ICD Brief 98.
27.08.2018.-03.09.2018.
Welcome to our Labor Day Edition. The world has not rested if some of us did during August. We’ve brought you a mass of updates from the US, Australia, China, Germany, India, Iran, Japan, Kenya, Lithuania, Poland, Sweden, UK and a Feature on Cyber mercenaries on everything from the latest working partnerships, elections, new talent discoveries, how hacking is helping the US government diminish vulnerabilities.
Here’s a sampling:
- DHS, ‘Five Eyes’ partners issue statement on encryption, supply-chain ‘certification’ after Australia summit;
- Free Cybersecurity Services Offer a First Step to Securing US Elections;
- Companies open doors to talent with autism;
- Lithuanian Media Sign Pact with Govt to Counter Hackers;
- The grave dangers of cyber wars — who will protect investors? ;
- Japan’s Abe calls for better cyber and space defence capabilities;
- Kenya Banks, Telcos to File Cybersecurity Rules;
- Sweden Struggles with “Country in Chaos” Social Media Attacks;
- The Rise of the Cyber-Mercenaries;
The Fall is upon us; In the near term, I’ll be writing from London, Edinburgh, Brussels and Minneapolis in October and returning to speak in Paris in early November. You can avoid the long haul travel and meet counterparts and a host of international global experts at the Cyber Security Summit 2018 -Securing our Future, from War Room to the Board Room in the Minneapolis Convention Center, October 22-24. Please use my Advisor’s 15% discount by entering AB2018 when you register here. We are hoping to surpass our 2017 record of more than 1,000 participants from 30 states and 10 countries.
U.S.
“The Department of Homeland Security joined with its counterparts in Canada, Australia, New Zealand and the United Kingdom in issuing a joint statement that offers a policy framework on encryption to address longstanding tensions between law enforcement and privacy and tech industry advocates, while committing to work on supply-chain cybersecurity risks including the use of “certification practices” for protecting networks and securing emerging technologies. The wide-ranging statement from the “Five Country Ministerial” released Thursday, following a two-day meeting on the Gold Coast of Australia, includes a section on cybersecurity and a separate “statement of principles” on encryption.”
FBI to Political Campaigns: Up your ‘cyber hygiene’
“With the clock ticking down to the 2018 midterm elections, the FBI has published a series of instructional videos aimed at political campaigns with an urgent message: it’s time to up your cybersecurity game.”
Free Cybersecurity Services Offer a First Step to Securing US Elections
“Some key security vendors – including Microsoft, Google, Cloudflare – are offering pro bono services and tools for election jurisdictions and campaigns this election season. But will it help?” Lyft offering discounted and free rides for midterm elections
“HackerOne is a bug bounty platform that connects businesses and government agencies with its 200,000-strong global network of hackers hunting for vulnerabilities. You may recognize HackerOne from the Defense Department’s six bug bounty programs: Hack the Pentagon, Hack the Air Force (twice), Hack the Army, Hack the Defense Travel System, and most recently, Hack the Marine Corps.
To date, HackerOne has exposed 77,000 vulnerabilities that have been fixed. And it all starts with that first small step.”
Companies Open Doors to Talent with Autism
From this morning’s CBS Morning. Corporations have identified a deep reservoir of talent in spectrum candidates by changing the interview process. Worth a full listen-11:27 minutes; I have only included small quotes. ACB
“Last year, 50 big-name companies — including JP Morgan, Ford and Ernst & Young — came together for a summit on how to bring more autistic adults into the workforce. It was hosted at the Silicon Valley campus of German software maker SAP, which was one of the first large companies to reach out to the autistic community. It started its Autism at Work Program five years ago, and since then it’s hired 140 people on the spectrum, with the goal of hiring more than 600.
At Microsoft, however, there was no need to hide his autism; they were looking for it. Instead of the traditional job interview focusing so heavily on social skills, the company has replaced it with a vetting process that lasts for weeks, and team building exercises like one called the Marshmallow Challenge.”
Girl Scouts Becoming Cyber-Scouts through Partnership with County College of Morris
Girl Scouts are being recruited into the ranks of Americans who will lead the future battle against hackers aiming to disrupt the public and private sectors of the United States.
Exclusive: U.S. Accuses China of ‘Super Aggressive’ Spy Campaign on LinkedIn
“The United States’ top spy catcher said Chinese espionage agencies are using fake LinkedIn accounts to try to recruit Americans with access to government and commercial secrets, and the company should shut them down.”
Australia
Five Country Ministerial 2018- ‘Five Eyes’
“This year’s FCM meeting recalibrated the forum to focus on tangible deliverables and practical collaboration on counter-terrorism, countering violent extremism, cyber security, countering foreign interference, protecting critical infrastructure, border management and law enforcement.
In the event of a severe foreign interference incident within our sovereign nations, we agreed the five countries would coordinate on appropriate responses and attribution.”
Australia Has No Dedicated Minister for Cyber Security
“Australian Prime Minister Scott Morrison has appointed his new cabinet on Sunday 26 August without naming a minister for cyber security. Morrison, who was sworn Australia’s Prime Minister on 24 August, decided to roll the cyber security functions into the Department of Home Affairs instead of appoint a replacement to Angus Taylor who resigned on 23 August.”
Baltics/Lithuania
Lithuanian Media Sign Pact with Govt to Counter Hackers
“Lithuania’s major online media outlets on Tuesday signed an agreement to work with the defence ministry as they try to fend off a growing barrage of cyber attacks, largely blamed on Russia.”
China
China Cybersecurity and Data Protection
Lexology’s monthly update on the Chinese developments in the domain of cybersecurity and data protection, summarizing the key events in the field.
Germany
Germany, Seeking Independence from US, Pushes Cybersecurity Research
“Germany announced a new agency on Wednesday to fund research on cyber security and to end its reliance on digital technologies from the United States, China and other countries.”
India
The Grave Dangers of Cyber Wars — Who Will Protect Investors?
“Recently a Pune-based co-operative bank, Cosmos Bank, set up in 1904, came under a cyberattack. Within minutes, the credit card data of its customers was hacked into, and transactions carried out using them, in foreign countries, totalling —₹94 crore. Who bears this loss? The PM has assured, in his Republic Day Address, that honest taxpayers will be protected. Will they? Can they?”
EU Not Willing to Clarify Concept of Budapest Convention: Dr Gulshan Rai
“While the European Union (EU) has been asking India to ratify the Budapest Convention on Cybercrime, it is not willing to clarify the concept of the international treaty created by the Council of Europe, a top government official said at an ASSOCHAM event held in New Delhi today.”
Iran
Cybersecurity Comes to the Fore in Iran
“With the exponential growth of online services and application of modern technologies to all aspects of life, governments around the globe are facing new threats in the form of malware and cyber attacks. In order to outline the Iranian government’s activities in the field of cybersecurity, a conference was held at the ICT Ministry earlier this week.”
Japan
Japan’s Abe calls for better cyber and space defence capabilities
“Prime Minister Shinzo Abe on Wednesday called for strengthening Japan’s defence capabilities in new fields such as cyberspace and outer space, citing the rapidly changing security situation surrounding the country.” Cyber- and electronic warfare at core of Japan’s defense policy
Japanese Police Adopt Cybersecurity Software to Trace Bitcoin Transactions
“After several instances of cryptocurrency-based crime and a stark increase in the use of cryptocurrencies as a money-laundering tool, Japan’s National Police Agency (NPA) revealed it would launch a crypto-tracking software to trace digital currency transactions in the country.”
Kenya
Kenya Banks, Telcos to File Cybersecurity Rules
“The Central Bank of Kenya has directed payments service providers to deposit their cybersecurity policies with it before the end of this month, as part of the government’s plan to tighten financial security amid increasing cyber-attacks.”
Poland
Polish Parliament Enacts National Cybersecurity System
“The Parliament of Poland today (28.08.2018.) passed into law a new act that will fully implement the NIS Directive, the European Union’s directive on security of network and information systems.”
Sweden
Sweden Struggles with “Country in Chaos” Social Media Attacks
“Facing what could be the most tumultuous election in a century, the nation’s institutions and political groups have come under increasing cyberattacks that are threatening to disrupt the outcome. There has been a proliferation of new “bots” on Twitter that are primarily stumping for the nationalist, anti-immigration Sweden Democrats and attacking the ruling Social Democrats.”
UK
UK to Establish Cybersecurity Investment in Kenya
“Following Theresa May’s maiden visit to Nairobi yesterday after a 30-year hiatus by a sitting British Premier, investment in security featured prominently among promises made. While expressing the special relationship that Kenya shares with the UK Theresa May commented that “Indeed it is here that our Monarch learned she would become queen.” UK already hosts a training ground for British troops in Nanyuki as well as about 100 British companies that operate in Kenya valued at £ 2.0 billion.”
Feature
The Rise of the Cyber-Mercenaries
By: Neri Zilber (Foreign Policy)
“The first text message showed up on Ahmed Mansoor’s phone at 9:38 on a sweltering August morning in 2016. “New secrets about torture of Emiratis in state prisons,” it read, somewhat cryptically, in Arabic. A hyperlink followed the words. Something about the number and the message, and a similar one he received the next day, seemed off to Mansoor, a well-known human rights activist in the United Arab Emirates. He resisted the impulse to click on the links.