ICD Brief 25.
09.01.2017. – 15.01.2017.
Welcome. Our ICD Brief: Towards Realistic Cyber Partnerships is an after action of our National Press Club roundtable with Dr. Gabi Siboni, The Institute of National Security Studies (INSS), Tel Aviv University. We feature his just released essay “The First Cognitive War” under separate copy after this edition.
In our 25th week, The ICD Brief remains pro bono and personal. You, our readers live in over 40 countries and 62% have read the Brief in the past four weeks. Here’s a sampling of this edition’s headlines followed by the full edition.
USA
Trump Picks Giuliani to Assemble Cyber Security Meetings with Executives
“U.S. President-elect Donald Trump plans to meet with corporate executives who have faced cyber security challenges in a series of meetings arranged by former New York Mayor Rudy Giuliani, his transition team said in a statement. Giuliani, a former Trump campaign adviser who runs a cyber security consulting business, will facilitate the meetings but “no consensus advice or recommendations resulting from group deliberations or interaction is expected or will be solicited.””
India and the United States Sign MoU for Cooperation in Cyber Security
“India and the USA have signed a Memorandum of Understanding (MoU) between the Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology and the Department of Homeland Security, for cooperation in the field of cyber security.”
Google, Microsoft, Tencent Point Out Latest Code Execution Bugs to Hit Adobe Flash
“Another year, and with it another bunch of code-execution vulnerabilities within Flash announced by Adobe in a security advisory. The vulnerabilities run the gamut of operating systems that Flash is able to run on — Windows, macOS, Linux, and Chrome OS — with users urged to update to a version of Flash later than 24.0.0.186. Of the details given by Adobe on the issues, the company said it resolved three use-after-free bugs, four heap buffer overflows, and five memory corruption issues — all of which could lead to code execution.”
Hackers Target Schools By Mimicking Department of Education
“ Following the news that hackers are sending ransomware-infected emails directly, to head teachers after posing as officials from the Department of Education. The cyber criminals have been gaining email addresses by calling schools and offering exam guidance or mental health assessments. The ransom is believed to be up to £8,000. Fraser Kyne, EMEA CTO at Bromium commented below.”
US Warns of Unusual Cybersecurity Flaw in Heart Devices
“The Homeland Security Department warned Tuesday about an unusual cybersecurity flaw for one manufacturer’s implantable heart devices that it said could allow hackers to remotely take control of a person’s defibrillator or pacemaker. Information on the security flaw, identified by researchers at MedSec Holdings in reports months ago, was only formally made public after the manufacturer, St. Jude Medical, made a software repair available Monday. MedSec is a cybersecurity research company that focuses on the health-care industry.”
Board of Directors, Managers at Center of Cybersecurity Handbook for Industry
“The server room might be an obvious choice for a starting point when it comes to protecting your company’s cyber networks, but the National Association of Corporate Directors says the best place to begin is in the board room. The newest edition of the NACD’s Cyber-Risk Oversight handbook, released Jan. 12, advises private sector managers and boards of directors to “strike the appropriate balance between protecting the security of the organization and mitigating downside losses, while continuing to ensure profitability and growth in a competitive environment.””
DHS, Justice Officials Expect Continuity on Cyber Policy in Trump Administration
“The incoming Trump administration is expected to continue core elements of the government’s cybersecurity programs for protecting critical operations and enforcing against cyber aggressors, according officials at the departments of Homeland Security and Justice – the two lead agencies for protecting industry from attacks. “We have had no indications” from the Trump transition team that DHS efforts on cybersecurity will be “truncated,” and DHS remains poised to be “full participants” in working with businesses to protect customer and other sensitive…”
DHS Should Have a Cybersecurity Unit, Says Panel Chairman
“The chairman of the U.S. House Committee on Homeland Security said Wednesday his top priority in 2017 will be to push for creation of a cybersecurity agency within the Department of Homeland Security. “DHS needs focus and resources, and they are doing a decent job, but could be doing a lot better with the help of Congress,” said U.S. Rep. Michael McCaul (R-Texas) in comments to reporters at the National Press Club. “It’s not a Republican or Democratic issue.””
Australia
Cyber Security Takes Centre Stage at the CISO Leaders Summit 2017 in Melbourne
“In just 12 months to the end of June last year, the Australian Cyber Security Centre (CERT) responded to nearly 15,000 security incidents affecting Australian businesses The 14.804 attacks on businesses in the private sector over the 12 months were reported by CERT along with 1095 cyber security incidents on government systems over the period, all of which were considered serious enough to warrant operational responses by CERT It’s against this backdrop that cyber security will be on the agenda for discussion and debate at the 2nd annual CISO Leaders Summit at Melbourne’s Etihad Stadium on 16 February.”
Baltics/Estonia
Latvians Less Concerned About Cyber Security than People in Other EU Member States
“People in Latvia are less concerned about the safety of their personal information on the Internet compared to citizens in other EU member states, according to the latest Eurobarometer survey.In Latvia, 57 percent of respondents said it was important that personal information (such as their pictures, contact lists, etc.) on their computer, smartphone or tablet could only be accessed with their permission, as compared to 78 percent in the EU.”
China
How Businesses Should Prepare for China’s New Cyber Security Law
“The Cyber Security Law is China’s first comprehensive regime on cyber security and it will impact all companies operating in China. The new law is substantially consistent with the drafts; an in-depth review of the second draft can be found here. However, there are two changes since the second draft that merit attention. Changes to the definition of “Key Infrastructures” and enhanced penalties to operators infringing personal data obligations. How should businesses prepare for this?”
China’s Cybersecurity Law and Employee Personal Information
“Article 35 of the law states that “personal information and other important data gathered or produced by critical information infrastructure network operators during operations within the mainland territory of the People’s Republic of China, shall store it within mainland China.” People keep asking what this will mean for them.”
EU
EU Suffers Jump in Aggressive Cyber Attacks
“Brussels has seen a sharp rise in “more and more dangerous” cyber attacks on EU servers in the past year, as anxiety increases about potential Russian meddling in European politics. There were 110 separate attempts to hack the European Commission’s servers in 2016, a 20 per cent rise on the year before, according to people close to the situation. Brussels revealed a large-scale cyber attack last November.”
India
Digital India Needs to Be Cybersecurity Ready by Pukhraj Singh
“Sometime ago, I assisted Melissa Hathaway, who was a cybersecurity advisor to Obama and Bush, in preparing a Cyber Readiness Index for India. The report, which would soon be released to the public, undertakes the complex job of calculating the resiliency of Indian cyberspace, that should now be seen as an extension of its sovereign territory. It states that India faces a herculean task of improving upon all markers of its cyber health like national strategy, incident response, e-crime and law enforcement, information sharing, investment in R&D, diplomacy and trade, and defence crisis and response.”
Israel
Israel Shakes Up Its Cyber Security Amid an Evolving Threat
“Israel is reorganizing its cyber defense, with Israel Defense Forces (IDF) looking to refocus its efforts against an ever-changing threat. In recent years, numerous events have taken place within the strategic environment of the State of Israel, leading to changes in the nature of threats. While conventional threats are on the decline, an increase has been detected in unconventional threats, one of them being in the sphere of cyber security. Experts predict that in the future, 40 percent of warfare will take place online. Combating this threat demands a new approach.”
Microsoft, Qualcomm Back Israel’s Team8 Cybersecurity Firm
“The venture arms of Microsoft (MSFT.O) and Qualcomm (QCOM.O) have invested in Team8, an Israeli creator of cybersecurity start-ups, as big multinational companies get behind Israel’s burgeoning cyber industry in the face of growing threats. Team8, which also announced on Monday a strategic partnership with Citi (C.N) to help develop its products, said the most recent investment brings its total raised to more than $92 million.”
Netherlands
Dutch parliament Pressing Election Safety, Cyber Defense Issues
“With the parliamentary elections coming up in March, and warnings from American security experts that the Netherlands may be targeted by Russian hackers, Dutch parliament is focused on fixing cyber defense issues and increasing cyber security. This week the national cyber security center held a meeting for the political parties’ IT employees, according to newspaper Trouw. At this meeting the employees received advice on how to prevent hackers getting into computer systems and other forms of data breaches. ”
UK
UK Intelligence Agency Picks Start-Ups for Cyber Security Accelerator
“Seven cyber security start-ups have been chosen to join the new GCHQ Cyber Accelerator, it has been announced. The accelerator is a partnership between GCHQ (Government Communications Headquarters, one of the UK’s three intelligence agencies), the Department of Culture, Media and Sport, and tech fund Wayra UK.”
London NHS hospital trust hit by cyber-attack
“John Bambenek, a threat intelligence manager at the firm Fidelis Cybersecurity, said: “The trouble is that local authorities and governments aren’t very prepared and they have extremely valuable information that simply can’t be lost, so they’re a tempting target for cybercriminals.’” “‘Cyber defence is essential, but it’s no longer enough; organisations of all sizes need to invest in detecting threats as well. Only then will cyber criminals be caught early enough to expel them from the network before serious damage is done.’”
UK Cyber-Security Inquiry to launch Following US Election Hacks
“The UK government will be launching a national inquiry on cyber-security to assess the extent to which Britain is protected from the growth in attacks worldwide. The inquiry comes two days after US intelligence agencies claimed Russian president Vladimir Putin ordered an effort to help US president-elect Donald Trump’s electoral chances in the US 2016 presidential election.”
Featured
How America Can Beat Russia in Cyber War, Despite Trump
PW Singer
“This is not the kind of cyber war imagined in the past, with power grids going down in fiery cyber Pearl Harbors. Instead, it is a competition more akin to the Cold War’s pre-digital battles that crossed influence operations with espionage. Now, just as then, there is a need for deterrence, both to defend the nation as well as keep an ongoing conflict from escalating into physical damage and destruction.”