- The Strategist - https://www.aspistrategist.org.au -

Cyber wrap

Posted By on March 8, 2017 @ 12:30



Welcome back to your weekly fix of cyber news, analysis and research.

The New York Times reported last Saturday that, back in 2013, President Barack Obama ordered cyber sabotage operations against Pyongyang’s nuclear weapons program. The persistently high failure rate of the US’s kinetic antimissile weapons, despite significant investment, reportedly prompted Obama to consider a cyber supplement. The project to pre-emptively undermine missiles in their development stages, known as a ‘left of launch’ strategy, receives dedicated resources at the Pentagon and is now President Trump’s to play with. However, experts are concerned that this kind of cyber offensive approach sets a dangerous precedent for Beijing and Moscow, particularly if they believe that US cyber operations could successfully undermine their nuclear deterrence capability.

Staying stateside, the future of the NSA’s spying powers are under scrutiny this week as elements of the Foreign Intelligence Surveillance Act (FISA) approach sunset. Section 702 of the Act forms the basis for the NSA’s monitoring of foreign nationals’ communications around the globe in the interests of national security. It was under this FISA authority that the US’s infamous “big brother” program PRISM—revealed in the Snowden disclosures of 2013—was established.

While the legislation is designed for foreign targets, there have long been concerns it could be used to surveil US citizens through their contact with foreigners. Human rights advocates such as the American Civil Liberties Union are protesting the renewal of this legislation in defence of international privacy. The issue also has the trans-Atlantic data-sharing agreement on thin ice, especially given that EU Justice Commissioner Vera Jourova has made it clear that she ‘will not hesitate’ to suspend the painstakingly crafted arrangement should the US fail to uphold its stringent privacy requirements.

That task may be even more difficult after WikiLeaks’ overnight release of a dossier, dubbed ‘Vault 7’, detailing the CIA’s cyber espionage tools and techniques. WikiLeaks released over 8,000 documents it claims were taken from a CIA computer network in the agency’s Center for Cyber Intelligence. The documents detail the agency’s expansive and sophisticated cyber espionage capability, including compromising the security common devices and apps including Apple iPhones, Google’s Android software and Samsung televisions to collect intelligence.

China’s Foreign Ministry and the Cyberspace Administration of China this week launched the country’s first International Strategy of Cooperation on Cyberspace. The Strategy outlines China’s basic principles for cyber diplomacy and its strategic goals in cyberspace. Encouragingly, the Foreign Ministry’s Coordinator for Cyberspace Affairs Long Zhao stated that ‘enhancing deterrence, pursuing absolute security and engaging in a cyber arms race…is a road to nowhere’. Unsurprisingly, the Strategy offers strong support for the concept of cyber sovereignty, stating that ‘countries should respect each other's right to choose their own path of cyber development’, and emphasises the importance of avoiding cyberspace becoming ‘a new battlefield’. You can read a full English language version of the Strategy here.

The revelation that the Australian Signals Directorate (ASD) was temporarily forced to rely on diesel generators during last month’s heat wave has prompted the government to significantly upgrade to the agency’s infrastructure. The Minister Assisting the Prime Minister for Cyber Security told Parliament on Wednesday that it was recommended by ActewAGL and the NSW Department of Environment that ASD switch to back up power on 10 February as part of state-wide load shedding to protect power supplies. The new $75 million project, funded by the Defence Integrated Investment Program, is intended to bolster the intelligence agency’s resilience.

Several cyber incidents have kept the internet on its toes this week. The Amazon Simple Storage Service cloud hosting service went down last week, knocking hundreds of thousands of popular websites and apps offline. The disruptive incident, originally described by the company as ‘increased error rates’, was actually not the result of cyber criminals or hacktivists, but that of an employee’s fat fingers entering a command incorrectly—whoops! Yahoo is in the doghouse (again) with the awkward announcement in its annual report to the Security and Exchange Commission that 32 million customer accounts are thought to have been compromised through forged cookies. This isn’t to be confused with the entirely separate and very embarrassing loss of 1 billion accounts in a 2013 breach, which recently cost the company $350 million in its acquisition deal with Verizon and CEO Marissa Mayer her annual cash bonus. And if you’ve been tracking the #cloudbleed saga, catch up with some post-mortems here, here and here.

Finally we’ve got you covered for your weekly cyber research reads. A new Intel report, written by the Centre for Strategic and International Studies, examines the discrepancies in cyberspace that put defenders at a disadvantage. Titled Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity, the report reveals the gaps between attackers vs. defenders, strategy vs. implementation and executives vs. implementers, offering recommendations to overcome such obstacles. And get your fix of statistics from PwC’s annual Digital IQ assessment based on a survey of more than 2,000 executives from across the world. The research reveals that only 52% of companies consider their corporate Digital IQ to be ‘strong,’ a considerable drop from 67% last year.


Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/cyber-wrap-154/

[1] reported: https://www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html?_r=1

[2] persistently high failure: http://www.news.com.au/technology/online/security/donald-trump-vs-north-korea-president-inherits-cyberwar-against-kim-jongun/news-story/be1f74ba07629df51ce96cbb969406c2

[3] left of launch: http://missiledefenseadvocacy.org/alert/3132/

[4] dangerous precedent: https://www.theatlantic.com/technology/archive/2017/03/north-korea-cyberattack-nuclear-program/518634/

[5] under scrutiny: http://www.reuters.com/article/us-usa-trump-fisa-idUSKBN16855P

[6] Section 702: http://intelligence.house.gov/fisa-702/

[7] revealed: http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-cheat-sheet

[8] protesting: https://techcrunch.com/2017/02/13/aclu-calls-for-tech-firms-to-lobby-for-surveillance-reform/

[9] will not hesitate: https://www.bloomberg.com/news/articles/2017-03-02/if-trump-spoils-privacy-pact-we-ll-pull-it-eu-official-warns

[10] ‘Vault 7’: https://wikileaks.org/ciav7p1/

[11] agency’s expansive and sophisticated: http://www.abc.net.au/news/2017-03-08/wikileaks-releases-thousands-of-documents-cia-revelation/8334366

[12] launched: https://www.scmagazine.com/china-outlines-goals-of-state-run-internet-in-cyberpolicy-paper/article/642033/

[13] stated: http://in.reuters.com/article/china-internet-idINKBN16849B

[14] here: http://news.xinhuanet.com/english/china/2017-03/01/c_136094371.htm

[15] revelation: http://www.zdnet.com/article/australian-signals-directorate-to-get-au75m-facility-upgrade/

[16] hundreds of thousands: http://thehill.com/business-a-lobbying/322071-amazon-typo-hobbled-large-swath-of-internet?utm_source=&utm_medium=email&utm_campaign=6507

[17] increased error rates: https://www.theregister.co.uk/2017/02/28/aws_is_awol_as_s3_goes_haywire/

[18] not the result: https://aws.amazon.com/message/41926/

[19] annual report: https://investor.yahoo.net/secfiling.cfm?filingID=1193125-17-65791&CIK=1011006&soc_src=mail&soc_trk=ma

[20] entirely separate: https://techcrunch.com/2016/12/14/yahoo-discloses-hack-of-1-billion-accounts/

[21] deal with Verizon: https://www.nytimes.com/2017/02/21/technology/verizon-will-pay-350-million-less-for-yahoo.html

[22] cash bonus: http://money.cnn.com/2017/03/01/technology/yahoo-marissa-mayer-security-breach/

[23] #cloudbleed: https://twitter.com/search?q=%23CloudBleed&src=tyah&lang=en

[24] here: https://www.forbes.com/sites/thomasbrewster/2017/03/01/cloudbleed-leak-massive-but-not-too-harmful/#4114c4dc613c

[25] here: http://wccftech.com/cloudbleed-post-mortem-massive-leak/

[26] here: http://www.news18.com/news/tech/symantec-releases-automated-solution-to-protect-users-from-cloudbleed-1357189.html

[27] Tilting the Playing Field: How Misaligned Incentives Work Against Cybersecurity: https://www.mcafee.com/us/security-awareness/articles/misaligned-incentives.aspx

[28] Digital IQ: http://www.pwc.com/us/en/advisory-services/digital-iq.html