ICD Brief 127.
25.03.2019.-31.03.2019.
Maybe it’s spring, but we see more light bulb moments as connections close between theory and practice. This week’s ICDbrings crossovers between kinetic and digital, cyber training for the energy sector, and seniors in Greenwich, election security in the US, Australia, Estonia, Finland and Israel and a variety of new threats.
We feature the Cybersecurity Stars of Carnegie Mellon University, internationally recognized as one of the best for security and privacy research where all three divisions and the information security team are all women and a primer on How to Be Invisible on the Internet.
USA
“U.S. investor-owned electric companies applauded President Donald Trump’s signing of an executive order on Tuesday that called on federal agencies to protect the United States from potential electromagnetic pulses (EMP) that may harm critical infrastructure systems, including the nation’s electric grid.”
DHS Invests $5.9 Million into Cyber Training Tool for Energy Sector
“The Homeland Security Department is funding a new immersive cyber-training platform equipped with simulation-based scenarios and exercises aimed at protecting the nation’s energy sector.”
Election Security in 2020 Means a Focus on County Officials, DHS Says
“The emphasis on local represents a new tact as the DHS tries to shut down foreign interference in the US elections. While the agency worked with all 50 states during the 2018 midterm elections, security experts said the outreach needs to zoom in on a county level. There are about 8,800 county election officials across the US, and they are the people responsible for your voting machines, your polling place’s security and handling vote auditing.”
“This week, the Department of Justice announced the indictment of a Lithuanian man who bilked Google and Facebook out of $123 million.”
Greenwich seniors learn how to avoid falling victim to fraud
“GREENWICH — In an effort to help senior citizens protest themselves, Detective Mark Solomon and other officers from the Greenwich Police Department shared crime prevention tips in a presentation Thursday at the Cos Cob Library.”
New Bill to Protest US Senate Personal Devices, Accounts from Hackers
“U.S. senators and their staff will receive assistance from the Senate Sergeant at Arms (SAA) to protect their accounts and devices from cyber threats if a bipartisan bill introduced by Senators and Senate Intelligence Committee members Ron Wyden (D-Ore) and Tom Cotton (R-Ark) will be signed into law.”Bipartisan Bill Would Create Cyber Advisory Panel at DHS
Australia
Committee pushes ‘cyber taskforce’ for security of Australia’s election system
“The taskforce is expected to combat election ‘cyber-manipulation’ and keep social media sites in-check during election campaigns.”
Australia Brings in Data Centre Certification with new Government Hosting Strategy
“The federal government has released a strategy on how best to host data within the Commonwealth, launching a new certification program for data centre providers.”
Australian Cyber Spooks Hacked Islamic State Comms Before Major Battle
“It was the first time that an offensive cyber operation had been conducted so closely synchronised with movements of military personnel in theatre. And it was highly successful.”
“US cybersecurity trade mission finds prospective overseas partners aren’t being deterred by Australia’s encryption crackdown.”
Baltics/Estonia
Estonia Is Winning the Cyber War Against Election Meddling
“[The] recent Estonian election was largely unaffected by cyberattacks or coordinated information operations. Some of the reason is likely because the country and its people have improved their understanding of the problems, and their defenses against it, over the past couple of decades.”
China
China Offers Free-Trade Zone for Foreign Cloud Providers in US Trade Talks
“Chinese Premiere Li Keqiang briefed on Monday about 36 heads of foreign corporations, including IBM and BMW, on a proposal which will open up the country’s cloud computing market by allowing foreign tech companies to own data centers in China in a pilot free-trade zone”
EU
EU Passes “Meme Ban” Copyright Rules that Could Change the Way the Internet Works
“The European Union has passed controversial copyright rules that campaigners claim could change the way the internet works. The suite of reforms includes rules that could force internet companies to ban memes and to stop them showing links in the way they do today.”
France
France Sees Huawei ‘Risks‘ for 5G Networks, Says Foreign Minister
“French Foreign Minister Jean-Yves Le Drian warned Wednesday of “risks” in deploying next-generation 5G wireless networks using equipment from the Chinese telecommunications giant Huawei. Le Drian said he would discuss the concerns with his Chinese counterpart Wang Yi during his visit to Paris on Thursday. ”
Finland
Russia’s Neighbor Finland Mounts Defenses Against Election Meddling
“The country that shares a bigger border with Russia than the rest of the European Union combined is ramping up its defenses against the threat of foreign meddling in its April 14 election.”
India
Could Offensive Cyber Capabilities Tip India and Pakistan to War?
“Tensions ratcheted up in South Asia following the Pulwama suicide bombing against Indian police forces on February 14 and India’s retaliatory strikes against Pakistan. Although officials from the two countries met a couple of weeks ago, the meeting did not signal a definitive thaw in relations. The international community fears further escalation, in this moment or in a future crisis, which could lead to an all-out war between two nuclear-armed powers. While experts have focused on the risk of a kinetic conflict breaking out, they should give more attention to the potential for conflict in the cyber domain.”
Israel
Cybersecurity Researchers Find Security Flaws in Likud, Labor Party Android Apps
“Researchers at Israeli cybersecurity firm Check Point Software Technologies Ltd. said Wednesday that they had found “serious security breaches” granting access to “highly sensitive personal information” in the Android phone apps of the Likud and Labor parties.”
Netherlands
Dutch Waterworks Not Well-Protected Against Cyber Attacks: Court of Audit
“The Netherlands’ tunnels, bridges, locks and flood defenses are not sufficiently protected against cyber attacks, the Court of Audit concluded in a report published on Thursday. The Court advises the Ministry of Infrastructure and Water Management to make cyber security on these essential parts of Dutch infrastructure a priority.”
Risk
New Insurance Cybersec Ratings Service – Experts Views
As reported by the Wall Street Journal this week, Insurers Creating a Consumer Ratings Service for Cybersecurity Industry. The collaborative effort led by Marsh & McLennan would score best products for reducing hacking risk, and some of the world’s biggest insurers plan to work together on an assessment of the best cybersecurity available to businesses, an unusual collaboration that highlights the rising dangers posed by digital hackers.”
Russia
Russian Deployment in Venezuela Includes “Cybersecurity Personnel”- US Official
“A Russian military contingent that arrived in Venezuela over the weekend, drawing U.S. condemnation, is believed by the U.S. government to be made up of special forces including “cybersecurity personnel,” a U.S. official told Reuters on Tuesday.”
South Korea
Waterholing Campaign Compromises Four South Korean Websites
“Security researchers have come across a waterholing campaign that has compromised four South Korean websites by injecting fake login forms to steal user credentials.”
Feature
Cybersecurity Stars By Jason Maderer, Carnegie Mellon (CMU)
“I’m humbled every day to work with these brilliant colleagues at Carnegie Mellon University.” Greg Shannon, Chief Scientist, CERT Division at the Software Engineering Institute, Carnegie Mellon University.”
“According to most estimates, women constitute less than 20 percent of America’s cybersecurity workforce. But at CMU, all three divisions — , CyLab, CERT Division and —Information Networking Institute (INI) are run by women. In fact, so is the university’s information security team.”
How to Be Invisible on the Internet By Jeff Desjardins VisualCapitalist
“Everywhere you look, concerns are mounting about internet privacy. Today’s infographic comes to us from CashNetUSA, and it gives a step-by-step guide – that anyone can follow – to limit the amount of personal data that gets collected on the internet.”