ICD Brief 91.
11.06.2018.-17.06.2018.
Welcome to the ICD 91 with a special Salut to our new readers. You join a group of explorers: friends and colleagues (now in 42 countries) who have accepted my pro bono invitation to chart a global movement from plans to execution of laws, standards, new partnerships.
This week we look at cyber threats as drivers of innovation and necessary changes in mindsets and behaviors. We report on cyber hygiene, cross sectoral integration to threat intelligence and hybrid cyber war this week in the US, Australia, the Baltics, China, the EU, India, Israel, Netherlands, Switzerland, and the UK.
Congratulations to ICD Founding Advisor Andrew Crocker, formerly UK SOCA and Hi Tech Crime Unit on the launch of his P2020Academy. Andy led the only successful collaborative cyber investigation between a western nation and the Russian MVD (National Police) as told in Joseph Menn’s best seller Fatal System Error.
Outstanding and generous news from Chris Pallaris, Director ati-intelligence, Zurich which has published its 2018 OSINT Open Source Handbook Tools and Resource Handbook under a Creative Commons CC-BY license shared with all who can use its expansive contents.
Here’s a sampling:
- Trump, Senator Headed for Clash on Cyber Policy
- DHS Experts Warn It’s A “Matter of Time” Before Hackers Hit Commercial Airliners
- US Counterspy Warns World Cup Travellers’ Devices Could Be Hacked
- Krebs: NPPD Must Use Threat Intel Better
- Australia’s Cyber Threat Sharing Centres Add 35 Partners
- As the West Warns of Chinese Cyber Spies, Poorer Nationals Welcome Gifts with Open Arms
- MEPs Want Robust EU Cyber Defence and Closer Ties with NATO
- Few Americans Are Opening Privacy Update Emails, Studies Show
- Israeli Cyber Security Companies Are on the Rise
- Only Half of Businesses Have Cybersecurity Insurance
USA
Trump, Senator Headed for Clash on Cyber Policy
“Senators are barrelling toward a clash with the Trump administration over how to deter and respond to cyberattacks. The Senate is taking up annual defense policy legislation this week that would set a national policy for cybersecurity and cyber warfare, an effort the Trump administration has fought in the past, arguing it would infringe on the president’s authorities.”
US Counterspy Warns World Cup Travellers’ Devices Could Be Hacked
“The top U.S. counterintelligence official is advising Americans traveling to Russia for football’s World Cup beginning this week that they should not take electronic devices because they are likely to be hacked by criminals or the Russian government.”
Krebs: NPPD Must Use Threat Intel Better
“The agency inside the Department of Homeland Security charged with protecting critical infrastructure needs to get better at assessing cyber risk rather than chasing threats, according to a top DHS official.”
The DHS Cybersecurity Strategy and IoT Security
“On May 15, the Department of Homeland Security released its cybersecurity strategy. The strategy puts forward a sensible, risk-based approach to resilient security, including strong, consistent themes around the use of security best practices, effective response, and information sharing and collaboration. However, the actual effectiveness of the strategy will be determined when the objectives turn into actions and there is more “meat on the bone.””
DHS Experts Warn It’s A “Matter of Time” Before Hackers Hit Commercial Airliners
“Cybersecurity experts working for the Department of Homeland Security (DHS) issued a sobering warning about the vulnerability of commercial airliners to hackers. The same group of experts hacked a Boeing 757, and now CBS News is learning more about the government’s ongoing efforts to learn about the vulnerabilities.”
NSA Names Cedarville National Center in Cyber Operations
“The National Security Agency (NSA) has named Cedarville University a National Center of Academic Excellence (CAE) in Cyber Operations. The NSA will made an official announcement at a ceremony Wednesday at the U.S. Space & Rocket Center in Huntsville, Ala.”
Australia
Australia’s Cyber Threat Sharing Centres Add 35 Partners
“Australia’s joint cyber security centres have named 35 more public and private sector partners, from retailers Coles and Kmart to universities and mining companies.”
Baltics/Estonia
Baltic States Score High in National Cyber Security Index 2018
“Latvia has received the highest score in the National Cyber Security Index for its cybersecurity policy and analysis of cyber threats, representatives of the Environmental Protection and Regional Development Ministry told LETA.”
China
As the West Warns of Chinese Cyber Spies, Poorer Nationals Welcome Gifts with Open Arms
“China’s government is on a digital giving spree. Over the past five years, the government has donated computers and equipment to governments in over 35 countries around the world. These gifts have been gratefully accepted by parliaments, political parties, government departments and even police agencies from Africa to the Pacific, from South East Asia to Eastern Europe and the Caribbean.”
China’s Data Privacy Law Came Into Effect This May – And It Was Inspired by GDPR
“This year China quietly released the final version of a new data privacy standard that goes even further than the European General Data Protection Regulation (GDPR) and places EU and Chinese data legislation on a far more level footing than American data law.”
EU
Parliament Demands EU Institutions Ban Kaspersky Lab Cybersecurity Products
“MEPs have called for the EU institutions to put more money into their in-house cybersecurity units and, in a contentious move, also demanded they stop using products from “malicious” Russian firm Kaspersky Lab.”
MEPs Want Robust EU Cyber Defence and Closer Ties with NATO
“New hybrid threats make it vital to reinforce EU cyber defence with a rapid cyber response team and closer cooperation with NATO, MEPs said on Wednesday. The cyber defence resolution, passed by 476 votes to 151, with 36 abstentions, notes that Russia, China and North Korea, but also non-state actors, have carried out malicious cyber attacks on critical infrastructure in the EU, engaged in cyber espionage and mass surveillance of EU citizens, run disinformation campaigns and taken internet access hostage (e.g. Wannacry, NonPetya).”
GDPR
Few Americans Are Opening Privacy Update Emails, Studies Show
“Over a third of Americans are ignoring GDPR-related privacy update emails, and 22% have used them to unsubscribe, according to Huge. Meanwhile, PostUp reports that only 25% to 30% globally and 20% in the U.S. are opening the emails. “
India
India Needs a Full-Proof Cybersecurity Ecosystem
“Although India has become more active when it comes to cybersecurity, the country needs to put all the pieces together to protect businesses via a full-proof ecosystem, a top executive from cybersecurity firm McAfee has stressed.”
Israel
Israeli Cyber Security Companies Are on the Rise
“Israeli cybersecurity firms have raised an approximate $814.5 million in 81 deals in 2017 in both venture capital funds and private equity deals, according to a new report on Israel’s cyber sector by Start-Up Nation Central.”
Netherlands
Cyber Attacks by States Netherlands’ “Biggest Digital Threat”: Counter-Terrorism Boss
“Cyber attacks by malicious countries are the biggest digital threat to the Netherlands’ national security, according to the National Coordinator for Counter-terrorism and Security’s (NCTV) annual report on digital security. Such countries want to spy, influence public opinion, disrupt society or even sabotage vital systems, the NCTV warns, RTL Nieuws reports.”
Switzerland
“I am pleased to share the latest edition of our #OSINT Tools and Resources Handbook. This provides a detailed listing of resources to support researchers, analysts, investigators and intelligence professionals of all backgrounds.
The Handbook is published under a Creative Commons CC-BY license so feel free to share it with your colleagues or to adapt it to support your organisation’s work.”
A PDF of the handbook can be downloaded here: Open Source Handbook Tools and Resource Handbook
Chris Pallaris, Director, i-intelligence, Zurich
UK
GCHQ Cybersecurity Experts Investigate Dixons Carphone Data Breach
“A branch of GCHQ, Britain’s intelligence and security service, is investigating one of the UK’s biggest data breaches at a single firm, involving unauthorised access to 5.9 million Dixons Carphone customers’ cards.”
Protecting the UK from the Increasing Cyber Threat
“Ciaran Martin, CEO of the NCSC, discusses how the UK and international partners are pushing back against state and criminal cyber aggression to help make the UK digital homeland significantly safer”
Insurance
Only Half of Businesses Have Cybersecurity Insurance
“Most companies are much better prepared for hurricanes and earthquakes then they are for cyber-attacks, according to figures from AIG. Only about 55% of Fortune 500 companies have cybersecurity insurance. For the majority of enterprises, the figures are even lower; just 35% of small to medium-sized businesses are insured against cyber attacks.”