Cyber wrap
12 Oct 2016|

Image courtesy of Flickr user Jorge Cancela.

The Australian Cyber Security Centre released its second annual Threat Report today, providing a useful breakdown of the number and type of cyber incidents that the Centre has dealt with in 2016, and some interesting case studies. The report notes that between January 2015 and June 2016 the Australian Signals Directorate managed 1,095 serious cyber secuirty incidents on government systems, compared to 1,131 in 2014. An additional 14,804 incidents affecting businesses were managed by CERT Australia between July 2015 and June 2016. Of those incidents, 18% targeted the energy sector and 17% targeted the banking and finance sector. Keep an eye on The Strategist in the coming days for more analysis of the report from the ICPC team.

The ACSC Threat Report was released during Australia’s Stay Smart Online week. As part of the festivities, an updated Stay Smart Online Small Business guide and two new Security Awareness Implementation guides—one for businesses and one for individuals—have been released. Stay Smart Online week began in 2008, and now has 1,700 partners from the government and private sector. The 2016 event has been timed to coincide with Cyber Security Awareness Month in the US, ConnectSmart week in New Zealand and the European Cyber Security Month.

In the US, the Department of Homeland Security and the Office of the Director of National Intelligence issued a joint statement on election security. The statement declares the US intelligence community’s confidence that the hack and subsequent leak of information from the Democratic National Committee was directed by the Russian government (and definitely not a 400 pound hacker). Reflecting on ‘the scope and sensitivity’ of the efforts,’ the statement noted that ‘only Russia’s senior-most officials could have authorized these activities’, which are similar to Moscow’s public-opinion influencing activities across Europe and Eurasia. It isn’t unusual for the US to publically attribute cyber incidents to other countries, but the implication that Russia is attempting to interfere in the US election may complicate the response. Adam Segal from the Council on Foreign Relations, and David Sanger and Nicole Perlroth in The New York Times have written some good analysis to this end.

Just a few short weeks after Donald Trump’s bizarre comments about ‘the cyber’, he has released his campaign’s cybersecurity policy. Trump proposes to fight cybercrime with federal, state and local joint task forces (just like the US fights the mafia), and to turn offensive cyber capabilities into America’s ‘greatest weapon against the terrorists’. Over at CFR, David Fidler notes that the policy is broadly consistent with current US cyber policy, albeit short on specifics. See here for a comparison of Trump and Clinton’s cyber security policy statements.

Staying in the US, the sale of Yahoo! to Verizon has apparently hit a snag, with the company’s massive data breach apparently prompting Verizon to ask for a US$1 billion discount off the agreed US$4.8 billion sale price. What isn’t yet clear is how much Yahoo! knew about the 2014 breach, which wasn’t discovered until this year, during the negotiations with Verizon. One US senator has called for the Securities and Exchange Commission to investigate Yahoo! to uncover whether the company was untruthful in its public disclosures.

Russia and India are set to sign a new cyber agreement next week when Vladimir Putin visits Goa for the annual Indo-Russian summit. Indian media reports suggest that the agreement will focus on fighting online extremism from groups including Islamic State and Pakistani groups such as Lashka-e-Taiba. Israel is also apparently waiting in the wings to assist India with strengthening its cyber security capability.

And finally, Singapore’s government announced its new cyber security strategy this week, developed by the Cyber Security Agency of Singapore. The strategy has four key components: hardening security, educating people, creating jobs and working with friends. The strategy comes shortly after the establishment of two new government digital services agencies last week. The Government Technology Agency (GovTech), will provide the engineering and data skills required to accelerate the provision of e-government services. Current projects include a digital vault for personal data and big data analysis of indicators—electricity consumption and public transport, for example—to identify precise locations of business growth or contraction.

The creation of GovTech was announced shortly after the merger of the Infocomm Development Agency and the Media Development Authority on 30th September The new Info-communications Media Development Authority will work with the private sector to facilitate improved digital economic outcomes for the city state through incentives and streamlined regulations. Singapore’s PM Lee Hsien Loong arrived in Canberra yesterday evening for a three day visit to discuss the first tranche of work under the bilateral Comprehensive Strategic Partnership, including defence,trade and law enforcement. The importance of cybersecurity to both countries means that cyber issues will likely be a key point of discussions between Turnbull and Lee.