Tony Abbott’s Telecommunications Sector Security Reforms continues to cause angst with major telco and tech firms. The proposed amendments to legislation including the Telecommunications Act and Telecommunications (Interception and Access) Act would force telcos to supply security agencies with details of proposed supplier arrangements and purchases, and give government the authority to veto purchases deemed to pose a threat to national security. Three major telco industry groups have developed a joint submission to the Attorney‑General criticizing the reforms as unecessary and disproportionate.
Meanwhile more Australian companies are seeking insurance to mitigate the risks of a cyber incident, although brokers have warned that insurance cannot replace proper risk management practices. This is advice backed up by former GCHQ Director Sir David Ormand and NSA chief Admiral Mike Rogers who warned London city financial firms that even the most cyber secure companies must assume their cyber defences will be breached at some point.
Paul Coyer from Forbes has written a great piece discussing the dynamics of the US–China cyber relationship. Coyer points out that China’s behaviour in cyberspace and international cyber security discussions is driven by a deep sense of vulnerability in the face of America’s enormous technological advantage—a feeling that has grown as the full extent of the relationship between major US hardware and software firms and the NSA was revealed by Edward Snowden. China’s National Security Law and Cyber Security Law, discussed last week, is clearly informed by this insecurity, emphasising the principle of sovereignty in the information space and its links to national security.
The Hacking Team breach has highlighted existing concerns about the transfer of cyber surveillance technology across borders. Mari Batashevski has published a long piece on the role that Hacking Team and similar firms, often Israeli, play in installing and operating cyber surveillance systems in states like Uzbekistan and Kazakhstan. Back in May the US Commerce Department released draft regulations that require permits to export encrypted software and cyber surveillance technologies, based on principles agreed by Wassenaar Arrangement members (including Australia) in December 2013. Some US tech firms have criticised the proposed regulations as flawed.
This week brings news of another data spill from a very sensitive target. AshleyMadison, the infamous website for those seeking ‘something on the side’ fell victim to a group called the Impact Team. The hackers apparently took action because Avid Life Media—AshleyMadison’s parent company—was advertising a ‘full delete’ feature for customer profiles but failing to actually delete all the data. Whether the Impact Team were truly upset by AshleyMadison’s supposed shonkiness, or just wanted to take down a target that prominently touted its security and privacy protection credentials is yet to be determined. Regardless, count it as another data spill that could prove awkward for many of its victims.
And finally our friends at CSIS have published a report on the development of cyber security regulations for the US financial industry.