US security agency told to report on disclosure of software vulnerabilities; privacy watchdog warns of Google’s use of data on shoppers; Chinese bid for MoneyGram could give Beijing access to sensitive information.

Wall Street Bull

By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.

GOVERNMENT

National law and policy

  • A senior United States intelligence official stated that China was still conducting commercially motivated cyber espionage against targets in the US, despite a  2015 bilateral agreement.
  • US lawmakers approved a bill requiring the Department of Homeland Security to report on policies concerning the disclosure of software vulnerabilities.
  • Proposed legislation in the US mandates higher security standards for internet-connected devices used within government. A separate new bill would create a legal framework for law enforcement to access data related to US citizens stored on servers in other countries.
  • China will review the personal information protection policies of major online service providers to ensure that entities are not collecting and selling private data.
  • Russian President Vladimir Putin passed a law banning the use of VPNs. The legislation will take effect on 1 November.
  • Prime Minister of Russia Dmitry Medvedev signed a new digital economy plan, which involves isolating the Russian internet from the global internet, establishing the right of states to regulate national cyberspace and reducing the amount of Russian internet traffic routed through foreign servers.
  • A report from Kaspersky Labs and South Korea’s Financial Security Institute found that North Korea’s hacking operations are increasingly motivated by financial gain.
  • A new report details the activities of Iranian cyber espionage group CopyKittens, which allegedly targeted governments in the US, Israel, Germany, Turkey and Saudi Arabia.
  • Iran’s Information and Communications Technology minister Mahmoud Vaezi announced that messaging platform Telegram has moved some servers to Iran, but Telegram has denied the claim.
  • Kuwait announced a new national cyber security strategy.
  • Myanmar’s parliament is debating amendments to the country’s controversial 2013 telecommunications act.
  • Argentina established an inter-ministerial cyber security committee charged with developing a national cyber security strategy.

International policy

  • The UK and Australia released a joint statement on cyber cooperation, reaffirming a commitment to applying international law in cyberspace and the promotion of voluntary norms of behaviour.
  • Serbian defence minister Aleksandar Vulin said his country has much to learn about cyber security from Israel, on a visit to sign a bilateral defence deal.
  • Romania and South Korea signed a second five-year agreement to enable cyber security cooperation between the countries’ national computer emergency response teams.

Military

  • Estonia will conduct the first strategic-level cyber defence exercise for European Union defence ministers. EU CYBRID 2017 will take place on 7 September.
  • An Information Support Formation from the Strategic Support Force featured in China’s military parade to mark the 90th anniversary of the People’s Liberation Army.

Private sector

  • The Global Internet Forum to Counter Terrorism, formed as a partnership between Facebook, Google, YouTube, Microsoft and Twitter, held its first workshop. The event was attended by government, civil society and technology companies.
  • Facebook announced an investment of US$500,000 in a Harvard University project to defend the US from information warfare aimed at interfering with elections.
  • Apple pulled major VPN providers from its Chinese app store, following new cyber laws announced in January. Amazon is also reportedly banning VPN services in the country.
  • US pharmaceutical firm Merck & Co revised its revenue forecast following disruption caused by the NotPetya malware in June.
  • Huawei issued a formal denial that its smartphones contained software that could be used to facilitate spying.

Emmanuel Macron. Credit: Flickr/thierryleclercq

NATIONAL SECURITY

Government breaches

  • Russia reportedly used Facebook to spy on French President Emmanuel Macron’s election campaign, creating multiple fake accounts to infiltrate the social networks of campaign officials.
  • WikiLeaks published 21,075 emails from the Macron campaign.
  • Russia’s foreign ministry announced that its embassy in Tehran was targeted by a cyber attack, which had inflicted ‘substantial consequences’.
  • Several White House officials responded to spear phishing emails from a ‘prankster’ pretending to be Jared Kushner, Reince Priebus and an ambassador designate.

Critical infrastructure

  • New Zealand’s intelligence service is investigating reports that North Korea might be conducting cyber operations from computer servers located within the country.
  • Security researchers found that widely used radiation monitoring devices are vulnerable to cyber attacks, potentially enabling a hacker to either fake or cover up radiation leaks.
  • Attendees at hacking convention DEF CON breached an array of electronic voting machines, some of which are widely used within the US.
  • Italian bank UniCredit announced that hackers accessed around 400,000 customers' data in late 2016 and again in mid-2017.

Strategic investment

  • Cloud services business Tencent Cloud opened its second overseas data centre in Frankfurt, Germany.
  • US Congressman Chris Smith raised concerns that the purchase of MoneyGram by Alibaba Group’s sister company Ant Financial could grant Beijing access to information on US financial markets and citizens. 

DIGITAL RIGHTS

  • A US court ruled that data from a pacemaker could be admitted as evidence in an arson case.
  • A privacy rights body in the US requested the Federal Trade Commission investigate Google’s use of data on online shoppers to improve its digital advertisements.
  • Mobile internet services have been suspended in Kashmir, India, as a precautionary measure following a series of protests.
Back to content list

VOICES HOMEPAGE

IISS Voices

The IISS Voices blog features timely comment and analysis on international affairs and security from IISS experts and guest writers.

armed conflict database

Armed Conflict Database

A regularly updated IISS online resource providing detailed information on more than 70 conflicts worldwide.