The US released its Cybersecurity National Action Plan on 9 February, which will see the US government invest US$19 billion in cybersecurity in the 2017 budget. The overall intent of the plan, noted by President Obama in a new editorial for The Wall Street Journal titled ‘Protecting US Innovation from Cyberthreats’, is to retain the US’ competitive advantage in cyberspace, enabling the US to gain the maximum possible commercial and economic benefits.
The plan consists of both short-term actions to improve public and private cybersecurity capacity, and long term recommendations to investigate ways to shore up the future cybersecurity of the country. Specific actions identified include the establishment of a Federal Chief Information Security Officer (although only a relatively paltry salary is on offer), a new Commission on Enhancing National Cybersecurity, a campaign to encourage the use of multifactor authentication and the establishment of a National Centre for Cybersecurity Resilience to provide a test environment for critical infrastructure operators. Criticism has been levelled at the passive defence focus of the strategy, and they’ve called for a renewed deterrence approach that inspires fear of retribution in America’s cyber enemies.
The US also saw the release of the report ‘Worldwide Threat Assessment of the US Intelligence Community’, by Director of National Intelligence James Clapper, which ranked cyber espionage as the second highest threat to US security, after terrorist attacks in the US. In his congressional testimony on the report, Clapper singled out Chinese and Russian spies for targeting critical information systems and warned that North Korea probably retains the capability and intent to conduct disruptive cyber activities.
A little closer to home, China, Russia and Indonesia have been blamed for a steep rise in attempts to hack the Australian Government’s Intra-Government Communications Network (ICON). In response, security agencies have sought funding to roll out encryption technology from the bean counters at Finance who considered selling the network last year, but according to Cameron Stewart from The Australian, the funding hasn’t been forthcoming.
The Russian cyber threat may have prompted its neighbour Finland to propose amendments to its national security legislation that would allow its intelligence services and armed forces to conduct ‘offensive’ cyber operations. Another Russian neighbour, Ukraine, recently concluded its investigation into the December hacking of its power grid and while avoiding directly blaming Russia, noted that the hackers had used Russian ISPs and made phone calls within Russia. Ukrainian Deputy Energy Minister Oleksander Svetelyk told Reuters that the attack had been well planned and coordinated, and had possibly taken six months to prepare. Russian hackers are also a concern for the European Union and NATO, who last week agreed to increase information sharing on cyber threats between the CERT-EU and NATO’s Computer Incident Response Capability.
In the UK, a legal challenge of the Government Communications Headquarters’ (GCHQ) authority to conduct cyber espionage both overseas and in the UK has failed. It did, however, force GCHQ to confirm that they do conduct such activities. A case brought to the Investigative Powers Tribunal by human rights advocacy group Privacy International alleged that GCHQ’s operations breached European law, however the tribunal found that the legal framework that GCHQ operates under adequately balances privacy and intelligence requirements, and didn’t breach the European human rights convention.
And finally, the South Korean government has raised its cyber attack alert level to three (out of a possible five) this week, warning of the increasing threat of a North Korean cyber attack. The Information Operations Condition alert system had previously been raised from five to four only last month after the North Korean nuclear test. The most recent increase is likely tied to the DPRK’s latest long range rocket test.