ICD Brief 34.
Elections and cyber threats from hacking, crime and espionage dominate updates from the US, Australia, Estonia, China, the EU, France, Germany, India, Poland, Singapore and the UK this week.
We feature CyberScoop’s 2017 Top Women in Cybersecurity; the 2017 Global Information Security Workforce Study: Women in Cybersecurity as well as a look at Europe’s gender pay gap and low percentage of the cyber security workforce.
“Donald Trump’s first federal budget puts forward US $1.5 billion (£1.2 billion) for cyber-security to protect the federal government and US critical infrastructure. The sum is to be allotted to the Department of Homeland Security (DHS), the cabinet-level department of the United States government with responsibility for public security.”
“Four people, including two Russian intelligence officers, have been charged in a Yahoo hacking attack that compromised the personal information of hundreds of millions of consumers, the Justice Department said Wednesday. Federal prosecutors alleged the suspects hacked into Yahoo systems to “steal information from about 500 million accounts and then used some of that stolen information to obtain unauthorized access to the contents of accounts at Yahoo, Google and other webmail providers.””
“Starting in 2017, Threat Sketch will begin receiving real-time cybersecurity intelligence information from the Department of Homeland Security that will complement and greatly expand the cyber crime statistics used to drive the flagship product, the Threat Sketch Risk Assessment. “Joining this program is a significant step in our mission to put big-company tools, data, and expertise into the hands of millions of small businesses across the country,” said Rob Arnold, founder and CEO of Threat Sketch.”
“NEC Corporation (TSE: 6701) and Infosec Corporation, a specialized security company belonging to the NEC Group, today announced the establishment of Infosec America, Inc. as a Security Operations Center (SOC) in Santa Clara, California, USA. The new company is a wholly owned subsidiary of Infosec Corporation. Operation of this new SOC is slated to begin in April 2017.”
“The Wednesday’s indictment of Russian hackers, including from Russia’s Federal Security Service, over cyberthefts against Yahoo and the continuing controversy around cyberattacks by Russia against the Democratic National Committee have highlighted the challenge of internet vulnerability. In France, too, the campaign of the leading independent candidate is subject to extensive cyber intrusions. In Germany, the parliament has been attacked and the intelligence services have warned of potential impacts on the upcoming election. The problem is hardly limited to government: Last year, cyberattacks disrupted service for Twitter, Spotify, CNN, Yelp, Amazon, Netflix, The New York Times, PayPal and others. These attacks succeeded by focusing on a key internet infrastructure provider, but their breadth underscored what prior intrusions into the Office of Personnel Management, Yahoo and Target, as well as similar attacks in Europe on France’s TV5, the telephone systems of Poland and Norway and Ukraine’s electric grid had already shown: The threat to the internet is serious and escalating.”
“Governments and corporations alike must escalate the treatment of cybersecurity to the point where it is handled with the same severity as any other risk, speakers at this month’s Cisco Live! conference agreed as security and IT administrators gathered to weigh the progress of cybersecurity policy and technology.”
“Two major Government departments have been told to strengthen cyber security defences after an audit found they were vulnerable to attacks that could compromise sensitive information. The report found the Australian Taxation Office (ATO) and the immigration department had “insufficient protection against cyber security attacks from external sources”.”
“Estonia is one of the world leaders in cyber security and therefore its views are taken into consideration very seriously, former President Toomas Hendrik Ilves said in an interview with Eesti Paevaleht following hearings at the U.S. Congress. “Estonia is taken very seriously. Our experience is currently necessary to both Europe and the United States,” Ilves said. “Aggression in the information space transcends boundaries, attacks have occurred in Estonia, Germany, France as well as the United States, to name just a few countries. Estonia’s experience is here invaluable.””
“There is no national security without cybersecurity,” declared President Xi Jinping at the inaugural meeting of the Central Leading Group for Cybersecurity and Informatization in February 2014. His words acted as the starter’s gun for a cyberspace regulation marathon in China. Since then, Chinese authorities have tightened the state’s control over all things cyber: from social media and online publishing to IT business models and cloud data centers. The Chinese state is becoming ever more assertive in censoring the Internet, fighting cybercrime and proclaiming its Internet governance model in international forums.”
“TEISS is an information security conference, now in its 6th year. While the event itself was extremely informative across several dimensions, there were a few areas that stood out. Examining these areas in detail is useful because it can serve as a barometer for the professional discipline as a whole; meaning, understanding the themes and highlights from one individual event serves as a microcosm of the broader considerations and challenges that surround how people do their jobs.”
“French authorities are on high alert to head off a cyber-attack that could affect the result of the upcoming presidential election. Prime targets could be candidates’ websites and government networks. The threat was publicly recognised by president Francois Hollande, who accused Russia of trying to interfere in the campaign, ahead of the first round on 23 April and a run-off on 7 May.”
“German Chancellor Angela Merkel said on Tuesday protecting infrastructure from potential cyber attacks was a top priority and the federal government had to work together with localities on that. “Today we have a huge amount of possibilities to paralyze infrastructure from cyber attacks and it is… very very difficult. There are examples from Ukraine that are worrying. Therefore cyber security is of great, great importance,” she said.”
“Germany has raised its alert level against cyber attacks to “heightened readiness” ahead of parliamentary elections, saying government websites are already subjected to daily assault, newspaper Welt am Sonntag said. “We are noticing attacks against government networks on a daily basis,” Arne Schoenbohm, president of Germany’s Federal Office for Information Security (BSI), told the paper. BSI is in close contact with election officials, political parties and German Federal States to discuss how to guard against cyberattacks and stands ready to react to potential attacks ahead of the elections, Schoenbohm said.”
“India and Indonesia decided to enhance cooperation in cyber security and intelligence sharing on Tuesday. This was decided at a meeting between Minister of State for Home Kiren Rijiju and visiting Indonesian Minister for Security Gen Wiranto. “The bilateral meeting with Indonesian Minister for Security and Coordination was very fruitful. The meeting focused on cyber security and intelligence sharing,” Rijiju said.”
“Palo Alto Networks, the next-generation security company, is scheduled to host its first Cybersecurity Summit in Mumbai on Thursday, March 23, 2017. Palo Alto says that with various initiatives like Digital India and the recent demonetisation drive, the landscape is fast changing. Unfortunately, mounting a cyberattack has become cheaper and easier than ever before, and the data ever more valuable. Innovations in technology have improved our way of life and methods of doing business, but at the same time, have brought in a new challenge: more entry-points for cybercriminals.”
“The document identifies the measures and mechanisms that are to strengthen Poland’s cyber-security capabilities by 2022, and states that it is indispensable to create a dedicated fund which would serve to finance the development of cyber-defence capacities within the state budget. Currently, a number of projects related to cyber-security are financed from the budgets of separate ministries and state institutions.”
“Several Polish municipalities that have hosted U.S. troops under a planned NATO operation suffered cyber attacks in January, a senior government official told Reuters, saying it highlighted the need for Poland’s sharp increase in cyber-defense spending. Poland will spend about 1 billion zlotys ($250 million) a year on cyber security, several times the amount seen only a few years ago, following a trend in other NATO countries that have been increasingly subject to Internet security breaches.”
SINGAPORE: It is not just computer systems and national infrastructure that are vulnerable to cyber-attacks. The emerging Internet of Things (IOT) – where devices such as smart watches, handphones and even kitchen appliances can connect to the Internet – means even your household is not safe.
And research assistant Toh Jing Hui from the Singapore University of Technology and Design (SUTD) and his team of hackers spend much of their time hacking into these gizmos, to expose how vulnerable users are today.
“The UK government plans a range of interventions to grow the domestic cyber security industry, according to Conrad Prince, cyber security ambassador at the Department for International Trade. “The UK has over a thousand cyber security companies, but we need that industry to grow,” he told the CyberUK conference in Liverpool convened by the National Cyber Security Centre (NCSC).”
“A failure to include women in cyber security recruitment campaigns, the continued focus on technical skills and a gender pay gap is exacerbating the cyber security skills shortage, say industry experts. Europe is one of the worst offending regions in the world, with women making up just 7% of the cyber security workforce and one of the biggest gender pay gaps in the world.”
“In honor of Women’s History Month, we present our inaugural Top Women in Cybersecurity list, filled with individuals who are upending the status quo. This list contains a group of minds who are not just knee-deep in code, but are making the business and legal decisions that will push cybersecurity forward in both the public and private sector. These women do not solely represent what women are capable of, but what a community can achieve when a diverse set of ideas and novel thinking is encouraged and embraced.”