ICD Brief 89.
Greetings from Baltimore’s inner harbor and theMetricStream GRC Summit 2018 Baltimore where I join a panel discussing “Measures to improve board level cyber security governance and oversight” tomorrow morning.
It contains remarkably similar topics to the Prague IS2 Summit in the Ministry of Foreign Affairs Seminar and formal conference proceedings in two beautiful palaces last Wednesday, Thursday. More on this next week, when I am back in my office.
Last week the European Union’s General Data Privacy Regulation compliance deadline passed. What do you think? Are you aware of how it is affecting your life? Be sure and checkICD Advisor Dan Lohrmann’s round up: GDPR in the USA: What’s Next? for reactions around the world.
We’d love to hear your thoughts and your ideas to make the ICDBrief more useful, opinion pieces or publications and member nominations at firstname.lastname@example.org.
Here’s a sampling of this week’s news:
- New York Launches Drills to Thwart Election Hacking
- The FBI Wants You to Do This One Thing to Your Home Router, Now
- DHS Seeks to Better Secure Federal Assets from Cybersecurity Threats
- ASEAN to Forge Closer Cooperation on Cybersecurity
- Peter Dutton Touts New Cybersecurity Powers Being Considered to Protect Banking Networks, Power Grid
- China Talks of Building a “Digital Silk Road”
- India, Singapore Ink MoU on Cybersecurity, Public Administration
- NATO, EU to Tackle Cyber Threats
- UK “Most Breached” Country in Europe- Data at Rest Security
- South Carolina Passes First Insurance Industry Cybersecurity Law
“The Office of Management and Budget reports that the federal government is a shambles — cybersecurity-wise, anyway. Finding little situational awareness, few standard processes for reporting or managing attacks and almost no agencies adequately performing even basic encryption, the OMB concluded that “the current situation is untenable.”
“Your mission, should you choose to accept it: Turn your router off, then turn it back on. That’s one of the things the FBI is asking people to do to help thwart a cyberattack it says agents of a foreign government are launching against U.S. citizens.”
By: Dan Lohrmann
“GDPR-mania has arrived. With the new European Union (EU) law taking effect on May 25, 2018, the Internet will never be quite the same. Opinions on GDPR are all over the map, and lawsuits have already been filed. Here’s a media roundup on what organizations in the USA and around the world are saying, and doing and planning regarding GDPR.”
“In the wake of Russia’s 2016 election interference, lawmakers have ramped up their calls for a comprehensive cyber strategy and grown aggravated by the wait. A pending provision in this year’s defense policy bill could successfully produce a broader strategic cyber doctrine—by drawing a Cold War parallel.”
“Federal and New York state officials say they will hold drills in the weeks leading up to primary elections for the U.S. House and Senate to prevent hacking and other cyber threats to voting systems, officials said on Wednesday.”
“The federal government has a lot of work to do to enhance its own cybersecurity, as a recent report from the Office of Management and Budget and Department of Homeland Security makes clear. However, to improve cybersecurity, the government must continue to partner with the private sector and state and local governments, according to a DHS official.”
“The Department of Commerce and Department of Homeland Security (DHS) on Wednesday released a joint report detailing how the federal government can combat botnets, or networks of infected internet-connected devices that can be leveraged by malicious hackers.”
“The Department of Homeland Security is seeking to enhance its approach to securing the federal government’s High Value Assets (HVAs) from cybersecurity threats.”
“The Association of Southeast Asian Nations (ASEAN), under the chairmanship of Singapore this year, is giving a priority to cyber issues, especially cyber security.”
“A survey by Edith Cowan University and the Law Society of Western Australia has shown that lawyers are putting client data at risk because they are not taking cybersecurity measures seriously enough.”
“A quite fundamental shift in Australian Government cyber security policies and practices was on public display last week through Senate estimates, with revelations that the baseline rules in the Information Service Manual (ISM) may not apply in all cases.”
“Home Affairs Minister Peter Dutton says the Government is actively considering the domestic use of the highly secretive cybersecurity agency, the Australian Signals Directorate (ASD), to protect critical infrastructure as well as counter cybercrime.”
“CHINA’S vague but much-vaunted Belt and Road Initiative (BRI) has been providing buzzword fodder for government leaders and official sloganeers since 2013, when the country launched the scheme to extend its political and economic influence abroad by investing in infrastructure and other big projects. The “belt” refers to an overland push across Eurasia and the “road” to a maritime route to South Asia and beyond. But in recent months some new rhetoric (consistent in its challenging use of metaphor) has been promoting a virtual dimension: a “digital Silk Road.”
“The European Union’s new General Data Protection Regulation (GDPR) has ushered in sweeping new data privacy and security regulations – and with it a new way of doing business for security vendors.”
“Liberal democracies need a new defence organisation to avert cyber warfare, according to a former European leader. Addressing a conference in Tallinn, ex-Estonian president Toomas-Hendrik Ilves said the region the North Atlantic Treaty Organisation was established to protect no longer included all of the world powers sympathetic to liberal democracy.”
“NATO has to take the necessary steps to protect the alliance from external cyber threats from other countries but also weaknesses within NATO, General John Allen told a closed on the record briefing at the GLOBSEC Forum in Bratislava.”
“The UK is the most breached country in Europe, according to a survey of 400 senior security managers by cyber security company Thales released today – with 37 percent of respondents saying they were breached in 2017 – up from 22 percent on the previous year.”
“South Carolina has become the first state to pass a cybersecurity bill requiring any insurance entity operating in the state to establish and implement a cybersecurity program protecting their business and their customers from a data breach.”