ICD Brief 13.
10.10.2016. – 17.10.2016.
“It could have been a cold war drama. The world watched this week as accusations and counter-accusations were thrown by the American and Russian governments about documents stolen during a hack of the Democratic National Committee and the email account of Hillary Clinton’s campaign chair John Podesta.
“’The US government is taking a very direct approach in calling out what it says is Russian-directed hacking. That’s significant – according to Richard Stiennon, author of There Will Be Cyberwar – because there is nothing new in what the Russian government has allegedly done in the 2016 election cycle.’”
“’Russian interference with US elections is not ‘heating up’ per se, as much as it’s coming out of the shadows,” says Stiennon, who is also chief strategy officer of Georgia-based data security company Blancco Technology Group. “Hacking the DNC and Democratic congressional campaigns and then the leaking of stolen emails is somewhat ham-fisted, but it’s an escalation of Russian disinformation campaigns,’” he said.
“The Internet of Things (IoT) is expected to continue to grow in the years ahead, with research firm Gartner predicting that the number of connected devices worldwide will skyrocket form 6.4 billion in 2016 to 20.8 billion in 2020. For the federal government, all of those Internet connections present both an opportunity and a potential threat. The Department of Homeland Security and the National Cyber Security Alliance (NCSA), a public–private partnership, have for the past 13 years recognized October as National Cyber Security Awareness Month. The cybersecurity threat from the IoT is something the DHS is likely to highlight this month and for months to come.”
“Cybersecurity threats are growing quickly for the payment networks of the U.S. financial system, Kansas City Federal Reserve President Esther George said in remarks that did not address the outlook for the U.S. economy. Speaking on Wednesday at a conference in Chicago on the payments system, George warned that the growing threats were undermining public confidence in the system.”
“The Obama administration is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election, U.S. intelligence officials told NBC News. Current and former officials with direct knowledge of the situation say the CIA has been asked to deliver options to the White House for a wide-ranging “clandestine” cyber operation designed to harass and “embarrass” the Kremlin leadership.”
“Privacy advocates in Congress are moving to stop a new rule from taking effect Dec. 1 that would allow federal agents armed with a single search warrant to hack millions of Americans’ computers at once. “It’s more government surveillance,” said Rep. Ted Poe, R-Texas, a former criminal court judge and prosecutor who is leading bipartisan efforts with Sen. Ron Wyden, D-Ore., to stop the rule change.”
“The government will seek greater engagement with chief executives and board level executives on cyber security to push it higher up the corporate agenda. The newly opened National Cyber Security Centre (NCSC) in London, part of multi-billion pound government plans to invest in cyber security in the coming years, will hire hundreds more people who will be charged with growing connections with business as part of their remit.”
“Eighty-nine percent of UK organisations experience increased customer retention owing to their security practices. New research from CA Technologies has revealed that UK businesses highlight a 39 percent improvement is customer satisfaction and a 38 percent growth in revenue from their IT security practices.
The global study collected responses from 1,770 senior business and IT executives, including over 100 CSOs and CISOs from 21 countries. Security is viewed as critical to protecting their brand and as a competitive differentiator for 93 percent of UK organisations, the highest figure in Europe.”
“The UK Government will help build cyber security startups to support the sector’s growth, its cyber security ambassador said yesterday. “A key additional element to our new strategy is to further support the growth of the UK’s cyber sector. We are developing mutually supportive interventions to help move ideas into products, products into startups, startups into successful UK companies, and successful UK companies into world class enterprises”, said Conrad Prince, UK Cyber Security Ambassador in the Defence and Security Organisation, at the Singapore International Cyber Week.”
“The Centre for Public Safety (TCPS) scanned 71 police and policing-affiliated websites (including their own) and found that while one in four demonstrate high standards of secure encryption – the remainder have significant room for improvement. Rory Geoghegan, founding director of The Centre for Public Safety said: “The government and police regularly tell the public to ‘look for the padlock’ when using websites – it’s time they followed their own advice and delivered secure-by-default websites for the public to use.”
“The Polish Bitcoin Association, MP Mirosław Suchoń and the government’s “From Paper to Digital Polish” program organized the country’s first public consultation on digital currency and blockchain technology, as reported by CoinDesk.
According to CoinDesk, the event was held by the Sejm – the lower chamber of the Polish Parliament – and saw over 70 people, including academics, public officials, industry representatives, legal experts, among others. The National Centre for Research and Development announced during the meeting that it received a grant proposal to co-fund Polish blockchain technology accelerator.”
“The 2016 Threat Report, released yesterday by the Australian Cyber Security Centre, is clear about what it views as perhaps the most troubling trend in the cyber domain: the contest over information. The control, security and credibility of information is central to the cyber domain. Financial markets operate smoothly because the public has confidence in the integrity of online banking information. Critical infrastructure is safe because it is difficult for terrorists to not only gain access to those networks, but also know what to do once they get there.”
“Singapore is taking concrete steps to step up cooperation across Asean for a more secure cyberspace, Communications and Information Minister Yaacob Ibrahim said yesterday as he launched a $10 million fund to help fellow Asean nations build up their cyber response capabilities. Dr Yaacob, who is minister-in-charge of cyber security, told the first Asean Ministerial Conference on Cyber Security at the Shangri-La Hotel the grouping could focus its efforts in three areas to fight the “’full spectrum of cyber threats: cybercrime, espionage, and other malicious activities’”.
“The Diplomat ‘s Ankit Panda spoke to Conrad Prince, the United Kingdom’s cyber security ambassador, on a range of issues, focusing broadly on the UK’s cyber security priorities in the Asia-Pacific and globally. The interview addresses UK concerns about the Hinkley Point C project, UK-China relations, bilateral cyber cooperation in the Asia-Pacific, and the UK’s second cyber security strategy.”
“The Singapore International Cyber Week (SICW) and Asean Ministerial Conference on Cybersecurity (AMCC) were held from October 10-12, at the Suntec Convention Centre and Shangri-La Hotel. Brunei Darussalam was represented by the Deputy Minister at the Prime Minister’s Office, Dato Paduka Awang Haji Hamdan bin Haji Abu Bakar, who was accompanied by the CEO of BruCERT (Brunei Computer Emergency Response Team) and several senior officers from the Prime Minister’s Office (PMO) according to a press release issued by the Prime Minister’s Office. The inaugural SICW 2016 was built around Singapore’s annual GovernmentWare (GovWare) cyber conference and exhibition. Into its 25th anniversary, 85 companies that featured and exhibited multiple tracks on the latest trends in technology, organisational implementation and user perspectives, participated in the GovWare exhibition.”
“In a rare bit of good cyber security news, Chinese hacking thefts of American corporate secrets have plummeted in the 13 months since China signed an agreement with the Obama administration to curb economic espionage, U.S. officials and outside experts say. Analysts say the success may hold lessons for how the U.S. should deal with Russia, which at the same time has stepped up a different sort of hacking campaign that officials says is aimed at undermining confidence in the American election.”
“Moscow The Kremlin on Saturday slammed Washington for its “unprecedented” threats against Moscow over an alleged series of cyber-attacks and vowed to respond. Last week, Washington formally accused the Russian government of trying to ‘interfere’ in the 2016 White House race through cyber-attacks on American political institutions.”
“More than 700 security experts are battling a fictional cyber crisis featuring power cuts, drones and ransomware as part of the European Union’s biggest cyber defence exercise to date. Cyber Europe 2016 kicked off back in April, as since then has been simulating the build up to a major cyber security crisis with a series of fictional attacks on European digital networks, culminating in this week’s finale, where security industry experts from more than 300 organisations work together ” ‘to ensure business continuity and, ultimately, to safeguard the European Digital Single Market.’”
“An official from the United Nations’ (UN) Nuclear agency has admitted a cyber-attack ‘disrupted’ a nuclear power plant, speaking to press in Germany. Yukiya Amano, the Director General of the International Atomic Energy Agency (IAEA), did not tell the audience how, when or where the Nuclear power plant was disrupted beyond that it happened several years ago, and though the plant did not have to shut down it did have to take “some precautionary measures.”
“Welcome to the brave new world of cybersecurity. A September survey by the Risk and Insurance Management Society found that 80% of the companies bought a stand-alone cybersecurity policy in 2016. The takeaway: Policies covering exclusively cyber exposures are now the norm for many large companies.”
“The annual RIMS cyber survey polled 272 respondents on issues ranging from exposure concerns, first-party and third-party risk, and government regulations.”
“In an effort to fortify its hold in the cyber risk management space, Aon Risk Solutions, the global risk management business of AON plc., announced that it will acquire New York City-based Stroz Friedberg Inc., a leading global risk management firm. It has offices across the U.S. as well as in London, Zurich, Dubai and Hong Kong.”
“Vladimir Putin’s brazen attack on U.S. democracy demands that the Obama administration respond with a firm hand.” James Stravidis
The basic facts about Russia’s election-year hacking of the American political system are clear. For more than a year, the Russian government has repeatedly infiltrated the computers of both parties’ presidential campaigns to steal data and emails to influence the outcome of the election. In response, the Obama administration has promised a “proportional” response against Russia.
What’s much less clear is what a “proportional” response could mean. This is an unprecedented situation for the American national security establishment — which means the Obama administration’s response will set a precedent for future foreign-directed cyber-plots.