ICD Brief 77.
Greetings from Washington.
It’s been a dark week in the global cybersphere dominated by frustration and growing concern with “lack of policy”, “tied hands”, “falls short” and numerous “vulnerabilities in updates from the US, Australia, Baltics/Latvia, China, the EU, Germany, India, Israel, Switzerland and the UK.
Read While US Ponders Response to Russia, Agencies’ Hands Are Tied in Cyberspace, Intelligence Chief Says and Hacking Back & The Digital Wild West for two perspectives on why it’s not simply a question of organizing counter attacks.
And from Germany: Deutschland 4.0? Germany’s Digital Strategy Over the Next Four Years
Finally, two innovative approaches from Cuomo, senator announce legislation to regulate online political ads and Latvian Mobile Operator Invites Cyber Attackers to Have a Go.
And good news for insurance: Commercial Cyber Liability Market Will Reach $6.2B in Written Premium by 2020: Verisk.
“After senators repeatedly criticized him for the weak U.S. response to Russian cyberattacks and propaganda, the head of the intelligence community complained Tuesday that a lack of policy had stifled his agencies from taking action.”
‘It is clearly an issue for the National Security Agency and NSC at the White House,’ Coats described. ‘There has not been yet a formulation of a lead agency that would work with the Congress on legislative action or putting policy in place. There are some complicated issues here related to retaliatory action.’”
ICD: But it is not policy or a lead agency alone:
“The Office of Inspector General (OIG) has released its “Evaluation of DHS’ Information Security Program for Fiscal Year 2017” (pdf). In short, the Department of Homeland Security (DHS) is running outdated software, has unpatched critical vulnerabilities — including the flaw to allow WannaCry ransomware — and some workstation security patches haven’t been deployed for years.”
“ALBANY — Gov. Andrew M. Cuomo and U.S. Sen. Amy Klobuchar, D-Minn., made a joint announcement earlier this week calling for more scrutiny over political ads on social media and foreign interference in U.S. elections.
“Australia needs at least another 500 more cyber graduates to meet existing demand for cybersecurity as CISOs tackle the shortage with a variety of methods that don’t necessarily require a background in computer science.”
“Latvijas Mobilais Telefons (LMT), the country’s largest mobile operator, is inviting would-be belligerents to test their cyber weapons on its network — or rather, on a simulation of it, called the Mobile Cyber Range.”
“China’s National Vulnerability Database is being manipulated so vulnerabilities used by Chinese-linked hacking groups can be taken advantage of, according to new research from Boston-based cybersecurity firm Recorded Future.”
“European Union MP Marietje Schaake proposed creating an EU-wide rule describing when governments must disclose security flaws to manufacturers. Governments often use these security flaws for surveillance.”
“Last week, the members of Germany’s Social Democratic Party (SPD) voted in favor of the coalition agreement that will see Angela Merkel remain Chancellor for the next four years. Although digital and cyber issues were recurring themes during the election, the agreement leaves many questions unaddressed. Nevertheless, here’s what we can expect from the new German government over the next four years with respect to broadband roll-out, Europe’s digital economy, and cybersecurity.”
“MUMBAI: With increasing incidents of large scale cyber-attacks and governmental cyber espionage, the demand for professionals in the segment has gone up three time in past 12 months, according to a report”
“A sliver of light has been thrown onto Israel’s cyber-espionage efforts after the Motherboard website revealed letters apparently showing the government shopping for prized digital penetration opportunities known as zero-day exploits.”
“The total commercial cyber liability market will reach $6.2 billion in written premium by 2020 after annual growth rates of 20-30 percent, Verisk predicts in a new market analysis.”
“UK businesses now have the opportunity to improve their cyber security and prove they have taken steps to protect data they hold, thanks to a police-backed certification scheme.”
By: Levi Gundert
“Far from helping organizations defend themselves, hacking back will escalate an already chaotic situation.”