ICD Brief 39.
23.04.2017. – 30.04.2017.
Since our inaugural ICD Brief #1 in May 2016, we’ve focused on how nations, corporations, international organizations are implementing their frameworks and plans to meet cyber threats. Now we ask the question: How do we recognize the new risks in the CyberSphere?
This week we add context to execution. See our lead articles.
- DHS Preps Cyber Incident Data Repository: “To protect their organizations from threats, cybersecurity professionals must understand both current and historical cyber risk conditions so they can better identify cyber risk trends.”
- Cyber Attacks 10 Years On: From Disruption to Disinformationby GCN;
- The Cusp of Technological Transformation by Chuck Brooks and an international EU NATO Initiative in Finland: EU, NATO Opens Center to Combat Info Warfare .
“To protect their organizations from threats, cybersecurity professionals must understand both current and historical cyber risk conditions so they can better identify cyber risk trends. Providing that insight is the goal of the Department of Homeland Security’s Cyber Incident Data Repository (CIDAR) pilot, which aims to identify trends, mitigate threats and calculate risks for enterprise risk managers and cybersecurity insurance companies.”
“A new form of malware detection software that analyzes computer code to predict malicious behavior — but without actually running it — has been exclusively licensed to a Virginia startup from the Oak Ridge National Laboratory under a Department of Homeland Security program that helps get federally developed technology to the marketplace.”
“It’s no secret that the world is facing a shortage of cybersecurity talent. The (ISC)² Center for Cyber Safety and Education’s 2017 Global Information Security Workforce study projects a deficit of over 1.8 million qualified cybersecurity professionals between now and 2022. Many industry analysts agree that the underlying problem is the lack of education in cyber skills – in high schools, colleges, post grad and on the job. While cybersecurity education is maturing and improving at all levels, there is still work to do, including attracting young students to cybersecurity careers, says David Shearer, CEO of (ISC)2 Inc., a global, not-for-profit that educates and certifies information security professionals throughout their careers.”
“The Federal Reserve could be doing more to protect the nation’s financial industries in the face of cyber peril. So says a new report from the Fed’s Office of Inspector General, which spelled out a range of measures that are needed to help defend private sector financial institutions against mounting cybersecurity risks.”
“Only 14 percent of cybersecurity employees in the U.S. are women, according to The 2017 Global Information Security Workforce Study by Frost and Sullivan. Even with that low number, the U.S. is doing better than the world as a whole when it comes to women in cybersecurity: Men make up 89 percent of the global cybersecurity workforce. The study reveals more distressing news: Although 50% of women in cybersecurity have a graduate degree (compared with 45% of men), men are nine times more likely to be in managerial positions and four times more likely to be in C-suite and executive positions.”
“CCS Group, a Bermuda-based Systems Integrator and Information Technology specialist, will host a Cyber Security Summit on May 4th from 8:30am to 4pm at the Bermuda Underwater Exploration Institute. The Summit will address the Cyber Security Eco-System from endpoint to mobile to cloud and how today’s most innovative technologies protect modern enterprises from ever evolving threats. “The Summit will feature six of CCS’ most innovative partners, all global leading security technology providers that offer expertise in all aspects of network security. The event will also feature a special guest speaker from the America’s Cup Event Authority. Everyone interested in the latest technologies in enterprises information security and is welcome to attend,” the company said.”
“Australia’s Cyber Security Strategy, aimed at protecting citizens, companies and critical infrastructure, has made significant headway over the past year, but the jury is still out on its long-term impact. Backed by A$230m (US$173m) of funding over four years, the strategy, which was first announced in April 2016, has had several achievements under its belt.”
“The federal government has announced it has agreed to enhanced cybersecurity cooperation with China, following discussions between Prime Minister Malcolm Turnbull, Foreign Minister Julie Bishop, and Secretary of the Chinese Communist Party’s Central Commission for Political and Legal Affairs Meng Jianzhu. During the discussions held last week in Sydney, Australia and China agreed that neither country would conduct or support cyber-enabled theft of intellectual property, trade secrets, or confidential business information with the intent of obtaining competitive advantage.”
“The attack on the airbase began with a salvo of fake news. “A report appeared saying drones were using nerve gas,” said Lauri Luht, crisis management chief for the cyber security department of Estonia’s information system authority. “Through the day they attacked everything, all the infrastructure of the base,” added Klaid Magi, head of the same department’s incident response unit.”
“Ahead of OWASP’s AppSec Europe 2017 conference, a global gathering of software and security experts this May, Gary Robinson, European board member of the Open Web Application Security Project (OWASP) gives his view on the future of skills in the industry.”
“Many senior bank executives are confident about their cybersecurity strategy, yet a lack of comprehensive, practical testing is leaving gaps in their defense finds a new Accenture report. The report, Building Confidence: Solving Banking’s Cybersecurity Conundrum, is based on a global survey of 275 senior security executives across the banking and capital markets sectors.”
“A leaked letter from the heads of Israel’s major security agencies reveals tensions between the government and the security establishment over the allocation of powers and responsibilities in the cyber realm. The letter expresses the strong objection of the security establishment to draft legislation that would define the jurisdiction and tasks of a new civilian Cyber Defense Authority, created in 2015 to improve Israel’s readiness to address cyber threats, including threats to the private sector. This recent development is a good opportunity to take stock of the country’s years-long effort to design cybersecurity agencies and reshuffle related authorities—an effort that is hardly unique to Israel.”
“Seven Japanese organisations have mobilised one of the newest players in the cybersecurity market, Blue Planet-works. The company is the result of investment by Blue Ridge Networks, Information Services; International-Dentsu; Sompo Japan Nipponkoa; DaI-ichi Life Insurance Holdings; PCI Holdings; and Daiko DenshiTsushi. Blue Ridge Networks, an established cybersecurity provider, contributed its AppGuard line of business for cash and equity. ”
“Launching the Centre of Excellence in Cyber Security Analytics, Cardiff University and Airbus said it was the first of its kind in Europe. Their research will aim to protect corporate IT networks, intellectual property and critical national infrastructure. The university has also been awarded almost £2m, aimed at developing a machine to detect cyber threats.”
“Given the increasing threat of cyberattacks and the corresponding costs, businesses are increasingly considering cybersecurity insurance. But insurance is only as effective as the scope of the coverage. Though Canadian courts have not yet interpreted insurance policies in the cybersecurity context, American cases highlight five noteworthy pitfalls.”
“As data breaches and cyberattacks become an increasing threat to every size and type of business, the subsequent scrutiny of their attack defenses is unavoidable. Cyber insurance is a specific coverage that is meant to provide financing in the event a business suffers such a cyber loss. What does your business need to properly protect it if a loss occurs? Below are six criteria to keep in mind when assessing a cyber insurance policy.”
“Several European Union and NATO member nations on Tuesday signed up to establish a center in Helsinki to research how to tackle tactics such as cyberattacks, propaganda and disinformation. The United States, Britain, France, Germany, Sweden, Poland, Finland, Latvia and Lithuania signed the memorandum of understanding for the membership, and more countries are due to come on board in July.”
“German investigators found a penetration of the Bundestag in May 2015. The Dutch found penetration in government computers relating to MH17 reports. Now, famously, we know there were infiltrations between 2015-16 into U.S. Democratic Party computers. Revealed in the last few days, researchers have identified phishing domains targeting French political campaigns. There are even concerns that, as Professor Greg Austin has explained, cyber espionage might be a threat to Australian democracy.”
“If you read the MIT Technology Review, the DARPA website, and Google Futurist Ray Kurzweil on a regular basis, you will be provided daily insights into the trends of disruptive technological transformation. This notion translates to a new period in our history where we will be able to harness our technologies and control our destinies. According to The McKinsey Global Institute, “Disruptive Technologies: Advances that will transform life, business, and the global economy.” The study identified the technologies that matter most to the global economy, sustainability, and improving the human condition. The McKinsey breakdown of technology categories and state of development is invaluable and serves as a good portal to the near future and a must read.”