ICD Brief 21.
05.12.2016. – 11.12.2016.
This weekly International Cybersecurity Dialogue Brief is our pro bono contribution to you. We focus on a world testing roles, frameworks and new working partnerships to gain a measure of its scale and direction. It is an after action of our roundtable at the National Press Club with Dr. Gabi Siboni, The Institute of National Security Studies (INSS), Tel Aviv University.
“President Obama has ordered the nation’s intelligence agencies to conduct a full review of attempts by foreign hackers to influence U.S. elections — and he wants a report before he leaves office on Jan. 20. The review will look back to the past three presidential elections, and look for evidence of hacking beyond the already disclosed hacks of Democratic campaign emails that intelligence officials have attributed to Russia.”
“The Senate on Thursday passed a final defense bill that will elevate the U.S. military cyber unit to a full combatant command.
Currently, Cyber Command is under the authority of U.S. Strategic Command, although it shares an address — and resources — with the National Security Agency (NSA). The legislation will spin it out into its own fully fledged war-fighting unit.
But despite the overwhelming 92-7 vote to send the wide-ranging National Defense Authorization Act (NDAA) to Obama’s desk, it’s unclear if the president will sign it.”
Banks would be able to hide, move or encrypt their internal IT systems, network traffic and data to hide them from hackers and cybercriminals if technology the Department of Homeland Security is seeking from Silicon Valley startups comes to fruition.
“The White House said on Thursday that it raised concerns about China’s new cyber security law during a meeting with a Chinese official after the latest round of talks between the two countries on cyber crime. U.S. National Security Adviser Susan Rice met with Chinese State Councilor Guo Shengkun to discuss the importance “of fully adhering” to an anti-hacking accord signed last year between the China and the United States, National Security Council spokesman Ned Price said.”
“House Homeland Security Committee Chairman Michael McCaul announced plans Wednesday to push for the creation of a new federal agency during the Trump administration that would consolidate the government’s disjoined cybersecurity efforts. He said the eventual launch of such an agency will be one of his highest priorities in 2017.”
“Georgia’s secretary of state has claimed the Department of Homeland Security tried to breach his office’s firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation. Brian Kemp issued a letter to Johnson on Thursday after the state’s third-party cybersecurity provider detected an IP address from the agency’s Southwest D.C. office trying to penetrate the state’s firewall. According to the letter, the attempt was unsuccessful. ”
“The Obama Administration has recommended that incoming President Donald Trump execute a comprehensive cybersecurity strategy, including the training of 100,000 white hats. A special Commission has delivered a report outlining cybersecurity as one of the greatest challenges that the US faces – as reflected in President Obama’s 2017 budget, which calls for a more than 35% increase in federal cybersecurity resources. ”
“China’s top security official has informed Washington that Beijing is looking forward to working with the Trump administration on cybersecurity, a delicate and thorny issue in China-US ties, state media reported. The olive branch was extended in Washington on Wednesday by Guo Shengkun, a State Councillor and China’s public security minister, when he was meeting US Secretary of Homeland Security Jeh Johnson and Attorney General Loretta Lynch for the third round of cybercrime talks, a dialogue agreed by President Xi Jinping and US President Barrack Obama in September last year.”
“For centuries, an essential part of statecraft has been keeping sensitive information away from prying eyes. Though the type and quantity of information have changed as nations and their citizens enter the digital age, the desire to manage information remains. Starkly different visions for the regulation and flow of data are taking shape as the world shifts into the digital economy and grapples with governing data usage. Though the debate within and between countries is ongoing, no country is set to have a greater impact on data policy than China, home to the world’s largest number of netizens at 712 million.”
“Europe should work closer together to ensure it is able to respond to modern cyber-security threats, says Jyrki Katainen (NCP), a Vice-President at the European Commission.
Cyber-security is a greater challenge than ever, Jyrki Katainen (NCP), the European Commission’s Vice-President for Jobs, Growth, Investment and Competitiveness, stated during a lunch event organised by the Finnish Association of Political Journalists on Monday.”
“The need for cyber security is increasingly apparent for European businesses. Cyber-attacks, ranging from targeted viruses to personal data breaches, are both frequent and severe. According to Lloyds of London, as many as nine out of ten big European businesses were hit by a significant cyber-attack in the last year. However, an alarming amount of European firms is still complacent about cyber security.”
“ThyssenKrupp, Germany’s largest steel producer, has revealed that it had project data stolen earlier this year in a professional cyber attack that most likely originated in Southeast Asia. On Thursday, the group said it was “not clear yet” what had been stolen and it could provide “no reliable estimation as to the damage”. But it confirmed that fragments of data were stolen, including data from an operating engineering company. ”
“A top German security chief warned Thursday that Russia could tamper with Germany’s general elections next year, saying the eastern power is threatening politicians and voting systems with cyberattacks and cyberespionage. “Aggressive and increased cyber spying and cyber operations” are a growing risk to “German government officials, members of parliament and employees of democratic parties,” said Hans-Georg Maassen, head of the German Federal Office for the Protection of the Constitution, a domestic security agency.”
“While India is still not asking the questions we should about these hacks and how we are reacting to them as a society, there is a bigger question lurking in the background. Coming at a time when our Prime Minister has set in motion the biggest push towards digital transactions and as a result digitisation and internet adoption, it is scary that we as a society are happy to live with a constant threat to our digital security.”
“The impacts of hacking are clearly visible. Recent increase in hacking events, from phishing attacks on 26 Indian banks to Rahul Gandhi’s twitter account being hacked. An increasing number of Indians are going digital and doing transactions online, and these hacking incidents expose the country’s cyber security vulnerabilities. There has been a surge of about 350% of cybercrime cases registered under the Information Technology (IT) Act, 2000 from the year of 2011 to 2014. As more Indians embrace online banking, criminals are following them online. Another trend is the increasing no. of attacks designed for mobiles
In view of the above, Central government has come out with National Cyber Security Policy, to protect the nation and its citizens from cyber threats. “
“In a bid to bolster ties between India and Israel in the field of Science and Technology, Ofir Akunis, Israel Minister of Science, Space and Technology is on a four-day visit to India. ET’s Nilesh Christopher caught up with him on the side-lines of Carnegie India, Global Technology Summit 2016 and spoke about the joint ventures between the two countries in the area of startups, space, defence and talent exchange.”
“NATO Defence Ministers are meeting in Brussels to discuss key security challenges. Today, 6 December they endorsed over 40 proposals in 7 areas of cooperation: Countering hybrid threats, operational cooperation including maritime issues; cybersecurity and defence, defence capabilities, parallel and coordinated exercises and defence and security capacity-building.”
“The North Atlantic Treaty Organization (NATO), the largest military alliance in the world, organised its largest cyber defence exercise in Estonia.
Named Cyber Coalition 2016, the three-day event in the first days of December attracted more than 700 cyber defenders and legal experts, government officials and military officers, academics and industry representatives, participating from dozens of locations across the alliance and partner nations. Cyber defence staff from the European Union took part as well – as did representatives from partner countries of Algeria, Austria, Finland, Ireland, Japan, Sweden and Switzerland.”
“The Polish Ministry of Digitisation has organised a meeting with representatives of the private sector, public administration, educational organisations and NGOs to prepare a scope of work for the Cybersecurity Forum. Its roles will be to prepare concrete solutions in areas such as security of industry automation systems, development and operation of the National Cybersecurity Centre, cybersecurity in public sector, and cyber education.”
“Russian President Vladimir Putin has approved a new information security doctrine amid cyberespionage attack fears, which were sparked by the recent cyberattacks on major Russian banks. The new doctrine, which reportedly has already come into effect, is aimed at “strategic restraint and prevention of military conflicts” and at “modernising” the security systems. The doctrine document also warns of a rise in targeted cyberattacks against Russian organisations, including government agencies, military services and scientific, Russian-state media RT reported.”
“Russia’s telecom operator on Friday said it had blocked a series of cyberattacks on the country’s leading banks this week, the latest to target Moscow’s financial sector. Rostelecom said in a statement it “successfully thwarted DDoS [distributed denial of service] on the five biggest banks and financial organisations in Russia” on Monday.”
“Global confidence in the ability to accurately assess cyber risk has fallen in the past year, but the UK has fallen below the global average. The UK falls below the global confidence in the ability to accurately assess cyber risk, which has dropped 12 percentage points over 2016, a survey has revealed.”
“Nearly 1 in 4 investors say they made an investment decision in the last year based on a company’s cybersecurity, and a majority blame management, not hackers when a data breach occurs. Those findings are among the takeaways from the Brunswick Group’s third annual data valuation survey of more than 200 investors and analysts worldwide.”