ICD Brief 139.
17.06.2019.-23.06.2019.
Greetings from Washington. This week’s ICD reports from Buenos Aires, Canberra, Ottawa, Tallinn, Silicon Valley, Paris, Tehran, Tel Aviv, Kuala Lumpur, Barcelona, Reykjavik, New Dehli, Abu Dhabi, London and New York. Significantly, it is dominated by aggressive actions, warnings of vulnerabilities and an expanding list of significant breaches.
Feature
US Cyber Command, Russia and Critical Infrastructure: What Norms and Laws Apply?
by Michael Schmitt Just Security
“Damaging critical infrastructure is clearly out of bounds as responsible peacetime state behavior and would likely violate international law. But do these types of intrusions – seemingly intended to prepare for future operations or deter them, or both, without causing any actual harm – also run counter to applicable non-binding norms or violate international law during peacetime?”
US
State Department Establishing New IT Governance Body Cyberscoop
“Stuart McGuigan’s first job as the State Department’s CIO of three months is establishing an overarching IT governance vehicle.
At the secretary of State’s direction, McGuigan convened a Digital Diplomacy Council that includes all IT leaders and projects throughout the department. It will first address cybersecurity reliability and then enterprise architecture.”
One of the Military’s Top Cyber Groups Will Get a New Leader Fifth Domain
“Brig. Gen. William Hartman is slated to lead U.S. Cyber Command’s Cyber National Mission Force, according to a June 19 personnel announcement from the Pentagon. The Cyber National Mission Force plans and conducts cyber operations aimed at disrupting adversaries. The group works against specific nation-state threats and aims to engage those enemies as a means of preventing cyber intrusions. It is often described as having Cyber Command’s best operators.”
FERC Clears Path for Power Industry Reporting of Cyber Incidents that Fail to Disrupt Grid SP Global
“Washington — In an effort to better capture the true scope of cyber threats to the electric grid, the Federal Energy Regulatory Commission on Thursday approved a revised reliability standard that broadens mandatory reporting requirements to include incidents that attempt to compromise the grid.” DHS
DHS to Move Biometric Data on Hundreds of Millions of People to Amazon Cloud
“The Homeland Security Department is looking to upgrade the software it uses to analyze biometric data on hundreds of millions of people around the globe, and it plans to store that information in Amazon’s cloud.” DHS Email Phishing Scam DHS
Samsung TVs Should Be Regularly Virus-Checked, the Company Says BBC
“Samsung has advised owners of its latest TVs to run regular virus scans. A how-to video on the Samsung Support USA Twitter account demonstrates the more than a dozen remote-control button presses required to access the sub-menu needed to activate the check.”
Protect Your Online Identity Now: Fight Hackers with These 5 Security Safeguards ZD Net
“Having your identity stolen can be a nightmare, and cleaning up the mess can take months. You can make life difficult for a would-be identity thief by locking down these five key aspects of your online life.”
Argentina
Argentina and Uruguay Reel after Massive Power Outage BBC
“Power has been restored to much of Argentina and Uruguay after a massive electrical failure left tens of millions of people in the dark. Argentine media said the power cut occurred shortly after 07:00 (10:00GMT) on Sunday, causing trains to be halted and failures with traffic signalling. The blackout was prompted by a failure in an electrical grid that serves both Argentina and Uruguay.”
Australia
Australia’s Encryption Laws: An Insider’s Guide (free PDF) TechRepublic
“It is Australia’s contribution to the Five Eyes nations’ tougher attitudes to the regulation of online communications. Information and communications technology vendors and service providers have a “mutual responsibility” to offer “further assistance” to law enforcement agencies, they said in August this year. “
Canada
Desjardins, Canada’s Largest Credit Union, Announces Security Breach ZD Net
“Today, Desjardins, Canada’s largest credit union and one of the world’s biggest banks, announced a security breach caused by a former employee. In a statement posted on its website, the bank said a bank employee had taken the data of 2.9 million members (2.7 million home users and 173,000 businesses and associated contacts) from its database, without authorization.”
Estonia
National Guard Officer Service Recognized by Defense Ministry Medal ERR News
“Defense ministry Permanent Secretary Kristjan Prikk presented the ministry’s Cross of Merit, Second Class, awarded to Maj. Gen. Linda L. Singh, of the Maryland Army National Guard Thursday.
‘Over the last four years, Maj. Gen. Singh has contributed a great deal of time and energy to strengthening the partnership between Estonia and the State of Maryland, finding new cooperation opportunities through the Maryland Army National Guard’s State Partnership Program,’Prikk said of the honor. “
Finance/Risk
Facebook’s cryptocurrency faced with regulatory warnings from global central bankers CNBC
“Central bankers around the world say Facebook should expect regulatory questions over its new cryptocurrency. Libra, announced earlier this week, is backed by a basket of bank deposits and short-term government securities. Fed Chairman Jerome Powell also says he’s spoken with Facebook about the digital currency.” Mark Zuckerberg’s ‘shadow bank’: The pushback against Facebook’s new cryptocurrency has already begun Business Insider
State of the Cyber Insurance Market— Top Trends, Insurers and Challenges: A.M. Best Insurance Journal
“A.M. Best said it believes cyber loss ratios are low because carriers are pricing with higher loads given the uncertainty surrounding this risk but that could change once more data is gathered. It said it expects that the “current profitability of cyber insurance will attract more competition, which will ultimately pressure profitability.”
France
Tactical Cyber Weapons For Future French Battlefield Ops? Breaking Defense
“PARIS AIR SHOW: Tactical commanders should have the power to unleash cyber attacks on an enemy in exactly the same way they can currently unleash an artillery barrage, says retired French Army Lt. Gen. Alain Bouquin. ‘But we must also be able to have actions on the information systems of the enemy in front of us. So it’s not only protection — resilience — it’s also active cyber capabilities aiming at the enemy systems.’”
Iceland
Iceland’s Data Centers Are Booming – Here’s Why That’s a Problem MIT Technology Review
“Bitcoin miners and data scientists love cheap, green Icelandic processing power. Maybe a little too much. Local temperatures in Iceland average 41 °F (5 °C). Letting cold air in from the outside helps keep server racks cool and reduce power costs—good news for cryptocurrency miners and compute-hungry data scientists.”
India
India, France Pitch Effective Mechanism to Combat Terror in Cyber Space Economic Times
“NEW DELHI: India and its strategic partner France have decided to develop effective mechanism and coordinate their efforts to combat terror in cyber space.
Iran
Iran Says it Dismantled a U.S. Cyber Espionage Network Reuters
“LONDON (Reuters) – Iran said on Monday it had exposed a large cyber espionage network it alleged was run by the U.S. Central Intelligence Agency (CIA), and that several U.S. spies had been arrested in different countries as the result of this action.”
Israel
Israel to Assist Developing Countries Improve Cyber Resilience
“Israel signed an agreement with the World Bank on Monday to support developing countries improve their cyber defense capabilities. Under the framework of the agreement, Israel will contribute $1 million to the DDP and provide technical assistance to countries in Asia, Africa, Latin America and Eastern Europe.”
Malaysia
Career Comeback Programme for Women in Cyber Risk Management Digital News Asia
“Yesterday, Malaysia Digital Economy Corp (MDEC), in a collaboration with Ministry of Women, Family and Community Development (KPWKM); the Ministry of Communications and Multimedia (KKMM) Department of Women Development (JPW), National Cyber Security Agency (NACSA) and TalentCorp, announced the Empowering Women in Cyber Risk Management Programme for women returning to work.”
Spain
Europe Will Enter Pre-Exascale Realm with Marenostrum 5 Next Platform
“The Barcelona Supercomputer Center will soon be the proud owners of the Europe’s first pre-exascale supercomputer. If all goes according to plan, MareNostrum 5 will almost certainly be the most powerful system in Europe when it goes into production at the end of next year.”
UAE
DarkMatter Group Calls for Improved Vigilance as UAE’s Cyber-threat Landscape Reaches Critical Level DarkMatter
“A report by DarkMatter Group found cybercriminal attacks in the UAE and Middle East are both widespread, frequently undetected, and often state-sponsored”
UK
BoE Issues Cyber Attack Warning Finextra
“Banks would struggle to defend themselves against a state-sponsored cyber attack that corrupted their records over a period of months, according to a Bank of England (BoE) official. The stark warning came from Anil Kashyap, a member of the central bank’s financial policy committee, who was addressing a UK parliamentary committee. “
UN
UN Ambassador Cites Israeli Company in Proposal to Ban Spyware
Jerusalem Post
“United Nations Special Rapporteur on freedom of expression David Kaye cited Herzliya-based NSO Group in his proposal to impose a moratorium on the use of surveillance technology, according to a report filed to the U.N. Human Rights Council on Tuesday. Kaye’s report articulated NSO Group’s Pegasus spyware as a ‘paradigmatic example’ of private surveillance products and their mobile device hacking capabilities.”