ICD Brief 33.
06.03.2017. –12.03.2017.
Welcome. This week, we see collaboration and cooperation becoming a growth industry at the national and international level in the US, Australia, Canada, China, EU, India, Israel, NATO and the UK Context and expectations emerge from the work of creating new norms, laws, standards and contingencies. Guiliani presents his cyber concept and UK’s Pool Re Terrorism reinsurer plans to include cyber.
Dan Lohrmann’s stunning report: Smart Grid Security: Is Trouble Coming? is this week’s feature.
USA
FBI Director Addresses Cyber Security Gathering
“Director James Comey delivered a keynote address at the inaugural Boston Conference on Cyber Security, touching on the current cyber threat landscape, what the FBI is doing to stay ahead of the threat, and the importance of strong private sector partnerships. The conference, a partnership between the FBI and Boston College’s Cybersecurity Policy and Governance master’s degree program, also features additional expert speakers and panelists who will be covering such areas as emerging technologies, operations and enforcement, along with real-life cyber and national security experiences focusing on risk, compliance, policy, threat trends, preparedness, and defensive strategies.”
Giuliani talks security, Trump at cybersecurity conference
“Former New York City Mayor Rudy Giuliani brought a marker to a cybersecurity conference Tuesday. The occasional advisor to President Trump had a few things to say to attendees of the V4 Cybersecurity Conference, and he needed a visual aid to get those points across.”
Bipartisan Bill Would Let DHS Team with Consortiums on Cybersecurity
“Rep. Joaquin Castro (D-Texas) and Sen. John Cornyn (R-Texas) reintroduced legislation Thursday to allow the Department of Homeland Security to work with non-profit consortiums to aid local cybersecurity efforts. The National Cybersecurity Preparedness Consortium Act would allow the DHS to use consortia to help train local law enforcement and other government, develop information sharing programs and plan local cybersecurity strategies. ”
DHS Private Sector Cooperation Necessary for Success of Nation’s Cybersecurity Efforts
“More work needs to be done to strengthen the alliance between the private sector and the U.S. Department of Homeland Security in combating cyber attacks, private stakeholders testified at a House Homeland Security subcommittee hearing Wednesday.”
Industry Calls for More Cyber Threat Context from DHS
“The Department of Homeland Security is not providing enough context around the cyber threat indicators it shares with the private sector for firms to use the data effectively, industry leaders say. “The sharing of individual indicators of compromise without context leaves practitioners asking more questions than having them answered,” Intel Security Group vice president Scott Montgomery said at a March 9 hearing of the Cybersecurity and Infrastructure Protection Subcommittee of the House Homeland Security Committee.”
J.P. Morgan, Microsoft, Accenture form new blockchain alliance
“More than 28 major corporations have united to form the Enterprise Ethereum Alliance, a collective aiming to pave the way towards a future in which blockchain-based systems can be used more easily by large firms.”
DHS Finalizing Best Practices for Notifying Victims of Major Cyber Breaches
“The Homeland Security Department is finalizing best practices that agencies, state and local governments and other organizations involved in a cyber breach can use to notify victims. The guidance lends suggestions on the decision-making process for notifying impacted individuals, preparing and delivering notices, concerns about “over-notifying” and additional support for victims.”
AUSTRALIA
BlackBerry Think Tank Report Delves Into Australia’s State of Security
“A new think tank report by BlackBerry says that Australia’s cyber risk is changing all the way down to infrastructure and even to the people behind it. With digital attacks increasing and the potential price tag reaching around $2 billion per year, the report aimed to find out the varied challenges we face in the future and how to develop better risk management strategies.
The report, titled ’Is your organisation ready for a crisis? The future of security in Australia’, drew on opinions from Australia’s top executives, including Former US Ambassador to Australia; Jeffrey Bleich, John Durbridge, head of campus security at Macquarie University; Jetstar CIO Claudine Ogilvie, Craig Davies, CEO of Australian Cybersecurity Growth Network; and Rex Stevenson, former Director General for the Australian Secret Intelligence Service.”
CANADA
Human Rights, Cyber Security to Be Part of Canada- China Free Trade Consultations
“The federal government wants Canadians to air their concerns about China’s human rights record as part of broad consultations on a possible free trade deal. Business leaders are also being asked to weigh in on a major cybersecurity issue: how to minimize the possibility of the Communist government prying into their commercial dealings in China. The Liberal government served notice in recent days that it wants to hear from a broad range of Canadians on the proposed free trade deal.”
CHINA
China Seeking International Law for State Control of Internet
“China is seeking an international agreement to enhance state control over the internet in order to fight cyberattacks and cyberterrorism. Beijing wants to extend the existing idea of sovereignty over land and sea to cyberspace. Beijing has released its first white paper discussing how it will persuade different countries to join together in an international partnership. The idea is to enhance the power of individual governments over cyberspace and reduce the role of the private sector.”
EU
EU Internet Forum: Progress on Removal of Terrorist Content Online
“Today, Commissioner for Migration, Home Affairs and Citizenship Dimitris Avramopoulos, accompanied by the Maltese Minister for Home Affairs and National Security, Mr Carmelo Abela representing the Presidency of the Council of the EU, and the Estonian Minister of the Interior, Mr Andres Anvelt, representing the incoming Presidency of the Council of the EU, as well as the EU Counter-Terrorism Coordinator, Mr Gilles de Kerchove, are meeting key internet companies in the United States, in San Francisco and Silicon Valley. The visit was organised to follow up on the second meeting of the EU Internet Forum in December 2016 and to take forward actions agreed for 2017.”
INDIA
India Open for Widest Cyber Security Collaboration
“The government is open for international collaboration in the field of cyber security and favours handling issue of cyber terrorism in cooperation with other countries, IT Minister Ravi Shankar Prasad said today. “India is willing to have the widest cooperation world over in the quest of cyber security,” Prasad said at international conference on e-governance, ICEGOV.”
Coimbatore Gets India’s First Cybersecurity Startup Hub
“The Amrita Technology Business Incubator (TBI) and the Amrita Center for Cyber Security Systems and Networks (CCSN) have come together to set up India’s first startup hub exclusively on cybersecurity. The initiative will bring together research, funding and industry on the same platform, officials of the institution said.”
ISRAEL
Israel – UK Cyber-Security Lessons – Shared Concerns, Shared Responses
“Unit 8200 is the largest unit in the Israel Defence Forces, comprising several thousand soldiers responsible for collecting signal intelligence (SIGINT) and code decryption. Conscripts with an aptitude for cyber-security, often identified while still at school, provide a constant refresh of new talent, with 25 percent annual turnover. Many of its alumni have gone on to be highly successful cyber-security entrepreneurs – including some of those who gathered at the Israel-UK Ambassadors roundtable at the Royal Society last week, held under the auspices of the Anglo-Israel Association.”
Israeli Cybersecurity Company Highlights Potential of Women in Tech
“Israeli cybersecurity company EverCompliant employs about twice as many women as the average tech company. Its secret? Choose the best candidate, said company founder and CEO Ron Teicher. “It’s not a deliberate decision, it just happened. We’ve had people coming and interviewing and in most cases the lady candidate was better,” Teicher said. “As a father to two daughters I’m very, very proud of it.”
New Cooperation Agreement in the Cybersecurity Field
“A new cooperation agreement in the cybersecurity for organizations field offers an efficient response to the growing information security challenges. The cybersecurity company Experis Cyber signed a cooperation agreement with IBM, to integrate IBM’s Security Intelligence platform QRadar into the array of monitoring and control (SIEM/SOC) services of Experis Cyber.”
NATO
British Defense Officials Call for More Cooperation Between NATO, EU on Cyber
“Officials with Britain’s Defense Ministry on Monday called for greater cooperation on cybersecurity between NATO and the European Union. The demands come in the wake of Britain’s vote to leave the EU, which British Defense Secretary Michael Fallon indicated Monday would not affect Britain’s security cooperation with other European nations.”
UK
The Retail Industry Steps Up The Fight Against Cyber-Threats
“The British Retail Consortium (BRC) has today launched a cyber-security “toolkit” that will provide retail businesses of all sizes with a practical, step-by-step guide to prevent and manage cyber-security threats and protect the customers they serve. The BRC Cyber Security Toolkit, launched in London today by the BRC and Home Office Minister Sarah Newton MP, aims to provide retailers with practical guidance to ensure they have the appropriate preventative and response measures in place to reduce their vulnerabilities and to protect both themselves and their customers.”
UK political parties at risk from Russian cyber-attacks, GCHQ warns
“The Government Communications Headquarters (GCHQ) has warned the leaders of Britain’s political parties of the threat Russian hacking poses to democracy. An emergency summit has been called to educate politicians on the cyber-security threat to the next election, after Kremlin spies were accused of carrying out cyber-attacks to tamper with elections in the US and Germany. “
CYBER INSURANCE
UK’s Terrorism Reinsurer, Pool Re, Plans to Extend Cover to Include Cyber
“Britain’s 6 billion pounds ($7.3 billion) terrorism reinsurance fund hopes to extend its cover to include cyber attacks on property, chief executive Julian Enoizi said.
Pool Re, set up in 1993, acts as a backstop to insurers paying out claims on property damage and business interruption.”
A third of organisations are still paying cyber ransoms as attacks keep on growing
A new survey by CyberEdge has found that 61% of organisations have been hit by a ransomware attack and despite many security companies warning not to pay ransom, 33% are still forking out the money. 13% refused to pay and lost their data.
The 2017 Cyberthreat Defense Report found that network breaches are rising, employees are the biggest security risk and malware just keeps on growing.
FEATURE
Smart Grid Security: Is Trouble Coming?
Dan Lohrmann, Chief Strategist & Chief Security Officer at Security Mentor, Inc.
“The U.S. Department of Energy released an alarming report in January 2017, saying that the U.S. electric grid is in imminent danger from a cyberattack. So where have we been, where are we now, and where are we going regarding smart grid security?”
“In the department’s landmark Quadrennial Energy Review, it warned that a widespread power outage caused by a cyberattack could undermine ‘critical defense infrastructure’ as well as much of the economy and place at risk the health and safety of millions of citizens. The report comes amid increased concern over cybersecurity risks as U.S. intelligence agencies say Russian hacking was aimed at influencing the 2016 presidential election.”