ICD Brief 70.
15.01.2018.-21.01.2018.
Greetings from London. It’s the last leg of my routine January visit to the UK and Belgium to catch up and update Colleagues and Friends in and out of governments and international organizations. I am happy to say that in spite of the disruptions we share, I see realistic progress in addressing privacy, information sharing, security, accountability, responsibility and innovation. More detail on my findings in the coming weeks.
This week’s news adds Law and Enforcement and RISK to updates from the US, Australia, the EU, India, Israel, NATO, Norway, Rwanda, Russia, the UK and a Feature on Understanding the Supply Chain by Liviu Arsene in Dark Reading.
We Lead with General Mattis’ Speech this week on the reorganization of the “fundamental cyber related organizations.”
USA
In Speech, Mattis Explains His Cyber Concerns
“In a speech at Johns Hopkins University addressing the newly unveiled strategy, Mattis explained there will be a reorganization of the fundamental cyber-related organizations, namely U.S. Cyber Command and the NSA.”
Cyberattack Shuts Down US Regional Hospital’s Online System
“A cyber-attack that left computer screens at Hancock Regional Hospital in Greenfield, Indiana, USA, with a ransom message for bitcoin has caused the entire network at the hospital to go offline to stop damage to the data of the patients.”
US Lawmaker Asks Intel, Others for Briefing on Chip Flaws
“A Democratic U.S. lawmaker asked Intel Corp and two other microchip makers on Tuesday to provide a briefing on the recently detected Spectre and Meltdown security flaws that could allow hackers to steal information from most computers and devices.”
DHS Giving ‘Active Defense’ Cyber Tools to Private Sector, Secretary Says
“The Department of Homeland Security is providing tools and resources to private companies to engage in “active defense” against cyber threats, its secretary said Tuesday, a practice that has drawn scrutiny from some legal and cybersecurity experts.”
DHS Contract Aims to Make Sharing Cyber Threat Data Easier than Ever
“The Homeland Security Department wants to make it easier for cybersecurity researchers around the world to track down the information they need to solve emerging threats.”
Detect Locally, Protect Globally
“When infectious diseases strike, the World Health Organization acts swiftly, coordinating with the U.S. Centers for Disease Control and Prevention and its foreign counterparts to contain the threat. But there is no equivalent international organization similarly dedicated to identifying and mitigating a cyberattack.”
Pentagon Suggests Countering Devastating Cyberattacks with Nuclear Arms
“A newly drafted United States nuclear strategy that has been sent to President Trump for approval would permit the use of nuclear weapons to respond to a wide range of devastating but non-nuclear attacks on American infrastructure, including what current and former government officials described as the most crippling kind of cyberattacks.”
Australia
A Single Commonwealth-Led Agency Will Pull Australia from Its Uncoordinated Cybersecurity Situation
“In an interesting revelation, David Irvine, chairman of Australia’s Cyber Security Research Centre (CSRC), revealed that the country’s competence to thwart cyber-breaches is ‘relatively weak and uncoordinated’. His comments were part of a submission to a parliamentary enquiry, on the ‘impact of new and emerging information and communications technology’.”
EU
How Coherent Is EU Cybersecurity Policy?
“Recent security breaches at major companies and cyber-attacks such as the WannaCry ransomware attack have put cybersecurity firmly on the EU’s political agenda. But how coherent an actor is the EU in the field of cybersecurity? Drawing on a recent study, Andre Barrinha and Helena Farrand-Carrapico write that there remains a lack of cohesion in EU cybersecurity policy, with the main responsibilities in cybersecurity governance remaining with the member states. It remains to be seen whether recent events will encourage EU states to cooperate more closely on the issue or whether stronger responses will be pursued by individual states at the national level.”
Wales and Europe Must Work Together to Face Cybersecurity Challenges
“First Minister Carwyn Jones is in Brittany to sign a new agreement to strengthen links between Wales and the region. The Memorandum of Understanding reflects the importance of continuing collaboration across Europe to address global challenges, such as cyber security, in the face of the changing political landscape as the UK prepares to leave the EU.”
India
India, Israel Inks Nine Pacts on Cybersecurity, Other Sectors
“Eyeing to upgrade strategic partnership India and Israel on Monday inked nine pacts in key areas, including cyber security and oil & gas sectors amid PM Narendra Modi’s call to Israel firms to take advantage of the liberalised FDI regime in the defence sector that would boost Make in India initiative.”
Home Ministry Pitches for Budapest Convention on Cybersecurity
“Officials said India was reconsidering its position on becoming a member of the Budapest Convention because of the surge in cybercrime, especially after a push for digital India.”
Israel
The State of Israel’s Cybersecurity Market
“Second only to the U.S., in terms of cybersecurity investment 2017 was another excellent year for Israeli cybersecurity startups, with dozens of companies being formed, breaking fundraising records and producing solid exits. The 2017 data also suggest that the Israeli cybersecurity industry is maturing, as we see a shift in funding towards later stage companies.”
Laws and Enforcement
Prosecutions and Enforcement
Hacker Alex Bessell jailed for cyber crime offences
“A computer hacker has been jailed for two years for committing thousands of cyber crimes, including attacks on Google and Skype. Alex Bessell, 21, of Aigburth, Liverpool, was also convicted at Birmingham Crown Court of other offences, including money laundering. West Midlands Police raided his home and found on his computer 750 names and passwords from infected computers.”
“The US Commodity Futures Trading Commission (CFTC) is the latest financial watchdog to haul into court companies in the virtual currency space. On Friday, the CFTC, which oversees the derivatives markets in America, announced a pair of civil lawsuits against businesses it claims defrauded.”
NATO
NATO alliance is NOT READY to defend against cyber warfare with Russia, top expert warns
“The western alliance has been in a “state of denial” about the danger posed by hackers acting on behalf of countries such as Russia and China, Ambassador Sorin Ducaru said. The former NATO Assistant Secretary General for Emerging Security Challenges warned Russia has been “militarising” its cyber capabilities over the past decade while NATO only began to address the issue seriously in 2013.
He cited a series of cyber attacks on government agencies, energy networks and telecommunications services in the UK, United States and Germany – all believed to have been perpetrated by Russia – as evidence of the country’s advanced capabilities. And the diplomat admitted the alliance had “not done enough” to counter the threat, adding: “Until recently, people were shying away from cybersecurity.”
Risk
Cyber insurance market outlook – Munich Re
“Cyber threats have become the risks of the century and if cyber security is one step behind new cyber threats, cyber insurance is two steps behind. Risk managers of large institutions already consider cyber attacks to be a severe risk and therefore have insurance policies to address this. We are now seeing more and more small companies asking for cyber covers, especially after the latest large-scale attacks.”
Cyber Hurricane Tops UK Risk List – Allianz
“Business interruption and protectionism accompanied cyber risk on the German insurer’s risk barometer, as well as natural catastrophe risks – since last year’s outsize losses.”
Firms Buy Insurance ‘In Mad Panic’ As Cyberattacks Soar
“With cyber-attacks increasing in frequency and severity, many companies are turning to insurance to cover their mounting losses. But can insurers quantify the risk accurately and could insurance lead to corporate complacency?”
Rwanda
Banks, Telecoms, Police in joint effort to counter cyber threats
“Officials speaking at a one-day consultative meeting in Kigali said concerned organs must enhance information sharing so as to collectively assess cyber security threats and response. Speaking at the opening of the meeting, the Inspector General of Police (IGP) Emmanuel K Gasana reminded attendants that, government has developed a National Cyber Security Strategy and established a National Cyber Security Agency that links security organs, public and private sector agencies. “’In addition to cybercrime punishments in the penal code, cybercrime investigation centers have been established to focus on building national capabilities to investigate cybercrimes retrieve and analyze digital evidence from variety of sources,’” he said.”
Russia
Russia Moves Toward Creation of an Independent Internet
“Experts say Russia is planning the next step in making the country independent from the West, at least in cyberspace: Moscow wants to install its own root servers. But why, and does it make any sense?”
Russia, China’s Cyber-Capabilities Are Catastrophic
“Economic pressures and sanctions, jihadist activity and rising tensions around the world will spur cyber-activity in 2018 – with Russia and China leading the way in capabilities, which could cause potentially catastrophic attacks.”
UK
New cyber lab classroom opens in Cumbria
“Next generation of cyber security professionals are now set to benefit from first Cyber Lab classroom, co-funded by the Nuclear Decommissioning Authority.”
£500000 in grants up for grabs to commercialise cyber-security ideas
“Academics with innovative ideas in cyber-security that have potential for commercialisation are invited to apply for grants of up to £16k from Innovate UK, working with the Department for Digital, Culture, Media and Sport.”
Feature
Understanding Supply Chain Cyber Attacks
“Today’s cybersecurity landscape has changed dramatically due to digitalization and interconnectivity. While the benefits of each push businesses toward adoption, security risks associated with interconnectivity between networks and systems raise major concerns. Everything-as-a-service removes traditional security borders and opens the door to new cyber attacks that organizations might not be prepared to recognize or even deal with.”