ICD Brief 130.
Greetings from New York City. Blessings and Joy to all celebrating the feasts of Passover and Easter this weekend.
What a Week! From Notre Dame to Mueller, from des Gilets Jaune to MAGAS, we see how important our online platforms have become as binding forces that connect us. Headlines are not enough to grow this 21st century platform. This week’s ICD 130shares hard news with heavy dollops of the 5 W’s that we hope will contribute to context and consequences.
By: Matthew J. Schwartz
“Whatever questions it leaves unanswered, Special Counsel Robert Mueller’s report into Russian interference clearly states: “The Russian government interfered in the 2016 presidential election in sweeping and systematic fashion.’”
“The Israel offices of US cyber-security firm Verint have been hit by ransomware, according to a screenshot taken by a Verint employee that started circulating online earlier today (April 17).”
“The Weather Channel stopped its live broadcasting this morning due to a security incident that lasted for at least 90 minutes.
Details are scant at the moment and a tweet from the station does not lift the haze, informing only that it was the victim of ‘a malicious software attack on the network.’”
“With the increasing ubiquity of internet of things (IoT) devices and the vast expansion of the cyber attack surface that those devices create, National Security Agency (NSA) IoT Enterprise Functional Team Lead Arlene Santos is emphasizing the importance of the IoT Cybersecurity Improvement Actreintroduced in Congress last month as way to address the cybersecurity concerns posed by rapid IoT device growth.”
“Incident Response and Recovery” was the theme of the National Cyber Security Alliance (NCSA) and Nasdaq Cybersecurity Summit on April 17. Security and risk professionals from the Department of Homeland Security (DHS) and various companies and organizations convened at the Nasdaq Marketsite to discuss methods that focus on resilience and recovery following a cyber attack or data breach.”
“Building zero trust into agencies’ networks is on several IT modernization to-do lists through the federal government. But the term is so broad that it can often be misunderstood.” Post-Shutdown, CISA Carves Out a Space in Cybersecurity
“Cybersecurity firm Fortinet Inc has agreed to pay a $545,000 settlement to the US government after claims it illegally sold Chinese-made equipment to the US military. California-based Fortinet was found to be in breach of the US Trade Agreements Act (TAA) after falsely marking its products to be ‘made in the USA’, a statement from the US Department of Justice (DOJ) reads.”
“The Department of Homeland Security (DHS) routinely handles large amounts of data. Its mandate is to “keep America safe,” and that encompasses many fronts. This includes anything to do with potential threats to the nation, ranging from border security to cybersecurity, so “big data” would be an understatement. Using machine learning and artificial intelligence technology for Homeland Security was inevitable. Operating under the Department of Homeland Security umbrella, the Cybersecurity and Infrastructure Security Agency came into being in November 2018 as an effort to improve cybersecurity across all levels of government. But one month later, the government shut down for 35 days. CISA had to furlough more than 40 percent of its staff during the shutdown while still maintaining critical operations, which it did.”
“RMIT Online has announced the launch of a new cybersecurity short course as part of its Future Skills portfolio. The course, Cyber Security Risk and Strategy, is aimed at upskilling participants to understand the fundamentals of cybersecurity and how to formulate a preventative strategy of good cyber governance within a business.”
“A major review of electoral cyber security has raised concern hackers might find a weak jurisdiction, with weak systems, and use it to “sow doubt in the security and integrity” of Australian democratic processes.”
“The United Nations has restarted its process for setting rules on “responsible state behaviour in cyberspace” with two separate forums, and Australia intends to continue being a key player.”
“For researchers investigating malicious network activity in a given country, scanning hacker forums is like reading tea leaves. The discussion boards can provide insight about which malware is most popular, its likely victims and some clues that can help identify the thieves cashing in.”
“In what is claimed to be a first in the Brazilian financial services industry, São Paulo-based digital bank C6 is launching a bug bounty program aimed at boosting the security of its open architecture.”
“Despite concerns over security threats, Chinese tech giant Huawei is launching an education programme in Central and Eastern Europe”
“As the May’s European elections are slowly approaching, EU institution have been intensively testing their own cyber systems to help prevent any potential outside attacks or breaches into their systems. Together with observers from the European Parliament, the European Commission and the EU Agency for Cybersecurity, over 80 representatives from EU governments have participated in a recent (5 April) exercise. ”
“The French government has developed its own end-to-end encrypted instant messenger (IM) app to replace government employee use of Telegram, WhatsApp, and other third-party IM clients.”
“In an incident reminiscent of the Shadow Brokers leak that exposed the NSA’s hacking tools, someone has now published similar hacking tools belonging to one of Iran’s elite cyber-espionage units, known as APT34, Oilrig, or HelixKitten.”
“A French team of security experts has emerged the winner of a NATO-backed “live-fire” cybersecurity exercise, Locked Shields, that involved nearly 1,200 cybersecurity experts competing in a red team-blue team engagement to defend a fictional country, “Berylia”.
“The Dutch government on Monday said it had established a special task force to weigh potential security risks as it prepares to build a 5G telecommunications network.”
“Russia’s lower chamber of parliament has backed a bill which privacy advocates fear could lead to the creation of a censorship system similar to China’s Great Firewall.”