Weekly cyber update for the week commencing 9 February 2015

Katharine Alexander

The latest round up of legal and regulatory developments and news relating to cybersecurity, brought to you by the Datonomy blogging team at Olswang LLP.

 UK developments

  •  UK initiatives to develop the cyber insurance market, announced by the Government in November, have been the subject of a recent panel session hosted by industry group techUK. The website post considers: market drivers, the current state of the market, and potential solutions. The discussion featured contributions from Kroll, Hiscox, Dell and DBIS. Working groups in the Government’s initiative are due to report conclusions to the Cabinet Office by April 2015.
  • CESG (which is the information security arm of GCHQ) has published the latest document in its ongoing series, “Keeping the UK safe in cyber space”.  This new guidance is on “Technology and information risk management”.  The guide is aimed at public sector organisations and their supply chains, and outlines the factors to consider when selecting cybersecurity technologies within a business context.
  • MP Francis Maude spoke at the Entrepreneur Country Global Forum on 3 February 2015.  The MP outlined the importance of securing our online identities and what GOV.UK Verify is doing to set standards and encourage development of a market for identity services.  Read the full speech here.
  • The IT press is reporting City of London Police Commissioner Adrian Leppard’s comments at the recent NED Forum summit, where he claimed that it will take a major global company going under before the private sector really shake up their cybersecurity efforts.  Despite the pessimistic tone about the increased threat of cyber attacks, Leppard did comment that he believed the UK Government was doing all it could do to address the threat.
  • Northrop Grumman, one the world’s largest global security companies, is the latest expert firm to be contracted by the UK Government for delivery of cybersecurity solutions.  The seven year contract requires Northrop Grumman to provide engineering and development services in support of data security and information assurance.

 EU developments 

  • Today, the European Network and Information Security Agency (ENISA) published the Threat Landscape and Good Practice Guide for Smart Home and Converged Media. The guide identifies security risks and challenges for emerging technologies in smart homes, and is a step towards achieving the EU Cyber Security Strategy objectives.
  • ENISA renewed its focus on the importance of sharing information with telecoms and internet service providers at the 3rd annual Electronic Communications Reference Group meeting on 29-30 January 2015.  ENISA took the opportunity to demonstrate its new incident reporting tool that will provide the opportunity to share incident reports with other providers in an anonymised
  • Todd Ruback, the Chief Privacy Officer of Ghostery (a marketing technology company that provides online transparency and control software to individuals and businesses), spoke on Data Protection Day (28 January) to the EU Parliament about the potential for self-regulation to complement the EU’s General Data Protection Regulation (GDPR).  Ruback spoke of how the ‘internet of things’ will enhance the need for robust monitoring and meaningful enforcement of data protection regulation and how private companies can assist public bodies.
  • Alexander Klimburg, a senior research fellow at the Hague Centre for Strategic Studies, has claimed that two years after the EU published the first “Cybersecurity Strategy”, the EU is making slow but steady progress towards its aims.  Klimburg has detailed the progress of the each three limbs of the strategy (cyber crime; common foreign and defence policy; and network and information security) and stated that each are pushing forward public policy and challenging the private sector.

 US developments 

  • President Obama has finalised his proposal for the 2016 fiscal budget and is seeking $14 billion to support cybersecurity efforts.  The money is intended to deploy further intrusion detection and prevention capabilities throughout the public sector and to enable greater sharing of information with the private sector.  The largest portion of the proposed budget is allocated to the Pentagon, which has requested $5.5 billion in funding for cybersecurity.  The budget is now to be considered by the Republican-controlled Congress.  Read more here.

 Attacks, statistics and other news 

  • US health insurance company, Anthem, has reported that hackers have stolen personal information from a database containing information relating to up to 80 million people. The hackers have obtained names, birthdays, social security numbers, street addresses, email addresses and employment information, including income data.  Anthem have alerted the FBI and hired cybersecurity firm FireEye to help investigate.  Read more here.
  • Software giant, Adobe, is reporting its third security advisory of the year after discovering further vulnerabilities that can be exploited by malware.  Adobe has publicly expressed concern that successful exploitation of the vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. An update to the flagship Flash Player software has now been made available. Read more here.
  • James Lewis, a cybersecurity expert at the Washington-based Center for Strategic and International Studies, has claimed that businesses should worry less about preventing attackers from getting into their computer networks and more about minimising the damage they cause once inside.  Mr. Lewis is advocating the practice of “air gapping”, physically disconnecting important parts of the computer infrastructure and business practices so that hackers can’t access the rest of a network.  Opponents have argued that this is an unnecessarily expensive practice for most businesses.
  • The tech press is reporting that the US is the leading producer of malicious and privacy-intruding apps, rather than the commonly assumed Asia.  The research, conducted by Marble Security, found that 42% of dangerous apps came from US companies.
  • And finally…prominent hacker group, Lizard Squad, appears to have hacked pop star Taylor Swift’s twitter account after a message was posted on her account stating “go on follow my boy @lizzard”.  Twitter responded ‘swiftly’ by taking the down the message and securing the account.  Safe to say that Ms Swift has managed to ‘Shake It Off’ after posting, “hackers gonna hack hack hack hack hack”.

This week’s update was brought to you by Katharine Alexander (Trainee Solicitor), Tom Pritchard (Paralegal) and Claire Walker (Head of Commercial Know-How).

One thought on “Weekly cyber update for the week commencing 9 February 2015”

Leave a Reply

Your email address will not be published. Required fields are marked *