ICD Brief 4.
08.08.2016. – 15.08.2016.
USA
US Intelligence to Help Companies Avert Supply-Chain Hacking
“U.S. intelligence officials are planning to provide information including classified threat reports to companies about the risks of hacking and other crimes tied to the supplies and services they buy.”
Why the White House’s Cyber Commission is Asking the Public for Advice
“The White House’s Commission on Enhancing National Cybersecurity is launching a public plea for help Wednesday in understanding the “current and future states of cybersecurity in the digital economy.” The commission — comprised by prominent academics, former officials and industry luminaries that effectively serve as voluntary cybersecurity consultants to the President — will release a request for information, or RFI, soliciting public comment tomorrow, according to a Federal Register notice. ”
Government, Hackers Learn To Make Nice
“This article explores on the unlikely alliance between government and hackers which was manifested during the Black Hat USA conference in Las Vegas last week. But there’s still some mutual fear between the two communities, panelists agreed. “For many people in government, ‘hacker’ still means criminal. And there’s still a lot of distrust of government from the hacker community.”
FDA Guidance Could Improve Cybersecurity
“Industry lobbyists are pleased that FDA has issued draft guidance to try to clarify when medical device manufacturers and software developers can change their products without going through new regulatory review. It’s an issue that’s become big in cybersecurity because vulnerable devices are seen as a way to hack into health care records.”
Black Hat USA Shows Enterprises Fail to Learn Security 101 Lessons
“Amid the latest technology and research discussed at Black Hat USA, enterprises still aren’t implementing common sense cyber-security practices. Although most threats are preventable by following “Security 101” practices that require only basic common sense and preparation—advice which often is ignored, overlooked or deemed not cost-effective by executives.”
Wall Street Giants Team Up on Cyber Security
“America’s biggest banks are joining forces to combat the growing threat from cybercriminals, setting up a group that will work on preparing for attacks and improving information sharing, according to the Wall Street Journal. The group of eight includes Bank of America,Bank of New York Mellon, Citi, Goldman Sachs, Morgan Stanley, State Street, Wells Fargo and JPMorgan Chase”
FBI Took Months to Warn Democrats of Suspected Russian Role in Hack:Sources
“The FBI did not tell the Democratic National Committee that U.S officials suspected it was the target of a Russian government-backed cyber attack when agents first contacted the party last fall, three people with knowledge of the discussions told Reuters. As late as June, hackers had access to DNC systems and the network used by the Democratic Congressional Campaign Committee, a group that raises money for Democratic candidates and shares an office with the DNC in Washington, people with knowledge of the cases have said.”
Israel
Organizational Shift Regarding Cybersecurity
“The confirmation of a temporary enables the transfer of cybersecurity responsibility from the hands of the Israeli Security Agency (shin bet) to the National Cybersecurity Authority, regarding most organizations with vital computer systems .”
UK
The UK at Risk of Falling Behing the ‘Digital Tiger’ Economies
“The international development index is a study that measures the ability of 10 countries around the world on their readiness to compete in the digital economy. The study, conducted by Barclays, attributes an overarching ‘digital empowerment’ score to each nation. It found that the UK came in 4th place behind new and emerging ‘digital tiger’ economies Estonia, South Korea and Sweden.”
Baltics/Estonia
“Estonia is a highly digitized nation, with nearly everyone using the Internet, and all government services online. Now the government wants to back the country up… to Great Britain.”
Estonian Network Operator Joins European Network for Cyber Security
“Estonian-based network operator Elektrilevi has joined the European Network for Cyber Security (ENCS) to focus on improving cyber resilience. With a total network of about 64,000km of power lines and more than 24,000 substations, Elektrilevi has approximately 475,000 customers and is the largest network operator in Estonia, Northern Europe.”
Netherlands
United Airlines Challenge Rewards Teen Hacker
“Based in the Netherlands, Olivier Beg discovered 20 separate security flaws within United Airlines’ computer systems. As a reward, the airlines offered million United MileagePlus miles — a $25,000 value – for revealing 20 bugs to United’s program, as part of a challenge to help the company fix security flaws on its website.”
Poland
Krakow to Host 2nd European Cybersecurity Forum in September
“September 26-27, 2016, Krakow, Poland, will host the 2nd European Cybersecurity Forum – CYBERSEC, the Annual Public Policy Conference dedicated to strategic aspects of cybersecurity. The invited experts will focus on building a regional cybersecurity system for Central and Eastern Europe, cyberdefence of NATO member states, cyber education and cyber innovations as well as public-private partnerships,” the statement reads.”
China
China’s Master Plan for IT Dominance
“On July 27, 2016, the State Council and the Communist Party Central Committee jointly released a blueprint for the country’s national IT strategy, which will guide Chinese government policy efforts over the next decade. Beijing sees the plan and its targets as critical to establishing China as an innovation and technology “powerhouse.”
Global Business Groups Slam China’s Draft Cybersecurity Rules
“In a letter addressed to Chinese Premier Li Keqiang, 46 global business groups spanning finance, information technology, insurance and manufacturing urged Beijing to revise its draft cyber rules, which they said would hamper trade.”
Chinese Team Shows Strenght in Int’l Network Security Competition
“A Chinese team showed strength in the first ultimate showdown of man vs machine in network security, which was held here this weekend at the world’s biggest top-level hacking conference DEF CON.”
Dark Times Ahead for Chinese White Hats
“Over the last few years, Chinese President Xi Jinping has made improving cybersecurity a major policy goal. And yet the Chinese leadership is moving towards criminalizing the people that have the power to make that happen—white hat hackers.”
China Suspected of Hacking Organizations Involved in South China Sea Dispute, Security Firms Says
“The ongoing dispute over the South China Sea has apparently spilled over into cyberspace recently, as hackers believed to be from China have attacked government and private-sector organizations linked to the row over the key waterway, a new analysis has found.”
Iran
Defense Report: Iran’s Cyber, Missile Ability Growing
“Iran has gradually improved its offensive cyber abilities and developed more advanced ballistic missiles since signing an accord last year to curb its nuclear program, the U.S. Defense Department said.”
Russia
Millions of Russians’ Personal Data May Be Put at Risk
“Leading Russian cyber-security analysts have criticised recently announced government plans to create a single national database containing the personal data of all Russian citizens, expected to be the largest electronic archive in Russia.”
Germany
Germany Announces New Cyber Security Unit in Wake of Terror Attacks
“The German government has announced the creation of a new cyber security unit which will be established early next year and staffed by around 400 civil servants.”
EU
New EU Directive on Security of Information Systems
“A new Directive on cyber security was published in the Official Journal of the European Union. The Directive aims to achieve a common level of security of network and information systems within the EU. It requires all Member States to adopt a national strategy on the security of network and information systems and establishes security and notification requirements for operators of essential services and for digital service providers. ”
Industry Led Pan European Cooperation in CyberSecurity
“ECSO is an pan-european industry-led organisation with members from a wide variety of stakeholders. The main objective of ECSO, according to ecs-org.eu, is to support all types of initiatives or projects that aim to develop, promote, encourage European cybersecurity, and in particular to develop the cybersecurity market in Europe and the growth of a competitive cybersecurity and ICT industry, with an increased market position.”
EU Data Transfer Plan Requires Stronger Privacy Policies
“U.S. companies considering enlisting in the recently opened European Union-U.S. Privacy Shield data transfer program must ensure their privacy policies meet more robust data protection requirements than the predecessor U.S.-EU Safe Harbor program.”
NATO
Russia Hackers of DNC Said to Nab Secrets from NATO, Soros
“Weeks before the Democratic convention was upended by 20,000 leaked e-mails released through WikiLeaks, another little-known website began posting the secrets of a top NATO general, billionaire George Soros’ philanthropy and a Chicago-based Clinton campaign volunteer.”
Feature
Thousans of SAP Systems Unnecessarily Vulnerable to Cyberattack
SAP
“SAP’s 2016 Cyber Threat Report reveals mounting and expanding vulnerabilities in most of its systems and platforms. The majority (69%) of its 36000 SAP systems worldwide available on the Internet should not be “configured for remote access.” “It’s noteworthy that the number of talks on security conferences directly affects the level of SAP Security in a particular country.”
Security Experts Discover Sophisticated Cyberespionage Campaign Active Since 2011
“Called Strider by Symantec and ProjectSauron by Kaspersky, the malware infected dozens of computers in Iran, Russia, Sweden, China, Belgium and Rwanda.”