ICD Brief 68.
Welcome! The big news of the week involved the public’s discovery of Spectre and Meltdown; two 20 year old serious vulnerabilities allowing easy penetration by hackers in almost every current computer and phone. We bring you the details and what you need to know going forward.
The rest of this mega edition highlights information sharing, innovative recruitment to fill the talent gap, best practices (in practice) cyber training, new cyber insurance benchmarks and a cyber security tool for driverless cars. Our feature by Marin Ivezic in CSO looks at The Tangible Threat of Cyber-Kinetic Attacks.
“Security experts scrambled on Friday to try to reassure computer users worldwide that a newly discovered type of security flaw can be managed — though not eliminated — through the simple act of updating software with patches that technology companies have been frantically developing for months.” Spectre and Meltdown: What you need to know going forward
“The U.S. Department of Commerce (DOC) and the U.S. Department of Homeland Security (DHS) released a draft report to President Donald Trump in response to the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The report identifies six principal themes:
• Automated, distributed attacks are a global problem.
• Effective tools exist, but are not widely used.
• Products should be secured during all stages of the lifecycle.
• Education and awareness is needed.
• Market incentives are misaligned.
• Automated, distributed attacks are an ecosystem-wide challenge.”
“The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded 418 Intelligence Corporation of Herndon, Virginia $350,00…Through an effort titled “Benchmarking Cyber Threat Controls through Crowdsourcing,” the company will develop a prototype game-based, forecasting platform and user-experience that will engage participants in competition and mastery of the latest developments in cybersecurity.”
“Part of a program developed by a civilian entity accredited by the Department of Homeland Security, the exercise targeted critical infrastructure within a simulated city created by Metova Cybercents, and it uncovered potential cyber security susceptibilities, officials said.”
“As reported by Futurism, AI is an important component of the United States Navy’s Consolidated Afloat Networks and Enterprise Services (CANES) system. CANES links vessels including boats and submarines together, allowing information to be shared between on-shore locations and Navy crews at sea.”
“The tool is believed to be the first of its kind focused on automated vehicles. Mcity, led by U-M, is the nation’s largest public-private partnership working to advance connected and automated mobility.”
“The Department of Homeland Security’s National Cybersecurity Assessments and Technical Services team is beefing up its role in securing federal IT and critical infrastructure.”
“A Cyber Security Best Practice Guide has been developed to help busy small business operators understand the risks and how to prevent cyberattacks. The Australian Small Business and Family Enterprise Ombudsman published the guide after research showed that 60 per cent of small firms that experienced a cyber-breach went out of business within the following six months.”
“Released to much fanfare in October by Foreign Minister Julie Bishop, Australia’s International Cyber Engagement Strategy now forms an integral part of Australia’s future engagement with the region. The new strategy – part of the Australian government’s wider $230 million Cyber Security Strategy – outlines the country’s diplomatic, developmental and military approaches to cyberspace and cyber security for 2018.”
“Local innovation has progressed in a spectacular way over the past decade throughout Emerging Europe, although there are still countries – in particular Albania, Azerbaijan, Bosnia and Herzegovina, Moldova, Montenegro and Serbia – which lag behind. That is one the key findings of a major new report looking at start-up innovation and investment in Emerging Europe published by East-West Digital News (EWDN) in December 2017.”
“Before he was jailed, few people had heard of Wu Xiangyang. But when news of his conviction appeared in a state newspaper in late December, internet users across China took note. A small trader from the southern province of Guangxi, Mr Wu’s crime was to sell cheap and commonly used software that enables people to circumvent China’s draconian internet controls. His five-and-a-half-year prison sentence is the toughest-known penalty imposed for such “illegal business”.
“The Czech cyber and information security office (NUKIB) seated in Brno will operate in an emergency mode during the January 12-13 presidential election, with up to 25 experts ready to ward off any cyber-attack, which may happen, NUKIB spokesman Radek Holy told CTK on Thursday.”