Cyber wrap
Posted By Zoe Hawkins on April 13, 2016 @ 12:30
The recent string [1] of ransomware incidents targeting health records held by hospitals has demonstrated the vulnerability and appeal [2] of healthcare organisations to cybercriminals. The trend is reflected in a data security incident report [3] from American law firm Baker Hostetler, which identifies healthcare as the most targeted industry, constituting 23% of all cybercrime incidents. In response, the American Hospital Association (AHA) has called attention [4] to the need for improved cybersecurity in healthcare organisations. President and CEO of the AHA, Richard Pollock, recognised [5] that cybersecurity is ‘more than just an IT issue’, and instead requires strong policy coordination and vigilant personnel. To aid this effort, AHA has added a dedicated cybersecurity page [6] to their website that provides hospitals with information, resources, threat reduction tools and response plans.
The US has also been taking a long hard look at its federal computer networks. This week, the Obama administration proposed legislation [7] to establish a new Information Technology Modernization Fund (ITMF) for the 2017 fiscal year, valued at US$3.1 billion. Chief Information Officer, Tony Scott, emphasised [8] that the US government currently relies on antiquated systems that are not only difficult to secure but also costly to maintain. The ITMF initiative, foreshadowed in the Cyber Security National Action Plan [9] earlier this year, is designed to facilitate the ‘retirement, replacement and modernisation of legacy IT’. It includes the creation of an independent board of experts to identify high risk systems suitable for upgrade and transition to shared services and cloud computing. The ITMF legislation also requires agencies to repay money taken from the fund, a feature that’s intended to support sustainable [10] federal cybersecurity modernisation.
Staying stateside, US Congress introduced a new encryption bill [11] last week. While the security–privacy debate [12] has been unfolding between the FBI and Apple, onlookers have been waiting for Congress to weigh in on the issue. Well now they have, and they certainly aren’t sitting on the fence. The Compliance with Court Orders Act of 2016 will force companies to provide technical assistance to government, essentially outlawing end-to-end encryption [13]. The nine page discussion draft [14] outlines the legal requirement of commercial entities to not only provide access to ‘unintelligible’ information [15] when indicated by a court order, but also to refrain from creating hardware or software designs that prevent this from being possible. It’s fair to say that this bill hasn’t been well received. Some headline highlights include descriptions of the draft as ‘a total nightmare [16]’, ‘ludicrous, dangerous, technically illiterate [15]’, ‘the technological equivalent of requiring all pigs to fly [13]’, ‘as bad as experts imagined [17],’ and ‘more ridiculous than expected [18]’. The contentious draft, put forward by Senate Intelligence Committee Chairman Richard Burr and high profile member Dianne Feinstein, is still being finalised so rest assured that more on the encryption issue is coming down the pipeline.
Singapore this week announced plans to update [19] its Computer Misuse and Cybersecurity Act. Senior Minister of State for Homeland Affairs, Desmond Lee, cited the ‘clear uptrend’ in cybercrime [20] as a motivation for the overhaul. Noticeably, credit-for-sex scams [21] have shot through the roof in the city state, generating an annual loss [22] of S$2.9 million. Minister for Communications and Information, Yaacob Ibrahim, underscored [23] the importance of reviewing the legislation, strengthening online defences and cracking down on cybercrime as Singapore moves towards becoming a ‘Smart Nation’. Becoming a Smart Nation [24] is the vision of a Singaporean whole-of-government initiative: harnessing ICT, networks and data in order to ‘support better living, create more opportunities and support stronger communities’.
Equal representation still remains a challenge in the cybersecurity workforce. Women account for only 10% [25] of the information security industry. Anne Marie Slaughter and Elizabeth Weingarten from the New America Foundation have published an article in TIME Magazine [26] highlighting that the underrepresentation of women in this field is not simply an issue of gender equality, but also national security. They argue that ‘gender, socioeconomic status, race and other identities can influence how people perceive security interventions’, such that having a representative workforce designing security frameworks is an essential component of their effectiveness. By the same token, the US Department of Labor Statistics has revealed concerning information about the near absence of racial diversity in cybersecurity. Figures indicate [27] that black or African-American people make up only 3% of information security analysts in the US. So it seems diversity should be at the forefront of employers’ minds as they work to fill the 1.5 million global cybersecurity talent shortfall [28].
Finally, Japan and Estonia agreed to strengthen their cybersecurity cooperation [29] in Tokyo this week. Japan’s Prime Minister Shinzo Abe and his Estonian counterpart Taavi Roivas agreed [30] to share knowledge on information protection and data management in the lead up to the 2020 Tokyo Olympics and Paralympics. The pairing of Japan and Estonia isn’t as strange as it appears at first glance. After suffering a bout of ‘cyber attacks’ [31] on its government, finance and media websites in 2007, Estonia has become a global hub for cybersecurity discussion, collaborating with NATO to produce influential research like the Tallinn Manual [32]. Abe applauded Estonia [33] as an international leader in cybersecurity from which Japan could learn a great deal.
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-115/
URLs in this post:
[1] string: http://www.aspistrategist.org.au/cyber-wrap-114/
[2] vulnerability and appeal: http://www.rand.org/blog/2016/04/ransomware-hackers-are-coming-for-your-health-records.html?utm_source=t.co&utm_medium=rand_social
[3] data security incident report: http://bakerlaw.com/files/uploads/Documents/Privacy/2016-Data-Security-Incident-Response-Report.pdf
[4] called attention: http://healthitsecurity.com/news/aha-calls-for-strong-healthcare-cybersecurity-measures
[5] recognised: http://blog.aha.org/post/160408-staying-ahead-of-cybersecurity-risks
[6] dedicated cybersecurity page: http://www.aha.org/advocacy-issues/cybersecurity.shtml
[7] proposed legislation: https://www.whitehouse.gov/sites/default/files/omb/legislative/letters/fy17_information_technology_modernization_fund_legislative_proposal.pdf
[8] emphasised: https://www.whitehouse.gov/blog/2016/04/08/improving-and-modernizing-federal-cybersecurity
[9] Cyber Security National Action Plan: https://www.whitehouse.gov/the-press-office/2016/02/09/fact-sheet-cybersecurity-national-action-plan
[10] sustainable: https://fcw.com/articles/2016/04/08/omb-modernization-bill.aspx
[11] introduced a new encryption bill: http://thehill.com/policy/cybersecurity/275567-senate-intel-encryption-bill-mandates-technical-assistance
[12] security–privacy debate: http://www.aspistrategist.org.au/apple-versus-the-state-public-posturing-and-rhetoric-on-encryption/
[13] outlawing end-to-end encryption: http://techcrunch.com/2016/04/08/feinstein-and-burrs-draft-encryption-bill-would-essentially-make-all-encryption-illegal/
[14] discussion draft: https://josephhall.org/f0eabaa89b8ee38577bf7d0fd50ddf0d58ecd27a/307378123-Burr-Encryption-Bill-Discussion-Draft.pdf
[15] access to ‘unintelligible’ information: http://www.wired.com/2016/04/senates-draft-encryption-bill-privacy-nightmare/
[16] a total nightmare: http://www.gizmodo.com.au/2016/04/us-congress-new-encryption-bill-is-a-total-nightmare/
[17] as bad as experts imagined: http://motherboard.vice.com/read/draft-encryption-bill-is-everything-we-feared-security-experts-say
[18] more ridiculous than expected: https://www.techdirt.com/articles/20160408/08381934131/burr-feinstein-release-their-anti-encryption-bill-more-ridiculous-than-expected.shtml
[19] update: https://sg.finance.yahoo.com/news/singapore-announces-cybersecurity-act-counter-101900095.html
[20] ‘clear uptrend’ in cybercrime: http://www.channelnewsasia.com/news/singapore/cybersecurity-laws/2670052.html
[21] credit-for-sex scams: http://www.scamalert.sg/scams/alipay-scam.html
[22] annual loss: http://mothership.sg/2016/02/thousands-of-men-and-women-in-singapore-are-getting-swindled-by-online-scammers/
[23] underscored: http://www.todayonline.com/singapore/online-defences-get-more-bite-new-cybersecurity-act
[24] Becoming a Smart Nation: http://www.pmo.gov.sg/smartnation
[25] only 10%: https://www.isc2cares.org/IndustryResearch/GISWS/
[26] an article in TIME Magazine: http://time.com/4290563/women-in-cybersecurity/
[27] Figures indicate: http://www.forbes.com/sites/stevemorgan/2016/04/07/african-americans-underrepresented-in-the-cybersecurity-field/#6b1f085e323f
[28] 1.5 million global cybersecurity talent shortfall: http://www.cbronline.com/news/cybersecurity/business/cybersecurity-talent-shortage-to-hit-15m-by-2020-4555519
[29] strengthen their cybersecurity cooperation: http://www.japantimes.co.jp/news/2016/04/08/national/politics-diplomacy/japan-estonia-vow-strengthen-cybersecurity-cooperation/#.Vwr5bvl95hF
[30] agreed: http://the-japan-news.com/news/article/0002863954
[31] cyber attacks’: http://www.nbcnews.com/id/31801246/ns/technology_and_science-security/t/look-estonias-cyber-attack/#.VwzU2Pl95hE
[32] Tallinn Manual: https://ccdcoe.org/tallinn-manual.html
[33] applauded Estonia: http://estonianworld.com/technology/estonia-to-strengthen-cybersecurity-cooperation-with-japan/
Click here to print.