Here is the latest round up of cybersecurity news from the Datonomy blogging team at Olswang.
- There does not appear to have been any official news on the progress of the Network and Information Security Directive during the past week. Further trilogue discussions between the three EU institutions were expected to take place at the end of February – see our latest report here. According to the TechUK website, the UK government was due to give a briefing to TechUK members on the impact of the Directive on 17 February 2015.
- Vice-President of the European Commission for the Digital Single Market, Andrus Ansip, recently spoke on the issue of “A safe and secure connected digital space for Europe” at a debate hosted by the European Internet Foundation. Read the complete speech here.
- The Czech government has approved new national cybersecurity strategy. Similar to strategies in the US and UK, the strategy focuses firstly on critical infrastructure, calls for greater collaboration between the public and private sector as well as greater international cooperation.
- Following last week’s update detailing the cybersecurity summit hosted by President Obama at Stanford University on 13 February, the President signed an Executive Order entitled “Promoting Private Sector Cybersecurity Information Sharing” which, as its name suggests, promotes disclosure of information between private companies and the government. Following the summit, President Obama has been providing further commentary on cybersecurity issues via an interview with the independent technology news site, Re/code. In the interview, the President has committed to his position that the government must be aggressive in this space, noting, “This isn’t a traditional setting where you can just set up a few standards or rules or regulations, and then just sit on our laurels. We have to constantly update all the time.” Taking it one step further, when discussing international relations, the President stated, “This is more like basketball than football, in the sense that there’s no clear line between offense and defense. Things are going back and forth all the time.” Read more here.
- Moscow-based security firm, Kaspersky Lab has according to various reports, including this one on Sky News, published a report linking the US National Security Agency (NSA) with “the Equation Group” and its spyware that has been found on computers in over 30 different countries. The report claims the spyware is connected to “Stuxnet”, a former US NSA computer worm, and that it has been implanted in the disk-drive source code of more than a dozen top manufacturers. Such a strategy raises concerns that the group could have access to most of the computers in the world. Read more coverage from The Independent here.
- The tech press have begun to speculate on whether the potential government shut-down on 27 February 2015, threatened by Congressional leaders following the President’s Executive Order on immigration and a budget impasse, could affect the operations of the Department of Homeland Security (DHS). During the last government shut-down (1 to 16 October 2013), the DHS’s critical functions continued but employees had to work without pay for the period. Experts are suggesting that day-to-day efforts to protect the nation from attack would continue in such a scenario but that it could cause a serious set-back in the development of new proposals and systems (such as the newly established Cyber Threat Intelligence Integration Centre – see last week’s post).
- According to this report on The Register, the day after Australian Prime Minister, Tony Abbott, announced his intention to reform data protection laws, the government has taken the action of delaying a major review assessing Australian cyber risks and examining their public-private collaboration and network security. It is being reported that the delay is being caused by political division, after opposition leader, Bill Shorten, accused the PM of politicising the issue. The review is now unlikely to be concluded before November 2015.
Attacks, statistics and other news
- CERT, the UK National Computer Emergency Response Team, which was established under the UK’s Cyber Security Strategy to coordinate management of cyber incidents and promote best practice in preventing them, produces a weekly update highlighting current threats. The latest update (19 February 2015) is here.
- Following last week’s story regarding the suspected theft of up to $1 billion by hacker group Carbanak, experts are urging UK banks to prepare themselves for a “zero day attack”, according to The Guardian. Zero day attacks involve the use of malicious software that can bypass traditional security measures. Some banks, such as HSBC, are making it publicly known that they are now hiring former military intelligence officers to combat the attacks. Read more coverage in The Evening Standard here.
- The latest document allegedly provided by NSA whistleblower, Edward Snowden, reveals details of British and American spies hacking into the computer networks of the world’s largest SIM card manufacturer, Gemalto (based in the Netherlands). Should the details be true, experts are suggesting that this would enable the NSA and GCHQ to secretly monitor the majority of the world’s mobile communications. Read further coverage by the BBC, here.
- PWC’s latest Global Economic Crime Report concludes that having surveyed 5,128 companies from 99 different countries, one in four has experienced cyber crime and of those, 11% have suffered losses greater than $1 million.
- London-based cybersecurity company, Sophos, is gearing up for a £1 billion London Stock Exchange floatation later this year. The investment firm, Apax, bought a 70% share in the business for £372 million in 2010. Consequently, if the valuation is met, the investment will represent an almost doubling of their money in five years.
- And finally…Security researcher Jacob Torrey, of Assured Information Security, believes he has developed method of encrypting software then prevents reverse engineering (a scheme he calls the Hardened Anti-Reverse Engineering System – HARES). Reverse engineering is the primary method used by hackers to exploit weaknesses in software code. Torrey claims that by instructing the computer to decrypt the code at the last possible moment before the code is executed, software can be much more secure.
This week’s update was brought to you by Katharine Alexander (Trainee Solicitor), Tom Pritchard (Paralegal) and Claire Walker (Head of Commercial Know-How).