Good News Stories – ICD Brief 110.

ICD Brief 110.

19.11.2018.-25.11.2018.

Greetings from Manhattan a city like no other: exciting, resilient and inspiring. Here are a few of our updates from this week.

USA

NYC Invests to Become Hub for Cybersecurity Professionals

“As part an effort to turn New York City into a hub around which cybersecurity startups will be founded, the New York City Economic Development Corp. (NYCEDC) has allied itself with SOSA, a startup incubator, to create a physical location in lower Manhattan designed to enable academic and cybersecurity experts to bring new cybersecurity technologies to market.”

DHS Hopes Supply Chain Task Force Will Enhance Federal IT Security

“The Department of Homeland Security is moving ahead with plans to beef up security for the global IT supply chain and, by extension, for the federal government. On Oct. 30, DHS announced the creation and chartering of the nation’s first Information and Communications Technology Supply Chain Risk Management Task Force. The task force is a public-private partnership designed to examine and develop “consensus recommendations” to identify and manage risk to the global ICT supply chain.”

Manufacturers Remain Slow to Recognize Cybersecurity Risk

“They have names like NotpetyaSamsam and perhaps the most cynically named WannaCry. These are just some of the most recent cyberattacks that have not only affected financial institutions, retailers and shipping companies but have also plagued manufacturers, like Merck & Company., the pharmaceutical firm, and the snack company Mondelez International.”

Indonesia and United States Ink Agreement on Cybersecurity Training

“The Indonesian government has inked partnership agreement with the United States to strengthen the bilateral collaboration against transnational cyber and financial crimes. The agreement between the Indonesian National Police and the U.S. Attorney-General’s Office is intended to increase U.S. training of Indonesian law enforcement officials to fight against cyber-attacks using digital forensics, the Straits Times reported.”

Singapore and US Commit to ASEAN Cybersecurity

“The Cyber Security Agency of Singapore and the US Department of State have signed a Declaration of Intent (DOI) that will benefit ASEAN member states.”

Australia

Australia and New Zealand Announce Joint Pacific Cyber Security Plan

“Australia and New Zealand have made a new commitment to cyber security in the Pacific.”

Baltics/Estonia

Start-Ups Invited to Beef Up Estonian Cyber Security

“Estonia has begun to invite early-stage start-ups to join its defence artificial intelligence (AI) and cybersecurity accelerator, the first of its kind in Europe.”

Czech Republic

Ratas in Prague: Czech Interested in Our E-Services, We in Their E-Commerce

“Prime Minister Jüri Ratas (Centre) on Friday assured Czech Prime Minister Andrej Babiš that Estonian experts and IT companies are prepared to support the Czech Republic in creating its own e-state, adding that Estonia in turn is interested in Czech experiences in the development of e-commerce.”

China

China in Breach of Cybersecurity Pact

“It has been a fairly turbulent week in the cyber-espionage space following accusations that China’s Ministry of Security Services is behind the surge of intellectual property theft from Australian companies.”

EU

Cyber Defence: Council Updates Policy Framework

“The EU is increasingly cooperating in cyber defence, with a view to strengthen its capacities. At its last meeting, on 18 October 2018, the European Council called for measures to build strong cybersecurity in the EU. EU leaders referred in particular to restrictive measures able to respond to and deter cyber-attacks.”

Germany

German eID Card System Vulnerable to Online Identity Spoofing

“Security researchers have found a vulnerability in the backbone of the electronic ID (eID) cards system used by the German state. The vulnerability, when exploited, allows an attacker to trick an online website and spoof the identity of another German citizen when using the eID authentication option.”

Hungary

CEE Countries, Including Hungary, At Risk of Cyberattacks

“According to research conducted by Legal Week Intelligence and CMS, more than 100 separate cyber incidents were recorded last year affecting 18 CEE countries, yet less than a quarter of these resulted in government or regulatory action.”

India

India May Impose Higher Penalties to Ensure Companies Report Cybersecurity Breaches

“The government wants to impose higher penalties on companies that fail to immediately report incidents of data breach of Indian users to the authorities, a senior government official has said adding that the current ones are too low.”

Cybersecurity Insurance Hits Missing Data Roadblock

Cybersecurity insurance, a new buzzword among Indian insurers, have crucial roadblocks to surmount before it can live up to the potential promised by the companies. Lack of actuarial data on cyber-attacks, murky disclosures by victim companies and the incredible speed at which a breach may spread globally has companies in a bind.”

Israel

Israel Defence Ministry to Provide G20 Cybersecurity in $5m Deal

“Israel’s Defence Ministry will provide cyber security for the upcoming G20 summit after signing a $5 million deal with its Argentinian counterpart.”

ITU

PP-18 Concludes in the UAE with ITU Telecom Strategy for the Next Four Years

“Organised by TRA, the key telecom event, convened delegates and guests from over 180 countries and 2300 delegates discussed 274 working papers throughout the period of three weeks to map out the future ICT roadmap.”

Singapore

Singapore to Collaborate with Canada, US on Cybersecurity

“Singapore has inked partnership agreements with Canada and the US that encompass data sharing as well as joint technical certification programmes and capacity building initiatives.”

Association of Banks in Singapore Issues Set of Cybersecurity Assessment Guidelines

“The Association of Banks in Singapore (ABS), with support from the Monetary Authority of Singapore (MAS), has developed a set of cybersecurity assessment guidelines to strengthen the cyber resilience of the financial sector in Singapore.”

UK

UK Power Grid Vulnerable as Government Failing on Cybersecurity

“The government is failing to deliver on promises to protect the UK’s critical national infrastructure (CNI) from cyber attacks, a report from a parliamentary committee has warned.”

GCHQ warns on Black Friday cyber-threat

“The National Cyber Security Centre’s advice to reduce the risk of cyber-crime is:

  • Install the latest software and app updates
  • Choose strong and separate passwords for accounts
  • Type in a shop’s website address rather than clicking on links in emails
  • Avoid over-sharing unnecessary information with shops, even if they ask
  • Don’t panic if you think you’ve been a victim of fraud
  • Keep an eye on bank accounts for unrecognised payments
  • Make sure all your home gadgets are secure”
Posted in Weekly Brief | Leave a comment

Si Vis Pacem, Para Bellum – ICD Brief 109.

ICD Brief 109.

12.11.2018.-18.11.2018.

“If you want peace, prepare for war!” And we are. Read on.

USA

Trump Sings Bill That Creates the Cybersecurity and Infrastructure Security Agency

“US President Donald Trump signed today [16 November] a bill into law, approving the creation of the Cybersecurity and Infrastructure Security Agency (CISA).”

Russians Impersonating US State Department Aide in Hacking Campaign: Researchers

“Hackers linked to the Russian government are impersonating U.S. State Department employees in an operation aimed at infecting computers of U.S. government agencies, think tanks and businesses, two cybersecurity firms told Reuters.”

DHS S&T and Dutch Partners Award $2.5M to Support Collaborative Cybersecurity R&D

“The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and its counterparts in the Netherlands jointly announced today a total of $2.5 million in collaborative cybersecurity research and development (R&D) across five U.S-Dutch research teams.”DOD Teams with DHS for Critical Infrastructure Protection

Program Providing Free Cybersecurity Training to Veterans Launches in NC

“On Wednesday, the North Carolina Secretary of Commerce, along with several business leaders and public officials, launched a free training program to get veterans into one of 18,000 North Carolina IT jobs.”

Australia

Australia’s Cybersecurity Chief Says Austral Defense Hack Investigation May Take Years

“Australia’s chief cyber security chief said on Tuesday an investigation into the hacking of defense contractor Austal Ltd could take years, rejecting a local media report that his agency had concluded the attack originated from Iran.”

Baltics/Estonia

Estonia Wants to Shape World Cyber Laws on UN Security Council (video)

“Estonian ambassador to the United States, Jonatan Vseviov, speaks to Fifth Domain at Cybercon 2018 in Pentagon City, Va., pointing to an upcoming election that could have big implications to international cyber laws.”

China

Update on Enforcement of China’s Cybersecurity Law

“Companies doing business in China may see an increase in enforcement actions with the enactment of a new cybersecurity regulation and the enforcement powers of the Public Security Bureaus (PSBs) officially codified. The regulation – Provisions on Internet Security Supervision and Inspection by Public Security Organs – is now in effect, more than a year after the enactment of the country’s Cybersecurity Law.”

France

‘Paris Call’: 51 states vow support for global rules on cyberweapons

“Fifty-one states, including all EU members, have pledged their support for a new international agreement to set standards on cyberweapons and the use of the internet, the French government said Monday.

The states have signed up to a so-called “Paris Call for Trust and Security in Cyberspace”, an attempt to kickstart stalled global negotiations.

ChinaRussia and the United States did not sign the pledge, reflecting their resistance to setting standards for cyberweapons which are at the cutting edge of modern warfare.”

Iran

Minister: Iran Considering Paris Cybersecurity Initiative

“Iranian Minister of Information and Communication Technology Mohammad-Javad Azari-Jahromi wrote on his Twitter page on Tuesday that Iran is considering the newly-introduced initiative by French President Emanuel Macron at the UNESCO Internet Governance Forum (IGF) on Monday reports.”

Israel

Israeli Firms Ministry Set Up Consortium to Tackle Aviation Cyberthreats

“A group of Israeli cybersecurity firms, along with the Economy and Industry Ministry, has set up a new cyber consortium for the aviation industry. The announcement was made Wednesday as part of the 5th International Conference of Homeland Security and Cyber, organized by Israel’s Export Institute.”

NATO

NATO to “Integrate” Offensive Cyber by Members

“NATO is clear that we will not perform offensive cyberspace operations,” said Maj. Gen. Wolfgang Renner. “However, we will integrate sovereign cyberspace effects from the allies who are willing to volunteer.”

Singapore

Singapore, US Pledge to Enhance Ties in Energy, Cybersecurity

“Singapore and the United States are exploring new turf in their relationship as they reach beyond the traditional domains of defence and trade to grasp opportunities in areas such as driverless cars, energy and cyber security.”

UK

Search to Find Cyber Security Experts of the Future

“An online programme designed to inspire teenagers to think about a career in cyber security will continue for a second year after a successful pilot across England.”

Posted in Weekly Brief | Leave a comment

Under Attack – ICD Brief 108.

ICD Brief 108.

05.11.2018.-11.11.2018.

Today millions honored the fallen on this 100th anniversary of the end of World War I. This monument is in the town of Le Mesnil-Amelot near the airport hotel where I moved to avoid missing my plane this afternoon.

The emphasis this week is on a world contemplating attack and rushing to prepare. Our Feature is a study by Microsoft of The Growing Menace of Cyber Attacks in the Asia-Pacific Region.

USA

After No Obvious Voting System Compromises in Midterms, US Cybersecurity Officials Look to 2020

“An unprecedented federal and state collaboration to defend election systems against Russian interference ended with no obvious voting system compromises, although it’s not entirely clear why.”

Microsoft Wants to Work with Trump and Congress on Cybersecurity

“Microsoft wants to work with Congress to establish cybersecurity measures for civilians, the company’s president told CNBC Wednesday. Speaking to CNBC at the 2018 Web Summit in Lisbon, Portugal, Brad Smith said Microsoft wanted to address the “fundamental question” of safeguarding the population against cyber threats — but he said the outcome of the midterm election would not hinder that mission.”

US Banks Prepare for Iranian Cyberattacks as Retaliation for Sanctions

“As the United States reinstated economic sanctions on Iran on Monday, American banks were gearing up for retaliatory Iranian cyberattacks. Bank executives believe Iranian hackers could attempt to disrupt financial services, perhaps as they did between 2011 and 2013 — with denial-of-service attacks that interrupted bank websites and other internet financial services.”

US Accuses China of Violating Bilateral Anti-Hacking Deal

“China has been violating an agreement with the United States aimed at stopping cyber espionage through the hacking of government and corporate data, a senior U.S. intelligence official said on Thursday.”

DHS Head: “Relentless Resilience” Will Drive Collaboration on Cybersecurity

“As the Department of Homeland Security continues to change the way it handles various cyberthreats the U.S. faces, the agency’s head said it’s focusing on making essential functions provided by critical infrastructure sectors more resilient.”

Australia

Here’s What You Need to Know About the Austal Cyber Attack and Extortion Attempt

“Western Australian-based Austal announced to the stock exchange that an unknown offender had targeted its data management system. Federal authorities are now investigating who was responsible for the hack and the full extent of information gathered.”

Baltics/Estonia

Security: After Estonia’s ID-Card Train Wreck This Identity App Is Taking Baltics by Storm

“A year ago Estonia was embroiled in its ID card crisis. The hardware behind the ID cards that serve as a cornerstone of the Baltic country’s e-state was found to be vulnerable to attack.”

China

The New China Cybersecurity Inspection Regulation Broadens PSB Authority

“On November 1, 2018, China’s new “Regulation on the Internet Security Supervision and Inspection by Public Security Organs” (公安机关互联网安全监督检查规定) will take effect. Passed by China’s Public Ministry of Public Security (MPS) on September 30, 2018, it is the latest regulation that implements China’s Cybersecurity Law (CSL), which took effect in June last year.”

EU

Cybersecurity High on European Commission Agenda

“For the future, the commission has made proposals for the next budget cycle to step up the funding support in cyber security for research and innovation through the Horizon Europe programme and the new Digital Europe programme, with an overall budget of €9.2bn.”

France

Natixis Investment Summit: Shaping the New Geopolitical World Order

The Natixis Investment Managers Summit took place November 6, 7 in Paris. It brought together 70 global experts and 500 senior leaders from finance, business, policy, and academia. The invitation only event opened with a dialogue between former Colombian President and Nobel Peace laureate Juan Manuel Santos and Prince Zeid Ra’ad Al-Hussein, former U.N. High Commissioner for Human Rights. Its closing panel brought together former Italian Prime Minister Matteo Renzi, French President Nicolas Sarkozy & German Chancellor Gerhard Schröder.

Germany

Cybersecurity Threat in Germany Rises to a New Level

“On October 11, 2018, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, “BSI”) published its annual Report on the State of IT Security in Germany 2018 (“Security Report”). The Security Report shows an alarming increase in cybersecurity attacks against state agencies, critical infrastructure, and private companies, as well as against individuals, during the reporting period of July 1, 2017 to May 31, 2018. In its press statement from the same date, the BSI noted that “the combination of new attack quality and increasing digitalization raises the threat situation to a new level.”

Israel

Education Program Trains Teen Girls for Cybersecurity Jobs

“CyberGirlz, a program that prepares Israeli teens to enter the cutting-edge field of cybersecurity, aims to close the gender gap in an industry where women only make up 11% of the workforce; program founder: ‘if we want equal representation, then we need to start at a young age.”

Japan

“Japan and the 10 members of ASEAN will create a dedicated website for sharing information on cyberattacks, enabling the rapid dissemination of material related to techniques and effective responses.”
“A cybersecurity subsidiary of Japan’s Nomura Research Institute (NRI) unveiled a new blockchain security alert tool in a press release Nov. 8, also confirming a partnership with U.S. blockchain software company ConsenSys.”

 

ITU

ITU to Set Standards for 5G Next Year

“The standard for Fifth Generation mobile technology (5G) will be set by the International Telecommunication Union (ITU) by the end of next year.”

NATO

“The need for cybersecurity community support has brought together an impressive line-up of speakers from the North Atlantic Treaty Organization (NATO), Mastercard, U.S. Cyber Command, the Defense Information Systems Agency, Momentum Cyber, and the Coast Guard to share offensive and defensive network security strategies and insights with the satellite industry at the 2018 CyberSat Summit, taking place Nov. 14-16 at the Sheraton Pentagon City Hotel [Virginia].”

Poland

“The US sees Poland as a regional leader in the area of cybersecurity, and the work carried out by Poland and the US will lead to EU security, emphasised US Secretary of Energy Rick Perry at a briefing after the end of a US cybersecurity training.”

Russia

“The foreign ministers of Russia and Spain say they agreed to establish a joint cybersecurity group to keep the malicious spreading of misinformation from damaging relations between their countries.”

South Korea

“Five men in South Korea were arrested on Thursday for illicitly injecting crypto mining malware into more than 6,000 computers.”

UK

“The UK Financial Conduct Authority (FCA) announced at the start of last month that it had fined Tesco Bank £16.4 million for a cyber-attack that occurred two years ago.”
“On Friday the Bank of England (BoE) will host a day-long war gaming exercise designed to test the financial sector’s resilience to a major cyber incident.”

Feature

“A Frost & Sullivan study commissioned by Microsoft revealed that a large-sized organization in the Asia Pacific region can possibly incur an economic loss of $30 million, more than 300 times the average economic loss for a mid-sized organization. This is more than seven percent of the region’s total GDP of $24.3 trillion. In addition to financial losses, cybersecurity incidents are also undermining Asia Pacific organizations’ ability to capture future opportunities in today’s digital economy, with one in six (59 percent) respondents stating that their enterprise has put off digital transformation efforts due to cyber risks, the study emphasized.”

 

Posted in Weekly Brief | Leave a comment

Paris – ICD Brief 107.

ICD Brief 107.

29.10.2018.-04.11.2018.

Greetings from Paris, where I have the honor of speaking at the first Natixis Investment Managers Cyber Security Summit this week.

I joined Parisians and visitors and walked down the middle of the Champs Elysee celebrating the first Sunday of the month. The Etoile was filled with bleachers and other indications of a big national celebration on November 11 of the Hundredth Anniversary of the end of the Great War.

The ICD 107 features The Future of Financial Stability and Cyber Risk by Jason Healey, Patricia Mosser, Katheryn Rosen, Adriana Tache of the Brookings Institute. It’s in our view, a major contribution to the academy.

USA

Why DOD Is Sending Cyber Teams to DHS Before the Election

“The Defense Department has sent cyber personnel to work with the Department of Homeland Security ahead of midterm voting in an effort to prevent or respond to election hacking attempts.”

New DHS Cyber Center Meets with Industry to ID Most Valuable Assets

“The meeting with officials from the communications, electricity and finance sectors will be followed by meetings with the other 13 critical infrastructure sectors in coming weeks, Mark Kneidinger, deputy director of Homeland Security’s National Risk Management Center told reporters after speaking before a Commerce Department advisory board.”

Interagency Programs to Protect Financial Sector from Cyber Attacks Off to a Good Start

“Two top cyber officials say initial pathfinders programs to protect the financial sector from cyber attacks are off to a good start and showing positive process for future programs.

‘What we are doing with the financial sector is taking that picture of what they’ve identified as key functions and risks to their industry and then we bring in the Defense Department, the intelligence community,’ said Jeanette Manfra, assistant secretary for the office of Cybersecurity and Communications at DHS, during a speech Tuesday at the Carnegie Endowment for International Peace in Washington.”

Prison Time, Hefty Fines for Data Privacy Violations: Draft US Senate Bill

“A senior Democratic U.S. senator on Thursday unveiled draft legislation that would allow hefty fines and as much as 20-year prison terms for executives who violate privacy and cybersecurity standards.”

Australia

AustCyber to Figure Out What “Cyber Skills” Actually Are

“It’s a project that sails boldly into the dangerous and uncharted waters of actual evidence-based policy. AustCyber is working with the Australian Department of Education and Training, and PwC’s Skills for Australia program, to understand our needs for cyber vocational education and training.”

Baltics/Estonia

e-Estonia: Could the Digital Powerhouse of Tallinn Be Your Next European Business Hub?

“Frequently hailed as one of the most digitally advanced societies in Europe, Estonia is carving its own unique path in today’s digital landscape. But could it be the right location for your European venture?”

Australia

AustCyber to Figure Out What “Cyber Skills” Actually Are

“It’s a project that sails boldly into the dangerous and uncharted waters of actual evidence-based policy. AustCyber is working with the Australian Department of Education and Training, and PwC’s Skills for Australia program, to understand our needs for cyber vocational education and training.”

Baltics/Estonia

e-Estonia: Could the Digital Powerhouse of Tallinn Be Your Next European Business Hub?

“Frequently hailed as one of the most digitally advanced societies in Europe, Estonia is carving its own unique path in today’s digital landscape. But could it be the right location for your European venture?”

China

China Issues New Rules Strengthening Local Authorities’ Power to Enforce Cybersecurity and Data Privacy Laws

“The Chinese Ministry of Public Security (MPS) on September 15, 2018, released the Provisions for the Supervision and Inspection of Network Security by Public Security Agencies, also known as “Circular 151.” This new regulation provides a legal basis and framework for wide-ranging authority for local law enforcement agencies (Public Security Bureau, or PSB) in China to enforce China’s cybersecurity and data privacy laws by conducting onsite or remote inspections of internet service providers, as well as any entities that use networks for their operations. Circular 151 officially comes into effect on November 1.”

EU

EU Cybersecurity Act: How a Little-Known Piece of Legislation Could Transform the Internet of Things

“The EU’s Cyber Security Act has two main purposes. Firstly, it will give ENISA, the EU’s cyber security agency, a permanent mandate. Its second function is to establish a new EU-wide certification framework for IT products, services and processes.   While in the past networks comprised of a set number of devices, the emergence of the so-called “internet of things” has seen a huge rise in the size of the attack surface of any given organisation.”

India

“8 in 10 Indian Firms Have Cybersecurity Insurance, But Only Half Say It Is Full Coverage”

“Indian telco providers best prepared, with 60 percent reporting comprehensive cyber insurance.”

“Only half (48 percent) of Indian firms said their cybersecurity insurance covers all risks and 44 percent of Indian firms said their insurer based their premiums on an accurate analysis of their risk profile.”

NATO

Enhancing Cybersecurity in Ukraine

“As part of the NATO Defence Education Enhancement Programme for Ukraine, experts from allied countries visited the Serhiy Korolylov Zhytomyr Military Institute (ZMI) from 24 to 28 September, 2018 to assist with the development of a new course on cybersecurity. Ukraine is one of the first NATO partners (together with Tunisia) to develop such a course.”

Singapore

Singapore Sets Up World’s First Commercial Cyber Risk Pool

“Singapore is setting up the world’s first commercial cyber risk pool as part of efforts to develop the region’s capacity to deal with threats from cyber attacks, Finance Minister Heng Swee Keat announced at the 15th Singapore International Reinsurance Conference on Monday (29 Oct).”

’The pool will commit up to US$1 billion in capacity, and bring together both traditional insurance and insurance-linked securities markets to provide bespoke cyber coverage,’ he said.”

UK

Iranian Hackers Hit UK Cybersecurity Universities

“Iranian cybercriminals tried to hack into U.K. universities offering government-certified cybersecurity courses, successfully accessing at least one university’s accounts during a campaign lasting months.”

Vietnam

Vietnam to Tighten Up Conditions on Facebook and Google

“A draft decree on implementing the Cybersecurity Law will enforce tougher conditions on tech businesses like Facebook and Google. The Ministry of Public Security has publicized the draft decree to collect feedback for a month starting Friday.”

Feature

The Future of Financial Stability and Cyber Risk

by Jason Healey, Patricia Mosser, Katheryn Rosen, Adriana Tache

Brookings Institute

“This paper starts by examining traditional risks to financial stability, such as contagion from excessive leverage. It also examines the current regulatory frameworks and partnerships, both domestic and international, established to increase the resilience of the financial system to cyber risk. The analysis concludes with major concerns and potential gaps in understanding and mitigating cyber risks to financial stability.”

Posted in Weekly Brief | Leave a comment

Wild West Sunset – ICD Brief 106.

ICD Brief 106.

22.10.2018.-28.10.2018.

The sun may be setting on cyber’s wild west. During my recent two weeks in Europe and on my return, I see progress to nascent signs of order, accountability and stability. It’s been the brightest part of a terrible week of news.

USA

The US Needs a Cybersecurity Civilian Corps

by: Natasha Cohen and Peter W. Singer

“Like the auxiliaries that arose during WWII, a new volunteer organization will help face today’s threats.”

Investigative Report Offers Insights on Internal Controls in the Context of Cybersecurity

“Last week, the Securities and Exchange Commission published an investigative report. The report discusses the Commission’s investigation of nine public companies that were subject to cyber breaches. The breaches involved email compromises that directed the companies to send money to third parties.”

“Facebook has uncovered a covert Iranian disinformation campaign which attempted to sow political discord in the U.S. over such hot-button issues as race, immigration, police brutality and President Trump ahead of the November midterm elections.”
“Equifax Inc., Experian Inc., and TransUnion will have to comply with New York’s financial sector cybersecurity rules as of Nov. 1, after the state moved to police the credit reporting companies’ data security woes.”
“The Department of Homeland Security is looking to refine its system of cybersecurity sensors to adapt to the needs of more complex cloud platforms, Nextgov reported Wednesday.”
“The Homeland Security Department is directing additional Election Day cybersecurity resources, in some cases, to states with tight electoral races, the Homeland Security Department’s top cybersecurity official Chris Krebs said Tuesday.”
“The Department of Homeland Security should push federal agencies to implement stronger encryption practices for government websites visited by federal workers and everyday citizens alike, Sen. Ron Wyden says.”

Australia

“For decades, the government didn’t even acknowledge the existence of the organisation that eventually became the Australian Signals Directorate. But while much of its work remains classified, the ASD’s profile is higher than it ever has been before because of the growing importance of information security and the ASD’s custodianship of the Australian Cyber Security Centre (ACSC).”

China

“The Regulation on the Internet Security Supervision and Inspection by Public Security Organs (the “Regulation”;《公安机关互联网安全监督检查规定》) will take effect on November 1, 2018. As the latest regulation issued by MPS that implements China’s Cybersecurity Law (“CSL”), which took effect in June last year, the Regulation sets forth detailed procedural guidance describing how Public Security Bureaus (China’s police force, commonly referred to as “PSBs”) conduct cybersecurity inspections of companies that provide a broad range of “Internet services” in China.”

EU

“Cyber experts and European policy makers have gathered in the Europol headquarters in The Hague to share their experiences and knowledge on the Internet of Things (IoT) at the Europol-ENISA IoT Security Conference.”
“This cutting-edge article on Cybersecurity was exclusively written for The Sting by the European Commissioner for Digital Economy and Society, Ms Mariya Gabriel.”
“Anjos Nijk of the European Network of Cyber Security explains the importance of having more energy sector cybersecurity professionals.”

India

“Despite the growth in data breaches, security managers at Indian firms are incredibly confident in their cybersecurity preparedness, according to a new survey conducted by research and consultancy firm Ovum for Silicon Valley analytics firm FICO. Eighty-eight percent of executives from Indian firms said their firm was better prepared than their competitors in their industry.”

Iran

“On Friday, Facebook shut down another network of 82 accounts, pages, and groups that have been posing as US and UK citizens since 2016. The network, which Facebook says originated in Iran, has spread memes, articles, and other posts about political topics including race relations, the upcoming midterm election in the US, and the recent confirmation hearings for Supreme Court Justice Brett Kavanaugh. It also hosted seven events.”

Japan

“The cryptocurrency scene is evolving too quickly for policymakers to keep up. That’s the rationale behind a move by Japan—already arguably the most advanced nation in the world when it comes to cryptocurrency regulation—to officially let industry create and enforce its own rules. If the approach works, expect other nations to try it too.”

NATO

“Indra has signed an industrial collaboration agreement with the Nato Communications and Information Agency (NCIA) to join its cyber defence coalition.”

UK

“Royal Navy, US Navy, and tech industry leaders ready to commit to ‘a framework for dialogue and cooperation’ at inaugural meeting of the Atlantic Future Forum.”

 

 

Posted in Weekly Brief | Leave a comment

Mixed News and Views – ICD Brief 105.

ICD Brief 105.

15.10.2018.-21.10.2018.

Today’s Brief reflects my impressions brought back from the last weeks in Europe. While the mood is unsettled, the attitude has shifted from concern to context. Building context for the cyber sphere gives it a newly identified “place” where it will be properly considered. All opinions expressed are those of the authors, not the ICD Brief.

USA

UK-US Cyber Accord to Be Announced by Defence Secretary

ITV Report

“Britain and the US will sign an accord to ensure the two nations dominate and out manoeuvre adversaries in the cyber battlefield, the Defence Secretary will announce. Gavin Williamson is expected to reveal the agreement during a Trafalgar Night dinner onboard HMS Queen Elizabeth, which is currently anchored two miles from Manhattan in New York.”

White House Policy Adviser: Basics Really Matter

Tim Starks,Politico

“ A smorgasbord of federal officials and other experts at the CyberTalks conference weighed in on the state of cybersecurity, especially around especially around election security. Here are a few of the big takeaways.”

FDA and DHS to Collaborate on Boosting Med Device Cybersecurity

 Callum Little, Medical Plastic News

“As part of ongoing efforts to strengthen cybersecurity in health care, the U.S. Food and Drug Administration (FDA) and the U.S. Department of Homeland Security (DHS) have entered a partnership to help address cybersecurity in medical devices.”

Top Cybersecurity Centre Set to Open in New York    

Software Testing News

“A new $100m cyber security centre is set to open in New York next year. New York is pushing to lead the world in becoming a leading cyber security hub, this year attracting firms with a $30m initiative.”

Securing Middle America: Small Towns More at Risk of Ransomware, Phishing and More   Robert Abel ,SC Media

“Cybersecurity firms may be leaving money on the table chasing big fish in the form of large enterprise deals, while smaller local government entities go unprotected. While cyberattacks target entities of all sizes in both the public and private sector, small towns can find themselves especially vulnerable as the result of a lack of funds and knowledge. Within the last month, ransomware shut down the operations of a North Carolina water utility company, an Idaho county, and most recently the Indiana National Guard.”

Maryland’s “Cyber Town USA” Will Have Tenants by 2020

Government Technology from Meredith Cohn, The Baltimore Sun

“The first companies to commit to moving to South Baltimore’s massive Port Covington redevelopment see themselves as more than tenants. Three cybersecurity industry firms, which announced plans Thursday to open headquarters by 2020 in the project’s first development phase, are in the business of investing in and nurturing cyberfirms. And they see themselves attracting dozens of companies with hundreds of workers to what they call “Cyber Town USA,” making Port Covington the epicenter of a Silicon Valley of the East Coast.”

Australia

Australia Encryption Bill Will Weaken Cybersecurity, Warns Apple

Eleanor Dickinson ARN-CIO from IDG

“Apple has hit back against Australia’s controversial surveillance bill by raising concerns about the Assistance and Access Bill, arguing its “dangerously ambiguous” wording will create a risk to weakened cyber security.”

UN Rights Expert Warns Australia’s Proposed Cybersecurity Bill Too Extreme

Tate Brown, Jurist

“Australia’s proposed cybersecurity bill is “fatally flawed” and should be dropped, the UN Special Rapporteur on the right to privacy said Thursday.”

Australia Lawyers’ Group: Draft Cyber Laws Would Curb Rights

Rod McGuirk ,Associated Press

“The president of Australia’s top lawyers’ group told a parliamentary inquiry that proposed cybersecurity laws to force global technology companies such as Facebook and Google to help police by unscrambling encrypted messages sent by extremists and other criminals would significantly limit individuals’ privacy and freedom.”

Baltics/Estonia

Estonia and Other EU Countries Push for Sanctions for Cyber Attackers

Sten Hankewitz, Estonian World

“Estonia, the UK, the Netherlands and other European Union countries are pushing for the EU’s sanctions regime to include cyber attacks after the alleged attempts by Russian and Chinese operatives to break into the computer systems of European agencies.”

China

Opinion

China’s New “Legal” Cyber Espionage: Time to Respond

Claud Barfield , American Enterprise Institute

“Even if belatedly, the Trump administration is stepping up counterattacks on widespread (and possibly increasing) Chinese government-backed theft of US firms’ intellectual property and trade secrets. Last week, the US Department of Justice indicted an official of China’s Ministry of State Security on charges of economic espionage and attempting to steal trade secrets from American aviation and aerospace companies. The indictment followed an extraordinary extradition from Belgium in which the Chinese operative had been lured by US agents.”

EU

Digital Skills Gap and Disinformation: How Public Libraries Can Help

Ilona Kish, Euroactiv

“It’s a statistic we’ve heard time and time again in recent years: while 90% of future jobs will require digital skills, almost half (44%) of Europeans lack even the most basic digital skills, warns Ilona Kish.”

Fearing Election Hacking, EU Leaders to Ready Sanctions

 Alexandra Brzozowski, EURACTIV.com with Reuters

“EU leaders agreed at a summit on Thursday (18 October) to impose sanctions to stiffen their response to cyber attacks and to rush through new curbs on online campaigning by political parties to protect next year’s European election from interference.”

Germany

European Cybersecurity Challenge: Germany Wins, UK Takes Bronze

Conor Reynolds, Computer Business Review CBR

“Team Germany has won this year’s European Cyber Security Challenge (ECSC) narrowly beating France in a hectic and competitive final.”

Hungary

Hungary Increases Its Scientific Cooperation with NATO 

NATO Science for Peace and Security Programme

“Scientists and other experts from NATO and Hungary discussed future projects of cooperation at the NATO Science for Peace and Security (SPS) Programme Information Day held in Budapest on 11 October 2018.”

India

Indian Firms Are “Over Confident” About Cybersecurity, Report Says

Bala Yogesh ,Cybersecurity Investing News

 “Indian companies are “overly confident” in their cybersecurity preparedness despite having limited cybersecurity tools at their disposal, says a report from Fico (NYSE:FICO), released on Thursday (October 18).”

NATO

NATO Cyber Command Grapples with Attack Rules  

Robin Emmott,ITNews

“A new NATO military command centre to deter computer hackers should be fully staffed in 2023 and able to mount its own cyber attacks but the alliance is still grappling with ground rules for doing so, a senior general said on Tuesday.”

Netherlands

Small Companies Less Affected by Cyber Attacks   

Statistics Netherlands- CBS

“Small businesses are less often the victim of cyber attacks than larger ones. In 2016, 9 percent of businesses with between 2 and 10 persons employed were faced with an ICT security incident with an external cause. This was the case for 39 percent of the businesses employing 250 or more persons. In both groups, cyber crime resulted in extra expenses for half of all affected businesses. This is reported by Statistics Netherlands (CBS) on the basis of the Cyber Security Monitor 2018.”

Poland

Ukraine, Poland Said Hit in New Cyberattack        

Orsolya Liddiar,TOL

“IT company says three companies were compromised in attack similar to takedown of Ukraine’s power grid in 2015.”

Russia

Russia Dodges Bullet of EU Sanctions on Cyber – For Now

Laurens Cerulus,Politico

“If there ever was a window for European leaders to name and shame Moscow for carrying out cyberattacks against networks in the EU, Thursday’s Council meeting would have been it. They chose to let the chance go by.”

UK

Inside the Agency that Protects Britain from Cyberattacks         

 Short video

“NBC’s Ken Dilanian visits the UK’s National Cyber Security Centre, which protects British consumers, companies and government agencies from hackers.”

NCSC Annual Review 2018

“CEO Overview

Ciaran Martin, CEO of the National Cyber Security Centre

Cyber security is a tough, complex challenge. But the UK is making significant progress in strengthening our defences against those who seek to harm us online. This matters as we look to an ever more digital future for our prosperity.

In this report – GCHQ’s National Cyber Security Centre’s second Annual Review – we set out:

  • the latest overview of the threats we face;

  • the progress we’ve made in meeting them, including some world-leading initiatives to rectify some of the systemic security weaknesses of the modern Internet;

  • the cyber security challenges facing families, businesses, critical network owners and government, and what they can do to meet them; and

  • our plans for the future.”

The National Cyber Security Centre (NCSC) was created in 2016 as part of the government’s five-year National Cyber Security Strategy. Since then, our goal has been to make the UK the safest place to live and work online.”

UK to Be Hit by “Category 1” Cyber Emergency, Intelligence Chief Warns 

Samuel Osborne, The Independent

“Britain will be hit by a life-threatening “category 1” cyber emergency in the near future, the National Cyber Security Centre (NCSC) has warned. The NCSC’s annual review revealed it is currently repelling around 10 attempted cyber attacks every week, with “hostile states” said to be responsible for the bulk of thwarted strikes.”

Posted in Weekly Brief | Leave a comment

Greetings from Brussels – ICD Brief 104.

ICD Brief 103.

08.10.2018.-14.10.2018.

Greetings from Brussels! It’s clear that we can no longer claim ignorance in most areas of the cybersphere.

USA

Pentagon Slow to Protect Weapon Systems from Cyber Threats

“The Pentagon has been slow to protect major weapon systems from cyber attacks and routinely found critical vulnerabilities that hackers could potentially exploit in those systems, a federal government report said on Tuesday.”

US Homeland Security Says No Reason to Doubt Firms’ China Hack Denials

“The U.S. Department of Homeland Security said on Saturday it currently had no reason to doubt statements from companies that have denied a Bloomberg report that their supply chains were compromised by malicious computer chips inserted by Chineseintelligence services.”

DHS, FBI Chiefs Say Cyber Inflects Every Security and Criminal Threat

“Secretary of Homeland Security Kirstjen Nielsen told senators at an Oct. 10 hearing that globally pervasive internet connectivity not only makes the U.S. and its allies more susceptible to cyberattacks, it also makes it easier for terrorist organizations and transnational criminal groups to coordinate and recruit new followers, while leaving the country more susceptible to foreign influence operations online.”

Instagram Unveils New AI-Powered Anti-Cyberbullying Feature

“In honor of National Bullying Prevention month in the US, Instagram has unveiled its latest AI features that aims to help tackle cyberbullying by scanning posted content.

The new feature leverages machine-learning technology to detect bullying in posted photos, captions and comment, before forwarding the information to Instagram’s community operations team to review.”

FDA Warns of Medtronic Device Cybersecurity Risk

“The FDA has issued a cybersecurity safety communication about two Medtronic devices used to program pacemakers and other cardiac implants.”

FS-ISAC Awards Cybersecurity Scholarships in Europe

“Five women have been awarded cyber security scholarships at FS-ISAC’s 2018 EMEA Summit.

The Financial Services Information Sharing Analysis Center (FS-ISAC) has announced the winners of its Building Cybersecurity Diversity (BCD) scholarship programme in Europe.”

Bipartisan Pair of State Officials Praise Trump Administration on Election Security

“Democratic and Republican secretaries of state from New Mexico and Colorado on Thursday heaped praise on the Trump administration for helping to secure their election infrastructure ahead of the midterm elections next month.”

Israeli Cybersecurity Start-Up Awarded US Homeland Security Project

“Morphisec will become the first international business to receive a grant from the S&T’s Financial Services Cyber Security Active Defense Technologies category.”

Fifty State Attorneys General Reach Settlement over Cyber-Incident Disclosure 

“Uber Technologies, Inc. has reached a settlement with the attorneys general for all fifty states and the District of Columbia regarding allegations that Uber had violated state data breach notification statutes and consumer protection laws in connection with a 2016 data breach. The monetary settlement is the largest state attorneys general settlement reached in the aftermath of a data breach and the first to include every state in the nation. It is also the most recent step in a trend of state law enforcement becoming increasingly aggressive in pursuing companies that have suffered data breaches, especially with regard to disclosure requirements.”

Ashville Beefs Up Cybersecurity Plans

“Asheville’s situation has drastically improved since 2012. The city’s IT Services department now runs regular cybersecurity drills and has developed an education program for employees, centered on the slogan “Sec_rity: It’s nothing without you.”

Australia

For CySCA Sponsors, Designing 103 Cybersecurity Challenges Takes Months of Careful Planning

“More than 400 young hackers are waking from their first decent sleep in two days after four teams from the University of NSW (UNSW) beat out the competition to dominate this year’s Cybersecurity Challenge Australia (CySCA) 2018.”

Australia Agrees to Train Indonesians in Cybersecurity

“Australia will send experts to train Indonesian law enforcement personnel in cyber security, Indonesian Defense Minister Ryamizard Ryacudu said Thursday.”

Baltics/Estonia

Coordination Vital in Cybersecurity, Says Former Estonian Minister

“Cyber security has been recognised as being an essential part of national and international security, but this is not the domain of states acting alone, according to Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace, and former foreign affairs minister for Estonia.”

China

China Is Ahead of Russia as “Biggest State Sponsor of Cyber-Attacks on the West”

“China has become the biggest state sponsor of cyber-attacks on the West, primarily in its bid to steal commercial secrets, according to a report today by one of the world’s largest cybersecurity firms.”

Czech Republic

Czech Counterintelligence Helps Uncover Hezbollah Hacking Scheme

“The Czech Security Intelligence Service (BIS) issued a press release on Monday in which it says it cooperated with foreign partners in identifying, analysing and disabling servers in the Czech Republic and the wider world, which Hezbollah was using for cybernetic espionage.”

EU

Airbus Wins Blockbuster European Union Cybersecurity Contract

“Aerospace giant Airbus has won a blockbuster cybersecurity contract that will see it provide a range of security tools including a highly automated surveillance system to 17 European agencies and institutions.”

Germany

Internet Operator Challenges Network Tapping by German Spy Agency

“Internet exchange operator DE-CIX said on Thursday it had filed a constitutional complaint against the tapping into its network by Germany’s main spy agency, after an earlier petition was thrown out by a federal court.”

Ghana

Ghana Making Progress in Cyber Crime Combat

“Ghana is making progress in the prevention of the incidence of cyber crime because of government’s high level of commitment towards that cause, Dr Nana Kofi Annan, a consultant at the Ministry of Communications (MoC), has said.”

India

No Internet Shutdown in India: Cybersecurity Official

“A top government cybersecurity official on Friday clarified that India will not face any internet shutdown, quashing fears of an internet blackout in the country amid reports of a global outage. Russia Today had earlier reported that internet users across the globe may experience widespread network failures due to routine maintenance of key domain servers over the next 48 hours.”

In India, Cybersecurity Market to Grow to $35 Billion by 2025

“India’s cyber security market for products and services will grow up to $35 billion in 10 years from the present $4.5 billion. However, the security concerns of the growth are also high, said Gulshan Rai. Adviser to PM.”

Israel

New Israel – India Strategic Partnership in Cybersecurity

“A new Israel-India strategic partnership has been forged in the cybersecurity sphere. Tech Mahindra, and ELTA Systems, a group and subsidiary of Israel Aerospace Industries (IAI) have partnered to to provide cutting-edge cyber solutions and services to government and enterprise customers in India and globally.”

Kenya

Kenya’s Safaricom Set to Reward Ethical Hackers

“Safaricom has launched this initiative in a bid to promote the fixing and removal of bugs by ethical hackers who are not necessarily employed as security personnel. The program would see hackers submit bugs to HackerOne, the telco company’s partner.

NATO

NATO to Be Fully Operational in Cyber Space by 2023

Nato has to conduct operational activities in cyber space in the same way as it does in the sea, on land or in air, according to Antonio Missiroli, Nato assistant secretary general for emerging security challenges.”

UK

Manchester Named One of the UK’s Best Cities for Cybersecurity

“Manchester has been named one of the UK’s best cities for cyber security professionals. It was placed fifth in a league table which analysed salary, affordability, job availability and tech sector growth potential. Top ranked was Reading, followed by Leeds, Cardiff and Edinburgh.”

Posted in Weekly Brief | Leave a comment

Plus ça change … – ICD Brief 103.

ICD Brief 103.

01.10.2018.-07.10.2018.

Greetings from Edinburgh! Here’s what greeted us on our arrival yesterday: All Under One Banner Edinburgh rally: Tens of thousands take part in pro-independence march.

This week’s trend seems to be growing outrage over cyber espionage and cybercrime and a gathering of alliances to prepare and combat it.

USA

Spy Chips Story, Disputed by Cloud Providers, Could Stoke Growing US Tensions Over Chinese Espionage

A Bloomberg BusinessWeek report that Chinese equipment manufacturer Super Micro may have allowed microchips used for spying into U.S. data center equipment run by AWSApple and others is likely to stoke trade tensions between the two nations over alleged espionage.”

US Warns of New Hacking Spree from Group Linked to China

“The U.S. government on Wednesday warned that a hacking group widely known as cloudhopper, which Westerncybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.”

DHS Memo: Hackers Exploiting MSPs to Attack Customers’ Networks

“The U.S. Department of Homeland Security (DHS) is warning managed services providers (MSPs) and cloud services providers (CSPs) that cyber gangsters are exploiting them to creep unnoticed into their customers’ networks.”

Senate Passes Key Cyber Bill Cementing Cybersecurity Agency at DHS

“The Senate on Wednesday passed a key cyber bill that solidifies the Department of Homeland Security’s role as the main federal agency overseeing civilian cybersecurity.”

DHS Says Teamwork Is Improving Election Security

“A month out from the 2018 midterms, all eyes are on the Department of Homeland Security as it approaches its first real test since being given a broader election security mandate in the wake of the 2016 presidential elections.”

Banking on Cooperation: The US Government and the Finance Industry Need to Work Together to Defend the Financial Sector from Cyber Threats

“The private sector—which owns and operates the vast majority of U.S. critical infrastructure in cyberspace—and the U.S. government are in lockstep that cyber threats to critical infrastructure have national-security consequences. What more, they agree that both must do more to defend critical infrastructure in cyberspace. On Sept. 20, JPMorgan Chase CEO Jamie Dimon told CNBC that “cyber” represents the biggest threat to the global financial system. But as Dimon sounded the alarm, the Pentagon’s 2018 cyber strategy summary put the ball at least partly in his industry’s court, stating that the private sector is “on the frontlines of nation-state competition in cyberspace.”

DHS CIO Zangardi Wants Cyber, IT Hiring to Be More Limber

“John Zangardi knows cybersecurity is the emerging battle of the 21st century, and chief among his concerns is how to hire the experts needed to fight it.”

US, Montenegro Conduct Cybersecurity Exercises

“The U.S. has worked alongside cyberdefense experts within the government of Montenegro over the past several weeks to build cyberdefense capabilities.”

ASEAN

ASEAN Takes a Bold CybersecurityStep

“As far as technology and ministerial events go, the third ASEAN Ministerial Conference on Cybersecurity (AMCC) that met during Singapore International Cyber Week 2018 was relatively low-key. The conference was a major step forward on cyber issues in uncharacteristically quick terms for ASEAN. However, as the regional grouping looks to produce meaningful deliverables for its upcoming summit in November, it will be challenged by parallel developments in a domain that is continually being stress-tested in many ways.”

Australia

Brands to Turn Websites Black and White in Cybersecurity Campaign

“ANZ, Australia Post and NAB are turning their websites and social channels black and white from tomorrow, as part of a week-long campaign for the Australian Cyber Security Centre.The new campaign is created by Icon Agency, and seeks to build awareness around cybersecurity.”

China

Chinese Police Get Power to Inspect Internet Service Providers

“Under the new rule, effective from November 1, central and local public security authorities can enter the premises of all companies and entities that provide internet services and look up and copy information considered relevant to cybersecurity.”

EU

Joint Statement by Presidents Tusk and Juncker and High Representative Mogherini on Russian Cyber Attacks

“In April the offices of the Organisation for the Prohibition of Chemical Weapons (OPCW) in The Hague were targeted by a hostile cyber operation carried out by the Russian military intelligence service (GRU). This operation was disrupted by Dutch intelligence services in partnership with the United Kingdom (UK). In addition, the UK government has indicated earlier today that it has identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the Russian military intelligence service (GRU).

We express serious concerns about this attempt to undermine the integrity of the Organisation for the Prohibition of Chemical Weapons (OPCW), a respected internationalorganisation, hosted by the Netherlands. This aggressive act demonstrated contempt for the solemn purpose of the Organisation for the Prohibition of Chemical Weapons (OPCW), which works to eradicate weapons worldwide under a United Nations mandate. We deplore such actions, which undermine international law and international institutions. The EU will continue to strengthen the resilience of its institutions and those of its Member States, and international partners and organisations in the digital domain.”

European Cybersecurity Month 2018

“October 2018 is the sixth annual European Cyber Security Month (ECSM), an EU-promoted awareness campaign aimed at promoting cyber security and educating the public on how to protect themselves from online attacks.”

India

India Inc Faces One of the Highest Cybersecurity Threats in Asia-Pacific

“Bret Hartman is the vice president and chief technology officer, Security Business Group at Cisco. He has more than three decades of experience in building information security solutions for major enterprises and institutions across the globe. Hartman began his career as a United States Air Force officer assigned to the US National Security Agency. At the agency, he helped in the creation of the ‘DoD Trusted Computer System Evaluation Criteria’ (Orange Book). An alumnus of the Massachusetts Institute of Technology (MIT), Hartman talks to THE WEEK about different aspects ranging from preparedness of organisations to dealing with cyber security threats, data privacy concerns and how visibility and control can go a long way in preventing cyber attacks.”

India Faces One Cybersecurity Incident Every 10 Minutes

“New research from the Indian Computer Emergency Response Team (CERT-In) provides some distressing news. In 2017 alone, Indian organizations reported 53,000 security incidents, or one new reported security incident every 10 minutes—and these are only those that have been reported.”

Israel

On the Forefront of Israeli CybersecurityInnovation and Investment Strategy

“An interview with Zohar Rozenberg. Zohar Rozenberg (Col. Ret.) is VP, Cyber Investments at Elron Electronic Industries. Zohar serves, as board Member of several companies and a member at R.D.C, Rafael Advanced Defense Systems’ commercialization arm, in a full partnership with Elron Electronic Industries (TASE: ELRN).”

Japan

China’s Strict New CybersecurityLaw Ensnares Japanese Companies

“China’s tough new cybersecurity legislation is causing headaches for Japanese companies doing business there as authorities demand more protections for customer information and look to keep data within the country.”

NATO

Mattis: Estonia, Denmark, the Netherlands Will Provide Cyber Contributions to Help NATO

“Mattis said to reporters at a meeting of NATO defence ministers on 3 October that the US will make its cyber warfare capabilities available to NATO as the allies denounced an alleged Russian bid to hack the Organisation for Prohibition of Chemical Weapons. He noted that the attempted attack showed how cyberattacks were becoming “more frequent, more complex and more destructive”. ‘This is why the United States, like the United Kingdom, Denmark, the Netherlands, Estonia will provide national cyber contributions to help NATO fight in this important domain,’Mattis said.”

Minister: Estonia Ready to Put Its Cyber Capabilities to NATO’s Use

“TALLINN – Estonia is prepared to make its cyber capabilities available to NATO if necessary, Defense Minister Juri Luik said on Thursday.”

Georgian, NATO Defense Ministers Meet in Brussels, Discuss Cooperation

“Defense Minister Levan Izoria participated in the NATO-Georgia Commission meeting on October 3, held in the frames of the NATO Defense Ministerial in Brussels on October 3-4.”

Netherlands

Russia Calls Dutch Ambassador to Account for Spies’ Deportation

 “Russia summoned the Dutch ambassador to Moscow to account for the Netherlands’ deportation of four Russian spies who were planning to hack the Organization for the Prohibition of Chemical Weapons (OPCW), RTL Nieuws reports.”

North Korea

How North Korean Рackers Stole Millions of Pounds in a String of Methodical Cyber-Heists

“A gang of digital bank robbers working for the North Korean government stole millions of pounds in a string of “complex and destructive” heists, researchers say.”  Inside the North Korean Hacking Operation Behind SWIFT Bank Attacks

Poland

Poland – New Cybersecurity Requirements

“A new Act on the National Cybersecurity System entered into force in Poland on 27 August 2018. The Act is designed to implement the measures laid down in the NIS Directive (Directive (EU) 2016/1148) and is another step (as well the GDPR, which reinforces protection of personal data) in extending the duties of companies in relation to cybersecurity.”

Singapore

Singapore Can Play “Important Role” in Cybersecurity for SEA Region, Says FireEye CEO

“Singapore can play an “important role” in cybersecurity for the Southeast Asian region, particularly in the area of thought leadership, said FireEye CEO Kevin Mandia on Thursday (Oct 4).”

UK

Abertay Graduate Develops New Approach to Cybersecurity

“Start-up CyberShell Solutions has developed early stage security analysis technology that alerts software developers to potential vulnerabilities. Unlike most cybersecurity software, which identifies problems as or after they happen, the Dundee company’s CyberSuite product helps developers address and mitigate issues before their software is commercially deployed. Company chief executive Tayyaba Nafees, who completed a cybersecurity PhD at Abertay, said she was targeting global firms with the product. “

UK Cybersecurity Agency Backs Apple and Amazon Denials Over Chinese Hacking

“Britain’s cybersecurity agency, the National Cyber Security Centre (NCSC) has backed US technology businesses Apple and Amazon in their denials of a recent story that claimed Chinese hackers had managed to infiltrate their servers.”

Defence Secretary Reveals New Generation of “Cyber Cadets”

“A new scheme to help develop the next generation of cyber security experts and protect our nation against sophisticated and evolving threats has been announced by Defence Secretary Gavin Williamson today.”

Posted in Weekly Brief | Leave a comment

“Once More, Unto the Breach, Dear Friends, Once More” – ICD Brief 102.

ICD Brief 102.

24.09.2018.-30.09.2018.

Greetings from sunny Haymarket (Virginia)! Next week, I’ll be under an umbrella close to Haymarket Station in Edinburgh.

A year ago, I’d lead with the Facebook breach. Today, you will see a change: from reaction to anticipation, from unknown values to probabilistic risk models, from a vacuum of governance to a growing body of best practices and emerging rules of engagement, from voluntary guidance to regulations and laws.

USA

Facebook’s Security Breach Shows Even Significant Security Investment Might Not Help

“The biggest technology companies, finance firms and technology giants — including Facebook which now reports up to 50 million user accounts may have been taken over by criminal hackers — invest many millions in cybersecurity and still fall victim to significant attacks.”

Army Wants to Change Its Cyber Training to Beef Up Ranks

“The military is facing a shortage in cyber talent and the Army is considering changing the way it trains its cyber soldiers to deal with the shortfall. The cyber realm is demanding an increasing number of civilian and military experts for defensive, offensive and maintenance jobs.”

New ISA/IEC Standard Specifies Cybersecurity Capabilities for Control System Components

“Research Triangle Park, North Carolina USA (25 September 2018) – The ISA/IEC 62443 series of standards, developed by the ISA99 committee as American National Standards and adopted globally by the International Electrotechnical Commission (IEC), is designed to provide a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACS).”

DOD Struggles with Loss of Cyber Personnel

“The Defense Department lost thousands of civilian cyber workers in the past year, mainly in IT management and computer science-related positions, a senior defense official testified at a Sept. 26 Senate hearing.”

Ransomware Attack Hits Port San Diego

“The Port of San Diego is facing the storm surge of a cyberattack against its computer systems. On Wednesday, the Port of San Diego’s CEO, Randa Coniglio, said in a statement that it suffered a “serious cybersecurity incident,” which it first learned about on Tuesday. A spokesperson for the port told sister site ZDNet that the attack was a ransomware infection, but didn’t provide further details.”

Electric Industry, Government Work Together to Enhance GridCybersecurity

“As protecting critical infrastructure from cyberattacks has become a national priority, the electric power industry and U.S. government agencies have strengthened their partnership in order to better tackle energy grid cybersecurity.”

New York’s Laser-Focused Move to Better Cybersecurity

“Summer 2018 was dominated in the EU by the General Data Protection Regulation (GDPR), and in the US, by the California Consumer Privacy Act of 2018 (CaCPA, otherwise known as California GDPR). Both of these regulations on data represent a significant shift in how the business community manages and protects consumer information. If you read the fine print, both of these regulations will ultimately drive more action oncybersecurity.”

California Will Be the First State to Implement IoTCybersecurity Law Starting January 1, 2020

“Lights which know when you are awake, doors which can sense if it is a stranger, and a houseful of such ‘connected devices’ controlled by a single app, and you know there is a likelihood of a digital apocalypse in the near future if we don’t have set laws. To avoid a future catastrophe, California Governor Jerry Brown has signed a cybersecurity law covering smart devices, making the state a first with such a law, The Verge reported.”

Australia

NSW Government’s New Cybersecurity Strategy

“Today, the NSW government launched its new cyber security strategy. The strategy is aimed at boosting public sector capability across government departments and agencies. It comes off the back of a call earlier this year by the NSW auditor-general for urgent action to improve the ability of state government agencies to detect and respond to cyber security incidents.”

Australia’s New Spyware Bill Sparks Fears of CybersecurityRisks

“New legislation introduced in Australian parliament to weaken encryption laws in order to allow law enforcement greater access to encrypted communications is raising concerns over privacy and the country’s cybersecurity.”

Baltics/Estonia

Estonia Ranks First in the World in the National CybersecurityIndex

“Estonia jumped two places after an update by the country’s ministry of defence, notifying the national cyber security index team of the recent establishment of the Cyber Command at the Estonian Defence Forces.”

Belgium

New Belgian Cyber-Security Platform To Protect Start-Ups From Hackers

“A collaborative fintech platform in Belgium has launched an innovative new program aiming to improve cyber-security for start-ups. Trusted Fintech, which was launched by B-Hive Europe during the Digital Finance Europe conference in Brussels, will deliver a five-module program focused around people, process and technology. When a start-up successfully completes the program it then obtains the ‘Trusted Fintech’ label – a safety guarantee which B-Hive hopes will encourage further investment.”

EU

EU Politicians Push for Cybersecurity and Data Audit of Facebook

“European Union politicians appear set to demand audits of Facebook by Europe’s cyber security agency and data protection authority in the wake of the Cambridge Analytica scandal. A draft resolution submitted on Thursday to the EU Parliament’s civil liberties and justice committee urged Facebook to accept “a full and independent audit of its platform investigating data protection and security of personal data”.”

IoT Update: The E-Privacy Regulation – Impact on the IoT market

“This post looks at the implications of the E-Privacy Regulation for IoT manufacturers starting with a short summary of the GDPR and some of its effects.”

Germany

German Cyber Defense Blends Military and Commerce

“A cyber defense training pact has been signed by Deutsche Telekom and Germany’s Bundeswehr. Their deal expands a network of commercial and federal information security hubs centered in Bonn.”

Israel

Israel Emphasizes Role as International Cybersecurity Hub

“Israeli Ambassador to Italy Ofer Sachs, speaking at the Cybertech Europe conference on Wednesday in Rome, said his country is among those receiving the most cyberattacks worldwide.”

Russia

Philippines Collaborates with Russia on Cybersecurity

“Both parties agreed to cooperate on mutual response tocybersecurity incidents and information-exchange oncybersecurity threats, policies and technologies. The Philippines is also seeking to sign MoUs with other countries, similar to Russia’s, to further strengthen its cybersecurity posture.”

Serbia

Serbia Tightens Cyber-Security As Internet Crime Rises

“Amid a rise in such attacks last year, Serbia plans to tighten its cyber-security and form special units to combat high-tech crime. According to the Cybercrime Strategy, Serbia will establish several units within the police, military and customs to fight online crimes. Civil servants will participate in training, which will be also held for parents, in schools, in the media, and for bank clients, focusing also on child pornography and internet security. “

Southeast Asia

“On September 14th, ASEAN, a Southeast Asian regional cooperative consisting of ten member-nations, opened the ASEAN-Japan Cyber Security Capacity Building Centre in Bangkok, Thailand. The Centre is designed to train personnel from member countries in countering cyber threats.”

UK

“A new Easy Access IP licence has been granted for a game which helps stop cyber attacks  Defence Science and Technology Laboratory
Scientists at the Defence Science and Technology Laboratory (Dstl) have developed a cyber card game which helps staff identify and learn about some of the key open source techniques a cyber aggressor might use to gain insight, access and control over industrial and commercial infrastructures.
Extensive testing of the game and positive stakeholder feedback has shown a very rapid initial learning curve compared to conventional training alone and this contributed to the game winning the 2018 Dstl ‘Innovator of the Year’ award.”
“In an announcement, the firm said it is now a GCHQ-certified training provider for its course “Understanding Cybersecurityand Insurance,” which is offered to brokers and client risk managers through the AXIS Cyber Centre of Excellence.”

Feature

 Note: This article is based on a presentation at the Informal Meeting of EU Foreign Ministers in Vienna on August 31, 2018.
“The strength of our society rests on the strength of our IT. In a world where everything is connected—phones, cars, houses, electric grids, supermarkets, hospitals, financial systems and satellites—everything can be disrupted, if not destroyed. For several years, cyber threats have featured at the top of the risk assessments of government ministers, diplomats, intelligence officials and military leaders. What is missing in these debates is a grand strategic vision. Cyber diplomacy and cyber defense should become the bread and butter of our foreign and security policy debates.”
By Nick Ismail    Information Age
“Today, the SANS Institute Threat Hunting Survey report concludes that organisations are beginning to find cyber threats more effectively.
However, whilst techniques, tools and the scope of threat hunting is expanding, the practice is still relatively poorly defined amongst IT professionals. Most organisations are still reacting to alerts and incidents, instead of proactively seeking out intruders.”

 

Posted in Weekly Brief | Leave a comment

Present at the Creation – ICD Brief 101.

ICD Brief 101.

17.09.2018.-23.09.2018.

Welcome to our Second Hundred ICD Brief series! Two years ago, we invited friends and colleagues to chart the global shift from plans to “Working Cyber Partnerships.” The Global Multi-Stakeholders: nations, corporations and academe seemed mired in a never-never land of Fear, Uncertainty and Doubt (FUD).  Only the threats seemed real.

Today’s updates from the US, Australia, the Baltic nations of Estonia and Latvia, the EU, India, Japan, Singapore and the UK bring tangible progress in terms of definitions, models, laws and rules of engagement.

Our Second Hundred Series continues the exploration of how these working partnerships and newly accepted concepts of “interconnectedness” will lead to a 21st century global working order.

Our diverse readership aged 11 to late 80’s in more than 40 countries report benefits from global views of emerging trends, skim for work and in the case of our tech and policy experts, see how the world’s secular press covers their work. Previous editions are HERE   on our website.

Here’s a sampling: Highly recommend the CNBC video: “How do you stop a cyberattack.”

 

USA

USA to Go on Cyber-Offence Under New Trump Policy

“The United States has revealed a new national cyber security strategy and warned it will increase its use of aggressive cyber-ops. The move comes as US intelligence officials expect a flurry of digital attacks ahead of the November 6 midterm elections.”

DoD Releases First New Cyber Strategy in Three Years

“In its first formal cyber strategy document in three years, the Department of Defense said it would focus its cyber efforts on China and Russia and use the Pentagon’s cyber capabilities to collect intelligence as well as to prepare for future conflicts.”

DHS to Roll Out New Cybersecurity Risk Score for Agencies

“Over the next three to six months, the Department of Homeland Security will launch a new cybersecurity risk score for agencies.”

White House National Cyber Strategy Praised by Experts

“The new National Cyber Strategy released by the White House details plans for improving cybersecurity and garnered positive early reviews from experts for its comprehensiveness.”

DHS Guidance on Cybersecurity Reveals Emergent Threats to Critical Infrastructure and Industry by Larry O’Brien

“DHS Guidance on Cybersecurity reveals the threat of coordinated cyberattacks on critical infrastructure and manufacturing in the US by hostile nation states is increasing. Just a few months ago, the US Department of Homeland Security identified major hacking groups responsible for recent industry and critical infrastructure attacks as having Russian state sponsorship. End users in the manufacturing sector, process industries, power generation and T&D, nuclear, water & wastewater, and even building management and smart cities sectors should be up to date on the guidance surrounding this threat, which has so far claimed over 100 victims across these sectors.”

Senate Could Act on Top DHS Cybersecurity Priority

“The top legislative cybersecurity priority for DHS might finally be nearing the finish line. Multiple sources tell MC that the Senate could soon bring a bill establishing the Cybersecurity and Infrastructure Security Agency to the floor. The legislation, H.R. 3359 (115), long ago passed the House and has been awaiting action in the Senate. Now, sources familiar with the bill say, it could hit the floor as early as next week if no senator objects.”

The State of NAIC’s Data Security Model Law

“Most states have yet to adopt a cyber security model law for the insurance industry like the one approved by the National Association of Insurance Commissioners in 2017, but one expert believes the industry should be prepared for what he sees as an eventuality.”

New Ohio Law Incentivizes Businesses that Comply withCybersecurity Programs

“On Aug. 3, 2018, Gov. John Kasich signed Senate Bill 220, also known as the Ohio Data Protection Act. Under the Act, eligible organizations may rely on their conformance to certaincybersecurity frameworks as an affirmative defense against tort claims in data breach litigation. The Act is intended to provide organizations with a legal incentive to implement writtencybersecurity programs.”

CT Cybersecurity: “We Cannot Rely on Washington to Keep Us Safe”

“The leader of Connecticut’s cybersecurity efforts said Tuesday that Washington, with a deeply polarized Congress and faction-riven White House, has abrogated its role in defending the nation’s electrical grid, natural gas system and public water supplies against hackers who are growing bolder, more numerous and more sophisticated.”

Cyber Conflict as an Academic Discipline: It’s Not All Doom-and-Gloom

“As few weeks ago on Net Politics, Melissa K. Griffith laid out the challenges facing academics who want to study cyber conflict. Although Melissa is right that there may be no single foundational cybersecurity text as there might be in the study of nuclear weapons, a solid base of literature is now emerging.”

Australia

Home Affairs Dominates in Govt Cyber War Games

“Cyber security experts from the federal government’s law enforcement agencies have overcome their public and private sectors counterparts to take out the top prize in Canberra’s second cyber war games.”

Baltics

How to Russia-Proof an Election

“A nondescript office in Riga’s communist-era Institute of Mathematics and Computer Science may be Latvia’s last line of defense against threats to next month’s general election.”

When This Country Faced a Suspected Russian Cyberattack – It Took Some Big Steps to Stop Another

“It’s been called the world’s first cyberwar – and it started with the relocation of a Soviet War memorial in Tallinn, Estonia. When Estonian authorities moved the statue of a Soviet soldier to a less prominent location in April 2007, the country’s ethnic Russian population took to the streets to protest.”

EU

How the EU Is Building a Robust and Secure Digital Environment

Mariya Gabriel , European Commissioner, Digital Economy and Society

“Last year’s WannaCry attack, which affected infrastructure operators as well as thousands of companies, was a serious indication that cybersecurity is one of the biggest policy challenges in the digital sphere.”

ENISA Launches Cybersecurity Strategies Evaluation Tool

“The European Union Agency for Network and Information Security (ENISA) has launched a tool that will help EU Member States evaluate their priorities according to their National Cyber Security Strategies.”

India

India Faces Most Cybersecurity Threats in Asia-Pacific: Cisco

“The Cisco cybersecurity report finds that 56% of the investigated alerts in India turn out to be false, adding to the burden of existing security defenders who need to ensure that they are working on the right alerts.”

Japan

Japan’s Defense Ministry Set to Outsource Cyberdefense Duties to “White Hat” Hackers Amid Shortage of Experts

“The Defense Ministry is considering the use of “white hat,” or ethical, hackers to better prepare for cyberattacks due to a shortage of cybersecurity experts.”

Japan Seeks Stronger Cooperation with Estonia in Cbersecurity

“Japan asked Estonia on Friday to strengthen cooperation incybersecurity as the country prepares to review its defense guidelines towards the end of the year.”

Singapore

Singapore to Offer Bug Bounty, Set Up Asean CybersecurityCentre

“Singapore government will launch a bug bounty initiative by end-2018, when local and international hackers will be invited to test systems for vulnerabilities, as well as a cybersecurity hub next year to facilitate collaboration and training efforts amongst Asean country members.”

UK

Multimillion Pound “Cyber Force to Be Launched in Britain”

“’We are both committed to continuing to invest in this area, given the real threats the UK faces from a range of hostile actors,’ government spokesman says.”

The Importance of Cybersecurity for SMEs in the UK

“Protecting your business against data theft remains a huge issue facing SMEs today. And as more businesses move towards cloud storage, the use of cryptocurrencies increases, coupled with a post GDPR world and this problem becomes ever more complicated. Yet SMEs are still struggling to address this, so what needs to be considered. How It Works: Cybersecurity IBM video

Posted in Weekly Brief | Leave a comment