ICD Brief 73.
This week’s ICD Brief brings you a cyber reorganization at the US State Department, details on China’s Personal information Security Specification and compliance, CISCO and Apple partner with AON and ALLIANZ on cyber risk, crypto-crime and a summary of new international laws and investments in securing the global critical infrastructures from the US to the Ukraine. We close with Forbes contributor Constance Douris’ detailed description of potential consequences from a successful cyber assault on the US Electric Grid.
We lead with four headlines.
- Just in: Hackers hijack government websites to mine crypto-cash (UK)
- China Issues Personal Information Security Specification
- US Energy Secretary: Cybersecurity a Priority for Electrical Grid, Nuclear Facilities
- Cisco and Apple Partner with Insurance Companies on Cybersecurity
Hackers hijack government websites to mine crypto-cash
The Information Commissioner’s Office (ICO) took down its website after a warning that hackers were taking control of visitors’ computers to mine cryptocurrency.
Security researcher Scott Helme said more than 4,000 websites, including many government ones, were affected.
Tillerson to reshuffle State Dept. cyber offices, but GOP lawmakers have other plans
“Secretary of State Rex Tillerson announced his plans for another restructuring within the State Department’s cybersecurity offices, but lawmakers, including the Republican chairmen of the House Foreign Affairs and Homeland Security committees, are pushing back and moving forward with a bill they say would better position an embattled cyber role within the department’s hierarchy.”
“Christopher Krebs Nominated to Lead DHS’ Natl Protection & Programs Directorate
Christopher Krebs, acting undersecretary of the Department of Homeland Security‘s National Protection and Programs Directorate, has been nominated by President Donald Trump to lead NPPD on a full-time basis.
US Energy Secretary: Cybersecurity a Priority for Electrical Grid, Nuclear Facilities
“During a recent tour of the Savannah River nuclear site and the Savannah River National Laboratory, U.S. Energy Secretary Rick Perry discussed the challenges of protecting facilities and infrastructure from cyberattacks.”
DHS Warns Olympics Travelers of Cyber Risks
“Cyber activists may take advantage of the large audience to spread their message. Cyber criminals may attempt to steal personally identifiable information or harvest users’ credentials for financial gain.”
International cyber crime ring smashed after more than $530 million stolen
“US authorities have indicted 36 people for stealing more than $530 million from victims across the world in one of the “largest cyberfraud enterprises ever prosecuted.”
Australia Stepping Up Foreign Cooperation on State-Level Cyber Deterrence
“The Australian government is increasingly concerned about the blurring of state and non-state activity, that certain states have used third-party criminal groups to mask their cyber-based activity, a joint parliamentary committee has heard.”
Reveal Children as Young as Four Posting Explicit Material
“Children as young as four will now be trained in cybersecurity due to concerns they are at risk of being targeted online by child sex offenders.”
Vienna Cyber Security Week 2018: International Cybersecurity Scene Meets in Vienna
“The second Vienna Cyber Security Week (VCSW) held from 29 January to 2 February 2018 brought together representatives from public authorities, governments and organisations, including the International Telecommunications Union (ITU), the International Atomic Energy Authority (IAEA) and the Organization for Security and Co-operation in Europe (OSCE) for an international dialogue on the security of critical digital infrastructures.”
China Issues Personal Information Security Specification
“On 29 December 2017 the Standardization Administration of China issued an Information Security Technology – Personal Information Security Specification（GB/T 35273-2017） (the “Specification”), which will come into effect on 1 May 2018. Such requirements give rise to significant compliance issues for business operations in China.”
EU Fintech Action Plan Puts Cybersecurity Top of the List
“Cybersecurity has been made the number one priority in a Fintech Action Plan presented by the European Union, aiming to improve collaboration between participants and regulators. The increasingly dangerous threat landscape poses perhaps the greatest threat to the financial services of all industries, facing an unparalleled density of attacks.”
EU Looks to Blockchain to Solve Cybersecurity Problems while Easing Communication of Sensitive Data
“The European Commission is to explore broader EU-level uses of blockchain beyond its original role in the oversight of cryptocurrencies and is looking at the potential of the secure records management software to handle sensitive data passing between member states more efficiently and securely.”
Israeli-Polish Cooperation in Cybersecurity at Energy Sector
“The digitalization of the energy and infrastructure field in recent years has made it more vulnerable to cyber threats. Providing cybersecurity to critical infrastructure and energy installations has become a major task, as attacks on the computerized systems of these installations might result in severe physical damages.”
Exercise Crossed Swords Practised Cyber-Kinetic Operations in Latvia
“Crossed Swords 2018, the technical red teaming cyber defence exercise of the NATO Cooperative Cyber Defence Centre of Excellence, took place last week in Latvia in cooperation with CERT.LV. This year the exercise expanded considerably in scope and complexity, covering several geographical areas, involving critical information infrastructure providers and cyber-kinetic engagement of military units.”
The Netherlands Just Revealed Its Cyber-Capacity? So, What Does That Mean?
“There’s a new cyberpower in the world. Last month, Dutch reporters from Nieuwsuur and de Volkskrant revealed that in mid-2014 the Dutch Joint Sigint Cyber Unit (JSCU) infiltrated the computer networks of the infamous Russian hacker group “Cozy Bear.”
Singapore Finalises New Cybersecurity Act
“The Cybersecurity Act (87-page / 251KB PDF) will apply to organisations that are designated as operating ‘critical information infrastructure’ (CII) in Singapore. Organisations in the energy, telecoms, water, health, banking, transport and media sectors are among those that could be impacted.”
“Events Not Disrupted” Says South Korea On Cyber Shutdown During Olympics; Probe On
“South Korea on Saturday investigated a mysterious internet shutdown during the Winter Olympics opening ceremony, which follows warnings of possible cyberattacks during the Pyeongchang Games.”
Ukraine power distributor plans cyber defense system for $20 million
“Ukraine’s state-run power distributor Ukrenergo, a leading target for cyber attacks in the past two years, will invest up to $20 million in a new cyber defense system, its chief executive said on Tuesday. In June 2017 Ukrenergo appeared to be an early victim of a cyber attack that began in Ukraine and spread around the world, knocking out thousands of machines, shutting down ports, factories and offices in around 60 countries.”
Pioneering programme defends UK from millions of cyber attacks
“The results of the UK government’s new bold approach to tackling cyber crime are detailed in ‘Active Cyber Defence – One Year On’, a comprehensive summary compiled by the NCSC’s Technical Director Dr Ian Levy.
Vast Majority of NHS Trusts Have Failed Cybersecurity Assessment, Brit MPs Told
“Every single one of the 200 NHS trusts in the UK so far assessed for cyber security resilience has failed an on-site assessment, MPs on the Public Accounts Committee were told yesterday.”
Hiscox Cyber Readiness Report reveals seven out of ten firms fail cyber security readiness test
“A study released today by specialist insurer Hiscox revealed that nearly three-quarters (73%) of firms face major shortcomings in cyber security readiness.”
Cisco and Apple Partner with Insurance Companies on Cybersecurity
“Tech companies Cisco and Apple, and insurance firms Aon and Allianz have unveiled a new cyber risk management solution for US businesses.”
Cyber Assault On Electric Grid Could Make U.S. Feel Like Post-Hurricane Puerto Rico
Constance Douris – Forbes
“If a mass power outage were to result from a successful cyberattack on the electric grid, national security and economic stability would be threatened. This is because hospitals, banks, factories, pipelines, financial networks, water systems, telecommunications and military bases would simply not function without electricity.”