ICD Brief 45.
12.06.2017. – 18.06.2017.
Since our inaugural ICD Brief #1 in May 2016, we’ve focused on how nations, corporations, international organizations are executing their frameworks and plans to meet cyber threats. Now we ask the question: What are the leading implementation issues a year out?
Many issues-Coordination, Interoperability, Information Sharing, Education, and Public Awareness-appear in this week’s edition from the US, Australia, Estonia, China, Germany, Hungary, Israel, the ITU, NATO, Poland and the UK
USA
New DHS Cyber Resiliency White Paper Available from Threat Sketch
“Threat Sketch is proud to offer a new Department of Homeland Security (DHS) white paper on cyber resiliency available for download from its website. The white paper was a joint effort between DHS, the IT Sector Coordinating Council (of which Threat Sketch is an active member), and the IT Government Coordinating Council.”
The Future of Cybersecurity Sells Cookies
“Now in addition to earning badges for camping, gardening, and making music, starting in 2018 Girl Scouts will be able to earn badges for their cybersecurity knowledge. The Girl Scouts of the USA (GSUSA) has partnered with Palo Alto Networks to roll out the series of 18 cybersecurity badges in September 2018.”
Microsoft Issues More Security Patches for Older Window, Citing Cyber Attack Risk
“In the wake of last month’s WannaCry malware outbreak, Microsoft has once again issued patches to programs it no longer supports, citing vulnerabilities in their code that could make them vulnerable to cyber attacks by nation-states or copycat organizations. The patches come a month after the company issued patches for Windows XP computers to protect against WannaCry, despite its long-standing stance against updating older and unsupported versions of its Windows operating system.”
Treasury Calls on Financial Regulators to Coordinate Cybersecurity Oversight
“Government oversight of cybersecurity could become more streamlined under a proposal from the Trump administration. In its first report on financial regulatory reform, the Treasury Department called for state and federal officials to work together to harmonize and coordinate examinations.”
Former DHS Secretary Chertoff: ‘Is Your Company Cyber-Immunized?’
“Former U.S. Secretary Homeland Security Michael Chertoff addressed a full house during the 2017 Cybertech Fairfax Conference at Capital One headquarters in Fairfax, Virginia, June 13. As opening keynote speaker, Chertoff covered the current state of cybersecurity in relation to mounting threats by proposing proactive solutions for private industry and government leaders to reduce the potential of human error, a key back channel for hacker egress.”
People in the US Are Less Savvy about Cyber Security than People in the UK
“A new report suggests that people in the UK are more aware of the terminology surrounding cyber security, and are less likely to fall victim to hacking and identity theft. Wombat Security Technologies’ 2017 edition of its User Risk Report reveals a stark difference in cyber knowledge on either side of the Atlantic.”
Lessons for Business from US Cyber Security Strategy
“This month has seen two important events for global cyber security – the updating of the United States government’s cyber security strategy and a detailed briefing on cyber threats from the US intelligence services. The executive order signed by Donald Trump gives individual heads of government agencies the final responsibility for their organisation’s cyber security. Putting one named person in charge, and putting security at the centre of all decision making is a lesson many businesses have learnt the hard way.”
Australia
Cyber Security Brain Drain Must Be Plugged By Big Business, Government Bravery, Expert Says
“Australia’s cyber security brain drain could be slowed if big business and governments were less afraid to embrace local start-ups and new technology, an expert says. Too many companies are moving abroad after struggling to secure contracts at home, according to Professor Greg Austin, from the Centre for Cyber Security at the University of New South Wales.”
Baltics/Estonia
Why Fintech Startups Are Skyrocketing in the Baltics
“Lithuania, Latvia and Estonia are working desperately to support entrepreneurship, fintech startups and international talent. And they are proud of it. A little over six million inhabitants in a total of three Baltic states is a small market. Under such conditions, entrepreneurs need to be committed to international expansion and scaling up. These include Latvian company Transferwise, worth more than one billion dollars, who are in the business of international money transfers, and well-known Skype – a joint venture between Swedish and Estonian programmers.”
Estonia Ranks 5th in World in Cyber Security
“According to data published at the World Summit on the Information Society Forum in Geneva, only Singapore, the U.S., Malaysia and Oman ranked higher than Estonia, spokespeople for the e-Governance Academy said. Of Estonia’s neighbors, Latvia ranked 21st and Lithuania 57th, while Nordic countries Norway, Finland and Sweden ranked respectively 11th, 16th and 17th. The ranking includes 195 countries.”
China
China Blocks Entertainment News Sites, Cites Cybersecurity Concerns
“Major social media platform operators including Weibo, WeChat, Youku, Baidu and Netease shut down a large number of social media entertainment news outlets after a June 7 meeting with Beijing’s Office of Cyberspace Affairs. The crackdown has been justified under China’s newly implemented Cybersecurity Law, which emphasizes ideological control as a core component of maintaining state security.”
Germany
Germany Builds an Election Firewall to Fight Russian Hackers
“In March and April hackers tried to infiltrate computers of think tanks associated with Germany’s top two political parties. A year earlier, scammers set up a fake server in Latvia to flood German lawmakers with phishing emails. And in 2015 criminals breached the network of the German Parliament, stealing 16 gigabytes of data. Although there’s no definitive proof, the attacks have been linked to Pawn Storm, a shadowy group with ties to Russian intelligence agencies—raising the possibility that the Kremlin might disrupt a September vote in which Chancellor Angela Merkel, Russian President Vladimir Putin’s strongest critic in Europe, is seeking a fourth term. “There’s increasing evidence of attempts to influence the election” by Russia, says Hans-Georg Maassen, head of the BfV, Germany’s domestic intelligence agency. “We expect another jump in cyberattacks ahead of the vote.”
Hungary
Cyber Rescue and DBH Group Provide Training to Hungarian CEOs to Rehearse Recovery to Cyber Crises
“CEOs and executives from Hungary’s leading companies participated in a simulation of a major data beach run by Cyber Rescue, the leading consultancy based in London, UK in collaboration with DBH Group. DBH Group and Cyber Rescue have signed a collaboration agreement in March 2017. Under the agreement they will provide cyber recovery services in the CEE region. The event was also supported by the American Chamber of Commerce on 8th June at the Kempinski Hotel. ”
Israel
Israel Offers a Model for Serious National Cybersecurity
“If the Trump administration needs a model for a cybersecurity policy, it needs to look no further than its good friend in Jerusalem, Israeli Prime Minister Benjamin Netanyahu. In 2011, correctly understanding that the world was heading for a cybersecurity calamity, the Israel prime minister’s office approached Tel Aviv University’s retired Major General and Prof. Isaac Ben-Israel to review Israeli national cyberpolicy. Prof. Ben-Israel’s report, which included the recommendation of positioning Israel as one of the top five global powers in cyber expertise by 2015, was adopted. That led to the establishment of the Israel National Cyber Bureau, with Prof. Ben-Israel as its founding director.”
ITU
ITU Telecom World 2017: Exploring Smart Digital Transformation
“Artificial intelligence can crunch the numbers on inconceivably large volumes of data, predicting trends, mitigating problems, driving a revolution in socio-economic development. Smart machines can learn, understand, develop and, in many areas, out-perform humans. But what will be the impact on our jobs, our economies and our societies? Do we need an international code of AI ethics now, before it is too late?”
NATO
NATO Explores the Rules of Cyber Spying
“The North Atlantic Treaty Organisation officially recognised cyberwarfare as an operational domain of war in 2016, and now it is exploring “norms” for peacetime and wartime activities. Norms, which NATO uses to judge hostile activities, define which aggressive activities could be considered acts of war, says Professor Martin Libicki in a paper for the organisation.”
Poland
A New Commodity: Polish Cybersecurity
“In its 2016 report, the Kosciuszko Institute concluded that Poland could become an international leader in the sector of cybersecurity, counting on state support. The Institute is a polish non-profit NGO research institute that specialises in the development of apolitical reports and recommendations on public policies for policy makers. It has as consistent patrons the Polish government and much of Europe, as well as the European Union and NATO.”
UK
UK Businesses Ramping Up Cybersecurity Training and Insurance
“While cybercrime continues to make global headlines, even while much of the effect remains invisible to most users, a new report finds that UK companies are increasingly focusing on training staff and buying insurance cover to offset increasing risks.”
British Defence Giant BAE Allegedly Sold Cyber-Tools Which Could Threaten UK Security
“BAE Systems is alleged to have sold sophisticated decryption and cyber-surveillance tools to nations across the Middle East, including repressive regimes, according to a new investigation undertaken by BBC Arabic and a Danish newspaper.”
Insurance
Cyber Risk: The Next Facet of Business Insurance
“With cyber security threats on the rise worldwide, companies have begun utilising traditional risk transfer mechanisms, like insurance, to try and mitigate cost impacts if a data breach occurs. RSA recently surveyed 272 security professionals globally and found that 40 per cent of the organisations that responded have already purchased cyber insurance, with another 50 per cent contemplating or actively seeking cyber insurance. Telstra’s Cyber Security Report 2017 found that 21.7 per cent of Australian organisations are not currently using or even considering cyber insurance.”
Feature
Private Sector Cyber Defence: Can Active Measures Help Stabilize Cyberspace?
“The cyber revolution and ever-growing transfer of human activities into the virtual world are undermining the social contract between modern states and their citizens. Most governments are becoming unable and unwilling to protect citizens and private enterprises against numerous, sophisticated cyber predators seeking to disrupt, manipulate, or destroy their digital equities. Inevitably, states are focused on protecting governmental assets and national infrastructure, leaving themselves with modest residual capacity and resolve to underwrite other cybersecurity risks. Faced with this reality, private entities are reluctantly but increasingly complementing their passive cybersecurity practices with more assertive “active cyber defense” (ACD) measures. This approach carries substantial risks, but if guided by bounding principles and industry models, it also has the potential for long-term, cumulative benefits.”
Plugging the Gap: Why Are Fewer Women Getting into Cybersecurity?
“What can be done to encourage women into cyber-security positions? It is hard to fathom why the number of women in cyber-security is not increasing. Globally, only 10 percent of the world’s cyber-security professionals are female. In Europe, this figure declines to just 7 percent of the cyber-security workforce and in the UK, only 8 percent.”