ICD Brief 96.
16.07.2018.-22.07.2018.
This has been an exceptional week watched by billions – an unsettled week in global geo and cyber politics dominated by reactions to the Helsinki Summit, the 2018 World Cup in Russia, the NATO summit, Brexit uproar and cabinet resignations and the working visit to the UK. And the endless posing of questions, concerns, shock, fear and above all, anger.
It’s our good fortune that the annual Aspen Security Forum gives us a unique opportunity to bring you immediate reactions and answers from the global security elites who gathered July 18-21, 2018 in Aspen, Colorado. I’ve included the link to all the Aspen videos with several featured.
US
U.S. Energy Regulator Pushes for Disclosure of Cyber Attacks on Electric Grid
“The Federal Energy Regulatory Commission (FERC), an energy industry regulator, called for the power industry’s regulating body, the North American Electric Reliability Corp, to expand rules that require reporting of cyber security incidents to include attempts that might facilitate future efforts to disrupt the grid.”
Justice Department Plans to Alert Public to Foreign Operations Targeting US Democracy
“The Justice Department plans to alert the public to foreign operations targeting U.S. democracy under a new policy designed to counter hacking and disinformation campaigns such as the one Russia undertook in 2016 to disrupt the presidential election. The government will inform American companies, private organizations and individuals that they are being covertly attacked by foreign actors attempting to affect elections or the political process.”
Helsinki Aftershocks Jolt US Security Elite – Overview
“The agenda of the forum reflects current preoccupations. This time, that means Russia and cyber (and sometimes both together). One of the interesting shifts is the relative lack of emphasis on terrorism which has dominated American national security thinking since the September 11th attacks.
Other key messages were a constant warning that even though much of the current focus is on Russia, China remains the greatest challenge for US national security – including in its ability to exert economic and covert influence in America and around the world.”
Aspen Security Forum Video Library
Deputy Attorney General Rod Rosenstein
A Chat with the Director of the FBI
A Look Over My Shoulder: The DNI Reflects and Foreshadows
America First – Kristol, Friedman, Harmon, Hewitt, Westmacott
Microsoft Foils Hacking Attempt on 2018 Election Candidates
“Microsoft recently stopped an effort to hack three US candidates up for election this year. The attack relied on a spoofed Microsoft domain to target the candidates’ campaign, company vice president Tom Burt said during a panel session at the Aspen Security Forum on Thursday.” More information in the video (11:50- 18:56): Defending Democratic Institutions: Election 2018 and Beyond- Tom Burt Microsoft
NY Aims to Boost Election Cyber Security
“New York is taking steps to ensure its elections infrastructure is protected from cyber attacks by foreign hackers. Governor Andrew Cuomo announced an initiative with the Board of Elections that will help county election boards strengthen their cybersecurity measures.”
Marines Stand Up First-of-Its-Kind Tactical Cyber Team
“The Marine Corps has activated the first of its new defensive cyber companies. According to a Marine Corps news release, the company will perform include mission assurance actively hunting for advanced persistent threats that evade routine security measures.”
EU
EU, China Setting Global Cyber Standards
“The U.S. is ceding ground in the race to shape global standards and laws around cybersecurity, according to Eric’s new story for Pros. While Congress and multiple presidents have spent years supporting the tech industry’s aversion to new regulations, the EU and China have forged ahead with laws that are setting the tone for digital security and privacy regulations.”
Insurance
Cybersecurity Tops D&O Liability Risk
“Cybersecurity is the top directors and officers (D&O) liability concern for organizations today, while claims brought by employees, including claims for harassment or discrimination, and regulatory enforcement risks are also critical D&O exposures.
According to Willis Towers Watson’s 2018 Management Liability (Directors and Officers) U.S. Survey, the top D&O risks “in the coming year” include cyber incident/cyber claims (80%), claims by employees (55%), and regulatory and enforcement risks (48%).”
How to Tackle Cyber Risks in the Age of GDPR
“For digital businesses across all industries and markets, there are a number of risks that freelancers and contractors may face as a result of the new GDPR regulations. In this article, Janthantha Kaenprakhamroy, founder of on-demand insurer Tapoly explores what you need to consider when embarking on new projects, contracts and activities to ensure you not only protect yourself against any risks of regulation breaches, but remain an attractive candidate for future work.”
India
Government of India to Give Preference to Cybersecurity Products Manufactured by Domestic Companies
‘Cybersecurity products in which intellectual property rights are owned by firms or start-ups organised in India will get preference in all public procurement. The aim is to increase income and employment in the country.”
Iran
Iran Has Laid Groundwork for Extensive Cyberattacks on U.S., Say Officials
“Iran has positioned cyber weapons to hit private firms and infrastructure, but there is no suggestion an attack is imminent, say U.S. officials.”
Israel
Israel Railways to Build Cybersecurity Centre
“ISRAEL: National operator Israel Railways has awarded government-owned Rafael Advanced Defense Systems a US$8·2m contract for the development of a Cyber Security Operation Centre. This is intended to provide ISR with improved monitoring and control capabilities, and better protection against attempts to penetrate and attack its electronic systems. “
Northern Europe
CSC (FINLAND),DEIC (DENMARK),NORDUNET (EUROPEAN NORDIC),SUNET (SWEDEN),UNINETT (NORWAY)
Protecting the Research & Education Sector against Cyber Attacks
“A crucial part of operating a network providing connectivity to research and education is security. That is why many R&E networks have a Computer Emergency Response Team, CERT, to handle security incidents. And as cyber attacks increase steadily in frequency and scale, the importance of defending ones own network against attackers increases as well. In this effort R&E network CERTs collaborate closely, both with each other and with CERTs operated by commercial network providers.”
Singapore
SingHealth Cyber Attack: How It Unfolded Timeline
“In Singapore’s worst cyber attack, hackers infiltrated the databases of SingHealth, the largest group of healthcare institutions here. The personal particulars of 1.5 million patients, including the outpatient prescriptions of Prime Minister Lee Hsien Loong and a few ministers, were stolen.”
Thailand
Thailand 4.0: The Smart Grid Project
“Thailand 4.0 is an initiative to transform cities like Phuket, Chiang Mai, Khon Kaen and Bangkok into technology hubs. The Thai government aims to develop 100 smart cities within two decades.”
UK
UK Criticises Security of Huawei Products
“A UK government report into Huawei’s broadband and mobile infrastructure equipment has concluded that it has “only limited assurance” that the kit poses no threat to national security
The investigation revealed shortcomings in the Chinese firm’s engineering processes, which it said ‘have exposed new risks in UK telecoms networks.’”