ICD Brief 137.
Greetings from Washington DC, Tallinn, Beijing, Brussels, Berlin, Teheran, Tel Aviv, Mons, Amsterdam, Oslo, Lisbon, Bucharest, Moscow, Singapore, London, Santa Clara County. This week’s news is hard and definitive; we hear about what IS or HAS happened- not what may be or rumoured or hoped for. I’ve given you the whole list first before the summaries because there are too many important updates.
Many Americans Say Made-Up News Is a Critical Problem That Needs To Be Fixed The Pew Research Center
“Politicians viewed as major creators of it, but journalists seen as the ones who should fix it. Indeed, more Americans view made-up news as a very big problem for the country than identify terrorism, illegal immigration, racism and sexism that way. Additionally, nearly seven-in-ten U.S. adults (68%) say made-up news and information greatly impacts Americans’ confidence in government institutions, and roughly half (54%) say it is having a major impact on our confidence in each other.”
NSA Cybersecurity Advisory: Patch Remote Desktop Services on Legacy Versions of Windows The National Security Agency
“The National Security Agency is urging Microsoft Windows administrators and users to ensure they are using a patched and updated system in the face of growing threats. Recent warnings by Microsoft stressed the importance of installing patches to address a protocol vulnerability in older versions of Windows. CVE-2019-0708, dubbed “BlueKeep,” is a vulnerability in the Remote Desktop (RDP) protocol. It is present in Windows 7, Windows XP, Server 2003 and 2008,[ed] and although Microsoft has issued a patch, potentially millions of machines are still vulnerable.”
Audit of NRC’s Cyber Security Inspections at Nuclear Power Plants The Nuclear Regulatory Commission
“NRC’s cyber security inspections generally provide reasonable assurance that nuclear power plant licensees adequately protect digital computers, communication systems, and networks associated with safety, important-to-safety, security, and emergency preparedness. This report makes two recommendations to address future inspection staffing challenges and suitable performance measures for the cyber security inspection program. Agency management stated their general agreement with the findings and recommendations in this report.”
“Wenfeng Lu was seemingly living the American dream—a comfortable life in Irvine, California, with his family and a career in medical device research and development.
Yet Lu’s secret goal was to use trade secrets stolen from his employer to strike it rich in his native China. However, thanks to an FBI investigation, his plan was thwarted, and Lu is now serving a 27-month prison sentence.”
“The breach allowed an unauthorized user to access the personal data of almost 12 million Quest patients, including Social Security numbers and financial records, after the hacker broke through the system of American Medical Collection Agency (AMCA), a billing collection provider for Quest. LabCorp revealed Wednesday that it, too, was impacted, with the records of 7.7 million of its patients compromised by the data breach of the AMCA’s systems.”
“The hack significantly disrupted the city’s operations. The property market was briefly frozen; water bills are not being issued; and communication between police and prosecutors was hindered. The city’s budget office has estimated the cost of the ransomware attack at $18.2 million. That includes the cost of buying new hardware, hiring contractors to help clean up the mess, and lost or deferred revenue.”
“Intelligence officials believe China may have been behind a massive data breach which compromised the personal details of thousands of Australian National University students and staff.”
“A joint U.S.-Estonian round of cyber consultations take places in Tallinn Friday, with norms of responsible state behavior in cyberspace, cybersecurity threats, and the protection of critical infrastructure all on the table.”
“Ott Velsberg, Estonia’s fresh-faced, 28-year-old chief data officer, is on a mission put AI into every part of the country’s public services, from healthcare to education and job centres.”
“SHANGHAI/HONG KONG (Reuters) – China granted 5G licenses to the country’s three major telecom operators and China Broadcasting Network Corp on Thursday, giving the go-ahead for full commercial deployment of the next-generation cellular network technology.”
“Huawei’s corporate parent is selling its 51% of Huawei Marine Networks to Hengtong a Jiangsu-based optical-cable manufacturer, according to a stock exchange filing. The deal isn’t formalised and subject to change, Hengtong said in the filing. The Chinese company, whose Shanghai-listed shares have been suspended from trade, didn’t disclose the size of the deal.”
“It’s been a year since the EU General Data Protection Regulation went into effect, and GDPR fines imposed on companies to date have been modest. But larger GDPR fines are on the way, experts warned.”
“The German Federal Office for Information Security (or the Bundesamt für Sicherheit in der Informationstechnik — BSI) has issued security alerts today warning about dangerous backdoor malware found embedded in the firmware of at least four smartphone models sold in the country.”
“Dozens of social media accounts displaying suspicious behavior have been uncovered in a new report that sees pro-Iranian messaging promoted by profiles impersonating real people, as well as journalists and activists who don’t seem to exist.”
“Anarchists, radical hackers, terrorists, disgruntled employees, organized criminals and states make up the range of potential cyber threats, according to Roee Laufer, head of Cyber and Information Security at the Israel Airports Authority (IAA).”
“The workshop used four real-world, interactive crisis simulations to challenge diplomats, policy makers, think tank representatives, and leaders from the private sector and civil society. The simulations covered a wide range of topics, from using cyber and artificial intelligence in managing refugee crises at sea, through the cyber security challenges posed by foreign investments, and leveraging cyber capabilities in the battle against disinformation. The proposed solutions will be published in a white paper in late 2019.” More
“The Dutch government has launched a new anti-phishing campaign, following a year in which the number of malicious sites faking well-known Dutch brands increased by over 40%.”
“Aluminum producer Norsk Hydro, the victim of a cyber attack in March that paralyzed its IT systems, posted an 82% drop in first-quarter core profit on Wednesday and said a rise in global uncertainty could impact its markets.”
Cyber-Security Centre to Launch Portal for Companies The Portugal News
“Portugal’s National Cyber-security centre is to launch a portal by October for cyber-security in companies to assess organisations’ needs in terms of capacity and skills.”
Romania Signs Agreement over Cybersecurity with Israel Romania Insider
“Romania and Israel signed a memorandum of understanding on cybersecurity, in the context of Romania – Israel Cyber Security Forum, prime minister Viorica Dancila announced. She attended the signing ceremony.”
“Russia’s infamous troll farm conducted a campaign on Twitter before the 2016 elections that was larger, more coordinated and more effective than previously known, research from cybersecurity firm Symantec out Wednesday concluded.”
The Straits Times
“As malicious cyber attacks increasingly target civilian arenas like finance or healthcare, preparing for them requires a mindset change on the part of cyber-security agencies. Mr David Koh, chief executive of the Cyber Security Agency (CSA), said that agencies must learn to rely on partners across government because the wider attack surface requires whole-of-government vigilance.”
“The biggest threat to our cyber-security is weak cyber-security,” said Ciaran Martin, CEO of the National Cyber Security Centre, UK, speaking at Infosecurity Europe in London today (6 June). His observation, based on 1,600 cyber-security breaches from across the past four years, came a day after the Commons Public Accounts Committee’s warning that the UK is more vulnerable to cyber-attacks than ever before.”
“Like the 9/11 report, which fundamentally reorganized the nation’s homeland security and intelligence structure after the Sept. 11, 2001, terrorist attacks, “Securing American Elections” aims big. It argues Russia’s 2016 election interference operation was an attack on fundamental American values, and should provoke the government and private sector to step up “defenses against efforts to erode confidence in democracy.”
The report’s 108 pages include 45 recommendations ranging from securing voting systems and combating online disinformation campaigns to negotiating major election security norms with allies and punishing adversaries who violate them.
‘Like the 9/11 commission leaders who spent years pushing the government to fully implement their reforms amid partisan bickering, this group is preparing for a fierce lobbying campaign to turn its recommendations into reality,’ said Nate Persily, a report author and director of Stanford’s Cyber Policy Center.
The report authors, who include Michael McFaul, U.S. ambassador to Russia during the Barack Obama administration, and former Facebook chief security officer Alex Stamos, also plan to lobby many of their election-security recommendations to state and local officials, Persily said. They will urge them to voluntarily adopt protections that congressional Republicans are wary of forcing on them.
Those recommendations include having paper trails for all ballots, conducting post-election audits and inviting ethical hackers to probe their voting systems for vulnerabilities.”