ICD Brief 125.
11.03.2019.-17.03.2019.
Welcome to our 125th and densest edition with new threat warnings, RSA insights, 5G launches, cross sectoral, transnational partnerships and a thought provoking feature: Why China Has Not Caught Up Yet: Military-Technological Superiority and the Limits of Imitation, Reverse Engineering, and CyberEspionage by Andrea Gilli and Mauro Gilli in the MIT Press Journal.
Global
The web is 30 years old. What better time to fight for its future?
Tim Berners-Lee Director, W3C (World Wide Web Consortium)
“Web creator Tim Berners-Lee: ‘The fight for the web is one of the most important causes of our time.”
US
Trump’s 2020 Budget Requests About $11 Billion For Cyber Defense and Operations
“The president’s budget proposal asks for more than $9.6 billion for Defense Department cyber operations and just over $1 billion for civilian cybersecurity efforts.”
Most of the references to cybersecurity center on modernizing agencies’ IT infrastructure and the associated security benefits. The document also notes the administration has released a number of new and updated policies around cybersecurity, including guidance on redefining and better protecting high-value digital assets and improving credential, identity and access management.”
Verizon launches 5G in Chicago, Minneapolis at $10 extra cost
(Reuters) – Verizon Communications Inc beat rivals AT&T and Sprint in the race to launch the first fifth generation mobile services in two cities in the United States at an additional cost of $10 for customers with existing unlimited plans.
Users in Chicago and Minneapolis will be able to avail the 5G wireless network from April 11 by using a Motorola Z3 mobile and a 5G “Moto Mod”, a physical magnet-like attachment for the phone, the telecommunications company said.
US Warns of Sophisticated Cyberattacks from Russia, China
“Army Gen. Paul Nakasone, head of U.S. Cyber Command, laid out the escalating threats, following a Navy review released this week that described significant breaches of naval systems and concluded that the service is losing the cyber war. Speaking during a subcommittee hearing, Nakasone said the U.S. is now prepared to use cyber operations more aggressively to strike back, as the nation faces growing cyberattacks and threats of interference in the 2020 presidential elections.” The US Navy and its partners are ‘under cyber siege’ from Chinese hackers and are hemorrhaging national security secrets
US ARMY CLARIFIES RULES ON AUTONOMOUS ARMED ROBOTS
“The US Department of Defense (DoD) has clarified its rules on the use of autonomous armed robots in battle, stating that humans will always have the final decision on deploying lethal action.” Army pushes Cyber to the Battlefield
Wyden, Cotton call for policy alerting senators of cyber breaches
“Sens. Ron Wyden (D-Ore.) and Tom Cotton (R-Ark.) noted in a letter sent Wednesday to Senate Sergeant at Arms Michael Stenger that Congress currently has no requirement to reveal any cyber breaches to its own systems. “’We believe that the lack of data regarding successful cyber attacks against the Congress has contributed to the absence of debate regarding congressional cybersecurity — this must change,’” the letter reads.”
St. Louis-area universities collaborate to bolster cybersecurity
“In an unprecedented academic collaboration, a group of six St. Louis-area universities has formed the Gateway Higher Education Cybersecurity Consortium(GHECC) to bring together area institutional leaders to make St. Louis a frontrunner in cybersecurity education and research.”
Pitt to launch flexible cybersecurity programs to help fill talent gap
“(Pittsburgh) — Starting this fall, people will be able to take courses in cybersecurity at the University of Pittsburgh without attending the school full-time. Instructors say the opportunity is to address a growing gap between available cybersecurity jobs and those qualified to fill them. There are an estimated 8,500 unfilled cybersecurity jobs in Pennsylvania. Nationwide, that number is more than 300,000. “
NYU, NYC Cyber Command conduct inaugurate training exercise in new Brooklyn cyber range
“Normally, it’s the job of the New York City Cyber Command (NYC3) to defend the city from online threats. But yesterday, its members were actually the ones dishing out the punishment, lobbing a series of attacks at a group of 25-30 New York University cybersecurity graduate students. These besieged “Cyber Fellows” were participating in a two-day red team/blue team exercise, marking the launch of the first sim training program at the newly launched Cyber STRIKE cyber range. The Brooklyn facility is a joint project of New York University’s Tandon School of Engineering, NYC3 and corporate sponsors.”
Why Maryland Is Home of Cybersecurity Innovation
“There are more trained cyberengineers in Maryland than in the rest of the U.S. combined.
Maryland is the first state to set up its own cyberinvesting arm directly from its budget coffers, due to its vast technical resources.”
Australia
Home Affairs chief Pezzullo decries rise of the ‘digital industrial complex’
Cyber tsar worried about “connectivity without values”.
“The head of the Department of Home Affairs, Mike Pezzullo, has broadsided US platforms like Google, Facebook and other social media providers, likening them to a “digital industrial complex” that subverts democratic institutions and social cohesionю The security chief’s speech is significant because it is the first time Pezzullo has publicly articulated his view on the national security environment since securing the passage of highly contentious legislation to control the use of encryption in Australia.”
Azerbaijan
International workshop on cyber security solutions kicks off in Baku
“Microsoft held a workshop on Cyber Security Solutions on March 11 within the framework of the International Cyber Security Week organized by the Ministry of Transport, Communications and High Technologies, Trend reports referring to the ministry. Speaking at the event, Deputy Minister of Transport, Communications and High Technologies Elmir Velizade said that in Azerbaijan – as one of the rapidly developing countries of the world, widespread use of modern information and communication technologies (ICT) has led to the implementation of sustainable cyber security measures in this area.”
EU
MEPs adopt Cybersecurity Act and want EU to counter IT threat from China
“The EU Cybersecurity Act, which is already informally agreed with member states, underlines the importance of certifying critical infrastructure, including energy grids, water, energy supplies and banking systems in addition to products, processes and services. By 2023, the Commission shall assess whether any of the new voluntary schemes should be made mandatory.” Parliament works to boost Europe’s cyber security (infographic)
France
INTERNATIONAL COLLABORATION ON CYBERSECURITY: THE PARIS CALL AND BEYOND
“More than 50 nations have signed up to French President Emmanuel Macron’s call for international collaboration on cybersecurity. However, the Paris Call for Trust and security in Cyberspace, as it is now known, is not legally binding.”OPINION: MAKING CYBERSECURITY COLLABORATION WORK ON A GLOBAL SCALE
Second Paris Peace Forum (11-13 November 2019)
“Call for projects, open from 13 March to 13 May 2019
For additional information, please consult the website of the Paris Peace Forum”
India
Times Internet’s lifestyle websites are offline in Europe due to GDPR non-compliance
“Times Internet’s Lifestyle division websites – Indiatimes.com, MensXP, iDiva, WhatsHot – are currently unavailable in Europe. It is unclear since when the websites have been down. We have reached out to Times Internet about this and will update this when we hear from them.”
Insurance
“BOSTON, March 13, 2019 (GLOBE NEWSWIRE) — Rob Rosenzweig and Aaron Turner of Risk Strategies in New York, NY and Chicago, Illinois have been awarded the Chubb Cyber COPE Insurance CertificationSM (CCIC) designation from Chubb and Carnegie Mellon University’s (CMU) Heinz College of Information Systems and Public Policy. ”
The hidden risk inside cyber insurance policies
“The cyber security insurance industry is growing quickly as companies rush to protect themselves from the next big cyber hack, but a legal debate between insurer Zurich and snacks company Mondelez is forcing companies to take a second look at their policies.”
NATO
NATO takes Huawei security concerns seriously: Stoltenberg
“Security concerns about the role of Huawei in Western 5G telecom infrastructure are to be taken seriously, the head of NATO said Thursday, as Washington steps up pressure on Europe not to use the Chinese firm. NATO Secretary General Jens Stoltenberg said the 29-member alliance has begun internal consultations on Huawei, which the US says poses a ‘threat’ to Europe.”
Trump Picks New Top NATO Commander
“U.S. Air Force Gen. Tod Wolters will be the next NATO supreme allied commander, Pentagon and NATO officials announced on Friday. Wolters, who currently commands U.S. air forces in Europe and Africa and leads the region’s joint air command, will as NATO chief wear the customary second hat as leader of U.S. European Command, responsible for all American troops on the continent and in Israel. “
North Korea
U.N. report: North Korea evading sanctions by buying oil, selling coal, hacking banks
“The [ship]Yuk Tang falsely transmitted its identity through the global electronic tracking system for ships, claiming it was a Panama-flagged vessel named Maika. The real vessel was 7,000 miles away in the Gulf of Guinea. The imposter then arranged for a massive transfer of 57,000 barrels of oil at sea, the single biggest illicit maritime transfer documented so far. “
RSA 2019
Survey finds security staff are switching to biometrics but need to do more
“A study undertaken at the RSA security conference last week has found that security professionals are starting to switch to biometric authentication, but more needs to be done in the age of password hacking.’
Alphabet Cybersecurity Startup May Pressure Data Analytics Firms
“Chronicle — the security startup spawned by Google-owner Alphabet (GOOGL) — aims to leverage its parent’s cloud-computing platform. Customers can set up “private clouds” storing their security data. Like sibling Google, Chronicle will use artificial-intelligence
Spain
Spain fights cyberattacks, fake news ahead of key elections
“MADRID (AP) — Spain is joining Europe-wide efforts to fight disinformation and online sabotage with new resources ahead of elections.
Spanish deputy prime minister, Carmen Calvo, announced Friday that the government has readied protocols to shield the April 28 general election from cyberattacks. That will take place one month before the May 26 European election.”
Switzerland
Hackers uncover ‘significant’ flaw in Swiss Post e-voting
“In mid-February, the Swiss government launched a public intrusion test, challenging IT experts [3000 around the world] to reveal cracks in the country’s new e-voting system by March 24. On March 12, a flaw concerning universal verifiabilityexternal link was discovered in the Swiss Post’s e-voting system by studying the system’s source code, which was released as part of the test. Universal verifiability makes it possible to determine with mathematical evidence whether votes have been manipulated.”
UK
UK cyber-security efforts criticised by audit office
“The government has been told there are “failings” in the way it is planning to protect the UK’s critical infrastructure from cyber-attacks. The warning came in a National Audit Office (NAO) assessment of the UK’s national cyber-defence plan.”
Feature
Why China Has Not Caught Up Yet: Military-Technological Superiority and the Limits of Imitation, Reverse Engineering, and Cyber Espionage MIT Press Journal
“Can adversaries of the United States easily imitate its most advanced weapon systems and thus erode its military-technological superiority? Do reverse engineering, industrial espionage, and, in particular, cyber espionage facilitate and accelerate this process? China’s decades-long economic boom, military modernization program, massive reliance on cyber espionage, and assertive foreign policy have made these questions increasingly salient. Yet, almost everything known about this topic draws from the past. As we explain in this article, the conclusions that the existing literature has reached by studying prior eras have no applicability to the current day.”