear deal with Iran.
U.S. Vice President Mike Pence was not impressed, however, and he doubled down on American criticism of Europe.
Merkel’s comments Saturday at the Munich Security Conference, an annual gathering of world leaders and top defense and foreign policy officials, followed days of acrimony between the U.S. and Europe over Iran.”
“In the wake of growing cyber threats and targeted attacks, cybersecurity has become a boardroom concern for organizations across verticals, revenue bands and geographies, cites EY’s Global Information Security Survey (EY GISS) 2018-19 – India edition. Speaking at the launch of the report, Dr. Gulshan Rai, Cyber-Security Chief, Prime Minister’s Office, Government of India said, “As we accelerate towards becoming a trillion-dollar digital economy, building the right framework for cyber resilience and security is critical for the country.”
“The Japanese government plans on strengthening its defenses against cyber attacks from China, among other nations. It aims to do so through regulating and securing the use of cloud services. The government plans to draw up security standards and start trial runs this year, with the aim of introducing the full system in 2020.”
“Russian authorities and major internet providers are planning to disconnect the country from the internet as part of a planned experiment, Russian news agency RosBiznesKonsalting (RBK) reported last week.”
“American tech giant Cisco on Friday (Feb 15) launched an innovation centre, its first in South-east Asia, to bring together industry players, government organisations and start-ups to work on regional issues in cyber security and the Internet of Things (IoT).”
“If you asked the average person on the street what they thought the worst consequences of a cyber attack would be, they would most likely think about stolen bank accounts or credit card details, identity theft, or that they’d probably have to reset their passwords (again).”
“Five years after the release of the Framework for Improving Critical Infrastructure Cybersecurity, organizations across all sectors of the economy are creatively deploying this voluntary approach to better management of cybersecurity-related risks.”
“Aon has released its 2019 Cyber Security Risk Report, which details the greatest cybersecurity threats industries are facing today.”