ICD Brief 133.
06.05.2019.-12.05.2019.
The cyber-world is getting closer to an “elevator speech” as this week’s ICD 133 demonstrates with election watches, lessons from Estonia’s impeccable system, the first physical response to a cyber attack and cyber security training haikus.
Featured is a compelling Memorandum on Regulation in Cyberspace by Gabi Siboni, Ido Sivan Sevilla that“offers a multi-layer regulatory model for cybersecurity in the private sector.”
Cyber Security Training Haikus: No Heads in the Sand is our first piece under “Engagement” which highlights innovative management solutions for all aspects of the cyber domain and welcomes your contributions!
USA
Cyber Command Has Redeployed Overseas in Effort to Protect 2020 Elections
By Shannon Vavra
“U.S. Cyber Command is still working overseas with allies to try preventing election interference, Brig. Gen. Timothy Haugh, the commander of Cyber Command’s cyber national mission force said Tuesday.”
Can NSA Stop China Copying Its Cyber Weapons?
By Sydney J. Freedberg Jr. and Theresa Hitchens Breaking Defense
“Adversaries have been copying and stealing each others’ weaponsever since Ape A threw a rock at Ape B and Ape B got the bright idea to throw it back. But recent revelations from Symantec and The New York Times suggest this problem is much bigger with cyber weapons. Why? In order to attack an enemy’s computer, they have to copy their code onto it. It’s like bombing an enemy with munitions that scatter their own blueprints around the blast site.”
US Government Identifies North Korean Hacking Tool CISA, Department of Homeland Security
“This Malware Analysis Report (MAR) is the result of analytic efforts between DHS and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified a malware variant used by the North Korean government. This malware has been identified as ELECTRICFISH. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/
Public Private Partnerships and the Cybersecurity Challenge of Protecting Critical Infrastructure By Chuck Brooks
“In the U.S., most of the critical infrastructure, including defense, oil and gas, electric power grids, health care, utilities, communications, transportation, education, banking and finance, is owned by the private sector (about 85 percent according to DHS) and regulated by the public sector. The public and private relationship in operating and protecting critical infrastructure requires a strong working partnership.”
Baltimore Struggles to Recover from Ransomware Attack
ByJasonPlautz
“A ransomware attack was still affecting the city of Baltimore on Thursday, leaving many employees unable to do their work and slowing down other city functions, reports the Baltimore Sun. The ransomware attack first struck the city on Tuesday.”
Australia
Australia’s Cybersecurity Chief Alastair MacGibbon Resigns
By Stilgherrian
“Alastair MacGibbon, the head of the Australian Cyber Security Centre (ACSC), has tendered his resignation and will return to the private sector. MacGibbon led the ACSC since January 2018, when it first became part of the Australian Signals Directorate (ASD).”
Scammers Impersonate Australian Cybersecurity Centre
Rohan Pearce Computerworld
“The Australian Cyber Security Centre has warned that scammers are seeking to impersonate ACSC staff over the phone, telling a prospective victim that they need help to “act against cyber criminals.”
Baltics/Estonia
Cyberwar: Lessons from the European Experience
“Estonia’s Ambassador-at-large for Cyber Security, Heli Tiirmaa-Klaar, shared her country’s experience as not only one of the most thoroughly digitized societies in the world, but as the victim of what’s come to be generally regarded as the first cyber war, Russia’s 2007 cyberattacks against the networks of the Baltic republic. In her May 1st keynote, she characterized these attacks as the “first politically motivated cyber campaign in history,” and drew the lesson that good public-private partnership and solid expertise can work to build a society resilient enough to withstand even attacks by a highly capable cyber power.”
China
China to Bid on D.C. Metro Rail Deal as National Security Hawks Circle
By Alexandra Alper, Allison Lampert
“China’s CRRC plans to bid on a big Washington D.C. subway project as it doubles down on a charm campaign in the United States to quash a rising chorus of critics who have cast the rail car maker as a threat to cyber security and U.S. industry.”
Chinese Spies Acquired NSA Tools, Used Them to Attack US Allies: Report
Warning: loud ads, muting sound is recommended.
BY Zack Budryk
“A leading cybersecurity firm found evidence Chinese intelligence operatives repurposed National Security Agency (NSA) hacking technology in 2016 to attack American allies and private firms in Europe and Asia, according to The New York Times.”
Engagement
Cyber Security Training Haikus: No Heads in the Sand
By Steve Mancini Threat Vector
“As a Deputy Chief Information Security Officer, it often falls to me to come up with new and entertaining ways to engage our employees with the kind of in-depth security training mandatory at a large cybersecurity company. So, each week I spent some time over coffee crafting security haikus and penning an email to be sent to the entire company each Monday morning. After the first week, something surprising happened – our employees started replying to my daily emailed haiku by sending me their own haikus in return.”
EU
The Network and Information Systems (NIS) Regulations One Year On Open Access Government
“Strict new laws, known as the Network and Information Systems Regulations 2018 (NIS Regulations), were introduced in May 2018. Their purpose? To protect the NHS, our transport network, our energy and water supplies – and other providers of the UK’s essential services – from the increasing risk of cyber attack. One year on, how are the owners and operators of the infrastructure and technologies that underpin our society ensuring they’re secure?”
France
Towards A More Cyber Secure Financial System: The Role of Central Banks European Central Bank
“Statement by Sabine Lautenschläger, Member of the Executive Board of the ECB, at the G7 2019 conference on “Cybersecurity: Coordinating efforts to protect the financial sector in the global economy”, Paris, 10 May 2019.”
G7 Countries to Simulate Cross-Border Cyber Attack Next Month: France
By by Leigh Thomas; editing by Richard Lough and Kevin Liffey Reuters
“Leading Western industrial powers will for the first time jointly simulate a major cross-border cyber security attack on the financial sector next month, French officials said on Friday.”
Signalling, Victory, and Strategy in France’s Military Cyber Doctrine
By Stéphanie Taillat
“On Jan. 18, French Minister for the Armed Forces Florence Parly and Chief of the Joint Staff Gen. François Lecointre unveiled part of France’s new military cyber strategy. Both officials released a defensive policy (Politique ministérielle de lutte informatique défensive) and a partially unclassified offensive doctrine (éléments publics de doctrine militaire de lutte informatique offensive). On Apr. 23, François Delerue, Alix Desforges, and Aude Gery published an essay giving a first and closer look at these announcements. They focused on the strategic significance of both documents in the broader context of France’s posture toward cyberspace. My aim in the following essay is to explore the operational and organizational implications of the military cyber strategy for the French armed force.”
Iran
Iranian Hackers Get Hacked By Nicole Lindsey CPO Magazine
“In a hack that is reminiscent of the famous 2016-2017 Shadow Brokers hack of the NSA, a mysterious entity known only as Lab Dookhtegan (“Read My Lips”) is now leaking the source code of the cyber-espionage tools of the Iranian hacker group APT34 (also known as OilRig). They are doing so via different online channels, including Telegram and public hacking forums. “
Israel
Israel Retaliates to a Cyber-Attack with Immediate Physical Action in a World First
By Kate O’Flaherty
“The Israel Defense Forces (IDF) has launched a physical attack on Hamas in immediate response to an alleged cyber-assault. The IDF hit a building in the Gaza Strip with an airstrike after claiming the site had been used by Hamas cyber operatives to attack Israel’s cyber space. It came amid days of intense fighting between the IDF and terror groups in the Gaza Strip.”
Japan
Japanese Government to Create and Maintain Defensive Malware ZDNet
By Catalin Cimpanu for Zero Day
“The Japanese Defense Ministry will create and maintain cyber-weapons in the form of malware that it plans to use in a defensive capacity. Once created, these malware strains, consisting of viruses and backdoors, will become Japan’s first-ever cyber-weapon, Japanese media reported earlier this week, citing a government source [1, 2, 3].”
Northern Ireland
Northern Ireland Generating Cyber Security Knowledge and Jobs
By Warwick Ashford Computer Weekly
“The cyber security industry in Northern Ireland provides employment for nearly 1,700 people and is on course to generate more than £70m in salaries each year, according to Máire O’Neill, professor at Queen’s University Belfast.”
Russia
Half of European Voters May Have Viewed Russian-Backed ‘Fake News’
By Mark Scott
“More than half of Europeans may have seen some form of disinformation promoted by Russian actors on social networks ahead of the parliamentary election later this month, according to an analysis reviewed by POLITICO.”
Slovakia
Slovakia Is Vulnerable to Hybrid Threats The Slovak Spectator
“Slovakia is vulnerable to hybrid threats, say the authors of the latest publication from the Globsec think-tank. “We cannot pretend that Slovakia need not be concerned by hybrid threats when we see what is happening all over Europe,” said Daniel Milo, Globsec analyst and the leader of the Strategic Communication programme, as quoted by the TASR newswire.”
Feature
By Gabi Siboni, Ido Sivan Sevilla
Memorandum No. 190, INSS, April 2019 Institute for National Security Studies, Tel Aviv University
“The resilience of the private sector in the world of cyber has a decisive impact on national security. This sector is usually the weakest link through which cyberattacks develop and serves as a springboard for attackers who are interested in harming state targets. In addition, built-in market failures lead to a lack of sufficient organizational investment in proper cybersecurity. Negative externalization of cyber damage in organizations, the difficulty in quantifying the benefit of investing in cybersecurity, the lack of responsibility of software and hardware providers for their products’ security vulnerabilities, and a competitive market that rewards innovation and progress over proper cyber protection create a gap that requires state intervention. A review of cyber protection regulation regimes in the Western world reveals a lack of systematic solutions for the business sector and a gap in mapping out national security threats that could result from potential cyber damage in this sector. This memorandum, which is based on world events in the field of cyber and in other areas of regulation, offers a multi-layer regulatory model for cybersecurity in the private sector. The memorandum suggests an integrated model for a state regulatory alternative that includes mandatory regulations, the creation of monitoring mechanisms for supervising self-regulation, and providing incentives for encouraging organizations to protect themselves. In an era of widespread use of linked devices, the entry of artificial intelligence into all aspects of life, and the creation of an insurance market for cybersecurity, regulating the business sector is a vital national interest.”