ICD Brief 90.
04.06.2018.-10.06.2018.
Our world is coming to order in how it manages cyber risks and uncertainties. I was fortunate to see this a week ago as a speaker in the XIX Annual Conference on Information Security in Prague and the MetricStream GRC Summit 2018 Baltimore.
From Artificial Intelligence and Ethics to Multinational Investments and Wargames: this week’s updates come from the US, Australia, Canada, the EU, France, Germany, NATO, Russia, South Korea and Ukraine.
How does this affect you, your family, your career? We welcome reader’s comments, ideas and new reader nominations at acbader@protonmail.com .
Here’s a sampling:
- What the Senate Wants to See in This Year’s NDAA
- Marine Corps weighs wooing older members for new cyber force
- Google’s New Ethics Rules Forbid Using Its AI for Weapons
- Australia Forms Task Force to Guard Elections from Cyber Attacks
- New National Innovation Centre for Cybersecurity opens in New Brunswick
- Cyber War Games Test Crisis Responses of EU Nations
- Capgemini to buy commercial cybersecurity arm of Leidos
- Cyberattacks Are “Ticking Time Bombs” for Germany
- Russia, Too, Is Building a Giant War Cloud
- South Korea Announces Medical and Transportation Cybersecurity Guide
- Ukraine, Estonia to Strengthen Cybersecurity
USA
What the Senate Wants to See in This Year’s NDAA
“Lawmakers are taking aim at foreign tech companies in the Senate’s version of the 2019 National Defense Authorization Act with a keen eye on solidifying the Department of Defense cyber warfare policies.”
Reports: US Must Step Up Efforts to Cultivate Cyber Workforce, as Talent Shortage Persists
“Efforts within the U.S. to grow its public- and private-sector cybersecurity workforce and overcome the current talent shortage in this space need “immediate and sustained improvements,” according to a newly issued government report.” Marine Corps weighs wooing older members for new cyber force.
Google’s New Ethics Rules Forbid Using Its AI for Weapons
“In the wake of an employee protest, the internet giant also vows not to use AI in surveillance tools that would violate ‘internationally accepted norms.’”
Lockheed Martin Announces $100 Million Venture Fund Increase
“Enabled by tax reform legislation, Lockheed Martin Ventures is focusing the additional $100 million on early-stage companies in the areas of sensor technologies, autonomy, artificial intelligence and cyber.”
DOD Must Comply with DHS Cybersecurity Directives Under Senate Bill
“The Defense Department will, as a general rule, have to comply with new Homeland Security Department rules aimed at improving civilian government cybersecurity under the Senate’s version of a must-pass defense policy bill.”
Airplane Cybersecurity under the Radar of DHS
“Researchers of the United States government have come to believe that a cybersecurity event in the sky is imminent. Documents obtained by news site Motherboard suggest that according to researchers it is ‘only a matter of time’ that an incident where an airplane is hacked occurs.”
Australia
Australia Forms Task Force to Guard Elections from Cyber Attacks
“Australia has established a security task force to guard against cyber attacks and interference in elections, the government said on Saturday, amid concerns foreign powers are meddling in domestic affairs and ahead of five elections next month.”
“In the wake of the increase in the incidence and sophistication of cybercrime, from 1 July 2018, the Australian Signals Directorate (ASD), an Australian government foreign intelligence collection agency responsible for foreign signals intelligence and information security, will become an independent statutory body with new powers to combat cybercrime.”
Opening Up About Our Cybersecurity “War Stories”
“Australia has reached an important milestone by enacting the Privacy Amendment (Notifiable Data Breaches) Act, or, as it is better known, mandatory breach notification.”
Canada
New National Innovation Centre for Cybersecurity opens in New Brunswick
“FREDERICTON, N.B. — Canada’s Nuclear Laboratories (CNL) recently opened the doors to its new National Innovation Centre for Cybersecurity, a multi-million dollar cyber security research facility at Knowledge Park in Fredericton, N.B. with the goal of enhancing Canada’s cyber security capabilities.
While there is a large commercial industry catering to the cyber security of business and information technology systems, the cyber security of industrial control systems has been widely overlooked, indicates the release.”
EU
EU to Create a Common Cybersecurity Certification Framework and Beef Up Its Agency
“The EU is to enhance its cyber resilience by setting up an EU-wide certification framework for information and communication technology (ICT) products, services and processes. The industry could use the new mechanism to certify products such as connected cars and smart medical devices. The Council today agreed its general approach on the proposal, known as the Cybersecurity Act. The proposal will also upgrade the current European Union Agency for Network and Information Security (ENISA) into a permanent EU agency for cybersecurity.”
Cyber War Games Test Crisis Responses of EU Nations
“Here’s a scenario: a radical group hijacks key technologies and collapses cyber communications at a bustling European airport. What’s the best way for countries to restore digital order? Thirty countries, about 300 organizations and more than 900 cybersecurity specialists tested their responses to that scenario and others June 6 and 7 in Cyber Europe 2018, organized by the European Union’s cybersecurity agency.”
France
Capgemini to buy commercial cybersecurity arm of Leidos
“The commercial cybersecurity division of Leidos is being sold to Capgemini, a French multinational business consultancy, the companies announced on Thursday. Capgemini says it hopes the acquisition will reinforce its presence in North America and help ‘meet growing customer demand for its portfolio of cybersecurity services and solutions across the region.’”
Germany
Cyberattacks Are “Ticking Time Bombs” for Germany
“It was a cyberattack that showed just how vulnerable Germany’s digital infrastructure truly is. In the summer of 2017, a group of hackers infiltrated NetCom BW, a regional telecommunications provider with about 43,000 subscribers in the state of Baden-Württemberg in Germany’s southwest. Given the company’s modest size, it may not seem like a prime target. But NetCom BW is a subsidiary of EnBW, one of Germany’s biggest power utilities. EnBW is part of what the government regards as its critical infrastructure: companies that operate crucial public services, from electricity to telecommunications to health care.”
Germany Could Dispatch Armed Forces in Response to Cyberattacks
“Germany reserves the right to launch a military strike in retaliation for future cyberattacks, the government has said in a statement that comes as a surprise given the country’s historic reluctance to use its army. ‘A cyber operation can under certain conditions constitute an ‘armed attack’ under the definition of Article 51 of the UN Charter,’ the government wrote in a response, seen by Handelsblatt, to a question submitted by a lawmaker from the opposition Free Democrats (FDP). ‘The Federal Republic could react to this with all permissible military means.’”
Insurance
Buffett’s Wrong on Cyber-Insurance Risk, Chubb’s Greenberg Says
“(Bloomberg) — Warren Buffett has at least one critic of his cyber-insurance views: Chubb Ltd. Chief Executive Officer Evan Greenberg.”
“This research report provides an in-depth analysis of the global Cyber Liability Insurance Market based on enterprise size, services, solution, end-use industry, and geography. The report also provides an analysis of the factors that drive and restrain the growth of the Cyber Liability Insurance market. It discusses the prevailing market trends, prospective growth opportunities, and major strategies increasing the popularity of the global market. It provides market estimates and forecasts for all the segments in terms of revenue.”
NATO
How NATO Defends Against the Dark Side of the Web
“For almost 70 years, NATO has been the bedrock of transatlantic security, whether on land, at sea, or in the air. The same is now true in cyberspace. A cyberattack can now trigger Article 5 of NATO’S founding treaty, which states that an attack on one Ally is an attack on all Allies.” SG Announces NATO Cyber Defence Pledge in Paris video.
Russia
Russia, Too, Is Building a Giant War Cloud
“The Russian military is building a giant cloud, the latest improvement in its ability to keep operating if its connection to the global internet is lost, severed, or hacked.”
Experts Warn Massive Malware Network Linked to Russia Is More Widespread
“Cybersecurity experts are warning that a sophisticated Russia-linked
South Korea
South Korea Announces Medical and Transportation Cybersecurity Guide
“The Smart Medical Cybersecurity Guide establishes a safe environment for medical IT security officers and device developers to work with smart medical device, while the Smart Transport Security Guide promotes internalisation of security for companies and users of smart transport-related products and services.”
Ukraine
Ukraine, Estonia to Strengthen Cybersecurity
“Ukraine and Estonia will strengthen interdepartmental cooperation and exchange of experience in the field of neutralizing cyberattacks.”
United Kingdom
World Cup 2018: What Cybersecurity Measures Should Fans Take in Russia? UK National Cyber Security Centre (NCSC)
“Football fans worried about their cybersecurity while they are in Russia for the World Cup can take a look at guidelines by the UK’s National Cyber Security Centre (NCSC) to help keep their personal devices and accounts safe.”
Featured
WIRED’S Latest Security Short Videos
“How to Protect Yourself After a Massive Corporate Hack”
“How to Control What Alexa and Google Assistant Do With Your Voice Data”