ICD Brief 124.
04.03.2019.-10.03.2019.
Greetings from Manhattan. This edition is dominated by preparations for, expectations of and updates on breaches, theft and espionage including two suspected state sponsored attacks in Singapore and in the UK at a small institute where I have served as a Senior Associate Fellow.
USA
New GAO Report Evaluates Climate Change and Cybersecurity Policies at the Federal Level
“Climate change, cyber-infrastructure, and personal security clearances dominated Wednesday’s House Oversight and Reform Committee hearing.”
US Tech Firms Fear China Could Be Spying on Them Using Power Cords, Report Says
“Fearing that China could be spying on them using power cords and plugs, several U.S. technology companies have asked their Taiwanese suppliers to shift production of some components out of the mainland, Nikkei Asian Review reported on Friday.”
NSA-Cyber Command Chief Recommends No Split Until 2020
“The commander of the nation’s top military cybersecurity organizations, the National Security Agency and U.S. Cyber Command, has recommended they split from each other next year, Defense One has confirmed.”
Chinese Hackers Target 27 Universities to Get Access to Military Research
“A report from iDefense, a cybersecurity firm, shows that Chinese hackers targeted universities from the USA and other countries in the world to access maritime military research.”
THE NSA Makes Ghidra, A Powerful Cybersecurity Tool, Open Source
“You can’t use Ghidra to hack devices; it’s instead a reverse-engineering platform used to take “compiled,” deployed software and “decompile” it. In other words, it transforms the ones and zeros that computers understand back into a human-readable structure, logic, and set of commands that reveal what the software you churn through it does.”
Australia
Where to From Here? Women in Cybersecurity Speak Up
“International Women’s Day is an opportunity to reflect on how far the industry has come in treating women more equally, but also to rally together and put measures in place to improve the situation for future generations on the cusp of entering the workforce. Here are what women working in cybersecurity have to say…”
Canada
A cyber war has started and Canada isn’t ready to fight it, says report
“The Canadian Association of Defence and Security Industries (CADSI), which represents major weapons and high-tech manufacturers, warns in a new report that, despite recent investments and policy papers, the country is lagging far behind its allies in preparing to fight a new kind of war.”
China
“Private messaging is not that private, especially in China, where hundreds of millions of chat conversations were left exposed on the internet and discovered by a Dutch researcher over the weekend.”
Czech Republic
Czech Billionaire Could Get Caught Up in Huawei Spying Scandal
“When Czech billionaire Petr Kellner joined a delegation to Beijing in 2014 that included President Milos Zeman, he was looking to dig deeper into the China gold mine. The lucrative success he has enjoyed since may turn out to be an unexpected headache.”
EU
Huawei Opens a Cybersecurity Transparency Center in the Heart of Europe
“Huawei announced its plan to open a European transparency center last year but giving a speech at an opening ceremony for the center yesterday the company’s rotating CEO, Ken Hu, said: ‘Looking at the events from the past few months, it’s clear that this facility is now more critical than ever.’”
Belgium, Luxembourg Warned Over Late Adoption of EU Cybersecurity Directive
“The European Commission has threatened to take Belgium and Luxembourg to court for failure to transpose the Network and Information Systems (NIS) directive into national law in time.”
Germany
Germany Planning “Trustworthy” Supplier Requirement for All Networks and 5G
“Germany’s Federal Network Agency, the Bundesnetzagentur (BNetzA), published on Thursday a set of planned additional security requirements for telco networks within the country, which are due to appear in draft form during the Northern Hemisphere’s spring.”
Huawei
“The Secretaries of Labor, Health, Education, Agriculture, Veteran Affairs and Acting Secretary of the Interior are all named as defendants in the filing.”
Czech Billionaire Could Get Caught Up in Huawei Spying Scandal
“When Czech billionaire Petr Kellner joined a delegation to Beijing in 2014 that included President Milos Zeman, he was looking to dig deeper into the China gold mine. The lucrative success he has enjoyed since may turn out to be an unexpected headache.”
Huawei Opens a Cybersecurity Transparency Center in the Heart of Europe
“Huawei announced its plan to open a European transparency center last year but giving a speech at an opening ceremony for the center yesterday the company’s rotating CEO, Ken Hu, said: ‘Looking at the events from the past few months, it’s clear that this facility is now more critical than ever.’”
India
84% Indian Politicians Don’t Have a Secured Website, Including IT Minister
“A lot of Indian politicians and parties have their own websites but it would be shocking to learn the fact that over four-fifth of Indian politicians don’t have secured websites.”
Israel
Israel’s Cybersecurity: Principles and Techniques
“In 2018, the sums allocated for funding the whole cybersecurity industry in Israel amounted to 1.03 billion US dollars, with a 22% increase compared to the previous public-private funds budgeted.”
Start-Up Nation Israel: Where Woman Are the Future
“The State of Israel is young, celebrating its 71st year in May, so it should come as little surprise that its technology sector, the second-largest tech hub in the world, is young as well. Israel’s tech sector, like many others, has thus far been dominated by men, but as it continues to grow, so does the number of female entrepreneurs entering it with promising start-ups.”
Russia
In the Cyber Break-In Stakes, the Champion Is Russia
“Russian intelligence has not had a great year. After the botched attempt to assassinate Sergei Skripal, an ex-spy living in Britain, scores of its officers were booted out of Western embassies. Hundreds more were exposed by sloppy tradecraft, such as the use of sequentially numbered passports. Yet there is at least some cheer for Russia’s cyber-spies: they have topped a rogue’s table of hacking prowess.”
RSA
Trust, or Lack of It, Is a Key Theme on RSAC Keynote Stage
“Neither machines nor humans might be entirely trustworthy, but the cooperation of the two might be the answer to issues of misinformation, deep fake videos, and other issues of trust, say security leaders.”
RSA 2019: Why Your Cybersecurity Team Should Be as Diverse as Its Challenges
“Diverse cybersecurity teams are not just about feeling good or making a positive impression to the outside world. Rather, the business imperative is that a more inclusive infosec shop will be stronger, make better decisions and become well suited to endure the ongoing talent shortage.”
Meet the New ‘Public-Interest Cybersecurity Technologist’
“A grassroots movement is emerging to train high-risk groups and underrepresented communities in cybersecurity protection and skills – all for the public good.”
Singapore
Singapore Now Able to Certify Products Under Global Cybersecurity Standard
“Singapore says its new status as a certifying body for a global cybersecurity standard will enable local developers to attain the certification more quickly and at a lower cost. Products developed in Singapore can also be exported, boosting the country’s competitiveness in the global cybersecurity market, the government said. ”
State-Sponsored Group Behind Singapore’s Worst Cyber Attack: Report
“The worst cyber attack in Singapore’s history, which involved the theft of medical information linked to the prime minister as well as 1.5m patients, was executed by a state-sponsored espionage group called Whitefly, according to Symantec.”
UK
“Highly Likely” GRU Hacked UK Institute Countering Russian Fake News
“The National Crime Agency is leading an investigation into a suspected cyber attack on a British institute that seeks to counter Russian disinformation, Sky News can reveal.” Cyber attacks could rob democratic governments of legitimacy says the foreign secretary
Cyber Awareness of UK Boards Found Wanting
“Many top UK boards still do not understand the impact of a cyber attack on their business, the latest government Cyber Governance Health Check reveals.”
84% of UK Students Have Never Considered Career in Cyber Security
“84% of surveyed UK students have never considered a career in cyber security, compared to 50% of surveyed students in Saudi Arabia and 46% in the UAE, according to the latest research from global IT security training company SANS Institute.”