ICD Brief 65.
04.12.2017.-10.12.2017.
What’s critical about cyber and critical infrastructures? This week’s edition highlights dramatic increases in threat levels as well as some of the global community’s actionable responses.
Of particular note is the NATO Joint Press Conference video with NATO Secretary General Jens Stoltenberg and EU High Representative/Vice President Federica Mogherini detailing their historic agreement on cyber cooperation activities.
USA
New Homeland Security Secretary Kirstjen Nielsen Brings Her Cybersecurity Focus to Domestic Defense
“After a Senate vote on Tuesday, Kirstjen Nielsen has been confirmed as John Kelly’s replacement to lead the Department of Homeland Security. The top position at the DHS has remained open since Kelly left to join the White House as chief of staff in late July. Nielsen, a close colleague of Kelly’s, previously served on the Homeland Security Council in the George W. Bush administration and developed domestic policy with the TSA.” Senate Confirms New DHS, GSA Chief.
First Ever “Voting Infrastructure Security Plan” Unveiled by Election and National Security Leaders
“DEFCON – the world’s largest, longest running hacker conference – joined forces with the University of Chicago’s Harris School of Public Policy to host an event on cybersecurity and U.S. elections infrastructure. The event featured a panel of leaders from the cyber industry, the U.S. Department of Homeland Security (DHS), and the national security community. It also featured the release of an “Election Security Plan” authored by Noah Praetz, Director of Elections with the Cook County, IL Clerk’s Office.”
DHS Cyber Assessment Team to Expand Risk Evaluation Role to Operational Tech
“The Department of Homeland Security‘s cyber assessment team will extend its cyber risk assessment activities beyond information technology systems to include national critical infrastructure and operational technology, Federal News Radio reported Wednesday.”
SEC to Delay Mutual Fund Disclosures in Cybersecurity Push
“The U.S. Securities and Exchange Commission said on Friday it would delay new submissions of portfolio data by mutual funds, as the regulator beefs up its cybersecurity.”
Updated ABA cybersecurity handbook helps lawyers protect sensitive client information from hackers
“The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms, and Business, Second Edition” is an updated edition of the handbook that expands on many of the issues raised in the 2013 first edition, while highlighting the extensive changes in the current cybersecurity environment. It is co-edited by cybersecurity legal experts Jill D. Rhodes, chief information security officer at Option Care and former senior executive with the intelligence community; and Robert S. Litt, counsel, Morrison & Forester and former general counsel of the Office of the Director of National Intelligence.”
Australia
New Sabotage Laws for Cyber Attacks on Critical Infrastructure
“Foreign-backed saboteurs who plant sleeper bugs in critical infrastructure such as telecommunications, power and water that could be mobilised to wreak havoc in the event of a war with Australia will face up to 15 years’ jail under the new foreign interference laws.”
“CEOs and senior delegates from TasTAFE, TAFE Queensland, TAFE NSW, Canberra Institute of Technology and other organisations around Australia have signed a National TAFE agreement to work together on a single national approach, led by Victorian TAFEs, for tackling the cybersecurity skills gap. (TAFE or Technical and Further Education institutions provide vocational tertiary education in Australia).”
Baltics/Estonia
Estonia’s Digital Solutions to Global Challenges to Be Introduced in Brussels
“A conference is to take place in Brussels on Thursday that will focus on implementing digital solutions for the benefit of the society and will feature a number of researchers and scientists, who will introduce Estonia’s experience.”
EU
Industry Urges EU to Follow Voluntary, Collaborative Approach to IoT Security Certifications
“Industry groups are urging the European Commission to consider certification schemes for the security of Internet of Things devices that leverage voluntary approaches and account for international standards, in addition to offering opportunities for private- and self-certification, as the European Union moves forward with legislation to establish an IoT certification program.”
Israel
The Cybersecurity Insurance Industry Must Adapt and Thrive in Israel
“In terms of offensive cyberwarfare capabilities, Israel has been ranked 2nd in the league table and may take comfort from the fact that its biggest ally, the US sits at the top. Unfortunately, just below is perhaps Israel’s biggest enemy, that being Iran. The need for protection against cyber-attacks has never been greater and the nations that are most susceptible to cyber-attacks tend to be those that are actively involved in cyber offensives.”
ITU
ITU Lauds Azebaijan’s Contribution to Global Cybersecurity
“The International Telecommunication Union (ITU) highly appreciates contribution of Azerbaijan and Russia to ensuring cybersecurity at international level, ITU Secretary General Houlin Zhao told reporters in Baku Dec. 5.”
NATO
NATO Secretary General with EUHR Mogherini, Foreign Ministers Meeting, 5 DEC 2017, Part 1 of 2 Joint Press Conference video NATO NEWS
Joint press conference Transcript
by NATO Secretary General Jens Stoltenberg and EU High Representative/Vice President Federica Mogherini following the meeting of the North Atlantic Council at the level of NATO Foreign Ministers
NATO and the European Union Deepen Cooperation on Cyber Defence
“Senior officials from the European Union met their counterparts at NATO Headquarters today (8 December) to take stock of current efforts and discuss new areas for cooperation on cyber defence.”
The Netherlands
Cybersecurity Very Weak at Critical Dutch Water Management Sites
“Water locks and pumping stations in the Netherlands are in danger of being hacked due to inadequate computer hardware and software, according to an investigation published by the Telegraaf. Security software is updated just about every five years, a sign of poor maintenance, and the computer systems that control the water operations date back as far as the mid-1980s, the newspaper said.”
UK
Cyber-Attacks on Critical National Infrastructure May Double by 2020
“The UK’s critical national infrastructure facilities are at risk of facing a large number of cyber-attacks in the next two years, aided by the fact that there are very few cyber security experts to tame the threat from hackers.”100% Increase in Cyber Attacks Will Overwhelm Critical Infrastructure
GCHQ seeks innovative UK solutions to cyber security challenges
“Start-ups join the government-backed Cyber Accelerator with the aim of developing security products and services that will enhance the UK’s cyber defences. The Cyber Accelerator, which forms an element of the UK Government’s £1.9bn National Cyber Security Strategy, is a collaboration between the Department for Digital, Culture, Media and Sport (DCMS), the National Cyber Security Centre (NCSC), which is part of GCHQ, and Wayra UK, which is part of the global research and development programme Telefonica Open Future. Selected start-ups receive benefits to help scale their businesses, including funding, mentoring, connections and office space.”