ICD Brief 93.
This week’s mega edition leads with tightened and expanded cyber security laws and regulations in US, Australia, China, India, Israel, NATO and the UK. The BRICS move toward an Intelligence Forum in terrorism, crime and cyber. The Chief Information Officer of the National Nuclear Security Agency and the Editor of China’s leading science and technology magazine both criticized their governments’ focus. CyberPatriot’s Middle Schoolers are learning how to protect the US from hackers.
A special welcome to our new readers. Two messages for our ICDnetwork this week: from Robert H’obbes’ Zakon and Sean Costigan. The ICD Weekly Brief is our pro-bono invitation to friends and colleagues (now in 42 countries) to chart a global movement from plans to execution of laws, standards, new partnerships. Previous editions are HERE on our website.
Here’s a sampling.
- Cyber Command moves closer to a major new weapon
- 2018 Black Hat USA Research: 74% of Security Professionals Suggest Privacy, Personal Identity Could Be Impossible to Protect
- Australia’s Security Agencies Have Never Been This Powerful
- China’s cybersecurity law is biased and open to abuse, but it may not stop others copying it
- Why Is Israel’s New Proposed Cybersecurity Law Raising Hackles?
- Can NATO’s New Cyber Strategy Survive Risky Summits?
- Singapore’s Perceived Openness to Blockchain, Cryptocurrency Tech a Cybersecurity Risk: CrowdStrike VP
- UK Government Cybersecurity Standard Welcomed
Banning Software Isn’t the Route to Cybersecurity, Nuclear Security Agency Official Says
“The government should be focused on mitigating the danger any software can pose, rather than banning software from China and elsewhere, the NNSA CIO says.”
CyberPatriot Trains Kids to Protect America from Hackers
“The scene doesn’t look all that different from study hall or an after school club meeting. Middle school students, aged 12 to 14, sit huddled around computers. There’s light chatter but most kids are silent, intently focused, faces lit by the glow of their screens.”
Cyber Command moves closer to a major new weapon
“The Air Force issued a formal proposal earlier this month for the Department of Defense’s long-awaited cyber weapon system, known as the Unified Platform, sources tell Fifth Domain.
Pentagon leaders have said the Unified Platform will house offensive and defensive tools, allow for command and control, situational awareness and planning.”
2018 Black Hat USA Research: 74% of Security Professionals Suggest Privacy, Personal Identity Could Be Impossible to Protect
“While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security professionals don’t believe that individuals will be able to protect their privacy and online identity, even with precautionary measures and new regulations such as GDPR.”
Summary: The Department of Homeland Security’s Cybersecurity Strategy
“Amid concern about the security of the midterm elections and high-profile attacks on private companies, on May 16, the Department of Homeland Security issued its Cybersecurity Strategy, as mandated under Section 1912 of the 2017 National Defense Authorization Act. The strategy provides DHS with a five-year framework for reducing cybersecurity vulnerabilities, building resilience and enhancing response capabilities.”
Bill Codifying Federal Role in ICS Cybersecurity Clears House
“A bill codifying the Department of Homeland Security’s (DHS’s) role in addressing industrial control systems (ICS) cybersecurity has cleared the U.S. House of Representatives.”
OMB Releases Report on Federal Cybersecurity Risk
“The White House Office of Management and Budget (OMB) released in May 2018 its report to the president on federal cybersecurity risk determination. The report, which responds to the President’s May 2017 Executive Order 13800, entitled “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” comes as several key reports also required by Executive Order 13800 have been recently released in full or in summary form. ”
Private Sector Isn’t Sharing Data with DHS’s Threat Portal
“For years, U.S. government officials have been trying to provide firms with actionable threat data in time for corporate officials to block hackers from compromising their networks. The 2015 Cybersecurity Information Sharing Act (CISA) gave firms legal cover to provide threat data to the government; the Department of Homeland Security rolled out an automated threat-sharing program in 2016; and Republican and Democratic administrations have preached the information-sharing gospel at conferences across the country.”
New York Issues Cybersecurity Regulation for Credit Reporting Agencies
“The New York Department of Financial Services (DFS) is implementing new cybersecurity regulations for credit reporting agencies in an effort to protect consumers from data breaches—largely in response to the 2017 breach experienced at Equifax.”
Australia’s Security Agencies Have Never Been This Powerful
“When Prime Minister Malcolm Turnbull established a mega Home Affairs department, he called it “the most significant reform of Australia’s national intelligence and domestic security arrangements” in more than 40 years. One year later, these changes have cemented the pre-eminence, if not dominance, of intelligence agencies like ASIO and ASIS in making our foreign policy.”
Audit Finds New Evidence of Cyber Security Failings with Government
“Scrutiny by the Australian National Audit Office (ANAO) has revealed that the National Archives and Geoscience Australia are yet to implement key cyber security mitigation strategies mandated by government policy.”
Australia’s Cyber Start-Up Scene Awaiting Take-Off
“On the back of unprecedented attention and awareness, the Australian cyber security industry is calling on the venture capital and corporate sector to get fully behind it as it prepares to lift off.”
Terror, cyber crime hot topics for BRICS
“Durban – Cyber crimes, terrorism, counter-terrorism, money laundering, human trafficking and transnational organised crimes were major talking points on Friday before BRICS security ministers went into a closed meeting.
The ministers from Brazil, Russia, India, China and South Africa met at Durban’s Maharani Hotel for day two of their 8th BRICS National Security Advisers meeting ahead of the summit next month.
Minister of the Institutional Security Cabinet, General Sergio Etchegoyen from Brazil, said it welcomed the dialogue BRICS had established in the domain of intelligence and related arena of counter- terrorism.
‘It has been very productive for us to have become acquainted with the challenges and experiences of our BRICS partners in the realm of cyber-security.’”
China’s cybersecurity law is biased and open to abuse, but it may not stop others copying it
“Daniel Wagner says critics are right to say the law gives Chinese companies an unfair edge and raises important privacy concerns. The fear is that other countries are more likely to adopt this model than the EU’s more cumbersome one favouring rights protection.”
China must stop fooling itself it is a world leader in science and technology, magazine editor says
“China is fooling only itself if it thinks it will soon overtake the United States as a world leader in science and technology, according to the boss of a state-owned publication dedicated to the subject.”
Chief of Staff: Cyber Forces Command to Be Formed Next Year
“The Czech military wants to establish a new cyber forces command at the beginning of next year, Chief of Staff Ales Opata said at the Zofin Forum conference, devoted to the military and Czech defence industry, on Thursday.”
Indian Ministry of Defence Plans to Strengthen the Country’s Cybersecurity
“On 19 June, the Department of Defence held a workshop on the development of the Cyber Security Framework. It was inaugurated by the Minister of Defence, Mrs Nirmala Sitharaman and more than a hundred representatives from the Directorate General Quality Assurance (DGQA), the Directorate General of Aeronautical Quality Assurance (DGAQA) and the Defence Public Sector Undertakings and Ordnance Factories attended the workshop.”
Israel Seeks Global Help for Cyber Shields
“Israel is looking to collaborate with several countries including India to develop statelevel cyber shields through its nodal agency Israel National Cyber Directorate (INCD).”
Why Is Israel’s New Proposed Cybersecurity Law Raising Hackles?
“Even as Israel’s privacy and democracy watchdogs welcome a cybersecurity law that would help the nation fend off damaging attacks to its businesses and critical infrastructure, they are warning that a newly proposed law, now up for comments, is not beneficial to democracy.”
Can NATO’s New Cyber Strategy Survive Risky Summits?
“Amid a resurgent campaign of Russian cyber aggression and a high-stakes summit that is just days away, NATO has bolstered its digital protocols, a move that experts say will reshape how the organization defends itself.”
Singapore’s Perceived Openness to Blockchain, Cryptocurrency Tech a Cybersecurity Risk: CrowdStrike VP
“The Monetary Authority of Singapore has issued prior advisories on investing in initial coin offerings, but its measured stance is seen as encouraging to the industry and could usher in online threats to the country, says cybersecurity veteran Adam Meyers.”
Singapore Science Agency to Share Cybersecurity Vision
“Singapore’s Agency for Science, Technology and Research (A*STAR) will share its vision for cyber security at Innovation Labs World on 25 September.”
UK Government Cybersecurity Standard Welcomed
“The UK government has published a minimum cyber security standard for all departments, which some members of the information security community have welcomed as a step in the right direction, while others have said it does not go far enough.”