Cyber wrap
Posted By Liam Nevill on July 13, 2016 @ 12:30
Last Wednesday the European Parliament approved the new European Union Network and Information Security directive [1], which applies common cybersecurity and reporting obligations for operators of essential services, such as energy, transport, health finance and water utilities [2]. Other online services such as cloud services and retailers will also have to implement new measures under the directive.
EU members will also have to establish an EU network of Computer Security Incident Response Teams to coordinate and address cyber security incidents. Member states are now required to implement national laws that reflect the requirements of the directive, which they must do by May 2018 [3]. That means that the NIS directive will take effect at the same time as the EU’s General Data Protective Regulation [4], which similarly aims to standardise regulations across all member states, rationalising fragmented national regulations across the trading bloc in pursuit of the Digital Single Market [5].
On 5 July, the day before the NIS Directive was agreed, the EU Commission announced a new public-private partnership [6] to improve cybersecurity, including a €450 million co-investment in the Horizon 2020 [7] research and innovation program. Private sector partners are expected to contribute three times that amount, creating a €1.8 billion program [8] to build cybersecurity capability to better secure various industry sectors including the energy, health and finance.
Staying with the EU, the European Commission looks set to adopt the new ‘Privacy Shield’ deal [9] with the US, replacing the ‘Safe Harbor’ agreement that was struck down last year by the European Court of Justice [10]. The new US–EU data transfer agreement was approved by member states last Friday [11], and once the Commission formally adopts it, expected to be early this week, trans-Atlantic data flows should be able to resume. However some critics [12] believe that the agreement doesn’t go far enough to meet tough EU privacy measures and won’t stand up to legal examination if challenged [13] in European courts by privacy advocates.
Still in Europe, as foreshadowed in previous Cyber wraps [14], NATO officially recognised cyberspace as a military operational domain [15] at the Warsaw Summit last weekend, and signed a new Cyber Defence Pledge [16]. According to NATO [17], the official change means that the alliance can place a greater focus on cyberspace in its missions and operations, and a better framework to manage resources, skills, capabilities and coordination.
NATO is now expected to set cyber defence capability targets [15], part of the commitment by members to ‘Develop the fullest range of capabilities to defend our national infrastructures and networks’ [16]. At the same time NATO was discussing the future of its cyber efforts, NATO websites were taken offline [18] in a suspected hacking incident during the Warsaw Summit. Suspicions naturally fell on Russia, but officials declined to discuss [19] if the outage was due to hacking or other more mundane technical faults.
Last week the UN’s Human Rights Council passed a resolution on the ‘Promotion, protection and enjoyment of human rights on the Internet’ [20], declaring that people’s offline rights must be protected online—particularly freedom of expression. The resolution also condemns states that prevent access to the internet as a violation of human rights and calls on them to refrain from doing so. It frames access to the internet as a basic human right [21], and requests that states address ‘digital divides’, including gender and disability, as a means to facilitate education and empower women and girls through access to information.
The resolution was passed by consensus, but Russia and China—among other countries including India and South Africa—did request amendments [22] to remove the references to a human rights based approach to expansion of access and references to the Universal Declaration of Human Rights and International Covenant on Civil and Political rights regarding freedom of expression. The application of international humanitarian law, particularly the principle of proportionality, was also the subject of a roundtable earlier this year in Moscow, the summary of which has now been provided by the Red Cross here [23].
After several big breaches this year resulting in the theft of tens of millions of dollars, [24] bank transfer operator Swift has hired two new security firms [25] to restore confidence in its system. Swift will establish a new cyber forensics security intelligence departments to gather information about breaches and share information with its user community.
And finally, the internet has led to many notable innovations in consumer convenience, notably the ability to order and pay for pizza online (it’s like there is some connection between pizza and computer nerds and pizza [26]). But how secure is that website you use to get your pizza fix? This list [27], compiled using the open source CSTAR website security analysis tool has scored about 200 international pizza delivery websites on their ability to resist malicious actors.
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-127/
URLs in this post:
[1] new European Union Network and Information Security directive: http://www.europarl.europa.eu/news/en/news-room/20160701IPR34481/Cybersecurity-MEPs-back-rules-to-help-vital-services-resist-online-threats
[2] energy, transport, health finance and water utilities: http://www.zdnet.com/article/european-lawmakers-approve-new-cybersecurity-law/
[3] which they must do by May 2018: https://ec.europa.eu/digital-single-market/en/network-and-information-security-nis-directive
[4] same time as the EU’s General Data Protective Regulation: http://ec.europa.eu/justice/data-protection/reform/index_en.htm
[5] Digital Single Market: http://ec.europa.eu/priorities/digital-single-market/
[6] EU Commission announced a new public-private partnership: http://europa.eu/rapid/press-release_IP-16-2321_en.htm
[7] Horizon 2020: https://ec.europa.eu/programmes/horizon2020/
[8] creating a €1.8 billion program: http://www.theregister.co.uk/2016/07/05/eu_cybersecurity_investment_plan/
[9] European Commission looks set to adopt the new ‘Privacy Shield’ deal: http://thehill.com/policy/cybersecurity/286981-eu-lawmakers-approve-major-us-eu-data-transfer-deal
[10] by the European Court of Justice: http://www.wsj.com/articles/eu-court-strikes-down-trans-atlantic-safe-harbor-data-transfer-pact-1444121361
[11] member states last Friday: http://thehill.com/policy/cybersecurity/overnights/287269-overnight-cybersecurity-privacy-shield-expected-on-tuesday
[12] some critics: http://www.scmagazine.com/privacy-shield-gets-nod-from-eu-ripe-for-judicial-challenge/article/508720/
[13] won’t stand up to legal examination if challenged: http://thehill.com/policy/cybersecurity/287067-week-ahead-eu-set-to-finalize-new-data-pact
[14] Cyber wraps: http://www.aspistrategist.org.au/cyber-wrap-125/
[15] officially recognised cyberspace as a military operational domain: http://www.zdnet.com/article/the-internet-as-battleground-where-do-we-go-from-here/
[16] Cyber Defence Pledge: http://www.nato.int/cps/en/natohq/official_texts_133177.htm?utm_medium=email&utm_campaign=NATO%20Press%20Releases&utm_content=NATO%20Press%20Releases+CID_475fd59d4d97b8bf176eb559590f600d&utm_source=Email%20marketing%20software&utm_term=Eng
[17] According to NATO: http://www.nato.int/nato_static_fl2014/assets/pdf/pdf_2016_07/20160627_1607-factsheet-cyber-defence-eng.pdf
[18] NATO websites were taken offline: http://www.wsj.com/articles/nato-linked-websites-go-down-cyberattack-suspected-1468001918?mg=id-wsj
[19] but officials declined to discuss: http://www.wsj.com/articles/obama-nato-leaders-gather-as-europe-frays-and-russia-blusters-1467955429
[20] ‘Promotion, protection and enjoyment of human rights on the Internet’: https://www.article19.org/data/files/Internet_Statement_Adopted.pdf
[21] internet as a basic human right: http://tech.firstpost.com/news-analysis/the-un-says-that-internet-access-is-a-basic-human-right-india-disagrees-324006.html
[22] but Russia and China—among other countries including India and South Africa—did request amendments: http://www.independent.co.uk/life-style/gadgets-and-tech/un-declares-online-freedom-to-be-a-human-right-that-must-be-protected-a7120186.html
[23] by the Red Cross here: http://blogs.icrc.org/law-and-policy/2016/06/29/cyberspace-operations-armed-conflicts-proportionality-rule/
[24] resulting in the theft of tens of millions of dollars,: http://www.wsj.com/articles/lawsuit-claims-another-global-banking-hack-1463695820
[25] has hired two new security firms: http://www.wsj.com/articles/swift-hires-cybersecurity-firms-following-customer-breaches-1468240947?mg=id-wsj
[26] it’s like there is some connection between pizza and computer nerds and pizza: http://newsfeed.time.com/2014/01/09/to-absolutely-no-ones-surprise-gamers-ordered-1-million-of-pizza-on-xbox-in-four-months/
[27] This list: https://medium.com/@fart/2016-cybersecurity-report-for-pizza-only-8d8a76020b5d#.td13o4v3e
Click here to print.