ICD Brief 51.
24.07.2017. – 30.07.2017.
Our 51st edition exemplifies an astounding and turbulent year that saw each leap of progress matched by an equally deadly threat. Cyber is a priority with Decision Makers in Government, Business, Education and all the sectors of life that they support. Because we are all part of this process.
You will find all this week’s links under this letter and the full edition with summaries in our ICD News Archive on our website HERE.
Sidebar: Congratulations to ICD Advisor Jeanie Larson, CISSP-ISSMP, CISM, CRISC appointed Chief Information Security Officer, UC Davis Medical Center; to David Abraham, named an Advisory Board Member of the Global Diplomatic Forum and to Marko Kovacevic, named Chair of IAOP’s European Outsourcing Council.
“Less than a year after Mark Zuckerberg derided the idea that his social network might have any serious impact on the U.S. election, Facebook announced that it will donate money to cybersecurity education efforts as well as a new project to ensure election security. Facebook’s chief security officer, Alex Stamos, announced the new funding on Wednesday at Black Hat USA, the largest conference dedicated to cybersecurity. ”
“The Black Hat USA 2017 cybersecurity conference took place in Las Vegas this week, and over at Dark Reading, Kelly Sheridan has written a great synopsis of its evolution since its creation in 1997. The Black Hat conference started as a gathering of researchers, academics, analysts, cryptographers, and Chief Information Officers that brought the cyber community together for an open discussion of the year’s cyber trends and most current threats. Two decades after its creation, Black Hat has become a much more commercial endeavor, but Sheridan’s history of the conference shows that the conference’s speakers have continued to make news year-after-year due to their willingness to demonstrate and highlight dangerous cyberthreats and major exploits in information technology (IT) system code that could cause major damage if not addressed.”
“A U.S. congressional panel this week asked 22 government agencies to share documents on Moscow-based cyber firm Kaspersky Lab, saying its products could be used to carry out “nefarious activities against the United States,” according to letters seen by Reuters. The requests made on Thursday by the U.S. House of Representatives Committee on Science, Space and Technology are the latest blow to the antivirus company, which has been countering accusations by U.S. officials that it may be vulnerable to Russian government influence.”
“National Security Agency Director Mike Rogers on Saturday rebuffed the prospect for a U.S.-Russia cyber unit, a proposal which has been greeted with incredulity by several senior U.S. lawmakers and which President Donald Trump himself appeared to back down from after initially indicating interest.”
“The House Homeland Security Committee will consider legislation this week that would reorganize and elevate the Department of Homeland Security’s cybersecurity branch. The draft bill, from committee Chairman Michael McCaul (R-Texas), would replace the National Protection and Programs Directorate (NPPD) at DHS with the Cybersecurity and Infrastructure Security Agency. ”
“Cybercrime isn’t limited to just consumers and corporations. Cybercrime affects the government and NGOs as well. In a video interview with TechRepublic’s Dan Patterson, Paul Rosen, former Chief of Staff at the Department of Homeland Security and partner at Crowell & Moring, shares what businesses can learn from the government’s experience and response to cyberthreats.”
“Australian MP, the Hon. Dan Tehan, called for Australia and Asia Pacific to become the world leaders in cybersecurity in order to achieve economic prosperity and national security. He emphasized: these challenges can be turned into opportunities.”
“This is part 2 of an interview with Michael Smith, Akamai’s security chief technology officer, Asia Pacific & Japan. Following on from part 1, Smith discusses the current cyber security landscape in Australia and explains how businesses, governments and individuals can better protect themselves going forward. ”
“China is preparing to launch what it’s calling an “unhackable” communications network in the city of Jinan, with it being described by state media as a milestone in cyber security. It may be a pioneering project but, if successful, it could also see the country leaving the West behind with international banks likely to be among its main customers when the technology eventually goes into production.”
The Czech Republic
“The Czech Republic amended its Cyber Security Act, effective this month. Currently, the Cyber Security Act imposes minimum reasonable cybersecurity requirements, but only for critical infrastructure companies, such as companies in the energy, transportation, water management, and banking sectors. The amendment expands the scope of the Cyber Security Act to include additional industries, namely financial, digital, health services, chemical infrastructures, and digital services providers. In addition to expanding the scope of the Act’s coverage, the amendment also increases the maximum fines from 100,000 Czech koruna to 5 million Czech koruna, and establishes a National Bureau for Cyber and Information Security.”
“An EU exercise to test countries’ ability to react to cybersecurity attacks will focus on threats from terrorist organisation, “a quasi-democratic country” and anti-globalisation groups. The series of made up attacks will be simulated as part of a competition this September and October. A spokeswoman for the Council of the EU, one of the institutions organising the events, said all EU member states will take part in at least part of the exercise. It will run from 1 September until 11 October. NATO member countries can also compete.”
“With Bitkom releasing their report stating that 53-percent of German businesses were recently hit by either data theft, industrial espionage or sabotage, Germany’s Federal Office for Information Security (BSI) issued a response urging mostly medium and small businesses to tighten security. BSI president Arne Schoenbohm said in his statement on Friday that the “high number of companies affected clearly shows that we still have work to do on cyber security in Germany.”
“Ethical hacking has become a key national issue in Hungary, after an embarrassing incident where a teenager who reported a serious security flaw in Budapest’s public transport ticketing system was arrested. The police report was made by the Budapest Transit Authority and its partner T-Systems Hungary, who have since been forced to publicly apologise. The 18-year-old, who has not been named in Hungarian media, was arrested in the middle of the night in early July after he found a security flaw in the newly-launched online ticket booking system on the official website of Budapest’s public transport authority Budapesti Közlekedési Központ (BKK).”
“Technology Development Board (TDB), a wing of Department of Science (DST), Government of India and Data Security Council of India (DSCI) have joined forces to accelerate the commercialisation of cybersecurity productsin India. Through a joint effort, TDB and DSCI plan to promote the Indian cybersecurity startups and product entrepreneurship and enable their growth by way of enabling the ecosystem and funding support.”
“There’s trouble in the Gulf, where a hijacked news website has helped kick off a blockade of Qatar. Saudi Arabia, the United Arab Emirates, and their allies have cut off a fellow member of the Gulf Cooperation Council (GCC), citing as justification fake news stories that the Emiratis themselves allegedly planted.”
“An Iranian-linked cyber espionage group called CopyKittens has been targeting governments and institutions globally, including in the US, Israel, Germany, Turkey and Saudi Arabia, security experts say in a new report.”
“The U.S. and Japan promised to strengthen cybersecurity cooperation and cyberthreat information-sharing in a joint statement issued July 24 at the conclusion of the fifth bilateral meeting on the subject. The two countries pledged to collaborate on critical infrastructure protection and other issues following the Japan-U.S. Cyber Dialogue.”
“North Korean hackers are increasingly trying to steal cash rather than secrets, a South Korean government-backed report suggests. Cyber-criminals are targeting financial institutions as Pyongyang faces tough nuclear sanctions, the Financial Security Institute (FSI) claims.”
“Russian intelligence agents attempted to spy on President Emmanuel Macron’s election campaign earlier this year by creating phony Facebook personas, according to a U.S. congressman and two other people briefed on the effort.”
“Singapore has recently achieved yet another top global ranking, this time for topping the United Nations International Telecommunication Union Global Cybersecurity Index. However, that does not mean Singapore can rest on its laurels as nothing in cyberspace is ever fully secured. Therefore, it seems only sensible that the Republic is introducing a holistic Cyber Security Bill that seeks to improve cyber resilience in a landscape where cyber threats are dynamic and ever growing. The war in cyber space is real and taking place every day. Everyone is part of that war, whether they like it or not.”
“The Singapore government should not criminalise cybersecurity activities carried out with good intent in order to encourage the sharing of valuable threat information, which will help the industry better combat attacks. It also should clearly define its proposed mandate that would compel organisations to report a data breach within 72 hours, particularly since it typically took weeks or even months before a vulnerability was identified. The Singapore government on Thursday mooted the introduction of a new ruling, under the Personal Data Protection Act (PDPA), that would require organisations to report data breaches within 72 hours.”
“July 24,2017 the UK Department for Digital, Culture, Media & Sport announced an invitation to tender in a competition to develop and design a £14.5 million innovation centre to foster the next of generation of cyber-security technology.”
“The UK has a shortage of cybersecurity professionals and the gulf could get wider as an increasing number of cyberattacks take place. To counter this, the government is set to plough millions of pounds into training new talent. The newly-renamed Department for Digital, Culture, Media and Sport has announced it will create a ‘Cyber Schools Programme’ and give it £20 million to train young people.”
“The nascent cybersecurity insurance market can play an important role for smaller businesses, which remain a prime target for hackers and cybercriminals, witnesses and congressmen said at a House Small Business Committee hearing July 26.”
“Critical security flaws have been found in devices used to monitor radiation levels in nuclear facilities and at borders globally, according to cybersecurity researchers. It could allow terrorists to traffic nuclear material past radiation monitoring devices at air and sea ports by raising the radiation threshold that authorities’ machines scan for.”
“On a cold winter night in December 2015, Manan Shah, founder of Vadodara based cyber security firm Avalance Global Solutions, woke up to an alarming text message from a prospective customer. “Your competition says you can be hacked. Why should we use your services?” A hassled Shah realized that a competitor had taken down his IT systems and informed the prospective client about it. After plugging the holes in the system, the first thing Shah did was remove the “Success Stories” section on his company website. He did not want other competitors to know who his other clients were.”