“Once More, Unto the Breach, Dear Friends, Once More” – ICD Brief 102.

ICD Brief 102.


Greetings from sunny Haymarket (Virginia)! Next week, I’ll be under an umbrella close to Haymarket Station in Edinburgh.

A year ago, I’d lead with the Facebook breach. Today, you will see a change: from reaction to anticipation, from unknown values to probabilistic risk models, from a vacuum of governance to a growing body of best practices and emerging rules of engagement, from voluntary guidance to regulations and laws.


Facebook’s Security Breach Shows Even Significant Security Investment Might Not Help

“The biggest technology companies, finance firms and technology giants — including Facebook which now reports up to 50 million user accounts may have been taken over by criminal hackers — invest many millions in cybersecurity and still fall victim to significant attacks.”

Army Wants to Change Its Cyber Training to Beef Up Ranks

“The military is facing a shortage in cyber talent and the Army is considering changing the way it trains its cyber soldiers to deal with the shortfall. The cyber realm is demanding an increasing number of civilian and military experts for defensive, offensive and maintenance jobs.”

New ISA/IEC Standard Specifies Cybersecurity Capabilities for Control System Components

“Research Triangle Park, North Carolina USA (25 September 2018) – The ISA/IEC 62443 series of standards, developed by the ISA99 committee as American National Standards and adopted globally by the International Electrotechnical Commission (IEC), is designed to provide a flexible framework to address and mitigate current and future security vulnerabilities in industrial automation and control systems (IACS).”

DOD Struggles with Loss of Cyber Personnel

“The Defense Department lost thousands of civilian cyber workers in the past year, mainly in IT management and computer science-related positions, a senior defense official testified at a Sept. 26 Senate hearing.”

Ransomware Attack Hits Port San Diego

“The Port of San Diego is facing the storm surge of a cyberattack against its computer systems. On Wednesday, the Port of San Diego’s CEO, Randa Coniglio, said in a statement that it suffered a “serious cybersecurity incident,” which it first learned about on Tuesday. A spokesperson for the port told sister site ZDNet that the attack was a ransomware infection, but didn’t provide further details.”

Electric Industry, Government Work Together to Enhance GridCybersecurity

“As protecting critical infrastructure from cyberattacks has become a national priority, the electric power industry and U.S. government agencies have strengthened their partnership in order to better tackle energy grid cybersecurity.”

New York’s Laser-Focused Move to Better Cybersecurity

“Summer 2018 was dominated in the EU by the General Data Protection Regulation (GDPR), and in the US, by the California Consumer Privacy Act of 2018 (CaCPA, otherwise known as California GDPR). Both of these regulations on data represent a significant shift in how the business community manages and protects consumer information. If you read the fine print, both of these regulations will ultimately drive more action oncybersecurity.”

California Will Be the First State to Implement IoTCybersecurity Law Starting January 1, 2020

“Lights which know when you are awake, doors which can sense if it is a stranger, and a houseful of such ‘connected devices’ controlled by a single app, and you know there is a likelihood of a digital apocalypse in the near future if we don’t have set laws. To avoid a future catastrophe, California Governor Jerry Brown has signed a cybersecurity law covering smart devices, making the state a first with such a law, The Verge reported.”


NSW Government’s New Cybersecurity Strategy

“Today, the NSW government launched its new cyber security strategy. The strategy is aimed at boosting public sector capability across government departments and agencies. It comes off the back of a call earlier this year by the NSW auditor-general for urgent action to improve the ability of state government agencies to detect and respond to cyber security incidents.”

Australia’s New Spyware Bill Sparks Fears of CybersecurityRisks

“New legislation introduced in Australian parliament to weaken encryption laws in order to allow law enforcement greater access to encrypted communications is raising concerns over privacy and the country’s cybersecurity.”


Estonia Ranks First in the World in the National CybersecurityIndex

“Estonia jumped two places after an update by the country’s ministry of defence, notifying the national cyber security index team of the recent establishment of the Cyber Command at the Estonian Defence Forces.”


New Belgian Cyber-Security Platform To Protect Start-Ups From Hackers

“A collaborative fintech platform in Belgium has launched an innovative new program aiming to improve cyber-security for start-ups. Trusted Fintech, which was launched by B-Hive Europe during the Digital Finance Europe conference in Brussels, will deliver a five-module program focused around people, process and technology. When a start-up successfully completes the program it then obtains the ‘Trusted Fintech’ label – a safety guarantee which B-Hive hopes will encourage further investment.”


EU Politicians Push for Cybersecurity and Data Audit of Facebook

“European Union politicians appear set to demand audits of Facebook by Europe’s cyber security agency and data protection authority in the wake of the Cambridge Analytica scandal. A draft resolution submitted on Thursday to the EU Parliament’s civil liberties and justice committee urged Facebook to accept “a full and independent audit of its platform investigating data protection and security of personal data”.”

IoT Update: The E-Privacy Regulation – Impact on the IoT market

“This post looks at the implications of the E-Privacy Regulation for IoT manufacturers starting with a short summary of the GDPR and some of its effects.”


German Cyber Defense Blends Military and Commerce

“A cyber defense training pact has been signed by Deutsche Telekom and Germany’s Bundeswehr. Their deal expands a network of commercial and federal information security hubs centered in Bonn.”


Israel Emphasizes Role as International Cybersecurity Hub

“Israeli Ambassador to Italy Ofer Sachs, speaking at the Cybertech Europe conference on Wednesday in Rome, said his country is among those receiving the most cyberattacks worldwide.”


Philippines Collaborates with Russia on Cybersecurity

“Both parties agreed to cooperate on mutual response tocybersecurity incidents and information-exchange oncybersecurity threats, policies and technologies. The Philippines is also seeking to sign MoUs with other countries, similar to Russia’s, to further strengthen its cybersecurity posture.”


Serbia Tightens Cyber-Security As Internet Crime Rises

“Amid a rise in such attacks last year, Serbia plans to tighten its cyber-security and form special units to combat high-tech crime. According to the Cybercrime Strategy, Serbia will establish several units within the police, military and customs to fight online crimes. Civil servants will participate in training, which will be also held for parents, in schools, in the media, and for bank clients, focusing also on child pornography and internet security. “

Southeast Asia

“On September 14th, ASEAN, a Southeast Asian regional cooperative consisting of ten member-nations, opened the ASEAN-Japan Cyber Security Capacity Building Centre in Bangkok, Thailand. The Centre is designed to train personnel from member countries in countering cyber threats.”


“A new Easy Access IP licence has been granted for a game which helps stop cyber attacks  Defence Science and Technology Laboratory
Scientists at the Defence Science and Technology Laboratory (Dstl) have developed a cyber card game which helps staff identify and learn about some of the key open source techniques a cyber aggressor might use to gain insight, access and control over industrial and commercial infrastructures.
Extensive testing of the game and positive stakeholder feedback has shown a very rapid initial learning curve compared to conventional training alone and this contributed to the game winning the 2018 Dstl ‘Innovator of the Year’ award.”
“In an announcement, the firm said it is now a GCHQ-certified training provider for its course “Understanding Cybersecurityand Insurance,” which is offered to brokers and client risk managers through the AXIS Cyber Centre of Excellence.”


 Note: This article is based on a presentation at the Informal Meeting of EU Foreign Ministers in Vienna on August 31, 2018.
“The strength of our society rests on the strength of our IT. In a world where everything is connected—phones, cars, houses, electric grids, supermarkets, hospitals, financial systems and satellites—everything can be disrupted, if not destroyed. For several years, cyber threats have featured at the top of the risk assessments of government ministers, diplomats, intelligence officials and military leaders. What is missing in these debates is a grand strategic vision. Cyber diplomacy and cyber defense should become the bread and butter of our foreign and security policy debates.”
By Nick Ismail    Information Age
“Today, the SANS Institute Threat Hunting Survey report concludes that organisations are beginning to find cyber threats more effectively.
However, whilst techniques, tools and the scope of threat hunting is expanding, the practice is still relatively poorly defined amongst IT professionals. Most organisations are still reacting to alerts and incidents, instead of proactively seeking out intruders.”


This entry was posted in Weekly Brief. Bookmark the permalink.

Comments are closed.