ICD Brief 71.
22.01.2018.-29.01.2018.
Today’s brief is all about coordination, integration and education of nations, corporations, international organizations and individuals as they seek to protect and order their reliance on the global critical cyber infrastructure. Enormous progress made after years of indecision! If someone suggested that half of today’s headlines were in play in 2016, they would be laughed out of the field.
Ignorance is bliss does not apply here. We are in a race to meet a nonspecific deadline that threatens the existing world order. It is bigger than previous complex challenges: It aims to balance privacy with information sharing, artificial intelligence with human direction, security with innovation.
USA
Google Parent Alphabet Unveils Cybersecurity Subsidiary, Chronicle
“Google parent company Alphabet has unveiled a new subsidiary, Chronicle, whose goal is to help businesses identify and stop cyberattacks before they do damage. Alphabet says the new company in the Alphabet lineup is responding to the raft of “jaw-dropping” security breaches that dominate the headlines. Chronicle was incubated inside Alphabet’s experimental lab X, known as the “moonshot factory” for its pursuit of big challenges such as driverless cars.”
Several Security Companies Allowed Russia to Review Software Widely Used by the US Government
“Latest reports reveal that major security software makers allow Russia to look for vulnerabilities in their products. Published by Reuters earlier today, the report suggests that global technology providers including SAP, Symantec and McAfee who have their software “deeply embedded across the US government” let Russia take apart their code. This report is a follow-up of the original report in October last year that had revealed that Hewlett Packard Enterprise had allowed a Russian military contractor to review its ArcSight software, used in the Pentagon. It appears the practice is far more widespread than previously believed.”
Facebook Calls for Cybersecurity Research Proposals as Part of New Grant Program
“Facebook plans to accept research proposals for security projects from the public in the coming months, looking for improvements that focus on abuse detection, anti-phishing, password authentication and user safety. Alex Stamos, Facebook’s chief security officer, announced Monday the company will be accepting submissions through a new granted-based initiative titled “Secure the Internet Grants.””
Department of Homeland Security Agrees to Share Vehicle Cyber-Threat Info
“The Automotive Information Sharing and Analysis Center (Auto-ISAC) has signed a Cooperative Research and Development Agreement (CRADA) with the US Department of Homeland Security (DHS) to collaborate and improve vehicle cyber-threat information sharing and analysis.”
Government Could Shift to Security-as-a-Service, DHS’s West Says
“With cyber talent in high demand, Barry West said Thursday that the government may soon to lean more heavily on the private sector for cybersecurity help. West, the Department of Homeland Security’s senior accountable official for risk management, said that an ongoing global shortage of cyber talent could soon push agencies to more frequently pursue outsourced cybersecurity services from contractors rather than try to compete with the private sector.”
Australia
Australia’s TAFEs Launch National Cybersecurity Certification Courses
“Australia’s TAFE network could become the new breeding ground for the next generation of Australia’s cyber security specialists, with the launch of a range of new courses launched by the tertiary education institutions.”
“The Australian Electoral Commission (AEC) misled the public about the security of its data during the 2016 federal election and failed to ensure it had not been compromised, a damning audit has found.”
Meet Australia’s New National Security CIO
“The federal government has lured the man in charge of IT for Transport for NSW to become its inaugural chief information officer for the newly established Home Affairs super-agency. Tim Catley will join Home Affairs as its CIO from February 19, iTnews reveals.”
Baltics/Estonia
Lithuanian Market Sees Increased Interest in Cybersecurity Products
“Following the Lithuanian government’s decision to restrict the use of Kaspersky Lab software, a competitor of the Russia-based company feels an increased interest in its products, the business daily Verslo Zinios reported on Thursday.”
China
China Issues New Personal Information Protection Standard
“On January 2, 2018, the Standardization Administration of China (“SAC”) released the final version of the national standard on personal information protection, officially entitled GB/T 35273-2017 Information Technology – Personal Information Security Specification (GB/T 35273-2017 信息安全技术 个人信息安全规范) (hereinafter “the Standard”). The Standard will come into effect on May 1, 2018.”
EU
FIC 2018: Pan-European Cybersecurity Certification Urged
“During the 10th Forum International de la Cybersécurité. in Lille, France, this week – calls were made for pan-European certification of cyber-security products to ensure uniformity of efficacy, with help for less developed markets. “
EU Strives to Create a Digital Single Market to Boost Commerce, Improve Cybersecurity
“Retailers and consumers in the European Union face barriers when trying to conduct business online. An effort to implement a digital single market could change that. The EU’s digital single market, or DSM, plan could improve e-commerce across borders within the union, modernize copyright regulations and improve cybersecurity, among other goals.”
Israel
From Cybersecurity to Privacy-Protection: Israeli Technology’s Growing Sector
“Privacy-protection could become a burgeoning industry in an age where corporations and governments alike access, gather, and use our personal data”
Japan
Hacked Japanese Cryptocurrency Exchange to Repay Owners $425 Million
“Tokyo-based cryptocurrency exchange Coincheck said on Sunday it would return about 46.3 billion yen ($425 million) of the virtual money it lost to hackers two days ago in one of the biggest-ever thefts of digital money.”
Netherlands
Dutch Government Gives ‘Vital Infrastructure’ Status to Eurofiber
“The Dutch government has given Eurofiber the status of ‘vital infrastructure’, the company announced. Certain processes are so vital for Dutch society that failure or disruption leads to serious social disruption and poses a threat to national security. These processes form the Dutch vital infrastructure. The designation officially highlights the importance of Eurofiber for Dutch society.”
Singapore
Singapore Leads ASEAN in Its Cybersecurity Policies But the Region Needs to Work Together
“ASEAN companies face $750 billion in exposure from cyber attacks
According to predictions, the digital economy will add one trillion dollars to Asean’s GDP in the next 10 years
- Asean companies face $750 billion in exposure from cyber attacks
- Singapore invested 0.22% of its GDP on cyber security in 2017, leading Asean and ranking 3rd globally
- Asean only spends about 0.07% of its GDP on cyber security on average, while the global spending average stands at 0.13%.”
UK
Government acts to protect essential services from cyber attack
“Published 28 January 2018 From:Department for Digital, Culture, Media & Sport, Department for Transport, Department of Health and Social Care, Department for Business, Energy & Industrial Strategy, National Cyber Security Centre, Margot James MP, and The Rt Hon Matt Hancock MP
Britain’s most critical industries are being warned to boost cyber security or face hefty fines
- Organisations risk fines of up to £17 million if they do not have effective cyber security measures
- Sector-specific regulators will be appointed so essential services are protected
- National Cyber Security Centre today publishes new guidance for industry.”
Councils Co-Fund and Co-Design GDPR and Cybersecurity Training
“A successful collaboration between CC2i, ten local authorities and BAFTA award-winning film-makers, Matobo, is now delivering council focused GDPR and cyber security awareness training across 32 local authorities, just one month after launching. This unusual approach to product design saw ten councils from across the UK come together to tackle two of the biggest issues facing local authorities today, namely GDPR and cyber security.”
World Economic Forum (WEF)
WEF Launches Global Centre for Cybersecurity
“In a bid to safeguard the world from hackers and growing data breaches — especially from nation-states — the World Economic Forum (WEF) on Wednesday announced a new Global Centre for Cybersecurity. Headquartered in Geneva, the centre will become operational from March.”
Feature
Cybersecurity Should Be a Board Room Topic, So Why Isn’t It?
“In the land of lies, damned lies and statistics, the insurance industry may be one of the more trustworthy sources. After all, it is founded on maths, its actuarial background built into every policy and claim. As purveyors of protection against all risks, insurers cares less about which risks are more important, and more about the relationship between premiums and pay-outs. Indeed, getting this equation wrong is potentially the biggest risk the industry faces.”