Mega Edition: Discoveries, Innovation and Co-operation – ICD Brief 68.

by ICD Posted on January 7, 2018

ICD Brief 68.

02.01.2018.-07.01.2018.

Welcome! The big news of the week involved the public’s discovery of Spectre and Meltdown; two 20 year old serious vulnerabilities allowing easy penetration by hackers in almost every current computer and phone. We bring you the details and what you need to know going forward.

The rest of this mega edition highlights information sharing, innovative recruitment to fill the talent gap, best practices (in practice) cyber training, new cyber insurance benchmarks and a cyber security tool for driverless cars. Our feature by Marin Ivezic in CSO looks at The Tangible Threat of Cyber-Kinetic Attacks.

Global

Huge Security Flaws Revealed – and Tech Companies Can Barely Keep Up

“Security experts scrambled on Friday to try to reassure computer users worldwide that a newly discovered type of security flaw can be managed — though not eliminated — through the simple act of updating software with patches that technology companies have been frantically developing for months.”   Spectre and Meltdown: What you need to know going forward

USA

DHS, DOC Release Draft Report on Cybersecurity Threats

“The U.S. Department of Commerce (DOC) and the U.S. Department of Homeland Security (DHS) released a draft report to President Donald Trump in response to the May 11, 2017 Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. The report identifies six principal themes:

• Automated, distributed attacks are a global problem.

• Effective tools exist, but are not widely used.

• Products should be secured during all stages of the lifecycle.

• Education and awareness is needed.

• Market incentives are misaligned.

• Automated, distributed attacks are an ecosystem-wide challenge.”

DHS S&T Award to Create Platform to Spur Cyber Controls Info-Sharing

“The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded 418 Intelligence Corporation of Herndon, Virginia $350,00…Through an effort titled “Benchmarking Cyber Threat Controls through Crowdsourcing,” the company will develop a prototype game-based, forecasting platform and user-experience that will engage participants in competition and mastery of the latest developments in cybersecurity.”

Arkansas National Guard Conducts Cyber Training Exercise

“Part of a program developed by a civilian entity accredited by the Department of Homeland Security, the exercise targeted critical infrastructure within a simulated city created by Metova Cybercents, and it uncovered potential cyber security susceptibilities, officials said.”

US Navy to Equip Ships with AI-Powered Networks

“As reported by Futurism, AI is an important component of the United States Navy’s Consolidated Afloat Networks and Enterprise Services (CANES) system. CANES links vessels including boats and submarines together, allowing information to be shared between on-shore locations and Navy crews at sea.”

Cybersecurity in self-driving cars: U-M releases threat identification tool

“The tool is believed to be the first of its kind focused on automated vehicles. Mcity, led by U-M, is the nation’s largest public-private partnership working to advance connected and automated mobility.”

How DHS Protects Federal Networks by Breaking into Them

“The Department of Homeland Security’s National Cybersecurity Assessments and Technical Services team is beefing up its role in securing federal IT and critical infrastructure.”

Australia

Small Business Cybersecurity Guide Released

“A Cyber Security Best Practice Guide has been developed to help busy small business operators understand the risks and how to prevent cyberattacks. The Australian Small Business and Family Enterprise Ombudsman published the guide after research showed that 60 per cent of small firms that experienced a cyber-breach went out of business within the following six months.”

Cyber Is the New Black: Australia’s Cybersecurity Strategy

“Released to much fanfare in October by Foreign Minister Julie Bishop, Australia’s International Cyber Engagement Strategy now forms an integral part of Australia’s future engagement with the region. The new strategy – part of the Australian government’s wider $230 million Cyber Security Strategy – outlines the country’s diplomatic, developmental and military approaches to cyberspace and cyber security for 2018.”

Baltics/Estonia

New Start-Up and Innovation Report Names Estonia and Slovenia as Market Leaders

“Local innovation has progressed in a spectacular way over the past decade throughout Emerging Europe, although there are still countries – in particular Albania, Azerbaijan, Bosnia and Herzegovina, Moldova, Montenegro and Serbia – which lag behind. That is one the key findings of a major new report looking at start-up innovation and investment in Emerging Europe published by East-West Digital News (EWDN) in December 2017.”

China

China’s Great Firewall Is Rising

“Before he was jailed, few people had heard of Wu Xiangyang. But when news of his conviction appeared in a state newspaper in late December, internet users across China took note. A small trader from the southern province of Guangxi, Mr Wu’s crime was to sell cheap and commonly used software that enables people to circumvent China’s draconian internet controls. His five-and-a-half-year prison sentence is the toughest-known penalty imposed for such “illegal business”.

Czech Republic

Cybersecurity Office to Assist in Presidential Election

“The Czech cyber and information security office (NUKIB) seated in Brno will operate in an emergency mode during the January 12-13 presidential election, with up to 25 experts ready to ward off any cyber-attack, which may happen, NUKIB spokesman Radek Holy told CTK on Thursday.”

India

“About 250 companies, including some of the top staterun banks, have bought cyber insurance cover, which is 50% more than what was sold in the past year. With rising attacks, insurers expect robust future demand for cyber risk insurance in India.”
“2017 will undoubtedly be considered as ‘Year of ransomware’, the year when the global security landscape was forever changed by attacks like WannaCry and NotPetya. The havoc caused by these attacks reached far beyond the paltry ransom demand. Hospitals turned away patients. Production lines came to a halt. Nuclear radiation monitoring was disrupted. Cyber events like these were a wakeup call to the brave new world of cyberattacks and how they could reach further into the ‘real world’ than ever before.”

Indonesia

“Indonesia’s recently established cyber security agency will recruit hundreds of personnel in the coming months, its chief said on Friday.”

Iran

“Incidents involving Iran have been among the most sophisticated, costly, and consequential attacks in the history of the internet. The four-decade-long U.S.-Iran cold war has increasingly moved into cyberspace, and Tehran has been among the leading targets of uniquely invasive and destructive cyber operations by the United States and its allies. At the same time, Tehran has become increasingly adept at conducting cyber espionage and disruptive attacks against opponents at home and abroad, ranging from Iranian civil society organizations to governmental and commercial institutions in Israel, Saudi Arabia, and the United States.”

Israel

“Unit 8200, the Israeli military’s NSA equivalent, is collaborating with the Israeli ministry of education on a new big data training program for the country’s high schoolers, according to two high ranking unit officers who were interviewed by Calcalist last week on conditions of anonymity. The new program is intended to provide Israel’s security and intelligence arms, including Unit 8200, the Mossad and Israel’s internal security service, with pre-trained recruits.”

Singapore

“Some 20 teams of cyber security industry professionals and tertiary students in Singapore pitted their skills against one another in a competition aimed at plugging the cyber security skills gap in the city-state.” According to the Cyber Security Agency, which also organises an annual cyber security exercise for critical sectors such as finance, transport and government, Singapore’s demand for cyber security professionals is expected to grow to from 4,700 in 2015, to 7,200 in 2018 and 9,700 in 2021.”

UK

“The Government’s Cyber Discovery Programme, which is part of its CyberFirst initiative to help youngsters join the cyber security industry, has attracted over 20,000 young boys and girls, a mere six weeks after it was launched.”

Insurance

“In a press release on December 12, AIG (American Insurance Group) released information on how the insurance giant is benchmarking and evaluating the cyber risk of its clients. The release and the model that it outlines underscore just how seriously insurance agencies are taking the threat of malicious attacks and the importance of cyber insurance. For many years insurance agencies have used actuarial information to guide their policy and premium costs as regards traditional risks such as loss of property through theft, fire and other types of losses – however, now cyber security and its attendant risks have come under the spotlight.”

Feature

Marin Ivezic, Contributor, CSO
“Connecting physical objects and processes to the cyber world offers us capabilities that exponentially exceed the expectations of science fiction writers and futurists of past generations. But it also introduces disquieting possibilities. Those possibilities reach beyond cyberspace to threaten the physical world in which we live and – potentially – our own physical well-being.”

 

This entry was posted in Weekly Brief. Bookmark the permalink.

Comments are closed.