Our weekly digest of the world's cyber security news.

Cyber attacks Credit: flickr christiaan colen

By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.

GOVERNMENT


National law and policy

  • United States Department of Defense’s Defense Science Board (DSB) released a long-awaited report on cyber deterrence. The report makes three recommendations to improve the US policy on the issue: that the department should conduct tailored cyber deterrence campaigns; boost the cyber resilience of select strike systems to improve second-strike capabilities; and improve attribution capabilities across the federal government.
  • At a hearing on cyber strategy and policy at the US Senate Armed Services Committee, John McCain lamented the ineffectual deterrence policy and pushed for a more muscular response to Russian election interference. Representatives from the DSB warned that the offensive capabilities of other powers far exceed the US’s ability to protect critical national infrastructure.
  • The Insurance Regulatory and Development Authority of India issued a draft of its Information and Cyber Security Framework for the Insurance Sector.
  • South Africa introduced revised cybercrime legislation, in response to national and international civil society and business opposition to the 2015 legislation. The new legislation alters the previous copyright infringement approach and provisions, as well as some language relating to computer-related terrorist activity.  
  • Chinese Premier Li Keqiang delivered the annual Report on the Work of the Government at the National People’s Congress. He said in 2017 China would increase broadband speed and lower the cost of internet services; push forward with the Internet Plus action plan; and further develop and promote the country’s domestic IT industry.
  • Indonesia’s National Counterterrorism Agency is working with internet activists to build websites aimed at countering ‘radical ideologies and hoaxes online’.
  • The Netherlands is considering the ‘Computer Crime III’ bill, which would increase police powers to prosecute cybercrime.

International policy

  • In the US, Chinese telecom equipment maker ZTE pleaded guilty to allegations of breaking the International Emergency Economic Powers Act by selling equipment to Iran, and agreed to pay a USD892 million settlement.
  • France and Germany followed their 2016 push for mandatory decryption laws in the EU by submitting a letter to European commissioners calling for this proposal to be tabled in October 2017. Politico reported that the European Commission supports the proposal, but the idea faces criticism from industry.
  • Britain’s Ministry of Defence called for greater EU–UK cooperation on cybersecurity.
  • China is taking cyber actions against South Korea, in response to news that the country will host the US-operated THAAD missile defence system. China’s response reportedly involves carrying out distributed denial-of-service (DDOS) attacks against a South Korean business and blocking access to South Korean cultural exports.
  • An international cyber security conference for diplomats, cyber security experts and government officials is scheduled for 9 March in Dhaka, Bangladesh. The event aims to improve coordination in response to cyberattacks.

Military

  • Singapore’s Defence Minister announced that the country would set up a Defence Cyber Organisation responsible for developing cyber defence strategies and capabilities and providing support to the country’s Cyber Security Agency.
  • The New York Times reported that President Obama ordered Pentagon cyber and electronic strikes against North Korea’s nuclear programme in 2014, causing a number of test rockets to ‘explode, veer off course … [and] disintegrate midair’.
  • Indian media said the country’s Ministry of Defence is setting up a tri-service cyber unit responsible for offensive and defensive operations. A draft proposal recommending the creation of a tri-service cyberwarfare command was first reported in 2012, and it is not clear whether this proposal has now been approved.

TV Flickr flashpro

NATIONAL SECURITY


Government breaches

  • Wikileaks published ‘Vault 7’, a collection of documents about CIA operations and tactics. The leak revealed that the CIA is exploiting internet-connected TVs and cars, but has not defeated encryption.  
  • President Trump tweeted an accusation that Barack Obama wire-tapped Trump Tower in the lead up to the US election. FBI Director James Comey has since asked the Justice Department to deny this, and a spokesperson for Obama has rejected the claim.
  • Vice President Mike Pence’s spokesperson confirmed that Pence used an AOL email address while serving as Governor of Indiana. The account was hacked last year, and Pence has faced criticism for attacking Hillary Clinton’s use of a private email and server. There are, however, some important distinctions to be made between the two cases.
  • Cyber security company FireEye predicted that US government agencies, think tanks and political groups should expect more cyber intrusions as other states try to get up to speed on Trump’s policies.
  • After news about an internal crackdown on leaks was itself leaked, the White House is reportedly seeking a technological solution to stop unauthorised sharing of information. It is unclear how this will counter staffers using encrypted messaging tools on personal devices.

Critical infrastructure

  • US Senate Democrats asked the Election Assistance Commission what it was doing to improve cyber defences in election systems. The FBI is investigating a server hack that compromised information about voters in the state of Georgia.
  • The Wall Street Journal reported that on 25 and 26 October 2016, emergency call centres in 12 US states were downed by ‘zombie’ phone calls inundating systems with up to hundreds of calls.  
  • Progressive groups in the US are being hit with a slew of ransomware cases, according to reports.
  • France will not go ahead with a plan to allow citizens abroad to vote electronically, due to cyberattack concerns.
  • Luxembourg government servers successfully blocked a DDoS attack, which authorities said was the most significant attack that government websites have seen to date.
  • Security firm Kaspersky has discovered a new wiper malware in the model of Shamoon. Called StoneDrill, it has so far been deployed in the Middle East and Europe.

DIGITAL RIGHTS

  • The Cloudbleed bug may have resulted in thousands of websites leaking personal data.
  • The Economist Intelligence Unit launched the Inclusive Internet Index, a Facebook-commissioned project ranking countries based on internet accessibility. Singapore and Sweden tied for first place, followed by the US, Britain and Japan.
Back to content list

VOICES HOMEPAGE

IISS Voices

The IISS Voices blog features timely comment and analysis on international affairs and security from IISS experts and guest writers.

armed conflict database

Armed Conflict Database

A regularly updated IISS online resource providing detailed information on more than 70 conflicts worldwide.