ICD Brief 112.
This edition updates on increased spending, new laws and penalties and a rush to deal with threats and solutions on a global scale.
Germany’s Command Cyber and Information Space: Bundeswehr: Well prepared for the cyber war? is the first in a new series on how public and private sectors are organizing for cyberwar and cybersecurity.
I’ve returned to our short form of links to our articles this week ahead of the summary version. Would really appreciate your opinion on which format you prefer. I welcome your Comments on this and will report back.
“The US needs improved cybersecurity policies if it’s going to catch up with the practices in the rest of the world, Sen. Mark Warner said Friday, adding that the government has failed to recognize the seriousness of the situation.
The Virginia Democrat, who serves as vice chairman of the Senate Select Intelligence Committee, said US cybersecurity fails to provide adequate protection of critical infrastructure or guard against the dissemination of disinformation online. He made the comments in a keynote address at the Center for a New American Security in Washington.”
“The arrest of Huawei CFO Meng Wanzhou in Canada for possible Iran sanctions violations yesterday has deeper roots in a difficult legal history between the hardware giant and U.S. regulators and intelligence agencies.”
“US financial firms expect higher cybersecurity spending in 2019 as they face bigger threats and more attacks, a new survey report by Thales eSecurity said • About 36 percent of companies said they experienced an intrusion in 2018, up from 24 percent in last year’s survey • Most financial firms still spend too much on defending personal computers despite awareness that it’s the least effective strategy, the survey found. More attention should be paid to network security, according to Thales.”
“The National Risk Management Center at the Department of Homeland Security is working to develop a list of national critical functions, functions so important that a disruption could cause a national or economic security crisis, by the end of the year.”
“The Department of Homeland Security’s (DHS) Office of Biometrics Identity Management (OBIM) is being transferred to DHS’s Management Directorate, DHS announced following President Trump signing the Cybersecurity and Infrastructure Security Agency (CISA) Act of 2018 into law, a required by the legislation. DHS said — providing a brief fact sheet along with the announcement – that, OBIM’s “placement within the DHS headquarters supports expanded collaboration and ensures OBIM’s capabilities are available across the DHS enterprise and the interagency.”
“As of March 1, 2019, covered entities will be required to be in compliance with the New York Department of Financial Services Cybersecurity Regulation Section 500.11, the Third Party Service Provider Security Policy. What are the key requirements? Attorney Ted Augustinos, a partner at Locke Lord LLP, outlines the new compliance landscape.”
“A controversial bill allowing spies and police to snoop on the encrypted communications of suspected terrorists and criminals was passed in Australia on Thursday, as tech giants warned of wide-ranging implications for global cybersecurity.”
“Governments need to “turn from public private partnership slogans to real partnerships” on cybersecurity, former Estonian foreign minister Marina Kaljurand told the Black Hat infosec conference in London this morning.”
“Russia’s intelligence services were behind cyber attacks targeting the Czech foreign ministry last year, the Czech security service said on Monday (3 December) in its annual report.”
“The European Union should be worried about Huawei [HWT.UL] and other Chinese technology companies because of the risk they pose to the bloc’s industry and security, the EU’s technology chief said on Friday, echoing concerns raised elsewhere in the world.”
“The cyber and information space (CIR) should better protect Germany against cyber attacks. But the financing problems of the Bundeswehr and the lack of good personnel make cybersecurity more difficult.”
“The Union Home Ministry has come out with a booklet on cyber safety for teenagers that tries to address their increased use of smartphones, gadgets, online gaming, social media and fake news.”
“The Israeli cybersecurity company ITsMine announced this week that it will provide its artificial intelligence-based data protection solution free of charge to the hotel industry through the end of 2019.”
“Japan is to ban government use of telecoms products made by Chinese tech giants Huawei and ZTE on concerns about cybersecurity, according to reports on Friday.”
“The Monetary Authority of Singapore (MAS) announced this week the launch of a S$30 million (US$41 million) Cybersecurity Capabilities Grant to strengthen the cyber resilience of the financial sector in Singapore and help financial institutions develop local talent in cybersecurity.”
Security firm turned the tables on attackers targeting its chief financial officer in an email-borne financial scam.
BLACK HAT EUROPE 2018 – London – Call it karma or just poor OpSec, but a prolific global cybercrime organization recently blew its cover after inadvertently targeting executives at a security firm.
“The infamous Nigerian/UK group behind a rash of business email compromise (BEC) scams found itself on the other side of its own social-engineering scam when it posed as Agari CEO Ravi Kahtod in an Aug. 7 email sent to Raymond Lim, chief financial officer at Agari, an email security company.”
“At a meeting this week between Huawei executives and senior officials from GCHQ’s National Cyber Security Centre, the Chinese telecoms provider agreed to a series of technical demands which will change its practices in the UK, according to two people with knowledge of the discussions.”
“Marriott announced last week that it had suffered a major data breach. Hackers made off with the personal details of 500 million customers dating back to 2014. The Marriott cyber incident is just the latest of many occurring in recent years, often with what feels like escalating stakes. Many of these data breaches and cyberattacks cross geopolitical boundaries. They target individuals, corporations and governments and have led to the theft of information and money, as well as the disruption of critical infrastructure, such as power stations and hospitals.”