ICD Brief 118.
21.01.2019.-27.01.2019.
The word “Enough” seems to be trending globally. Greetings from Amtrak en route to New York City. Today’s edition resounds with anxiety, righteous anger and frustration as more ask the same question: What are some realistic, doable and fair solutions to a variety of global threats?
We bring you some stark and encouraging news from the Federal Resources Food Bank on Pennsylvania Avenue in Washington to the mountains of Davos, Switzerland’s World Economic Forum.
USA
DHS Cyber Chief Explains Issuing Emergency Directive During Shutdown
NextGov Aaron Boyd
“The Homeland Security Department’s lead cybersecurity official outlined the rationale behind issuing an emergency directive with a list of actions and a tight deadline for agencies to comply, all while the government feels the pressure of a more than month-long partial shutdown.”
Rep. Langevin: We need a DHS briefing to understand extent of DNS hijacking threat
Cyberscoop Sean Lyngaas
“A key House Democrat wants the Department of Homeland Security to brief lawmakers “as soon as possible” on a new domain name system hacking threat to federal computer networks, and the emergency order the department issued in response.
Langevin was reacting to a rare emergency directive that DHS [ed: see above] issued Tuesday ordering civilian agencies to tighten security controls in the face of a suspected Iranian hacking campaign.”
Lessons for Corporate Boardrooms from Yahoo’s Cybersecurity Settlement
New York Times Craig Newman
“Shareholders haven’t been successful in holding companies accountable for data breaches. That changed in the first month of 2019. The former officers and directors of Yahoo agreed to pay $29 million to settle charges that they breached their fiduciary duties in their handling of customer data during a series of cyberattacks from 2013 until 2016. Three billion Yahoo user accounts were compromised in the attacks. The settlement ended three so-called derivative lawsuits filed in Delaware and California against the company’s former leadership team and board, including Marissa Mayer, Yahoo’s former chief executive. Insurance coverage will pick up the tab.”
Two Thirds of US Consumers Say Government Should Do More to Protect Data Privacy
Eileen Brown for Social Business ZDNet
“Over two thirds of US consumers think the Government should do more to protect data privacy, and say they’re ready for federal regulation similar to GDPR. A recent survey from Cary, NC-based software analytics company SAS has been asking what data protection measures consumers want.”
Cybersecurity Barometer: Cybercrime’s Impact on Privacy and Security
welivesecurity by Esnet Stephen Cobb
“Seventy percent of Americans surveyed by ESET are worried about the misuse of personal data supplied to websites when banking or shopping online, and an overwhelming majority of Americans now see cybercrime as a threat to their country, one that is getting worse. These are some of the key findings of the ESET Cybersecurity Barometer, a survey that polled 3,500 adults in North America (2,500 in the US and 1,000 in Canada).”
National Futures Association Adopts Notification Requirement for Certain Cybersecurity Incidents
Mayer Brown Legal Update
“The NFA is a membership organization that is designated by the Commodity Futures Trading Commission (“CFTC”) to perform self-regulatory functions for the commodity derivatives industry. On January 7, 2019, the National Futures Association (“NFA”) announced that it had adopted amendments to its information security requirements that include a cybersecurity incident notification obligation.”
Australia
Five Steps to Protect National Infrastructure
CSO Online Pierre Tagle
“One only has to look at past events to know that nation-state hacking has become an increasing concern for governments worldwide. In 2018, hackers from Iran and China targeted universities and the Lowy Institute in Australia, to steal intellectual property and information.”
France
Defence Secretary Says France Will Take an Offensive Cybersecurity Strategy
Siliconrepublic Ellen Tannam
“At a global conference in Lille, Florence Parly said the French government will use its cybersecurity tools in the same way as traditional weapons.”
Germany
Facebook, Germany to Collaborate Against Election Interference
Wall Street Journal Sara Germano
“Facebook Inc. Chief Operating Officer Sheryl Sandberg said the company will work with the German ministry for information security in a broad effort to guide policy here and throughout Europe on election interference.”
India
Davos Leaders Urge India, US to Join Coalition Against Cyber Threats
India Today
“Emphasising that cybersecurity is crucial to keep the world safe, global leaders have urged India and the US to join an international coalition against cyber threats. “The world’s biggest democracy needs to stand with the world’s other great democratic nations. The world needs India,” Microsoft’s President and Chief Legal Officer Bradford L Smith said here at the World Economic Forum Annual Meeting 2019.”
Israel
Netanyahu says Israel’s ready for any election cyber-meddling scenario. It isn’t
Times of Israel Sue Surkes and Shoshanna Solomon via Global Cyber Bi-Weekly Report by INSS* January 15, 2019
“Israelis’ intimate data has been widely leaked, including from ministries * Laws are outdated, unenforced * Abuse of social media is rampant * Facebook won’t respond to inquiries”
*Institute for National Security Studies, Tel Aviv University
Latin America
The Next Generation of Cybersecurity in Latin America
Fair Observer Javiera Alarcon
“At this time in Latin America, it’s hard to imagine a future that applies a model like the US Computer Emergency Readiness Team (CERT). Less understood is how cyber breaches are already hurting the bottom line of vulnerable emerging economies. Protecting networks in an environment with rapid technological growth and deeper connectivity requires keeping consumer data secure.”
Netherlands
Young Dutch Cyber Criminals Get Re-Education Rather than Jail Time
Computer Weekly Tijs Hofmans
“Youths that are convicted for cyber crimes are being put to work with IT departments in the private sector as alternative punishment to imprisonment, as part of a programme in the Netherlands.”
Singapore
Singapore Unveils Implementation Guides, Forms Industry Committee to Boost Telecom Security
By the Way Eileen Yu ZDNet
“The Singapore government has formed a committee and released guidelines that it says aim to beef up cybersecurity protection and capabilities in the telecommunications industry. These include implementation best practices for Internet of Things (IoT) systems and electronic Know Your Customer (eKYC) technology that allows mobile operators to digitally authenticate service registrations.”
UK
UK Active Cyber Defence A Public Good for the Private Sector
The Policy Institute and Cyber Security Research Kings College London
by Tim Stevens, Kevin O’Brien, Richard Overill, Benedict Wilkinson, Tomass Pildegovičs, Steve Hill
“The UK’s Active Cyber Defence (ACD) programme has been a key aspect of the work of the National Cyber Security Centre (NCSC) in improving public-sector cybersecurity since late 2016. According to the NCSC, it has, through a range of ACD measures, objectively reduced the threat of cybercrime to government agencies and service users. On the basis of this success, NCSC has begun to promote ACD as a means of countering low-level cybercriminality and its effects on individuals, businesses, charities and other organisations beyond the public sector. It aims thereby to deliver on the core aspirations of the National Cyber Security Strategy 2016-2021, specifically its commitment to defending UK assets and interests in cyberspace. This report explores the implications of scaling up ACD to the national level and expanding it beyond the public sector.”
Cyber Security Hub Announces Global Partnership
Business Cloud Alistair Hardaker
“Innovation centre Plexal has announced two new global partnerships as it aims to help its cyber security companies to scale internationally.
The East London co-working space has partnered with the Global Cyber Alliance, City of New York and the New York Economic Development Corporation.
The partnerships, which are designed to expand Plexal’s role as a major global cyber security cluster, build on the launch of theLondon Office for Rapid Cybersecurity Advancement last year.”
Insurance
5 Ways to Enforce Company Security
Tech Republic By Mary Shacklett
“Travelers Insurance shared some interesting statistics that covered losses of more than one million dollars for a single security breach. Travelers’ five top cybersecurity risk categories include:”
World Economic Forum
World Economic Forum Agenda Davos
Adrian Monck
World Leaders at Davos Call for Global Rules on Tech
New York Times Keith Bradsher and Katrin Bennhold
“DAVOS, Switzerland — Leaders of Japan, South Africa, China and Germany issued a series of calls on Wednesday for global oversight of the tech sector, in a clear signal of growing international interest in seizing greater regulatory supervision of an industry led by the United States.”