Attack, Counterattack, and Balancing Strategies – ICD Brief 136.

ICD Brief 136.

27.05.2019.-02.06.2019.

Welcome to another mega edition. Attack, counterattack and balancing strategies appear throughout this week’s ICD Brief from the heights of live coverage of the annual Shangri La Dialogue in Singapore to the ground level experience shared by a programmer who has trained campaign workers in 40 states.

USA

What Businesses Can Learn from the DHS-OMB Assessment of Federal Agencies’ Security Readiness

“Executive Order 13800 (…) required all federal agency heads to use NIST’s Framework for Improving Critical Infrastructure Cybersecurity for risk management. The Department of Homeland Security (DHS) and the Office of Management and Budget (OMB), in turn, used those reports to conduct a security assessment. The findings of this evaluation weren’t good: Nearly three-quarters of federal agency security programs studied were ‘at risk or high risk.’ They also found that agencies lacked the necessary capacity to “determine how threat actors seek to gain access to their information.’”

Should private companies be drafted in the cyber war?

“The Equifax downgrade by Moody’s represents an escalation in the “blame the victim” mentality that often follows a nation-state cyberattack. Private-sector companies would be right to take notice of this trend — and take steps to improve security beyond a compliance framework, or “checklist” mentality, toward a more risk-based approach. This latest move ups the ante in liability when it comes to nation-state actors, with the increased possibility that insurance companies will cite “war exclusions” as justification for not paying out.”

Cyber Command Appoints New No. 2 Amid Growing Battle with Foreign Hackers

“The head of U.S. Cyber Command has tapped the organization’s chief of staff to be his new deputy, filling a critical vacancy as the command looks to bolster operations to defend the 2020 elections from foreign interference.”

California’s voting makeover: All 58 counties race to update voting systems by 2020

“NBC News contacted all 58 counties in the state. Many said they were worried about the cost but most believe they will make Padilla’s deadline. Only 10 jurisdictions are requesting exemptions or protective extensions. Los Angeles County, which has more registered voters than 42 states, has been working for a decade to build its own system. The price tag: $100 million. Election officials there told NBC News it would be ready for the March 2020 primary.”

Asia Pacific

Singapore prime minister urges China and US not to pressure small nations to take sides during Shangri-La dialogue

“Lee Hsien Loong says ‘when the lines start to get drawn, everybody asked, are you my friend or not my friend? And that makes it difficult’

His remarks came at the Shangri-La Dialogue, Asia’s biggest security forum, with representatives from more than 40 countries, including China and the US.”

IISS Shangri-La Dialogue 2019 Live Website AGENDA

Shangri-La Hotel, 22 Orange Grove Road, Singapore 258350

Australia

Employees Not the Target of Encryption Laws: Home Affairs

“Australia now has world-first encryption laws. This guide explains what the laws can do, what they cannot do, and how Australia ended up here.”

Baltics/Estonia

An Interactive Cyber Law Toolkit Launched in Tallinn

“The Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence has launched an interactive web-based resource for legal professionals and students, called the Cyber Law Toolkit.”

China

China Prepares Alternative OS for Windows Amid Cybersecurity Concerns

“China plans to drop the Microsoft Windows operating system in its military because of fears that the United States might use its vulnerabilities to spy into its military network.”

China Threatens Sweeping Blacklist of Firms After Huawei Ban

“China will set up a mechanism listing foreign enterprises, organizations and individuals that don’t obey market rules, violate contracts and block, cut off supply for non-commercial reasons or severely damage the legitimate interests of Chinese companies, Ministry of Commerce spokesman Gao Feng said.”

Hungary

Countering Fake News

“A recent Hungarian experiment attempted to demonstrate how easy it is to spreading fake news and thus highlighted the importance of taking countermeasures on regional, national and international levels.”

Israel

Cybersecurity: Lessons from Israel

“Israel has become a world leader in cybersecurity, accounting for the second-largest number of cybersecurity deals globally behind the US and, crucially, ahead of the UK.

Such achievements have not gone unnoticed, as the UK financial services industry recently forged close relations with Israel, signing a Memorandum of Understanding (MoU) to bolster digital innovation and collaboration between the two countries in the areas of fintech and cybersecurity innovation.”

Japan

Japan to Limit Foreign Ownership of Firms in Its IT, Telecom Sectors

“Japan’s government said on Monday that high-tech industries will be added to a list of businesses for which foreign ownership of Japanese firms is restricted.”

Malaysia

Malaysia’s Mahathir backs Huawei, snubbing US blacklist of Chinese telecoms giant

“Malaysia’s position on Huawei should be read as taking a stand solely on Huawei, a company that produces affordable and high-quality technology and has been working with Malaysia for 20 years,” said China-Malaysia expert Ngeow Chow Bing.

NATO

National Security Advisers Meet at NATO Headquarters

“Allied National Security Advisers and other senior officials met at NATO Headquarters on Tuesday (28 May 2019) to discuss NATO’s approach to countering hybrid threats.”

Risk

Questions to Consider Asking Your Broker About Cyberliability Coverage

JD Supra

“One of the first questions we ask our clients when they call about a security incident is whether they have insurance that may cover the costs associated with investigating the incident, potential forensic analysis, and coverage for a data breach. Sometimes the client will say “Yes, we have cyber coverage.” However, when reviewing the coverage or making a claim, we find that the client does not have the coverage for the incident.”

Russia

Russia’s Would-Be Windows Replacement Gets a Security Upgrade

“For sensitive communications, the Russian government aims to replace the ubiquitous Microsoft operating system with a bespoke flavor of Linux, a sign of the country’s growing IT independence.”

UK

Google and Apple Criticise GCHQ Eavesdropping Idea

“A “hypothetical” proposal by UK security agency GCHQ to eavesdrop on encrypted messages has been criticised by tech firms and rights groups.”

Hackers Targeting UK Universities a Threat to National Security

“Poorly defended UK university research that is mainly commissioned by government is a top target for hackers, putting national security at risk, a study reveals, underlining the need for better cyber security.”

Opinion

Opinions appearing in the ICD Brief are solely the authors’.

After Training Dozens of Democratic Campaigns on Email Security, This Programmer Thinks They Ought to Be Hacked AJ VICENS Mother Jones

“From late 2017 through 2018, Maciej Ceglowski—a tech entrepreneur and computer programmer—crisscrossed the country to educate Democrats on email security.

Earlier this week Ceglowski posted to his personal blog a new piece [see article below] with more detailed lessons from his travels.

What I Learned Trying To Secure Congressional Campaigns

Maciej Ceglowski

“This article is specifically about campaign security, or how to keep candidates and their staff and families safe from people trying to break into social media, read their email, or wire their campaign war chest to Nauru. There are a lot of even more hopeless problems, like election security, but as you will see there is plenty to lose hope about just in this corner of the problem space.”

The International Cybersecurity Dialogue

Building a cyber bridge