US makes exploits disclosure process transparent; ASEAN’s declaration to combat cybercrime; US urged to rethink automated vetting of immigrants.

US Department of Defense binoculars

By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.

POLICY

National law and policy

  • The United States became the first country to make public its vulnerabilities equities process, the process by which the government determines which computer vulnerabilities to disclose to vendors and which it will keep for intelligence agencies to exploit.
  • The US Justice Department is reportedly preparing to announce charges against Iranian hackers for the HBO cyber attack.
  • Legislators in the US introduced a bill that would strengthen the review process for foreign investment in American companies, particularly within the technology sector.
  • Russia said it will check whether Facebook is in compliance with national law that requires data about Russian citizens to be stored on servers within the country.
  • The United Kingdom launched a £20 million cyber security education initiative aimed at school children.
  • The UK’s electoral commission will require political parties to disclose who pays for political advertising that appears online.
  • Lazarus Group, a hacking group linked to the North Korean government, developed mobile malware targeted at android devices. This malware targeted Korean-speaking users.
  • Vietnam’s cyber security legislation that requires foreign online service providers to store data about citizens locally has been criticised by lawmakers. The bill will be tabled in mid-2018.
  • Singapore’s government announced that the forthcoming cyber security legislation will be amended to specify designated critical information infrastructures, after feedback from tech manufacturers that the definition was too broad.
  • The Malaysian government established a committee to address cybercrime.

International policy

  • Law enforcement officers from Australia, Asia and Europe convened in Vietnam to strengthen cooperation on international cybercrime investigations.
  • The Heads of State of the Association of Southeast Asian Nations (ASEAN) adopted a declaration to combat cybercrime.
  • The European Union and the US agreed to cooperate on cyber security and cybercrime issues.
  • The US and China held a track 1.5 dialogue on cyber security.
  • Australia will build an undersea cable to connect Papua New Guinea and Australia. The Australian government also stated it was in talks with the Solomon Islands to lay a cable that would connect the islands to Sydney. Chinese firm Huawei was previously commissioned to lay a cable connecting the Solomon Islands and Sydney, but this raised concerns about national security.

Chinese army welcomes Joint Chief of Staff

Military

  • China’s People’s Liberation Army launched a website for the public to report online content that attacks the military, including any leaks from officials.
  • The Australian Army proposed a new model for recruitment of cyber security professionals.

Private sector

  • After UK Prime Minister Theresa May’s statement about Russia’s cyber operations against the UK, a Facebook official said the company did not detect ‘significant coordination’ in Russian activities on the platform in the lead up to the referendum to leave the EU.
  • Kaspersky Labs stated that the personal computer of the NSA employee whose files were allegedly obtained by Russian actors was infected with malware, suggesting there was another route into his device.
  • Amazon Web Services announced a new cloud server region aimed at US intelligence agencies and their contractors. Microsoft also introduced a platform aimed at military and intelligence users within government.
  • Several voting machine vendors in the US lack chief information security officers, and some lack a process for dealing with vulnerability reports from external security researchers, prompting concerns that the sector is ill-prepared for cyber threats.

NATIONAL SECURITY THREATS

Government breaches

  • Information collected by US contractors working for the Department of Defense was stored on publicly accessible cloud servers. Much of the information appeared to be gathered from open sources, and a spokesperson for US Central Command described the leak as benign.

Critical infrastructure

  • The Head of the UK’s National Cyber Security Centre said Russian cyber operations have targeted energy, telecommunications and media sectors in the country over the past year.
  • NATO’s Secretary General Jens Stoltenberg said that Russia continues to target Canadian troops on the ground in Latvia with disinformation campaigns, warning that Canada could see its own citizens targeted in future operations.

NATO Secretary General Jens Stoltenberg

DIGITAL RIGHTS

  • Freedom House’s 2017 Freedom on the Net report found 34 out of the 65 countries studied used cyber attacks against critics of the government. Pakistan blocked the report for violating the country’s cybercrime laws.
  • The automated extreme vetting initiative proposed by US homeland security has been criticised for undermining privacy and discriminating against people based on unreliable indicators of whether someone would be a good citizen.
  • IBM announced the release of Quad9, a free domain name service system that will block malicious domains and protect the browsing habits of users.
  • Internet services were suspended in parts of Kashmir, India.
Back to content list

armed conflict database

Armed Conflict Database

A regularly updated IISS online resource providing detailed information on more than 70 conflicts worldwide.