ICD Brief 69.
This ICD 69 edition updates you on the effects of new cyber laws, new partners with NATO and the EU and the potential cyber vulnerability of US, UK nuclear weapons systems with news from the US, Australia, The Baltics/Estonia, China, India, Israel, Japan, Singapore, Taiwan and the UK.
We lead with Hawaii’s announcement late today of a new protocol for government alert systems after the missile false alarm and end with just released report on ‘Cyber Resilience: Playbook for Public Private Collaboration’ from the World Economic Forum with The Boston Consulting Group.
“Homeland Security Secretary Kirstjen Nielsen on Sunday said people should trust government alert systems as Hawaii announced a new protocol after a false alarm over a ballistic missile threat.”
“The House of Representatives passed the “Cyber Vulnerability Disclosure Reporting Act” this week. While the bill is quite limited in scope, EFF applauds its goals and supports its passage in the Senate.
H.R. 3202 is a short and simple bill, sponsored by Rep. Sheila Jackson Lee (D-TX), that would require the Department of Homeland Security to submit a report to Congress outlining how the government deals with disclosing vulnerabilities.”
“The inability of law enforcement authorities to access data from electronic devices due to powerful encryption is an “urgent public safety issue,” FBI Director Christopher Wray said on Tuesday as he sought to renew a contentious debate over privacy and security.”
Some states remain wary of federal election-security assistance, but the ice is thawing, a Homeland Security official said.
Homeland Security Department cyber experts will be able to do on-the-ground vetting of election systems in all 50 states before the 2018 midterm elections if those states ask for it, department official Bob Kolasky said during an election security summit Wednesday.
“The US Department of Commerce (DoC) and Department of Homeland Security have put out a draft cybersecurity report that recommends, among other things, that the American government fund a public awareness campaign on IoT security, and make cybersecurity a compulsory part of future engineering degrees.”
“Organisations in the Asia Pacific region are lagging behind their global counterparts when it comes to cybersecurity, with a report from FireEye revealing the median dwell time before an intrusion is detected in the region is 172 days.”
“The Australian Small Business and Family Enterprise Ombudsman has published a Cyber Security Best Practice Guide, hoping to help small business operators in Australia prevent, or better prepare for, a cyberattack.”
“Democratic nations around the world — including and building out from the NATO partners — should forge a global partnership on cybersecurity, starting with an informal forum for collaboration and growing into an alliance with legal structures and responsibilities, former Estonian President Toomas Hendrik Ilves has said.”
“Ever since 2010, China has been advancing its vision for cyber sovereignty. Instead of viewing the Internet as global and borderless, this vision instead calls for China being able to govern, regulate – and perhaps even censor – the Internet as it requires. Recent Chinese initiatives – such as the enactment of China’s Cybersecurity Law in June 2017 – would seem to suggest that China views cyber sovereignty as a way to clamp down on Internet companies within the country, especially foreign network operators.”
“The PRC Cybersecurity Law, which came into force on 1 June 2017, will have a significant impact on companies doing business in China. Insurers are no exception to this. In this article we discuss how the new cybersecurity law will impact the insurance sector.”
“The European Commission has approved the project Yaksha, which seeks to reinforce European Union (EU) and Association of South East Asian Nations (ASEAN) cooperation and build partnerships in the cybersecurity domain by developing a service tailored to specific users and national needs, leveraging EU Know-how and expertise. Yaksha will focus on developing new methods for malware detection, collection and analysis, as well as designing a specialised system to be used for long-term storage and analysis of the information, and deployment of standard information formats and interfaces to support interoperation.”
“The European Commission unveiled today its plans to invest jointly with the Member States in building a world-class European supercomputers infrastructure.”
“The head of the EU’s cybersecurity agency has downplayed what the agency would be able to accomplish under a new mandate – if the new tasks weren’t matched with additional funding.”
“India is soon going to be a powerful centre of low cost cyber security products, Union Minister Ravi Shankar Prasad said on Thursday. Inaugurating the 6th International Commerce Conference of the Delhi School of Economics here, Minister for Electronics & Information Technology Ravi Shankar Prasad said India’s digital ecosystem was very powerful, which also necessitated the stronger cyber security, cyber training and cyber coordination.”
“In the recent days, weeks and months, the overdrive by the government and India Inc to link tax returns, bank accounts, mobile SIMs, mutual funds and more to the 12-digit Aadhaar has raised the billion-dollar query: Is Digital India secure? In 2016, 3.2 million credit card and debit card details were stolen by Chinese hackers. ”
“As we ring in 2018, what better time than now to take a look at what awaits the Israeli hi-tech community in this new year. Here are four major trends that I believe will come to pass in 2018.”
“Prime Minister Shinzo Abe said Friday after a meeting with Estonian counterpart Juri Ratas in Tallinn that the two countries will cooperate on cybersecurity, allowing Tokyo to take advantage of the Baltic nation’s expertise in the run-up to the 2020 Olympics.”
“Japan has decided to join the NATO Cooperative Cyber Defence Centre of Excellence, a NATO-accredited cyber defence hub in Tallinn, Estonia. The Japanese prime minister, Shinzo Abe, announced the decision to join the centre during his visit to Estonia on 12 January.”
“The Cybersecurity Bill, designed to empower the Cyber Security Agency of Singapore (CSA) to manage and respond to cybersecurity threats, was introduced in Parliament on Monday (Jan 4).”
“Police have apologised after giving infected memory sticks as prizes in a government-run cyber-security quiz. Taiwan’s national police agency said 54 of the flash drives it gave out at an event highlighting a government’s cybercrime crackdown contained malware.”
“US, British and other nuclear weapons systems are increasingly vulnerable to cyber attacks, according to a new study by the international relations thinktank Chatham House.”
World Economic Forum in collaboration with The Boston Consulting Group
“Cyber Resilience: Playbook for Public-Private Collaboration helps leaders develop a baseline understanding of the key issues and policy positions relating to cybersecurity and resilience. The policy models discussed in detail include Zero-Days, Vulnerability Liability, Attribution, Intelligence Sharing, Botnet Disruption, Monitoring, National Security Roles, Encryption, Cross-Border Data, Notification Requirements, Duty of Assistance, Active Defence, Liability Thresholds, and Cyber Insurance. In connecting norms and values to policy, the report encourages all actors to move past absolute and rigid positions towards more action-oriented discussions, and presents the implications of policy choices on five key values: security, privacy, economic value, accountability and fairness.”