ICD Brief 88.

21.05.2018.-27.05.2018.

Greetings from Copenhagen en route to Prague and the XIX Annual Conference on Information Security.

Many thanks to ICD readers for their thoughtful and generous comments. I will follow up this coming week.

This week we saw the world lurch to attention Friday, the final deadline for compliance to the General Data Protection Regulation (GDPR). We’ve included some initial information and statistics and will continue to consider this a major priority to follow.

As compliance requirements and legal standards appear, the community seems more aggressive, collaborative with more integrated approaches within governments, alliances and between sectors. What are your thoughts?

Our update: Richard Stiennon, ICD co founder and senior fellow is named to the Washington Post’s “The Network” a list of multi stakeholder senior ICT experts who will identify, through surveys the priority issues in the field.

Here are some samples from this week:

• Senate Defence Bill Aims to Scrub Cyber Adversaries from US Military Tech
• Lawyers Show “Worrying Lack” of Cybersecurity Knowledge [Australia]
• Addressing China’s Technology Policies: Beyond the Whiplash of a ZTE Deal
• The Best GDPR Stats and Surveys We’ve Seen
• EU Considers Baking New Norms of Cyber-War into Security Policies
• Defense Ministry to Outsource Cybersecurity Work to Private Sector [Japan]
• UK Threatens to Name and Shame State Backers of Cyber-Attacks

USA

Senate Defence Bill Aims to Scrub Cyber Adversaries from US Military Tech

“Companies that sell equipment and services to the U.S. military will be forced to disclose business ties that allow foreign governments to access their sensitive data, such as software source code, under the Senate version of an annual defense bill.”

US DHS, DoT Team Up to Secure Federal Vehicle Fleets

“The US Department of Homeland Security (DHS) and the Department of Transportation (DoT) joined forces to create a cyber-security implementation and operational primer to secure US federal vehicle fleets.”

Australia

Lawyers Show “Worrying Lack” of Cybersecurity Knowledge

“New research in Australia shows that highly sensitive and confidential client data is at risk of exposure as lawyers are not adequately aware of cybersecurity measures and practices.”

China

Scoping Critical Information Infrastructure in China

“At last month’s national conference on cybersecurity and informatization, China’s President Xi Jinping delivered another speech on building China into a national power in cyberspace. This is the third speech on the same theme given by Xi at a series of top-level national cybersecurity meetings since 2014. Defining and protecting China’s critical information infrastructure (CII) is one of the recurring issues mentioned at all three events.”

Addressing China’s Technology Policies: Beyond the Whiplash of a ZTE Deal

By: Samm Sacks

“The Chinese leadership is in the midst of building the most extensive governance system for cyberspace and ICT of any country in the world. A blend of national strategies, laws, regulations, and standards make up President Xi Jinping’s vision of building China into a “cyber superpower” and “science and technology superpower.”

EU

The Best GDPR Stats and Surveys We’ve Seen

A compilation of the most important numbers by Nikki Gilliland about the GDPR, its impact and reception for Ecoconsultancy.

EU Cybersecurity Agencies Pledge to Up Cooperation

“The EU agencies for cyber security (Enisa), defence, policing (Europol) and the computer emergency response team for EU institutions, agencies and bodies(Cert-EU) have signed the MoU.”

EU Considers Baking New Norms of Cyber-War into Security Policies

“The European Parliament has been asked to adopt a new set of “norms” about online conflict. The norms were developed by the Global Commission on the Stability for Cyberspace (GCSC), a group backed and funded by the governments of The Netherlands, France and Singapore, together with Microsoft and The Internet Society, that works to safeguard the Internet.”

Only Seven Percent of Companies Are on Track for GDPR Compliance

“Alert Logic, the leading provider of Security-as-a-Service solutions, today announced data from Crowd Research Partners’ 2018 GDPR Compliance Report that shows only seven percent of companies were on track to achieve European Union General Data Protection Regulation (GDPR) compliance by the May 25, 2018 deadline, with the majority citing lack of expert staff for their failure to comply with the newly-implemented regulation. The study finds the second and third most cited reasons for non-compliance are budgetary constraints and a limited understanding of the GDPR requirements, respectively.”

Manufacturers Must Rethink Cybersecurity to Remain Compliant

“Companies are rushing to update their security protocols in line with the General Data Protection Regulations (GDPR) and change the way they handle customer data to protect the personal data and privacy of EU citizens for any transaction originating in EU member states. Businesses the world over are impacted, and one industry that will need to pay close attention to data security is manufacturing.”

Security Claims Expected to Surge with GDPR: AIG Report

“A surge in data beach and other security failure claims can be expected when the European Union’s General Data Protection Regulation takes effect Friday, says American International Group Inc. in a report issued Thursday.”

India

India Urgently Needs Strict Data Protection Law: Experts

“A stringent data protection law is urgently needed in India to address the mounting concerns over privacy of citizens as the country is moving in a big way towards digital governance, leading experts have said.”