ICD Brief 84.
23.04.2018.-29.04.2018.
“The more I learn, the more I realize how much I don’t know.” Albert Einstein
This ICD 84 mega edition updates on achievements and the continuing challenges facing this massive overhaul of the global order.
This week we feature a report prepared for the US China Economic Review Commission by ICD Advisor Jennifer Bisceglie, CEO Interos Solutions: Supply Chain Vulnerabilities from China in U.S. Federal Information and Communications Technology.
Tech Companies Sign Cyber Accord
Zero D’Eh: Canada Takes a Bold Step Towards Offensive Cyber Operations
HITB2018AMS CommSec D2 – Hacking a Hospital for Fun and Profit
Video 25:41- first 5 and last 5 minutes less technical
New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
ITU and OECD Form Knowledge Partnership to Launch New ICT Digital Platform
Government Urges UK Businesses to Beef Up Cyber Crime Defences
Global
What’s inside made-in-China electronics should worry federal customers, study says
“The U.S. government is dangerously vulnerable to Chinese espionage or cyberattack because of its dependence on electronics and software made in China, a risk that threatens to grow as Beijing seeks global technological dominance, according to a study for a congressionally chartered advisory commission.”
USA
Tech Companies Sign Cyber Accord
“Thirty-four global tech companies have signed a pledge to not help governments launch cyberattacks on “innocent citizens”. The list includes giants Microsoft, Facebook, LinkedIn, Cisco, and Oracle. The Cybersecurity Tech Accord, spearheaded by Microsoft, was announced last week at leading security conference RSA in San Francisco, which was attended by ACS President Yohan Ramasundara and CEO Andrew Johnson as part of the USA Cyber Security Mission.”
DHS to Roll Out National Cybersecurity Strategy in Mid-May
“Department of Homeland Security (DHS) Secretary Kirstjen Nielsen told Congressional leaders her agency is two weeks out from releasing a national cybersecurity strategy, an action that is now more than a year overdue.”
Report by GAO
“In recent years, the Department of Homeland Security (DHS) has acted to improve and promote the cybersecurity of federal and private-sector computer systems and networks, but further improvements are needed. Specifically, consistent with its statutory authorities, DHS has made important progress in implementing programs and activities that are intended to mitigate cybersecurity risks on the computer systems and networks supporting federal operations and our nation’s critical infrastructure.”
NSA: Our Crypto Is Good. ISO: No Thanks Though
“The NSA (US National Security Agency) has responded with disappointment to widespread reports that the ISO (International Organisation for Standardisation) has rejected its ciphers “Simon and Speck” as international cryptographic standards.”
DHS Cybersecurity Program Adds South Korean Cybersecurity Agency to Threat Indicator Partnership
“The Department of Homeland Security’s Automated Indicator Sharing (AIS) system added a new partner to its shared exchange, in the form of the Korea Internet and Security Agency. The union allows American and South Korean interests to rapidly exchange cyber threat indicators. This could include everything from malicious IP addresses to data on the senders of phishing attempts.”
Naval Academy Sees Big Boost in Cybersecurity Majors
“The U.S. Naval Academy has seen a big increase in cyber operations majors, and a U.S. senator said Monday that midshipmen could be useful in working on cyber challenges before they graduate.”
How Higher Education Leaders Are Reshaping Cybersecurity Education
“Threats related to cybersecurity are on the rise among colleges and universities. These schools are a prime target for hackers because of the sheer volume of sensitive data housed within their systems. Gaining access to the computer system of a top university also grants hackers admission to the social security numbers and full financial information of the students in attendance. As a result of this major breach in security, higher education leaders are taking steps to reshape cybersecurity education at their schools.”
“Late Wednesday, Johnny Kaufman of WABE (90.1FM) tweeted out a letter signed by officials from both Google and Microsoft, urging Gov. Nathan Deal to veto Senate Bill 315, which would create a new crime of ‘unauthorized computer access.’”
Does Yahoo’s SEC Cyber Disclosure Settlement Set Enforcement Bar?
“The U.S. Securities and Exchange Commission’s $35 million settlement announced this week over the Yahoo! data breach provides an object lesson in the consequences of failing to publicly disclose a major cyber-attack.”
Australia
This Is a Drill: Australia’s Cyber “War” Against a Country a Bit Like Russia
“Australia will join the world’s biggest “live fire” cyber-war exercise, a week after Australia, the US and UK issued an extraordinary warning that Russian state-sponsored hackers were targeting key public and private infrastructure in Western countries.”
Baltics/Estonia
“The largest and most complex international cyber defence exercise took place this week, with teams from NATO states defending IT systems and critical infrastructure from a severe cyber attack. Locked Shields is an annual cyber defence game based in Estonia, and puts teams from NATO member states in the position of defending a fictional island against a sustained cyber attack across a range of vital systems.”
Canada
Zero D’Eh: Canada Takes a Bold Step Towards Offensive Cyber Operations
“Canada is going on the attack—at least in cyberspace. As Canada undergoes the most comprehensive national security legislation reform in over three decades, one of the most notable proposed changes in the sweeping Bill C-59 would empower Canada’s signals intelligence agency, the Communications Security Establishment (CSE), to engage in offensive cyber operations.”
Croatia
Croatian police arrest suspect behind global cyber attack platform
“ZAGREB (Reuters) – Croatian police said on Wednesday (April 25) they had arrested a 19-year old man they suspect of being behind an illegal internet service for cyber attacks called Webstresser.org.
“Webstresser.org, which was managed by a 19-old Croatian citizen, is a global internet service where users could hire a so-called DDoS (Distributed Denial of Service) possibility to attack owners of web sites globally,” a police statement said.”
France
France Cybersecurity Chief Warns Against “Step Back into the Past”
“Draft EU legislation poses a threat to member states that already have sophisticated cybersecurity tests, like France and Germany, the director of France’s cybersecurity agency warned in an interview with EURACTIV.”
Hospitals and Medical Devices
HITB2018AMS CommSec D2 – Hacking a Hospital for Fun and Profit
Video demonstration of an expert cyber research team’s month-long assessment visit to hospital 25:41 [Fascinating process: and the first 5 and last 5 minutes stress vulnerabilities and are less technical]
New Orangeworm attack group targets the healthcare sector in the U.S., Europe, and Asia
Symantec has identified a previously unknown group called Orangeworm that has been observed installing a custom backdoor called Trojan.Kwampirs within large international corporations that operate within the healthcare sector in the United States, Europe, and Asia.
India
“Speaking at ‘Andhra Pradesh Cybersecurity summit’ at Fintech Valley here on Friday, IT Minister Nara Lokesh said: ‘The MoU with Mastercard would increase the credit flow to the farmers and the farmers also would get capital investment directly from the companies with low interests.”
“Andhra Pradesh is the first state in implementing digital solutions for delivery of public services and it has also created a global fintech eco system.”
ITU
ITU and OECD Form Knowledge Partnership to Launch New ICT Digital Platform
“The ITU iLibrary digital platform allows users across the globe to access key global ICT data and reports from a single platform, so as to support the expanded sharing of knowledge and the increased development of ICT capacities worldwide.”
Russia
“Faced with mounting threats in the information space, civil society continues to look for the most effective ways to counter these challenges, using various forms of consolidated efforts by professionals. The non-governmental sector is ready to contribute to international information security and make the information space a secure environment. In line with this trend, the National Association of International Information Security was set up in Russia on April 10, 2018.”
Russia, China and Cyber: What a Divided Internet Means for the World
TEISS
“The global, borderless internet that a generation has envisaged is growing less and less global and borderless by the day. In fact, it’s becoming increasingly defined by geopolitical lines. This “balkanisation” of cyberspace takes many forms but seems immediately obvious in the recent focus of the US government on improving the integrity of its supply chain. Foreign technology providers including Huawei, ZTE and Kaspersky are just the first to find themselves in the firing line, but they certainly won’t be the last.”
Singapore
Honeywell Launches Its First Asian Industrial Cybersecurity Center in Singapore
“Honeywell (NYSE: HON) opened its first industrial cyber security center of excellence (CoE) in Asia. The center was developed with the support of the Singapore Economic Development Board (EBD) and designed to help defend the region’s industrial manufacturers against evolving cyber security threats.”
UK
Government Urges UK Businesses to Beef Up Cyber Crime Defences
“Government is urging UK organisations to defend against cyber crime, as newly released figures show that large numbers of businesses and charities suffered at least one cyber attack in the past year.
- more than four in 10 businesses (43%) and two in 10 (19%) charities suffered a cyber breach or attack in the past year.
- more than two-thirds for large businesses, 72% of which identified a breach or attack in the past year
- For the average large business, the financial cost of all attacks over the past 12 months was £9,260” NCSC shows support for common standards for secure communication
Plans to strengthen NHS cyber security announced
“A new multi-million pound Microsoft package will ensure NHS systems have the most up-to-date software with the latest security settings.”
Britain maintains it has the most cybersecure railway in Europe
“Network Rail says its railway cyber systems, communications networks and corporate cyber systems must be available 24/7, and cybersecurity is a big part of that as it helps protect and monitor networks and systems, maintaining their availability and helping to keep the railway running.
British Banks Target Israeli Security Technology
“British banks are working with former Israeli military cyber security specialists to secure the banking infrastructure against cyber attacks, as London seeks to boost its position as a global financial centre in the run up to Brexit, according to a British-Israeli research organisation.”