ICD Brief 116.
07.01.2019.-13.01.2019.
This week you will read about truth and consequences as everyone from an Alaskan villager to a global superpower begins to connect the dots between initial attack and ultimate recovery.
Who is having more success and what are they doing? This edition brings you answers from the US, Australia, Baltics/Estonia, China, Czech Republic, the EU, France, Germany, Iran, Israel, Liberia, Poland, Singapore, the UK, the UN, a special overview of Research on the AI application and insurance giant Chubb’s white paper on key 2019 cybersecurity trends.
We lead with recent DHS Undersecretary Suzanne Spaulding’s concerns. What the Government Shutdown Means for Our Nation’s Cybersecurity?
USA
What the Government Shutdown Means for Our Nation’s Cybersecurity?
“The partial government shutdown is entering its nineteenth day. The shutdown has impacted government employees, contractors and organizations, as well as everyday citizens. The full breadth of its ramifications is not well understood — particularly its impact on the cybersecurity of our nation’s critical infrastructure.”Government shutdown threatens US cyber security
Government Shutdown Hits Federal Websites
“Ripples from the partial government shutdown are spreading online, as some federal websites become insecure or inaccessible because of expired security certificates.” (WSJ Subscription)
The Cyber-Attack That Sent an Alaskan Community Back in Time
By Chris Baraniuk
“In 2018, a remote Alaskan community’s infrastructure was hit by a malware attack which forced it offline. It was only then they realised how much they depended on computers.”
NASAA Proposes Investment Adviser Model Cybersecurity Rule
“On September 23, 2018, the North American Securities Administrators Association, Inc. (“NASAA”) released a proposed model rule for state-registered investment advisers (“state RIAs”) that would impose new information security and privacy requirements (the “Cyber Proposal”).(…) This Legal Update (i) describes the relevant scope of the Cyber Proposal, (ii) explains its substantive requirements, and (iii) highlights some takeaways for the investment adviser industry.”
Transition Period Under New York Cybersecurity Regulation Ends March 1, 2019
“The two-year transitional period under the New York State Department of Financial Services (“DFS”) Cybersecurity Regulation, 23 NYCRR 500 (the “Regulation”), will expire on March 1, 2019, with the final remaining requirement becoming effective. Entities covered by the Regulation that utilize third party service providers, which include not only banks and insurers, but also other financial services institutions and licensees regulated by the DFS, will be required to implement third-party risk management programs by March 1.[ed]”
Australia
Australia’s National Cyber Security Advisor Warns Against Complacency
“The Australian Cyber Security Centre (ACSC) is providing assistance to ICT managed service providers (MSPs) in the wake of the global cyber security compromise confirmed by the Australian Government.”
Baltics/Estonia
Countering Russian Disinformation the Baltic Nations’ Way
“As the new Congress begins, it will soon discuss the comprehensive reports to the US Senate on the disinformation campaign of half-truths, outright fabrications and misleading posts made by agents of the Russian government on social media in the run-up to the 2016 presidential election.”
China
China to Establish Cybersecurity Research Centre with Pakistan
“With the world moving towards advanced cyber weapons in a world of fifth generation warfare, a Pakistani and a Chinese varsity have joined hands to set up a modern cybersecurity research centre (CSRC).”
200 Million Resumes of Chinese Jobseekers Leaked, Cybersecurity Researcher Say
“A mega database with more than 200 million resumes of Chinese jobseekers has been leaked in one of the biggest China-related data exposures ever, according to European bug bounty platform HackenProof.”
Czech Republic
Key Organisations to Carry Out Huawei Products Risk Analysis over Security Fears
“The Czech government has ordered the operators of the country’s key infrastructure to ensure they are not open to attack due to using Huawei products. These fears stem in part from the role the Chinese firm may play in 5G mobile technology – and echo those in other states.”
EU
The EU Doesn’t Really Have a Plan to Stop Its Elections Being Hacked
“As May’s European Parliament elections loom, attention is turning to election hacking, disinformation and, inevitably, Russia. But there’s no central EU plan for preventing democracy being subverted – each of the EU’s 27 has to simultaneously protect itself.”
France
France’s AMF Plans to Conduct 65 Checks in 2019
“France’s financial markets authority AMF has earlier today published a document outlining its supervisory priorities for 2019. A great part of the AMF supervisory role is performed via inspections of regulated entities. The regulator says it aims to conduct 65 such checks in 2019. This marks a small change from 63 checks carried out in 2018.” FCA fines for AML failings: Important guidance for CEOs and Boards
Germany
German Cyber-Attack: Man Admits Massive Data Breach, Says Police
“A 20-year-old man has admitted to police that he was behind one of the country’s biggest data breaches, in which the private details of almost 1,000 public figures were leaked.”
Germany Races to Boost Cyber Defences After Breach
“The German government is seeking to improve its cyber defences in the wake of the country’s largest data breach of its kind, which exposed the personal data of hundreds of politicians.”
Iran
Security Firms Says Worldwide Campaign Targeting Dozens of Domains Linked to Iran
“A hacking campaign linked to Iran appears to be targeting dozens of domains across the globe by way of domain name system (DNS) hijacking, a security firm said Thursday.”
Israel
A Look Back at the Israeli Cybersecurity Industry in 2018
By Yoav Leitersdorf, Ofer Schreiber
“The Israeli cybersecurity industry has long been recognized as a hotbed for innovative solutions, and 2018 to be yet another strong year. The top emerging fields among new startups in 2018 included new verticals within IoT security, security for blockchain and cryptocurrencies, cloud-native security and SDP (Software Defined Perimeter).”
Netanyahu: Israel Prepared to Fight Election Interference Cyber-Attack
“Israel is ready for any scenario involving foreign attempts to influence its election, Prime Minister Benjamin Netanyahu said on Wednesday.”
Poland
Huawei Director and Polish Cybersecurity Expert Arrested Over Spying Accusations
“Poland has arrested a director at the Chinese tech giant Huawei and one of its own former cybersecurity experts and charged them with spying for China, authorities said Friday.”
Research
AI Application Overlooked in Cybersecurity Research
“Cyber physical systems, privacy, internet of things (IoT) devices and cryptography make up the bulk of cyber security research, a survey of 1,200 global research projects reveals.”
Singapore
COI on SingHealth Cyber Attack: 16 Recommendations
“In addition to the five key findings on the SingHealth data breach, the Committee of Inquiry that investigated Singapore’s worst cyber-attack made 16 recommendations.”
UK
Briton Who Knocked Liberia Offline with Cyber Attack Jailed
A British cyber criminal who carried out an attack so powerful it knocked a nation offline has been jailed. “Daniel Kaye admitted attacking an African phone company – inadvertently crashing Liberia’s internet – in 2016. The 30-year-old remains at the heart of a major international investigation into hundreds of acts of cyber sabotage around the world. The National Crime Agency says Kaye is perhaps the most significant cyber criminal yet caught in the UK.”
New Cybersecurity Platform for UK Energy Sector
“The UK energy industry spends around £265m a year to protect itself against data breaches and system outages. Yet 94 per cent of the sector has seen an increase in the number of breaches over the last five years, with 30 per cent having battled an online security breach in the past 12 months. These are the key findings of research from cybersecurity company AVORD, which this week has launched a new security testing platform.”
These Are the Courses UK Police Are Set to Take in Cybersecurity
“As law enforcement in the UK and beyond are now expected to tackle the plague of cybersecurity-related fraud, scams, and crimes being committed for the purposes of identity theft and financial gain, they must also now become familiar with the threats, concepts, and — at the least — the basics in how such attacks are conducted.”
UN
UN Commission Sets Cybersecurity Regulations for Europe
“The United Nations Economic Commission for Europe (UNECE) has confirmed it will integrate the widely used ISA/IEC 62443 series of standards into its forthcoming Common Regulatory Framework on Cybersecurity (CRF). The CRF will serve as an official UN policy position statement for Europe.”
Insurance
Chubb Announces Key Cybersecurity Trends to Watch in 2019
“As business decision-makers look to the year ahead, it is critical to address existing and new cyber security concerns. To help with that process, Chubb has launched its first annual cyber security predictions, which focus on the top risks in 2019 and beyond.”