Cyber wrap
9 Nov 2016|

Image courtesy of Flickr user Open Grid Scheduler / Grid Engine.

With Americans set to choose their next President today, talk has continued about the election’s cybersecurity. Since my blog on state reluctance to accept federal cyber assistance, all but 2 states have sought technical support from DHS and had their voting infrastructure scanned for vulnerabilities. Ohio has even reached out to a cyber unit of the National Guard in an effort to bolster its cyber defences. At the federal level, the White House is coordinating a cyber risk mitigation strategy with DHS, the CIA, NSA and Department of Defense. Rumours are circulating that the US is also going beyond defensive measure and pre-emptively penetrating critical Russian telecommunication and electrical networks as well as Kremlin Command and Control systems in an effort to deter, and prepare to punish, Russian interference in the election. However, the prevailing view is that the most significant risk isn’t to the actual integrity of votes but the more likely misinformation campaigns designed to undermine public confidence in the legitimacy of the outcome. For a more sceptical take on things, check out Adam Segal’s interesting CFR piece on US–Russia cyber tensions and future of cyber norms.

UK’s Tesco Bank has reported that 20,000 customer accounts have been compromised by cybercriminals. The incident was described as ‘systemic’ and ‘sophisticated’ by the bank’s Chief Executive and a criminal investigation is being led by the National Crime Agency with assistance from the National Cyber Security Centre. Tesco Bank confirmed this morning that breach resulted in a loss of £2.5million from 9,000 individuals. Unsurprisingly, it’s taken about two minutes for people to start blaming Russia (sigh).

After a five-year enquiry, the EU Competition Commissioner has filed a third antitrust charge against Google. The US tech giant is being accused of manipulating internet search results in favour of its own shopping services and advertisements to the detriment of small competitors. The company has defended itself, dismissing the allegations as ‘wrong on the facts, the law, and the economics’. Google is facing fines valued at 10% of global turnover for each of the three charges so better lawyer up.

Despite concerns voiced by the international business community and online privacy advocates, China finally passed its controversial new cybersecurity law this week. The law states that companies must provide ‘technical support’ and data access to the government on matters of crime and national security, the vague definition of which has led to concerns around demands for encryption backdoors. Any data gathered by companies in China will now have to be stored in-country—a requirement known as data-localisation—and companies will be subject to invasive security certification processes, which could pose a threat to intellectual property rights. The legislation also requires real-name registration for instant messaging services, a move that is expected to increase self-censorship and repress freedom of online expression. The law, which was approved by the Standing Committee of the National People’s Congress, will come into force next June.

Back home, Australia has (re)announced that it will invest $3.45 million into new Academic Centres of Cyber Security Excellence, according to a joint statement yesterday from Education Minister Simon Birmingham and Minister Assisting the Prime Minister for Cyber Security Dan Tehan. Prime Minister Turnbull first introduced the concept of centres of excellence at the launch of Australia’s Cyber Security Strategy in April and the initiative funded in the Strategy’s resources outline. So this statement is presumably intended as a public indicator that this action plan item is soon to be delivered. It’s hoped that the centre will increase Australia’s world-leading cybersecurity research and deliver work-ready graduates.

The importance of this kind of investment in Australia’s cyber skill development was underlined by a Raytheon report released yesterday: Securing our future: closing the cybersecurity talent gap. The 12-country survey of 18–26 year olds revealed that Australia is lagging below international averages when it comes to students’ cyber skills, awareness of cybersecurity jobs and having ever spoken to a cybersecurity professional. For all your stats and graph needs, check out this handy report summary. Despite not being included in this survey, our Kiwi friends are getting on board with the issue, establishing a Cyber Security Skills Taskforce to address their talent deficit.