ICD Brief 107.
29.10.2018.-04.11.2018.
Greetings from Paris, where I have the honor of speaking at the first Natixis Investment Managers Cyber Security Summit this week.
I joined Parisians and visitors and walked down the middle of the Champs Elysee celebrating the first Sunday of the month. The Etoile was filled with bleachers and other indications of a big national celebration on November 11 of the Hundredth Anniversary of the end of the Great War.
The ICD 107 features The Future of Financial Stability and Cyber Risk by Jason Healey, Patricia Mosser, Katheryn Rosen, Adriana Tache of the Brookings Institute. It’s in our view, a major contribution to the academy.
USA
Why DOD Is Sending Cyber Teams to DHS Before the Election
“The Defense Department has sent cyber personnel to work with the Department of Homeland Security ahead of midterm voting in an effort to prevent or respond to election hacking attempts.”
New DHS Cyber Center Meets with Industry to ID Most Valuable Assets
“The meeting with officials from the communications, electricity and finance sectors will be followed by meetings with the other 13 critical infrastructure sectors in coming weeks, Mark Kneidinger, deputy director of Homeland Security’s National Risk Management Center told reporters after speaking before a Commerce Department advisory board.”
Interagency Programs to Protect Financial Sector from Cyber Attacks Off to a Good Start
“Two top cyber officials say initial pathfinders programs to protect the financial sector from cyber attacks are off to a good start and showing positive process for future programs.
‘What we are doing with the financial sector is taking that picture of what they’ve identified as key functions and risks to their industry and then we bring in the Defense Department, the intelligence community,’ said Jeanette Manfra, assistant secretary for the office of Cybersecurity and Communications at DHS, during a speech Tuesday at the Carnegie Endowment for International Peace in Washington.”
Prison Time, Hefty Fines for Data Privacy Violations: Draft US Senate Bill
“A senior Democratic U.S. senator on Thursday unveiled draft legislation that would allow hefty fines and as much as 20-year prison terms for executives who violate privacy and cybersecurity standards.”
Australia
AustCyber to Figure Out What “Cyber Skills” Actually Are
“It’s a project that sails boldly into the dangerous and uncharted waters of actual evidence-based policy. AustCyber is working with the Australian Department of Education and Training, and PwC’s Skills for Australia program, to understand our needs for cyber vocational education and training.”
Baltics/Estonia
e-Estonia: Could the Digital Powerhouse of Tallinn Be Your Next European Business Hub?
“Frequently hailed as one of the most digitally advanced societies in Europe, Estonia is carving its own unique path in today’s digital landscape. But could it be the right location for your European venture?”
Australia
AustCyber to Figure Out What “Cyber Skills” Actually Are
“It’s a project that sails boldly into the dangerous and uncharted waters of actual evidence-based policy. AustCyber is working with the Australian Department of Education and Training, and PwC’s Skills for Australia program, to understand our needs for cyber vocational education and training.”
Baltics/Estonia
e-Estonia: Could the Digital Powerhouse of Tallinn Be Your Next European Business Hub?
“Frequently hailed as one of the most digitally advanced societies in Europe, Estonia is carving its own unique path in today’s digital landscape. But could it be the right location for your European venture?”
China
“The Chinese Ministry of Public Security (MPS) on September 15, 2018, released the Provisions for the Supervision and Inspection of Network Security by Public Security Agencies, also known as “Circular 151.” This new regulation provides a legal basis and framework for wide-ranging authority for local law enforcement agencies (Public Security Bureau, or PSB) in China to enforce China’s cybersecurity and data privacy laws by conducting onsite or remote inspections of internet service providers, as well as any entities that use networks for their operations. Circular 151 officially comes into effect on November 1.”
EU
EU Cybersecurity Act: How a Little-Known Piece of Legislation Could Transform the Internet of Things
“The EU’s Cyber Security Act has two main purposes. Firstly, it will give ENISA, the EU’s cyber security agency, a permanent mandate. Its second function is to establish a new EU-wide certification framework for IT products, services and processes. While in the past networks comprised of a set number of devices, the emergence of the so-called “internet of things” has seen a huge rise in the size of the attack surface of any given organisation.”
India
“8 in 10 Indian Firms Have Cybersecurity Insurance, But Only Half Say It Is Full Coverage”
“Indian telco providers best prepared, with 60 percent reporting comprehensive cyber insurance.”
“Only half (48 percent) of Indian firms said their cybersecurity insurance covers all risks and 44 percent of Indian firms said their insurer based their premiums on an accurate analysis of their risk profile.”
NATO
Enhancing Cybersecurity in Ukraine
“As part of the NATO Defence Education Enhancement Programme for Ukraine, experts from allied countries visited the Serhiy Korolylov Zhytomyr Military Institute (ZMI) from 24 to 28 September, 2018 to assist with the development of a new course on cybersecurity. Ukraine is one of the first NATO partners (together with Tunisia) to develop such a course.”
Singapore
Singapore Sets Up World’s First Commercial Cyber Risk Pool
“Singapore is setting up the world’s first commercial cyber risk pool as part of efforts to develop the region’s capacity to deal with threats from cyber attacks, Finance Minister Heng Swee Keat announced at the 15th Singapore International Reinsurance Conference on Monday (29 Oct).”
’The pool will commit up to US$1 billion in capacity, and bring together both traditional insurance and insurance-linked securities markets to provide bespoke cyber coverage,’ he said.”
UK
Iranian Hackers Hit UK Cybersecurity Universities
“Iranian cybercriminals tried to hack into U.K. universities offering government-certified cybersecurity courses, successfully accessing at least one university’s accounts during a campaign lasting months.”
Vietnam
Vietnam to Tighten Up Conditions on Facebook and Google
“A draft decree on implementing the Cybersecurity Law will enforce tougher conditions on tech businesses like Facebook and Google. The Ministry of Public Security has publicized the draft decree to collect feedback for a month starting Friday.”
Feature
The Future of Financial Stability and Cyber Risk
by Jason Healey, Patricia Mosser, Katheryn Rosen, Adriana Tache
Brookings Institute
“This paper starts by examining traditional risks to financial stability, such as contagion from excessive leverage. It also examines the current regulatory frameworks and partnerships, both domestic and international, established to increase the resilience of the financial system to cyber risk. The analysis concludes with major concerns and potential gaps in understanding and mitigating cyber risks to financial stability.”