Cyber wrap
1 Jun 2016|

Image courtesy of Twitter user @g7

IT Security firm Symantec believes it has tied recent high-profile attacks against Asian banks using the SWIFT network to a North Korean group. Symantec has linked a piece of malware used in the attacks with the Lazarus ‘threat group’ in what SWIFT is calling a ‘wider and highly adaptive campaign’. The Lazarus group has previously been tied to a series of attacks against South Korean and US targets, including the high profile hacking of Sony Pictures Entertainment. If the Lazarus Group/North Korea is indeed behind the SWIFT attacks, Symantec claims that this would represent ‘the first known episode of a nation-state stealing money in a cyber attack’.

At last week’s ASEAN Defence Ministers Meeting (ADMM) in Laos, member countries agreed to form an Expert Working Group on cyber security within the framework of the ADMM-Plus. The Group will be co-chaired from 2017–2020 by the Philippines—who initially proposed the idea—and New Zealand. The group’s current broad modus operandi is to ‘promote practical cooperation in addressing cyber security challenges’. It’ll be interesting to see how that new diplomatic effort will work to differentiate itself from a cyber stream already well underway in another branch of ASEAN’s Political-Security Community, the ASEAN Regional Forum.

Chris Painter, the US State Department’s coordinator for cyber issues, was called before a Senate Foreign Relations Sub-Committee last week to give his yearly update on progress towards implementing the US’s International Cyber Security Strategy. Check out the text from his testimony here (PDF). Painter also answered several questions from senators (which you can watch here—the Q&A begins at 33:40). The testimony is well worth a look—Painter speaks candidly about cyber threats and responses, internal government co-ordination, and resisting the temptation to silo expertise. He also emphasises the benefit of high-level cyber positions within diplomatic set-ups for enabling collaboration and information sharing (Australia’s new cyber Ambassador gets a mention at 37:46).

Sticking with cyber diplomacy, the Leader’s Declaration from last week’s G7 Summit in Japan included an increased focus on cyber security issues. Similar to the G20 Communiqué released late last year, the document affirms the applicability of international law to cyberspace, pushes for a multistakeholder internet and prohibits the state-backed ICT-enabled theft of IP for financial gain. The document also endorses the G7 Principles and Actions on Cyber and establishes a new G7 working group on cyber.

For China watchers, CSIS has put together a useful explainer on Beijing’s latest cybersecurity body, the CyberSecurity Association of China (CSAC). The CSAC is a party controlled industry association which includes membership from commerce, academia and research institutions, and will work on legal and regulatory issues, tech development, ‘public opinion supervision’ and the security and stability of systems. The group’s first chair is Fang Binxing, the creator of China’s ‘Great Firewall’.  It’s interesting to note that of the 257 groups that make up its membership, there are no non-Chinese institutions or bodies.

Facebook and Microsoft have announced that they’re teaming up to build a new submarine cable between Northern Virginia and Bilbao. The new cable—which will have the ability to carry 160 terabits per second of bandwidth—will support the growing online suite of services offered by both companies. Traditionally, most submarine cable infrastructure has been constructed by telecommunications bodies, often in partnerships with states. That announcement will allow the companies to form their own ‘private highway’ under the sea.

On a final note, be sure to read our latest publication Cyberspace and armed forces: the rationale for offensive cyber capabilities by ICPC’s international fellow James A. Lewis. Lewis looks at theoretical and practical examples of cyber operations and discusses how states should develop the full range of military cyber capabilities with both offensive and defensive applications. He argues that states should ‘create a centralised command structure for these capabilities, with clear requirements for political-level approval for action and embed those capabilities in doctrine and a legal framework based on international law’.