Cyber wrap
Posted By
Zoe Hawkins
on March 8, 2017 @ 12:30
Welcome back to your weekly fix of cyber news, analysis and research.
The New York Times reported last Saturday that, back in 2013, President Barack Obama ordered cyber sabotage operations against Pyongyang’s nuclear weapons program. The
persistently high failure rate of the US’s kinetic antimissile weapons, despite significant investment, reportedly prompted Obama to consider a cyber supplement. The project to pre-emptively undermine missiles in their development stages, known as a ‘
left of launch’ strategy, receives dedicated resources at the Pentagon and is now President Trump’s to play with. However, experts are concerned that this kind of cyber offensive approach sets a
dangerous precedent for Beijing and Moscow, particularly if they believe that US cyber operations could successfully undermine their nuclear deterrence capability.
Staying stateside, the future of the NSA’s spying powers are
under scrutiny this week as elements of the Foreign Intelligence Surveillance Act (FISA) approach sunset.
Section 702 of the Act forms the basis for the NSA’s monitoring of foreign nationals’ communications around the globe in the interests of national security. It was under this FISA authority that the US’s infamous “big brother” program PRISM—
revealed in the Snowden disclosures of 2013—was established.
While the legislation is designed for foreign targets, there have long been concerns it could be used to surveil US citizens through their contact with foreigners. Human rights advocates such as the American Civil Liberties Union are
protesting the renewal of this legislation in defence of international privacy. The issue also has the trans-Atlantic data-sharing agreement on thin ice, especially given that EU Justice Commissioner Vera Jourova has made it clear that she ‘
will not hesitate’ to suspend the painstakingly crafted arrangement should the US fail to uphold its stringent privacy requirements.
That task may be even more difficult after WikiLeaks’ overnight release of a dossier, dubbed
‘Vault 7’, detailing the CIA’s cyber espionage tools and techniques. WikiLeaks released over
8,000 documents it claims were taken from a CIA computer network in the agency’s Center for Cyber Intelligence. The documents detail the
agency’s expansive and sophisticated cyber espionage capability, including compromising the security common devices and apps including Apple iPhones, Google’s Android software and Samsung televisions to collect intelligence.
China’s Foreign Ministry and the Cyberspace Administration of China this week
launched the country’s first
International Strategy of Cooperation on Cyberspace. The Strategy outlines China’s basic principles for cyber diplomacy and its strategic goals in cyberspace. Encouragingly, the Foreign Ministry’s Coordinator for Cyberspace Affairs Long Zhao
stated that ‘enhancing deterrence, pursuing absolute security and engaging in a cyber arms race…is a road to nowhere’. Unsurprisingly, the Strategy offers strong support for the concept of cyber sovereignty, stating that ‘countries should respect each other's right to choose their own path of cyber development’, and emphasises the importance of avoiding cyberspace becoming ‘a new battlefield’. You can read a full English language version of the Strategy
here.
The
revelation that the Australian Signals Directorate (ASD) was temporarily forced to rely on diesel generators during last month’s heat wave has prompted the government to significantly upgrade to the agency’s infrastructure. The Minister Assisting the Prime Minister for Cyber Security told Parliament on Wednesday that it was recommended by ActewAGL and the NSW Department of Environment that ASD switch to back up power on 10 February as part of state-wide load shedding to protect power supplies. The new $75 million project, funded by the Defence Integrated Investment Program, is intended to bolster the intelligence agency’s resilience.
Several cyber incidents have kept the internet on its toes this week. The Amazon Simple Storage Service cloud hosting service went down last week, knocking
hundreds of thousands of popular websites and apps offline. The disruptive incident, originally described by the company as ‘
increased error rates’, was actually
not the result of cyber criminals or hacktivists, but that of an employee’s fat fingers entering a command incorrectly—whoops! Yahoo is in the doghouse (again) with the awkward announcement in its
annual report to the Security and Exchange Commission that 32 million customer accounts are thought to have been compromised through forged cookies. This isn’t to be confused with the
entirely separate and very embarrassing loss of 1 billion accounts in a 2013 breach, which recently cost the company $350 million in its acquisition
deal with Verizon and CEO Marissa Mayer her annual
cash bonus. And if you’ve been tracking the
#cloudbleed saga, catch up with some post-mortems
here,
here and
here.
Finally we’ve got you covered for your weekly cyber research reads. A new Intel report, written by the Centre for Strategic and International Studies, examines the discrepancies in cyberspace that put defenders at a disadvantage. Titled
Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity, the report reveals the gaps between attackers vs. defenders, strategy vs. implementation and executives vs. implementers, offering recommendations to overcome such obstacles. And get your fix of statistics from PwC’s annual
Digital IQ assessment based on a survey of more than 2,000 executives from across the world. The research reveals that only 52% of companies consider their corporate Digital IQ to be ‘strong,’ a considerable drop from 67% last year.
Zoe Hawkins is an analyst in ASPI’s International Cyber Policy Centre. Edited image courtesy ofPixabay user pexels.
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-154/
[1] reported: https://www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html?_r=1
[2] persistently high failure: http://www.news.com.au/technology/online/security/donald-trump-vs-north-korea-president-inherits-cyberwar-against-kim-jongun/news-story/be1f74ba07629df51ce96cbb969406c2
[3] left of launch: http://missiledefenseadvocacy.org/alert/3132/
[4] dangerous precedent: https://www.theatlantic.com/technology/archive/2017/03/north-korea-cyberattack-nuclear-program/518634/
[5] under scrutiny: http://www.reuters.com/article/us-usa-trump-fisa-idUSKBN16855P
[6] Section 702: http://intelligence.house.gov/fisa-702/
[7] revealed: http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet
[8] protesting: https://techcrunch.com/2017/02/13/aclu-calls-for-tech-firms-to-lobby-for-surveillance-reform/
[9] will not hesitate: https://www.bloomberg.com/news/articles/2017-03-02/if-trump-spoils-privacy-pact-we-ll-pull-it-eu-official-warns
[10] ‘Vault 7’: https://wikileaks.org/ciav7p1/
[11] agency’s expansive and sophisticated: http://www.abc.net.au/news/2017-03-08/wikileaks-releases-thousands-of-documents-cia-revelation/8334366
[12] launched: https://www.scmagazine.com/china-outlines-goals-of-state-run-internet-in-cyberpolicy-paper/article/642033/
[13] stated: http://in.reuters.com/article/china-internet-idINKBN16849B
[14] here: http://news.xinhuanet.com/english/china/2017-03/01/c_136094371.htm
[15] revelation: http://www.zdnet.com/article/australian-signals-directorate-to-get-au75m-facility-upgrade/
[16] hundreds of thousands: http://thehill.com/business-a-lobbying/322071-amazon-typo-hobbled-large-swath-of-internet?utm_source=&utm_medium=email&utm_campaign=6507
[17] increased error rates: https://www.theregister.co.uk/2017/02/28/aws_is_awol_as_s3_goes_haywire/
[18] not the result: https://aws.amazon.com/message/41926/
[19] annual report: https://investor.yahoo.net/secfiling.cfm?filingID=1193125-17-65791&CIK=1011006&soc_src=mail&soc_trk=ma
[20] entirely separate: https://techcrunch.com/2016/12/14/yahoo-discloses-hack-of-1-billion-accounts/
[21] deal with Verizon: https://www.nytimes.com/2017/02/21/technology/verizon-will-pay-350-million-less-for-yahoo.html
[22] cash bonus: http://money.cnn.com/2017/03/01/technology/yahoo-marissa-mayer-security-breach/
[23] #cloudbleed: https://twitter.com/search?q=%23CloudBleed&src=tyah&lang=en
[24] here: https://www.forbes.com/sites/thomasbrewster/2017/03/01/cloudbleed-leak-massive-but-not-too-harmful/#4114c4dc613c
[25] here: http://wccftech.com/cloudbleed-post-mortem-massive-leak/
[26] here: http://www.news18.com/news/tech/symantec-releases-automated-solution-to-protect-users-from-cloudbleed-1357189.html
[27] Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity: https://www.mcafee.com/us/security-awareness/articles/misaligned-incentives.aspx
[28] Digital IQ: http://www.pwc.com/us/en/advisory-services/digital-iq.html