ICD Brief 14.
17.10.2016. – 23.10.2016.
USA
Cyber Attacks Disrupt PayPal, Twitter, Other Sites
“Hackers unleashed a complex attack on the internet through common devices like webcams and digital recorders and cut access to some of the world’s best known websites on Friday, a stunning breach of global internet stability.
The attacks struck Twitter, Paypal, Spotify and other customers of an infrastructure company in New Hampshire called Dyn, which acts as a switchboard for internet traffic. The FBI is investigating cause of cyber attacks.”
Emerging Focus on Cyberthreats to Energy Infrastructure
“Last week, the Kentucky Office of Homeland Security hosted an exercise simulating attacks on the power grid and government computer networks. Participants included law enforcement, first responders, and private sector representatives engaged in health and security. The exercise centered on how the state would react if hackers were able to take down Kentucky’s energy grid while simultaneously engaged in the exfiltration of information from government computer networks. The goal was to provide a gap model and develop best practices that can be utilized by other states and by the federal Department of Homeland Security (DHS).”
States Reach out to DHS for Election Cybersecurity Help
“As the Nov. 8 presidential election draws closer, dozens of states have asked the U.S. Department of Homeland Security for help securing their voting computer systems. So far, 36 states and 11 county or local election agencies have approached DHS for cybersecurity services, DHS Secretary Jeh Johnson said in a release.”
Bank Regulators in USA Outline Urgency to Adapt Higher Cyber Security Standards
“U.S. bank regulators on Wednesday outlined cyber security standards meant to protect financial markets and consumers from online attacks against the nation’s leading financial firms. Leading banks will be expected to use the most sophisticated anti-hacking tools on the market and to be able to recover from any attack within two hours, said officials briefing reporters on the plan.”
Conference Focuses on Cybersecurity
“The Idea Center at Miami Dade College recently collaborated with Tel Aviv University to host CyberMiami, a one-day technology conference that featured cybersecurity experts from business, education and intelligence fields. This conference, which took place at MDC’s Wolfson Campus in Downtown Miami, connected the business ecosystem of the Latin American market with top entrepreneurs from the U.S. and Israel where, according to a press release, there are currently more than 400 cybersecurity companies in operation.”
This State Is Becoming America’s Factory for Cybersecurity Legislation
“New data shows that the Texas’ federal representatives have introduced the lion’s share of cybersecurity legislation in this Congress. The 114th Congress’ lead man on cybersecurity legislation is Rep. Michael McCaul, R-Texas. The boisterous Dallas native, known for his leadership as chairman of the House Homeland Security Committee, has helped introduce a total of 17 cybersecurity-focused bills since 2015, more than any other legislator. Of the 17 bills introduced — excluding resolutions and amendments — five have yet to be enacted and 12 are cosponsored by McCaul.”
NSA Official Calls For New Federal Cyber Structure
“The three-way split of U.S. cyber defense responsibilities between the National Security Agency, Department of Homeland Security and the FBI isn’t working and the new president should consider uniting elements of the three departments into a single cyberdefense agency, a senior NSA official said. “I’m now firmly convinced that we need to rethink how we do cyber defense as a nation, possibly even going so far as that we unite pieces of those three organizations into one organization that does it on behalf of the whole government,” said Curtis Dukes, the NSA’s deputy national manager for national security systems.”
Israel
How Israel Became A Hub for Surveillance Technology
“In 1948, the year Israel was founded, the Mer Group was established as a metal workshop. Today it’s a much different company. It operates a dozen subsidiaries and employs 1,200 people in over 40 countries, selling wireless infrastructure, software for public transit ticketing systems, wastewater treatment, and more. But at the ISDEF Expo, an event held last June to show off Israeli technology to potential buyers from foreign security forces, the Mer Group’s representatives were only promoting one thing: surveillance products sold by the company’s security division.”
UK
Michael Fallon: Britain Using Cyber Warfare Against IS
“At a conference in London, Sir Michael Fallon confirmed the Britain was, for the first time, conducting what he called “offensive cyber” against IS. He refused to give any further details. Mosul has been in the hands of IS, also referred to as Daesh, since 2014 and is the militants’ last major Iraqi stronghold.
When asked if the UK was launching cyber attacks in the bid to take the northern Iraqi city from IS, Sir Michael said: “I’m not going into operational specifics, but yes, you know we are conducting military operations against Daesh as part of the international coalition, and I can confirm that we are using offensive cyber for the first time in this campaign.”
UK’s New Cyber Security Centre to Debunk Scare Tactics and Lead By Example
“The UK government has had enough of clichéd cyber dementor imagery, scary-sounding industry rhetoric and impossible security advice that the average consumer has no hope of following. And it’s hoping that by taking a less hyperbolic, data-driven approach to tackling cyber security it can encourage industry to follow suit and focus on persistent and prolific security problems — with the overarching aim of reducing harm at scale and boosting consumer trust in the digital economy.”
Facing the UK Cyber Security Threat
“A recent report released by the Financial Fraud Action (FFA UK) showed more than one million incidents of financial fraud occurred in the first six months of 2016. That is an alarming 53 percent increase compared to the same period last year. On top of this dramatic growth in financial fraud, new EU legislation, which comes into effect in 2018, could result in substantial fines and penalties for businesses that experience cyber-security breaches. In the UK alone, this could add up to a whopping £122 billion pounds in regulatory penalties for these breaches.”
Cybersecurity Fines of Up to £122bn Could Be Levied on UK Firms in 2018
“Businesses across the UK could face up to £122bn in cybersecurity fines for breaches when the new EU legislation comes into effect in 2018. Last year, 90 per cent of large organisations and 74 per cent of SMEs reported suffering a security breach, according to a government survey. It resulted in an estimated total of £1.4bn in regulatory fines.”
UK to Invest a Further £265m in Cyber Security:Video
“Defence Secretary Michael Fallon has announced that the UK will be investing a further 265 million pounds to combat combat cyber crime.”
Baltics/Estonia
Estonia Supports Cybersecurity Initiatives in the Americas
“The Estonian ministry of foreign affairs has allocated €100,000 to support cybersecurity initiatives of the Organisation of American States (OAS), an entity that brings together 35 countries in North and South America. The money, which comes from the development cooperation and humanitarian aid fund, helps continue the collaboration between the OAS and Estonia in developing the cybersecurity of the American continents’ developing countries, according to the Estonian foreign minister, Jürgen Ligi.”
Netherlands
State Signs Agreement with Netherlands for Cyberscurity Company Exchange
“The Maryland Department of Commerce recently signed a Memorandum of Understanding with two economic development agencies in The Netherlands to launch a cyber and security technologies “soft landing” program. The new three-year agreement establishes a program where about three to five cybersecurity companies from Maryland can set up temporary or “soft landing” operations in the Netherlands, and vice-versa, for free. ”
Slovakia
Slovak Finance Ministry Drafts Country’s First Cyber-Security Law
“Slovakia’s Ministry of Finance is currently drafting the country’s first cyber-security law, according to Slovak deputy prime minister for investments and information Peter Pellegrini. “Right now, in cooperation with the National Security Authority, we are finalising works on a new law on cyber-security,” Pellegrini told local news site Tablet.tv. “One thing is to protect banks’ data assets and medical records, but we must also talk about how the country will respond if a cyber-attack is performed on its grids or water supply systems.”
China
Chinese Hackers Targeted US Aircraft Carrier
“Chinese hackers targeted foreign government personnel who visited a US aircraft carrier the day before a contentious international court ruling on the South China Sea, according to a US cyber security company. The China-based group created an infected document impersonating an official message addressed to officials visiting the USS Ronald Reagan, a nuclear-powered aircraft carrier which conducted patrols of the South China Sea in July. ”
EU
How Europe Can Fight Cyber Attacks (And Win)
“As the U.S. presidential campaign enters its home stretch, the issue of cyber security is front-and- center. Rarely a day goes by when a new report of a corporate or government breach fails to make headlines. Across Europe on the other hand, news of major cyber attacks, particularly against European companies, are rarely found on the front pages of Le Monde, Der Spiegel or La Repubblica. Have European institutions done a better job of safeguarding against attacks than their American counterparts? Has Europe just been exceptionally lucky?”
Insurance
“In one of the biggest banking security breaches in the country, it has come to light that nearly 3.2 million debit cards had been put at risk of fraudlent transactions after cyber criminal, who are assumed to be operating out of China, sole customer data from Indian ATMs. While Indian banks have been busy assuring customers that their accounts are safe and that their systems are secure from attacks by cyber criminals, what additonal protection can banks and their customers have against possible losses arising out of such breach?”
Features
National Guard Uniquely Positioned to Contribute in Cyber Realm
“The civilian-acquired skills of its members enable the National Guard to make unique contributions in the cyber realm, Air Force Gen. Joseph Lengyel said here today.”
”Guard members work in the technology sector in their civilian capacity and can be found in companies ranging from startups to Google and Microsoft, the chief of the National Guard Bureau told audience members at the North American International Cyber Summit 2016.”
“Those civilian-acquired skills give Guard members a unique ability to contribute in their military roles. And it’s a two-way street, Lengyel said: ” ‘We provide employers the military training and experience our Guardsmen take back to their civilian positions.”
Ecuador Cuts Internet of Julian Assange, WikiLeaks’ Founder
“Ecuador said Tuesday that it had cut off Julian Assange’s access to the internet in his exile in the country’s London embassy, making clear that it feared being sucked into an effort to “interfere in electoral processes” in the United States by the activities of the WikiLeaks founder. Ecuador said that it was not evicting Mr. Assange from its embassy, where he sought asylum four years ago. It said that its “temporary restriction” of internet services to Mr. Assange “does not prevent the WikiLeaks organization from carrying out its journalistic activities.”