Late yesterday (7 December) the EU institutions reached a deal on the Network and Information Security Directive. The Directive will introduce new cyber security requirements for providers of key infrastructure, and oblige them to report details of cyber attacks to the authorities. The deadline for bringing the new rules into force will be in Q3 2017. Businesses which fall within the Directive’s definition of “digital service providers” – including online market places, cloud computing and search engines – will also be subject to security and breach notification requirements. The final text of the Directive is still awaited. Datonomy will provide further analysis once the text becomes available. What’s new? On 7 December, after many months of trilogue negotiations, the EU institutions reached a compromise on the text of the NISD. The European Commission issued this press release and the Council of the European Union followed suit swiftly with this … Continue Reading ››
A small selection of the cyber threats and statistics that have made recent headlines.
- Sources including censorship watch dog GreatFire have alleged that the Chinese authorities are staging a “man-in-the-middle” attack on Apple’s iCloud, just days after the iPhone went on sale in China. The attack is designed to intercept user’s iCloud account usernames and passwords, using a fake login site that looks exactly like the Apple iCloud login site. Read more from The WHIR and ITProPortal.
- A new bug, which could be affecting hundreds of millions of computers, servers and devices using Linux and Apple’s Mac operating system, has been discovered. System administrators have been urged to apply patches to combat the bug, which has been dubbed “Shellshock”. Read more from the BBC.
- US companies Home Depot, Supervalu and JPMorgan Chase & Co have all been hit by high profile cyber attacks.
- Mark … Continue Reading ››
These new guidelines were published in June by the Cloud Select Industry Group. Forming part of the European Commission’s wider Cloud Computing strategy which was unveiled in 2012, the guidelines have been described as a first step towards standardised building blocks for terminology and metrics in cloud SLAs. They aim to improve the drafting clarity and customer understanding of cloud SLAs. European Commission Vice-President Viviane Reding said: "[the] new guidelines will help generate trust in innovative computing solutions and help EU citizens save money. More trust means more revenue for companies in Europe's digital single market." The 62 page guidelines – created by a drafting team which included participants from IBM, Amazon, Microsoft and T-Systems – deal with service levels relating to availability, reliability, security, support services and data management, and take into account the guidance of the Article 29 Working Party.
In July the Senate Intelligence Committee approved a bill for the Cybersecurity Information Sharing Act (“CISA”) that would encourage companies to share information about threats with each other and the federal government. The bill has been controversial, especially in the wake of Edward Snowden’s revelations about access to US citizens’ data, as it would give the NSA wider powers to access, retain and use data for “a cybersecurity purpose”. This is rather broadly defined as “the purpose of protecting an information system or information that is stored on, processed by or transiting an information system from a cybersecurity threat or security vulnerability”. Indeed, an open letter from a number of privacy, civil liberties and open government groups has been published criticising the bill. Further coverage can be found here, here and here. The bill is expected to see a full vote in the Senate this year. … Continue Reading ››
With the awareness that future cyber-attacks could have very serious consequences, the Government has proposed amendments to the Computer Misuse Act 1990. In this post we look at the current offences under the Act as well as recent amendments proposed by the Serious Crime Bill. In August 2013, the outgoing US Secretary of Homeland Security Janet Napolitano gave a farewell speech in which she warned: “Our country will, at some point, face a major cyber event that will have a serious effect on our lives, our economy and the everyday functioning of our society.” Her message vocalised what governments, businesses and organisations around the world are well aware of: as we become increasingly reliant on technology, and as systems become even more interconnected and complex, the risk of a serious cyber-attack increases. And whilst we currently associate cyber-attacks with access to personal data and damage to commercial interests, in the future the … Continue Reading ››