ICD Brief 86.
07.05.2018.-13.05.2018.
One thing about our subject: cybersecurity never gets stale. This week we feature a New Yorker article The Digital Vigilantes Who Hack Back by Nicholas Schmidle about early ICD supporter Shawn Carpenter and how his precedent setting actions against a cyber attack called Titan Rain.
Here’s a sample:
- BofA Exec Catherine Bessant on Financial Cybersecurity – Video
- Just When You Think You’ve Sorted GDPR . . . A New EU Cyber Regulation Comes Into Force Today
- Cyber Resilience Centre in Brainport Eindhoven
- First OSCE-supported national tabletop exercise in Skopje on handling cyber/ICT security incidents at national and international level
- U.S. Cyber Market Is $2 Billion, Growing Fast, Profitable: Fitch
- FaceOf: Nouf Abdullah Al-Rakan, executive director of the Saudi Cyber Security Federation
- Four Cybersecurity Policies Transforming Government
By: Seli Agbolosu-Amison
I am pleased to report an excellent response to our General Data Protection Regulation (GDPR) email asking our EU readers to confirm permission to continue to send them email including the ICD Brief. I will send out another separate request this week.
USA
Bolton Pushing to Eliminate White House Cyber Job
“President Donald Trump’s national security team is weighing the elimination of the top White House cybersecurity job, multiple sources told POLITICO — a move that would come as the nation faces growing digital threats from adversaries such as Russia and Iran.”
BofA Exec Catherine Bessant on Financial Cybersecurity – Video
“Catherine Bessant, Bank of America, global chief operations and technology officer, speaks with CNBC’s “Squawk Box” about banks and cybersecurity.”
Four Cybersecurity Policies Transforming Government
By: Seli Agbolosu-Amison
“As a result of recent federal legislative and administrative activity, government agencies are expected to launch significant modernizations of their cybersecurity systems, get offensive with hackers and take a more strategic approach to risk. Combined, these policy directives promise to transform our government into a robust digital society, gaining greater resiliency to cyber threats by leveraging opportunities while reinforcing standards and procedures.”
“Blockchain technology has the potential to transform supply chain management, but the road to transparent tracking of everything from passengers to shipping containers is still mostly unmarked and uphill. One of the challenges is encouraging blockchain frameworks that support common standards, according to Department of Homeland Security’s Science and Technology Directorate.”
Australia
The Three Cybersecurity Challenges Australian Businesses Can’t Ignore
“Australian businesses currently face a cyber security triple threat that has nothing to do with warding off hackers. Rather there are three new regulatory forces impacting specific points of the cyber security posture of the Australian economy, where relevant businesses will face all kinds of trouble if they fail to keep up to speed.”
Budget 2018: Funding Australia’s data-sharing framework
“According to the federal government, establishing a Consumer Data Right will allow citizens to have greater control over their personal data, as well as enabling consumers to allow businesses to share their data “safely with trusted recipients, who in turn will be able to offer better deals through innovative products and comparison services”
China
China’s Cybersecurity Headache
“Last year, China rolled out development plans for IPv6, 5G, and industrial internet. As more devices become connected, there also emerged the difficulties in securing them. An off-the-radar government report revealed a worrisome picture of Internet of Things (IoT) security in China, which provides added rationale for cooperation between different models of cyber governance.”
EU
Just When You Think You’ve Sorted GDPR . . . A New EU Cyber Regulation Comes Into Force Today
By: Paul McKay ;Forrester
“Today (May 9, 2018) is the deadline for the new Network and Information Security (NIS) Directive to be transposed into EU member states’ national legislation. This new regulation is aimed at creating a base level of security for organizations that are operating essential services within the EU. The primary sectors covered by this regulation are: energy providers, transport, banking, financial services infrastructure, health, water, and digital infrastructure providers. Organizations in this scope are termed “operators of essential services” and must implement the provisions of the directive to form the required base level of security for those services.”
Netherlands
Cyber Resilience Centre in Brainport Eindhoven
“Brainport Eindhoven will be the first region in the Netherlands to host a “Cyber Resilience Center” to help companies within the knowledge-intensive manufacturing industry against digital espionage and sabotage.
The vital sectors designated by the government (such as health care, energy, port, etc.) have already taken cyber resilience seriously. Within the new center, SMEs in the high-tech region will also be able to connect to a collective system against online attacks.”
OSCE
“The first national tabletop exercise on handling cyber/ ICT security incidents, organized by the OSCE Mission to Skopje and the Agency for Electronic Communications (AEC), was held on 8 May 2018 in Skopje.
Bearing in mind the increasing scope and frequency of cyber threats in today’s globalized world, the exercise focused on enhancing co-operation among national stakeholders in order to combat the security risks that cyberspace poses to individuals, communities, private companies and state institutions.”
Saudi Arabia
FaceOf: Nouf Abdullah Al-Rakan, executive director of the Saudi Cyber Security Federation
“JEDDAH: Nouf Abdullah Al-Rakan has been appointed executive director of the Saudi Federation for Cyber Security and Programming (SAFCSP), with the unanimous approval of board members impressed by her practical and administrative experience.””
Singapore
Singapore Committed to Shaping the Future of a Cyber-Smart Maritime Industry
“The Maritime and Port Authority of Singapore (MPA) and the Singapore Shipping Association say they are committed to promoting greater awareness and knowledge sharing about cyber threats affecting those in the maritime industry.”
Slovakia
Slovaks Have Learnt How to Combat Malware
“Slovak internet users do not avoid cyber attacks, but they know how to defend themselves against them. Security experts now point out that Slovakia is one of several countries that prevents these attacks responsibly, due to the historical development of protection and education in this country, according to Zuzana Hošalová, spokesperson of the Slovak cyber security company Eset.”
UK
CNI Providers Face Hefty Fines for Cybersecurity Failings
“New UK laws implementing the EU directive on the security of network and information systems (NIS) goes into effect on 10 May 2018. All organisations classified by the NIS Competent Authorities to be “operators of essential services” will be affected by new laws.”
Zimbabwe
“Set Up Cybersecurity and Internet Court”
“Zimbabwe Information and Communication Technologies (ZICT) has called for the set up of a Cyber Security and Internet Court. ZICT – a division of the Zimbabwe Institution of Engineers – said there was an increase in cyber crimes which include electronic bank transfers, card cloning, Internet abuse, identity theft and many other security breaches.”
Insurance
U.S. Cyber Market Is $2 Billion, Growing Fast, Profitable: Fitch
“Cyber insurance coverage continues to be one of the fastest growing segments and represents a significant growth opportunity for U.S. property/casualty insurers, according to Fitch Ratings in a new report.
The market has attracted about 75 insurers, with Axis, Chubb and American International Group leading in market share.”
How Privacy Regulations Like GDPR Will Affect Cyber Insurance Video
“Jenny Soubra, US head of cyber for Allianz Global Corporate & Specialty, talked with TechRepublic’s Dan Patterson about how cyber insurance comes into play when privacy regulations like GDPR are enacted. Here’s their conversation.”
Feature
The Digital Vigilantes Who Hack Back
By Nicholas Schmidle The New Yorker
“One day in the summer of 2003, Shawn Carpenter, a security analyst in New Mexico, went to Florida on a secret mission. Carpenter, then thirty-five, worked at Sandia National Laboratories, in Albuquerque, on a cybersecurity team. At the time, Sandia was managed by the defense contractor Lockheed Martin. When hundreds of computers at Lockheed Martin’s office in Orlando suddenly started crashing, Carpenter and his team got on the next flight.”