ICD Brief 92.
18.06.2018.-24.06.2018.
This week’s ICD Brief 92 brings updates from the US, Australia, Baltics, China, EU, India, Netherlands and Singapore. It’s been a dark week world wide as the global cyber community organizes to meet an expanding threat. We’ve included two important opinion pieces from IMF’s Christine Lagarde and Prague-based European Values Think-Tank Director Jakub Janda.
A special welcome to our new readers. The ICD Weekly Brief is our pro-bono invitation to friends and colleagues (now in 42 countries) to chart a global movement from plans to execution of laws, standards, new partnerships. Previous editions are HERE on our website.
Here’s a sampling from this edition:
- Pentagon Greenlights Cyber Command to Go On Offensive: Report
- Trump administration picks new leader for Vulnerabilities Equities Process board
- The Cybersecurity 202: States need more money to secure the vote. Congress is unlikely to send it by November.
- Estonia to Join a Response Force Against Cyberattacks
- Commission’s approach to tackling online disinformation is an empty box
- EU Boosts Digital Activity in Eastern Europe
- IMF’s Lagarde: Estimating Cyber Risk for the Financial Sector
- ‘Winter is still coming,’ cyber chief warns on hacking threats
- Strengthening India’s Cybersecurity Starts with Securing Critical Infrastructures
USA
Pentagon Greenlights Cyber Command to Go On Offensive: Report
“The Pentagon has quietly allowed U.S. Cyber Command to go on the offensive to defend the U.S. from cyberattacks, according to a report in The New York Times. Cyber Command has, for the most part, worked defensively in the past and focused on repelling attacks on the U.S.”
Trump Administration Picks New Leader for Vulnerabilities Equities Process Board
“The White House has selected a new leader to head a secretive government group that helps decide which software vulnerabilities should be kept for intelligence gathering purposes or widely released to the public. Grant Schneider, the National Security Council’s senior director for cybersecurity policy, has been named chairman of the Vulnerability Equities Process (VEP) board, an NSC spokesperson told CyberScoop. Schneider is also currently serving as the acting federal chief information security officer.”
Small Businesses Vulnerable to Cyberattacks, Then Don’t Act, New Survey Finds
“Small businesses suffered a barrage of computer invasions last year but most took no action to shore up their security afterward, according to a survey by insurer Hiscox. It found that 47 percent of small businesses reported that they had one attack in 2017, and 44 percent said they had two to four attacks.”
“Election officials from states spanning New England and the Midwest visited Capitol Hill yesterday with a clear message: Send us more money to help secure the vote. Yet lawmakers are acknowledging that states probably won’t get more federal funding for election security upgrades anytime soon — which does not bode well for states seeking to upgrade to their systems before an anticipated surge of cyberattacks surrounding the midterm elections.”
How to Bolster the Federal Cybersecurity Workforce
“The federal government should expand its cyber workforce training and education initiatives to recruit people who may not have all the skills but can learn on the job, a member of a government cyber advisory board said Thursday. The idea arose during a briefing for the Information Security and Privacy Advisory Board by Danielle Santos of the National Initiative for Cybersecurity Education. ”
Australia
Huawei Pushes 5G Cybersecurity with Australian Government
“Huawei Australia has again said it is open and transparent about cybersecurity concerns, pushing for discussions with the federal government to take part in the 5G build-out.”
Breaking Down the ASD’s “Top Four” Strategies to Mitigate Cybersecurity Incidents
“The Australian Signals Directorate’s (ASD) “Essential 8” is an excellent, tried-and-true security guide, designed for Federal government and agencies, that is absolutely relevant to the security of all businesses.”
How Australia Must Use the PageUp Data Breach to Get Stronger
“PageUp People, a successful Australian software-as-a-service vendor, has been the victim of a crime, with a data breach that could be extremely damaging for its prospects. There are two lessons for the industry that are worth drawing particular attention to.”
Baltics/Estonia
Estonia to Join a Response Force Against Cyberattacks
“The Lithuanian defence minister, Raimundas Karoblis, told the AFP news agency that nine EU nations had agreed to join the rapid cyber defence force. The countries joining are Estonia, Lithuania, Croatia, the Netherlands, Romania, Finland, France, Poland and Spain.”
China
Law Professionals Say China Sees Development in Cybersecurity
“Today’s society yearns for more convenience, which naturally calls for more connectivity among devices to the Internet. Meanwhile, the need for cybersecurity has also increased. Experts at the World IoT Security Summit 2018 – organized by TAAS Labs – commended China’s efforts in strengthening its Internet security landscape, but noted there is still huge room for improvement.”
Beijing Wants to Rewrite the Rules of the Internet
“Xi Jinping wants to wrest control of global cyber governance from the market economies of the west.”
Czech Republic
Commission’s approach to tackling online disinformation is an empty box
“EU High Representative Federica Mogherini and EU Digital Commissioner Mariya Gabriel are keeping their eyes wide shut to the Russian disinformation threat, writes Jakub Janda.
Jakub Janda is the Director of Prague-based European Values Think-Tank, one of the most active contributors to the weekly Disinformation Review published by the EEAS East STRATCOM Task Force”
EU
EU Boosts Digital Activity in Eastern Europe
“The EU and six Eastern European countries agreed to step up cooperation with a focus on reducing roaming charges, addressing cybersecurity threats and creating more jobs in digital services.”
Preparing for the Next European Union Directive: EU NIS
“It’s fair to say the General Data Protection Regulation (GDPR) has received attention in recent months. It’s only a matter of time until the first major breach occurs, and then we’ll see how things shake out from an enforcement standpoint. Meanwhile, there’s exciting news for compliance jockeys. Another directive from the European Parliament and the Council of the European Union is ramping up: Directive (EU) 2016/1148, also known as the “Directive on Security of Network and Information Systems (NIS).” The Directive was originally issued a few years ago and focused on measures for a “high common level of security of network and information systems across the Union.”
IMF
IMF’s Lagarde: Estimating Cyber Risk for the Financial Sector
“This story is brought to you in association with the International Monetary Fund
Written by Christine Lagarde, IMF’s Managing Director
Average annual losses to financial institutions from cyber-
Cyber risk has emerged as a significant threat to the financial system. An IMF staff modeling exercise estimates that average annual losses to financial institutions from cyber-attacks could reach a few hundred billion dollars a year, eroding bank profits and potentially threatening financial stability.”
India
Cybersecurity, Data Privacy Critical for Growth of Digital India
“As India continues to leapfrog into the digital revolution and brace the dream of Digital India that Prime Minister Narendra Modi has for the nation, it is also time to take into cognisance the threats that are surrounding us. One of the major challenge that India is currently facing are related to data security and addressing the privacy issues.”
Strengthening India’s Cybersecurity Starts with Securing Critical Infrastructures
“Mr Mark Micallef, Vice President, Asia Pacific & Japan, Cloudera outlines three key areas governments should focus on when implementing a cybersecurity strategy.”
Israel
‘Winter is still coming,’ cyber chief warns on hacking threats
“’Israel is on the verge of laying out a framework for a “’state level defense shield’” to raise the level of readiness against threats, the nation’s cybersecurity chief said on Wednesday, warning that the world hasn’t yet seen the worst of the damage hackers can wreak and that “winter is still coming. Yigal Unna, the director of Israel’s National Cyber Directorate, said that the goals of this shield will be ensuring detection, investigation and mitigation of threats against civilian targets and government-owned companies and utilities, and will also include expanding the data-sharing network the nation already has in place, with some 600 trusted members, including academics, industries and government entities, sharing experiences and incidents to mitigate damage and risks.”
Netherlands
Dutch Organisations Must Unite to Fight DDoS Attacks
“Experts in the Netherlands call on Dutch corporations and institutions to work together to help prevent distributed denial of service attacks.”
Singapore
Singapore Remains Hotbed for Cyber Threats
“Singapore was a victim of advanced persistent threats, phishing and website defacements in 2017, according to the latest threat landscape report by the Cyber Security Agency.”