We’re kicking off this week over the ditch with our Kiwi friends who have been very busy on the cyber policy front. In Auckland last Friday, Communications Minister Amy Adams launched an updated version of the country’s national Cyber Security Strategy. The NZ government also produced an accompanying ‘living’ Action Plan that will be updated annually, and a National Plan to Address Cybercrime. The strategy aims to deepen public–private engagement on cyber issues building upon the already successful Connect Smart initiative, which reaches out to private residences, schools and businesses. Other initiatives include a ‘cyber security tick’ scheme, similar to those used to indicate healthy foods, which will recognise businesses with good cyber security practices. New Zealand will also establish a stand-alone national Computer Emergency Response Team (CERT). Currently CERT responsibilities lie within the National Cyber Security Centre, but the decision has been made to bring New Zealand ‘into alignment’ with its key international partners by creating the new body. The decision mirrors that of the UK government, which successfully launched their first national CERT early last year.
Australia’s national CERT has released a survey of the cyber security postures and attitudes present amongst its major Australian businesses partners. The survey found that over half of the respondents had experienced an incident that had compromised ‘confidentiality, integrity or availability of a network’s data or systems in the last year’. Positively, the survey found that in response many businesses had introduced or improved their information security practices including both policy and technical responses. Mirroring stories throughout the media this year, major Australian businesses reported being subject to a substantial amount of Ransomware attacks—four times as many as were reported in 2013.
Twitter has warned a number of its users this week that their accounts may have been targeted by something a bit more malicious than the usual run-of-the-mill spam. The social media giant informed several account holders via email that their Twitter accounts were part of ‘a small group of accounts that may have been targeted by state-sponsored actors’. Those affected included activists, security specialists and privacy advocates, in what Twitter believes was an attempt to gain access to personal information including phone numbers and email addresses. While Twitter claims there was no evidence that the attempts were successful, it recommended that those affected use identity protections measures, such as the Tor browser.
Joe Nye had an interesting piece published on Project Syndicate on deterrence in cyber space, where he discusses how the traditional difficulties surrounding attribution have hampered effective deterrence and tipped the see-saw in favour of attackers. But he stresses that increased technological capability, more robust encryption and economic enmeshment may tip the advantage back to the defenders and eventually enable more effective cyber deterrence.
And finally, just in time for the holiday break, the US Department of Homeland Security has put out a useful tip sheet on good cybersecurity practices to use while travelling. It includes advice on connecting to Wi-Fi, data protection and maintaining the physical security of personal devices.