Cyber security has impacted on the US Presidential race this week, with Hillary Clinton condemning Chinese hacking at a campaign event. Her commentary—that the Chinese are ‘trying to hack into anything that doesn’t move’—was part of a longer discussion on US–China competition in the Asia–Pacific, which indicates that cyber security and foreign policy will likely be linked on the campaign trail. China has dismissed Clinton’s claims and drew attention to last week’s agreement with Secretary of State John Kerry to cooperate on cybersecurity threats. The US and Brazil have also agreed to recommence cyber policy dialogues after the Snowden-induced freeze.
Meanwhile, US and British security agencies have wrapped up a three week long cyber war game in Virgina. They invited representatives from the banking and energy sectors to participate in scenarios that affected their industries. They probably should have invited Home Depot and Walmart too, as US defence contractors scored lower than financial institutions and retailers on BitSight’s ranking of US corporate cyber defence capabilities. On the west coast, the FBI are trying to solve a series of fibre optic cable cutting incidents that have blacked out internet and phone services from Sacramento to Seattle.
China has continued its legislative efforts to protect itself from cyber threats through the new National Security Law on 1 July. The law calls for secure and controllable information architecture in critical sectors and a national security review and supervision system to examine foreign investments and technology that may impact national security. This has renewed concern among tech firms that they’ll be forced to hand over intellectual property before being authorised to operate in China. Chinese officials have defended the law on the basis that internet sovereignty is an extension of national sovereignty. Similarly, the Chinese ambassador to the UN has opposed the perceived marginalization of governments in internet governance at the expense of NGOs and corporations.
Australia’s banking, insurance and superannuation regulator APRA has written to its industry charges about the risk of outsourcing shared computing services—including cloud services—as banks seek to reduce costs through complex IT outsourcing arrangements. APRA noted that weaknesses in outsourcing arrangements exposed institutions to financial risk, and has urged prudence and appropriate consideration of IT risk and assurance mechanisms when engaging these services. In the Australian mining sector, concern about cyber security threats is also growing, with some resource company executives now taking extra precautions with personal electronic devices when travelling, especially to China.
Tech firm lobby group BSA released their inaugural Asia–Pacific Cybersecurity Dashboard this week, evaluating ten regional countries’ cyber security policy frameworks and how well they enable public and private actors to cope with cyber threats. Australia compared favorably to most of the region, although the lack of a formal public-private partnership or sector specific cyber security plans was notable when compared with pack-leader Singapore.
Proving that even the best cyber security skills aren’t a sure guarantee of security, controversial Italian company Hacking Team has become the latest victim of a data spill. Listed as an enemy of the internet by Reporters Without Borders for its ‘no questions asked’ cyber surveillance and espionage exports, it appears that Hacking Team has been selling its wares around the globe including unlikely destinations such as Sudan, and US security agencies including the NSA and the DEA.
And finally, the Irish Government has released their National Cyber Security Strategy this week, which will see the Irish CERT transformed into a National Cyber Security Centre by 2017.