- The Strategist - https://www.aspistrategist.org.au -

Cyber wrap

Posted By on February 15, 2017 @ 12:30

Edited image courtesy of Flickr user Maxwell Hamilton.

Cyber news remains a bit topsy-turvy state-side thanks to the new US President. While Donald Trump was expected to drop a new Executive Order on cybersecurity a few weeks ago, it never “officially” materialised, though a draft was leaked to the press. Now, a new version of the Executive Order is circulating and interestingly (but perhaps not surprisingly), it’s dramatically different. Check out this detailed comparison of the two drafts: the first is deemed ‘short on useful substance’ while the second ‘reads like it was vetted and amended by an interagency task force.’ Additional uncomfortable White House developments include the reported firing of its Obama-era Chief Information Security Officer Cory Louie, and Democratic members of the House Committee on Science, Space and Technology calling for a probe into White House cybersecurity practises, including Trump’s use of an outdated android smartphone.

After several years of trying and two failed attempts, Australia has finally passed legislation to establish a mandatory data breach notification scheme. The Privacy Amendment (Notifiable Data Breaches) Bill 2016 passed through the Senate on Monday and Australia’s Privacy and Information Commissioner Timothy Pilgrim has said that the new scheme ‘will help protect the privacy rights of individuals, and strengthen community trust in businesses and agencies’. Greens Senator Scott Ludlam tried and failed to make eleventh-hour changes to the Bill, demanding that organisations be given not 30 but 3 days to report a breach, and requesting that the notification requirements apply to small companies as well. The legislation doesn’t mandate notification of any-and-all breaches for risk of generating ‘notification fatigue’, not to mention the paperwork. Learn what this development might mean for you here.

The UK’s new National Cyber Security Centre (NCSC) in central London was officially opened by the Queen yesterday. The centre, which has actually been in operation since October 2016, is a new component of GCHQ intended to offer a more transparent interface between the UK’s cyber spooks and general public. The NCSC will also bolster government partnership with industry: at the opening Chancellor Philip announced the secondment of up to 100 private sector individuals who will later return to their jobs and improve public-private understanding.

San Francisco has been flooded by cyber nerds this week with the annual RSA cybersecurity conference kicking off. You can expect discussions on artificial intelligence, DDoS denials and cloud security—follow the fun at #RSAC2017. Saudi Arabia apparently also sees the value in such cyber gatherings, with the Kingdom announcing its second annual International Cyber Security Conference. The Ministry of the Interior and Naseba are pairing up to bring 600 hundred experts from government, the private sector and academia together at the end of the month to discuss cyber issues.

Looking to the Asia–Pacific, the 3rd Trilateral Cyber Consultation between Japan, China and South Korea took place in Tokyo at the end of last week. The high level delegation discussed norm development, confidence building measures and the cyber threat posed by North Korea. China has also released some more information in the lead up to the enforcement of its new Cyber Security Law on 1 June 2017. In line with the tone of the legislation, the Cyberspace Administration of China released a draft ‘Inspection Measures on Network Products and Services’ for public comment, which outlines plans to establish a Network Security Inspection Committee.

After almost a year of investment and carefully planned machine learning, IBM has announced that its famous supercomputer Watson is now available to tackle cybersecurity in the real world. Artificial intelligence promises great benefits for security operations centres around the world where analysts spend hours reviewing thousands of security incidents a day, chasing false positives and struggling with a skills shortage. Watson, who has now taken in over 1 million security documents and been tested by more than 40 IBM clients, learns on the job and can assist cybersecurity professionals in identifying and mitigating cyber threats. The cyber security software will now be commercially available for a free trial in IBM’s online app exchange and then for purchase as a premium software offering. Watch out, hackers!

Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/cyber-wrap-151/

[1] a draft: https://assets.documentcloud.org/documents/3424611/Read-the-Trump-administration-s-draft-of-the.pdf

[2] new version: https://lawfareblog.com/revised-draft-trump-eo-cybersecurity

[3] this detailed comparison: http://www.internetgovernance.org/2017/02/12/the-cybersecurity-executive-orders-a-tale-of-two-trumps/

[4] reported firing: https://www.scmagazine.com/trump-white-house-ciso-cory-louie-reportedly-removed-from-post/article/637533/

[5] calling for a probe: https://beyer.house.gov/uploadedfiles/sst_cyber_hearings_letter.pdf

[6] passed: http://www.computerworld.com.au/article/614151/australia-get-data-breach-notification-regime/

[7] Privacy Amendment (Notifiable Data Breaches) Bill 2016: http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r5747

[8] has said: https://www.oaic.gov.au/media-and-speeches/statements/mandatory-data-breach-notification

[9] tried and failed: https://www.itnews.com.au/news/australia-finally-has-mandatory-data-breach-nofitication-450923

[10] doesn’t mandate: http://www.zdnet.com/article/australia-finally-gets-data-breach-notification-laws-at-third-attempt/

[11] here: http://www.lifehacker.com.au/2017/02/how-will-australias-new-mandatory-data-breach-notification-laws-impact-your-business/

[12] National Cyber Security Centre: https://www.ncsc.gov.uk/

[13] officially opened: http://www.wired.co.uk/article/national-cyber-security-centre-open-gchq

[14] GCHQ: https://www.gchq.gov.uk/

[15] announced: https://www.gov.uk/government/speeches/chancellors-speech-at-the-national-cyber-security-centre-opening

[16] RSA cybersecurity conference: https://www.rsaconference.com/

[17] discussions: http://fortune.com/2017/02/11/rsa-2017-conference-ai/

[18] on: http://searchsecurity.techtarget.com/blog/Security-Bytes/Five-things-to-watch-at-RSA-Conference-2017

[19] announcing: http://www.arabnews.com/node/1053481/saudi-arabia

[20] pairing: http://www.gdnonline.com/Details/169501/600-experts-to-attend-top-cyber-security-event-in-Riyadh

[21] 3rd Trilateral Cyber Consultation: http://www.mofa.go.jp/press/release/press4e_001474.html

[22] discussed: http://english.yonhapnews.co.kr/national/2017/02/09/13/0301000000AEN20170209010100315F.html

[23] new Cyber Security Law: https://www.bloomberg.com/news/articles/2016-11-07/china-passes-cybersecurity-law-despite-strong-foreign-opposition

[24] released: http://www.forbes.com/sites/roncheng/2017/02/13/china-reveals-more-details-on-its-impending-cyber-security-law/#4fcbbf904f41

[25] for public comment: http://www.china.org.cn/china/2017-02/08/content_40240809.htm

[26] almost a year: http://fortune.com/2016/05/10/ibm-watson-cybersecurity/

[27] announced: https://www-03.ibm.com/press/us/en/pressrelease/51577.wss

[28] promises: https://www.infosecurity-magazine.com/news/ibms-watson-goes-commercial-for/

[29] who has now: http://www.techrepublic.com/article/ibm-uses-watson-to-fill-cybersecurity-gaps/

[30] commercially available: http://www.forbes.com/sites/alexkonrad/2017/02/13/ibm-turns-watson-to-cyber-security/#1eab974c5a03