ICD Brief 115.
31.12.2018.-06.01.2019.
Greetings from a fractious nation’s capital! However, in terms of cyber, this takes on a more positive tone as the global multi-stakeholders begin to create the protocols of a new world order. Painful but clear progress from this time last year. There’s nothing like an incipient cyber war as an incentive.
Whose fault are all these attacks and what are we doing about them? This first edition brings you answers from the US, Brazil, China, the EU, Germany,Israel, Japan, Russia and the UK. We lead with an outstanding feature by Martin Giles.
USA
Hacker Cyber-Gang: Give Us Cyber-Cash for Cyber-Cache of 18,000 Sept11th Insurance Docs
“The hackers who claim to have breached a British insurer last year say their cache of pilfered files include confidential documents on the September 11 terrorist attacks.”
House Democrats’ First Bill Has an Eye on Election Security
“H.R. 1, the gargantuan first bill the new House Democratic majority will unveil Friday, is an anti-corruption grab bag that most prominently tackles campaign finance, sexual harassment and voting rights. But election cybersecurity will quietly play a major role in the bill, too.”
DHS Adds Cybersecurity Verification Platform
“Verodin, a leader in validating the effectiveness of cybersecurity controls, announced it has been approved to deliver critical cyber capabilities in support of the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) Program.”
US Government Taps into Nation’s Colleges for Cybersecurity Expertise
“The National Science Foundation calls cybersecurity “one of the defining issues of our time.” The U.S. is particularly vulnerable, according to Juniper Research, because of the substantial amount of national and international data located within a wide range of companies, governmental entities and institutions, with little regulation.”
SC Cybersecurity 6 Years after 6 Million Tax Records Stolen
“Six years after hackers stole millions of South Carolina tax records, the state has ended a program to monitor victims’ credit records, and is still working to improve cybersecurity.”
Brazil
Brazil’s New Science and Technology Minister Takes Over
“Brazil’s new minister of science, technology, innovation and communications has taken over yesterday (2), citing intentions of focusing on cybersecurity and artificial intelligence and pledging to review key areas such as Internet of Things and broadband coverage.”
China
China’s Cyber Police Take Aim at “Negative Information” in New Internet Crackdown
“China’s cybersecurity police announced a new campaign on Thursday targeting websites and web applications that spread what they called “negative information” on the internet.”
EU
EU Offers Cyber Protection to the World
“The European Union is now offering model legislation to its member states, and via spill-over power to similar supranational projects elsewhere, particularly ASEAN, as well as the Organization of American States, the African Union, the Shanghai Cooperation Organization and the rest of the world.”
EU to Offer Almost $1M in Bug Bounties on Open Source Software
“Listen up, ethical hackers: the European Commission is looking for your help to discover security flaws in some of the most popular free and open source software around. The Commission will fund a total of 15 ‘bug bounties’, prizes for people who actively search for security issues. Fourteen of them will start in January and the remaining one in March next year.”
EU Eyes Tougher Scrutiny of China Cybersecurity Risks
“The EU is looking to toughen scrutiny of potential security risks with Chinese technology companies in the wake of growing concerns about cyber theft and cyber espionage allegedly linked to Beijing.” [FT Subscription]
Germany
Angela Merkel and Senior German Politicians Targeted in Major Cyber Attack
“Private data stolen from hundreds of German politicians, including Chancellor Angela Merkel, have been released online, the German government said on Friday.”
Berlin’s Dilemma: My Way or the Huawei?
“As the US pushes allies to follow suit in closing the door to Chinese telecom firms, Berlin is finally waking up to cybersecurity risks. But some say Germany is still underestimating a wider threat.”
Japan
Japan to Store Critical Data Domestically Amid Cyberwar Fears
“Strengthening its cybersecurity measures against China and other potential state-sponsored threats, Japan is on track to impose domestic storage of electronic data generated by critical infrastructures like power and water suppliers.”
Russia
“Russia’s malware shows up on U.S. power grids, and its online trolls try to influence elections. China, meanwhile, stealsthe personal data and intellectual property of leading American corporations. The U.S., for its part, has its hackers on a war footing. So it may seem the prospects for dialogue — in this case, trialogue — are slim. Yet this is exactly what happened last month in Moscow among a group of former and current officials from China, Russia and the U.S.”
UK
Foreign Secretary Hunt Opens New Flagship BT Office in Singapore
“The Foreign Secretary, Jeremy Hunt will visit the headquarters of BT Singapore today (4 January) to officially open their new office and see how UK excellence in cyber security is helping businesses and local government secure their operations for the digital age.”
Public Sector Urged to Develop Cyber Workforce Plans
“The Government has urged public authorities to develop workforce plans to address a “capability gap” in their cyber security skills.”
New Cybersecurity Standard for Self-Driving Cars
“A new cyber security standard for developing technology incorporated into self-driving cars has been released by the British Standards Institute.”
Vietnam
Vietnam’s Controversial Cybersecurity Law Spells Tough Times for Activists
“On the first day of 2019, Vietnamese dissidents, human rights activists, and bloggers weren’t celebrating – they were worrying about the new cybersecurity law that went into effect that same day in Vietnam.”
Featured
Five emerging cyber-threats to worry about in 2019
The risks include AI-powered deepfake videos and the hacking of blockchain-powered smart contracts.
by Martin Giles
“ We’re going to see more mega-breaches and ransomware attacks in 2019. Planning to deal with these and other established risks, like threats to web-connected consumer devices and critical infrastructure such as electrical grids and transport systems, will be a top priority for security teams. But cyber-defenders should be paying attention to new threats, too. Here are some that should be on watch lists:”
The Future of Vulnerabilities Equities Processes Around the World
By Sven Herpig, Ari Schwartz Lawfare
“As governments increasingly find themselves needing information from networked sources for law enforcement, intelligence, and military purposes, one of the most difficult dilemmas they face concerns the use of so-called zero day vulnerabilities—previously unknown flaws or bugs that can sometimes be exploited to gain access to servers that house information or control networks and infrastructure. Governments often have researchers looking for these flaws, and sometimes, governments purchase them on the open market. But when governments find such vulnerabilities, should they quickly disclose these flaws and thus allow them to be fixed, or should they keep the information a secret for other national security purposes?”