ICD Brief 55.
25.09.2017. – 01.10.2017.
What a difference a year makes! Today’s edition highlights global progress with news of more laws, prosecutions, operational protocols and multi stakeholder partnerships. Artificial Intelligence, Machine Learning and the Internet of Things are objects of delight and of concern. Devastating breaches continue: Deloitte followsEquifax and the Securities and Exchange Commission in the past month alone. Just check how far we have come
This is National Cyber Security Awareness Month designated by the Department of Homeland Security “to engage and educate public and private sector partners through events and initiatives to raise awareness about the importance of cybersecurity, provide them with tools and resources needed to stay safe online, and increase the resiliency of the Nation in the event of a cyber incident.”
Almost last call to join me at the Cyber Security Summit 2017 in Minneapolis October 23-25. at the Minneapolis Convention Center. Please use my personal discount code (AB2017) when you Register. The Hilton Garden Inn adjacent to the Minneapolis Convention Center has a conference rate through Oct. 2 here: https://goo.gl/nmjiyF
Please let us hear from you! We invite you, our readers to join us online and in real time events to build a context that represents more than the cyber sphere’s parts.
You will join our International Expert Advisors both public and private sector, in demographics, defense, energy, ethics, finance, horizon scanning, insurance, law, telecommunications, transport, soft and hard sciences. They participate as speakers in ICD events and provide their insights, knowledge and experience to our work.
The International Cybersecurity Dialogue was founded in 2012 by Anne Bader and Richard Stiennon to promote a working relationship between policy and technology communities. In May 2016, we launched The ICD Weekly Brief as our pro-bono contribution to engage a broad cross section of individuals (now in 42 countries) in charting a global movement from plans to execution of laws, standards, new partnerships.
USA
Deloitte Hit by Cyberattack Revealing Client’s Secret Emails
“One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal. Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.”
USA Asks China Not to Enforce Cybersecurity Law
“The United States has asked China not to implement its new cyber security law over concerns it could damage global trade in services, a U.S. document published by the World Trade Organization showed on Tuesday.”
DHS to Introduce Federal Dashboard for Cybersecurity
“The Department of Homeland Security will introduce a government-wide dashboard in October to compile data from federal agencies that currently use sensor networks and dashboards within their organizations, GCN reported Monday. Jeanette Manfra, assistant secretary at DHS’ cybersecurity office, said at a Professional Services Council-hosted event held Monday the federal dashboard represents the next step in the department’s continuous diagnostics and mitigation program.”
US Senate Asks SEC to Updated Cyberattacks Protocol
“The U.S. Securities and Exchange Commission (SEC) announced it is launching two enforcement initiatives to boost efforts to address cyber threats and protect retail investors. The move comes in the wake of the massive Equifax hack, which exposed the personal data of 143 million Americans. The SEC suffered its own breach of its corporate filing database.”
Australia
NBN Pushing Its Unified Security Model for Wider Adoption
“Darren Kane, chief security officer for Australia’s National Broadband Network (NBN) company, has called on organisations in the country to treat physical security, cybersecurity, personal security, and forensics as one in the same, and appoint a single individual that is responsible for the entire security remit.”
Baltics/Estonia
Estonian Blockchain-Based ID Card Security Flaw Raises Issues About Identity
“On August 30, 2017, an international team of security researchers notified the Estonian government of a cards issued to around half of the Estonian population. Affecting 750,000 ID cards issued to a population of 1.3 million, the Estonian Information System Authority (RIA) has taken measures to restrict some of the ID card’s security features until a permanent solution is found.”
China
China Fines Its Top 3 Internet Giants for Violating Cybersecurity Law
“On August 11, China’s internet regulator, the Cyberspace Administration of China, accused China’s top three internet giants — Tencent, Baidu, and Sina — of potentially violating the Cybersecurity Law and launched an investigation. On September 25, Chinese authorities released the investigation results and imposed maximum fines on the three companies.”
EU
Cybersecurity in Europe: Key Recommendations for the New Cyber Review
“What are the current shortcomings of the EU legislative and policy landscape on cybersecurity? What should the new mandate of the European Network and Information Security Agency (ENISA) be? Should the cybersecurity review focus on regulating technologies, such as encrypted communications and blockchain? These are some of the questions that Hanover’s Digital Policy team* considers relevant to be addressed for Europe’s cyber preparedness.”
EU Publishes New Cybersecurity Approach
India
Indian Companies to Get Preference in Government’s Cybersecurity Procurements
“The Indian Ministry of Electronics and Information Technology (MeitY) has notified that henceforth, it shall give preferential treatment to Indian companies in the procurement of cybersecurity products, including both hardware and software solutions used in its IT projects across all departments.”
Indian Govt to Introduce Preferential Public Procurement for Cybersecurity Products
Internet Governance: India to Strengthen Focus on Data and Cybersecurity
“India is set to reinforce its focus on content and cyber security in internet governance in the coming years. With the rapid increase in the adoption of smartphones, broadband and the Internet of Things (IoT), India will be one of the largest generators of data.”
ITU
Innovative Tech and ICT Private-Public Partnerships Advanced at ITU Telecom World 2017
“ITU Telecom World 2017 wrapped up today in Busan following a full four-day programme of tech innovation showcases, debate, networking and awards. The annual event brought together representatives of nations, leading industry players and small- and medium-sized enterprises (SMEs) from around the world – fostering valuable support for innovation and business partnerships, and facilitating knowledge exchanges and networking.”
UK
Are Company Boards of Directors Trivialising Security?
“Cyber security is an issue that needs the maximum amount of attention at board level. Etienne Greeff, chief technology officer and co-founder of security consultancy SecureData, says: “Most company boards of directors simply aren’t educated well enough about cyber security and so, inevitably, they don’t take it seriously enough. That will all have to change soon as they become criminally liable.”
Feature
Wiley Rein and US Chamber Report Urges Cross-Border Collaboration on IoT Security
A report co-produced by Wiley Rein and the US Chamber of Commerce floated ten potential principles for regulators to consider as they look towards potential regulatory frameworks governing IoT cybersecurity. The report calls for a flexible, data-driven, broad-scoped policy, and it also pushes regulators to prioritize geopolitical cooperation around IoT security measures.
Would Data Breach Notification Laws Really Improve Cybersecurity?
By: Andrea O’Sullivan
“Another month, another major hack. This time, the compromise of consumer credit reporting agency Equifax has exposed the personally identifiable information (PII) of roughly 143 million U.S. consumers (not customers!) to outside groups. People are understandably furious, and they want solutions. But we should be wary of quick legislative proposals that promise to easily fix our cybersecurity woes. Our problems with security are deep and hairy, and require lasting solutions rather than short-term Band-Aids.”