ICD Brief 121.
11.02.2019.-17.02.2019.
Greetings from Washington DC, Canberra, Tallinn, Vilnius, Beijing, Brussels, Athens, Paris, Munich, Delhi, Tokyo, Moscow, Singapore and London where increased activity and spending reflects concerns around elections, espionage, hacking attacks, privacy and thefts.
This week foreign and defense leaders gather at the 2019 Munich Security Conference February 15-17. Here is MSC Day 1. More news from AP under Germany.
Congratulations to ICD Co-Founder Richard Stiennon who will launch his latest book Secure Cloud Transformation: The CIO’s Journey March 4 at the 2019 RSA Conference in San Francisco.
USA
Homeland Security Says It’s “Doubling Down” on 2020 Election Security Efforts
“Protecting the 2020 election from hackers and foreign influence campaigns is a top priority for the Department of Homeland Security, the agency said Thursday.”
DHS Funding for Cybersecurity Grows in New Bill-Along with Oversight
“The Consolidated Appropriations Act–the bill agreed to by House and Senate negotiators that could avert another partial government shutdown–features more cybersecurity-related funding for the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA), but also further obligations to report to Congress in the coming months on key security-related issues.”
Cyber Espionage: US Senators Urge DHS to Probe Foreign VPNs Over National Security Concerns
“Two U.S. Senators have expressed concerns that federal government employees may be jeopardising the nation’s security by using Virtual Private Networks (VPNs) made by foreign companies, William Chalk takes up this tale of cyber espionage.”
Microsoft Removes Eight Cryptojacking Apps from Official Store
“Microsoft has removed from the official Microsoft Store eight Windows 10 apps that had been caught mining the Monero cryptocurrency behind users’ backs for the benefit of the apps’ developers.”
Australia
TGA Draft Guidance Calls for Heightened Cybersecurity for Medical Devices in Australia
“In the bid to consider and plan for an evolving cybersecurity landscape to maintain patient safety, the Therapeutic Goods Administration (TGA) has released a draft regulation guidance on cybersecurity for medical devices, in line with the existing regulatory requirements.”
Baltics/Estonia
One of Russia’s Neighbours Has Security Lessons for the Rest of Us
“Estonia is the first member state in the European Union that might be called Extremely Online. Over the past decade, the Baltic republic of 1.3 million people fully digitized its government services and medical data.”
Lithuania
Lithuanian Government Holds Training on Election Cyber Threats
“The Chancellery of the Lithuanian Government held training and tabletop exercises earlier this week, dedicated to countering cyber threats during elections.”
China
China’s Cybersecurity Law Update Lets State Agencies “Pen-Test” Local Companies
“New provisions made to China’s Cybersecurity Law last November gives state agencies the legal authority to remotely conduct penetration testing on any internet-related business operating in China, and even copy and later share any data government officials find on inspected systems.”
EU
Telecom Industry Calls for Europe-Wide Network Testing Regime
“The telecoms industry has called on European governments to join mobile operators in establishing a testing regime to protect network security without having to resort to the disruptive step of excluding vendors from the market.”
Europe’s Cybersecurity Gap Threatens Infrastructure, Elections
“Cybersecurity experts have met with government officials ahead of the Munich Security Conference to discuss the vulnerabilities in our critical infrastructure — and many ask when Europe will finally shore up its gaps.”
Athens at the Center of European Cybersecurity Strategy
“Last January ENISA released its annual report with the ’15 top cyber threats and trends’ in Europe. The European Union Agency for Network and Information Security (ENISA) is a center of network and information security expertise for the E.U., its Member states, the private sector and European citizens. Its prime concern is to provide recommendations on cybersecurity, support policy development and its implementation and collaborate with operational teams throughout Europe.”
EU Considers Response to China Hacking after UK Evidence, Sources Say
“European Union member states are considering a possible joint response to cyber attacks allegedly conducted by a Chinese state-linked hacker group after the UK presented evidence last month about network infiltration, according to people familiar with the matter.”
France
French Security Association CLUSIF Flags Data Leak
“The personal details of up to 2,200 French cybersecurity professionals may have been compromised following a data security oversight at CLUSIF, a Paris-based information security society.”
Germany
The Latest: Merkel defends Iran deal; Pence blasts Europe
“MUNICH (AP) — The Latest on the international security conference taking place in Munich (all times local): 10 p.m.
German Chancellor Angela Merkel has drawn lengthy applause for her spirited defense of a multilateral approach to global affairs and her support for Europe’s decision to stand by a nuclear deal with Iran.
U.S. Vice President Mike Pence was not impressed, however, and he doubled down on American criticism of Europe.
Merkel’s comments Saturday at the Munich Security Conference, an annual gathering of world leaders and top defense and foreign policy officials, followed days of acrimony between the U.S. and Europe over Iran.”
India
Cyber-Secure Culture and Ecosystem Imperative for Making India a Trillion-Dollar Digital Economy
“In the wake of growing cyber threats and targeted attacks, cybersecurity has become a boardroom concern for organizations across verticals, revenue bands and geographies, cites EY’s Global Information Security Survey (EY GISS) 2018-19 – India edition. Speaking at the launch of the report, Dr. Gulshan Rai, Cyber-Security Chief, Prime Minister’s Office, Government of India said, “As we accelerate towards becoming a trillion-dollar digital economy, building the right framework for cyber resilience and security is critical for the country.”
Japan
Japan’s Cloud Storage Regulation
“The Japanese government plans on strengthening its defenses against cyber attacks from China, among other nations. It aims to do so through regulating and securing the use of cloud services. The government plans to draw up security standards and start trial runs this year, with the aim of introducing the full system in 2020.”
Russia
Russia to Disconnect from the Internet as Part of a Planned Test
“Russian authorities and major internet providers are planning to disconnect the country from the internet as part of a planned experiment, Russian news agency RosBiznesKonsalting (RBK) reported last week.”
Singapore
Cisco Launches First Asean Co-Innovation and Cybersecurity Centres in Singapore
“American tech giant Cisco on Friday (Feb 15) launched an innovation centre, its first in South-east Asia, to bring together industry players, government organisations and start-ups to work on regional issues in cyber security and the Internet of Things (IoT).”
UK
ICO: Cybersecurity and the NHS
“If you asked the average person on the street what they thought the worst consequences of a cyber attack would be, they would most likely think about stolen bank accounts or credit card details, identity theft, or that they’d probably have to reset their passwords (again).”
Long Read
NIST Cybersecurity Framework: Five Years Later
“Five years after the release of the Framework for Improving Critical Infrastructure Cybersecurity, organizations across all sectors of the economy are creatively deploying this voluntary approach to better management of cybersecurity-related risks.”
Aon Releases 2019 Cybersecurity Report
“Aon has released its 2019 Cyber Security Risk Report, which details the greatest cybersecurity threats industries are facing today.”