New US National Security Strategy targets cyber threats; Iranian hackers attack Middle East governments; Houthi rebels bring down internet in Yemen.

US defence secretary James Mattis. Credit: US Department of Defense/FLICKR

By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.

POLICY

National law and policy

  • The United States will soon release its new National Security Strategy, which will guide national security policy for responding to cyber threats.
  • Lawmakers in the US passed legislation that would make an existing division of the Department of Homeland Security a stand-alone agency, responsible for the cyber security of federal networks and the country’s critical national infrastructure.
  • A Russian hacker reportedly testified in court that Russia’s security service directed him to hack into US Democratic National Committee computers and steal Hillary Clinton’s emails.
  • Russia allegedly ran an influence operation to discredit Scotland’s 2014 independence referendum.
  • Germany’s security service published names of social media accounts it suspects are being run by Chinese intelligence as part of espionage operations.
  • A cyber espionage group with links to the Indian government is now targeting businesses in addition to government and diplomatic institutions, primarily in China and South Asia.
  • Bulgaria is developing an updated national security strategy that will address cyber security policy.
  • Lawmakers in Ireland proposed legislation that would criminalise the sharing of fake news.
  • Australia passed legislation to protect critical national infrastructure from sabotage and cyber attacks by foreign agents.
  • An Iranian cyber espionage group known as Charming Kitten is targeting academics and individuals working for media and human rights organisations as part of an ongoing campaign.
  • Ghana established an inter-ministerial committee and national cyber security secretariat to support implementation of the country’s national cyber security strategy.

International policy

  • NATO and the European Union discussed further strengthening cooperation on cyber security.
  • The Trump administration reportedly turned down a broad non-interference agreement with Russia in July, concerned that it would be hard to enforce and politically problematic for the White House.
  • A Vietnamese citizen was sentenced for hacking into sensitive computer networks and stealing information after Australian authorities notified Vietnamese law enforcement that he had hacked an Australian airport’s networks.

Military

  • Singapore’s Ministry of Defence announced it will let ethical hackers try to penetrate the ministry’s networks as part of the government’s first bug bounty programme.

Singapore military parade 2017. Credit: AngstyRandi/FLICKR

Private sector

  • Facebook, YouTube, Twitter and Microsoft announced they have removed 40,000 images and videos promoting terrorism from their platforms, thanks to a coordinated initiative that relies on information sharing between the organisations.
  • Google updated its regular transparency report to include more information on requests from the US government as well as government censorship on platforms like YouTube and Blogger.
  • Facebook launched a messaging platform for under-13s. The platform is advert-free and has strict controls on who can contact users and what content can be shared.
  • A survey by the US–China Business Council found 82% of companies are concerned about Chinese policies on cross-border data flows and technology security.

NATIONAL SECURITY THREATS

Government breaches

  • An Iranian hacking group with ties to the government exploited a newly disclosed Microsoft vulnerability to target financial institutions, energy companies and government bodies across the Middle East.
  • A pro-Islamic State hacking group released a video threatening a ‘massive cyber war’ against the US. However, the attack appeared to consist only of the defacement of a US township website.

Critical infrastructure

  • Houthi rebels in Yemen disrupted internet access across the country as they consolidated their control over government ministries in the capital.

Houthi fighters in Yemen. ©Getty

  • A county in North Carolina, United States, has reverted to paper after refusing to pay a US$23,000 ransom to recover its data. Some of the county’s tax collection and criminal justice processes have been disrupted.
  • The United Kingdom’s Financial Conduct Authority believes that the country’s banks are not disclosing all successful cyber attacks to regulators.
  • A cybercriminal group with links to Russia stole US$10 million from US and Russian banks over the last 18 months.

DIGITAL RIGHTS

  • Ethiopia is targeting dissidents in the country as well as abroad with a commercial cyber surveillance programme.
  • Mobile internet services have reportedly been shut down in parts of Kashmir, India.
Back to content list

Latest Posts

Strategic Dossier

Cyber security has become a focal point for conflicting domestic and global interests, and increasingly for the projection of state power. 'Evolution of the Cyber Domain' contextualises the key developments since the 1950s.

armed conflict database

Armed Conflict Database

A regularly updated IISS online resource providing detailed information on more than 70 conflicts worldwide.