By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.
National law and policy
- US lawmakers introduced legislation to amend title 10 of the United States Code to compel the Department of Defense to notify Congress about cyber operations outside of war zones.
- US Director of National Intelligence Daniel Coats testified that it was infeasible for the NSA to provide data on how many US citizens are affected by Section 702 of the Foreign Intelligence Surveillance Act, which allows warrant-less surveillance of communications data.
- The Russian State Duma is considering draft legislation that would ban the use of VPNs and proxies to access blocked sites, and details measures for implementing the rules. The legislation would also stop search engines from providing links to banned sites.
- France’s cyber security agency released its latest annual report, which detailed plans to expand its staff by 5–10% annually, reaching a total of 750 employees.
- Sweden’s government said it reached an agreement with opposition parties to strengthen anti-terrorism measures, which would include improving information sharing between intelligence and migration agencies and allowing for stronger electronic surveillance of high-risk individuals.
- Gibraltrar is developing a national cyber security strategy.
- The Malaysian government will table new cyber security legislation in the next parliamentary session. Malaysian media also reported that several locally registered websites used by extremist groups to recruit members had been shut down.
- Singapore’s Prime Minister warned that social cohesion could be destroyed in cyberspace and said radical ideas should be countered.
- Vietnam’s Ministry of Information and Communications is drafting legislation that sets out penalties for cybercrimes, including offences on social media.
- A Czech National Cyber Security Centre representative said the country should develop the capacity to attack an adversary’s cyber infrastructure in response to a cyber attack.
- Estonia plans to open a ‘data embassy’ in Luxembourg to help safeguard the country’s online data and infrastructure.
- Australia’s Attorney General George Brandis stated that service providers must be obligated to decrypt communications for the government when necessary, but added he would not seek ‘backdoor’ access. Prime Minister Malcolm Turnbull later clarified that the government would not demand backdoors but would seek greater cooperation with social media and telecom companies. He also called for greater cooperation between Australia and its allies on this issue, which will be the focus of an upcoming ‘five eyes’ intelligence meeting.
- Tanzania’s Minister for Works, Transport and Communications urged the country’s religious leaders to encourage people to use social media for social, economic and religious benefits.
- Latvian national Peteris Sahurovs appeared in court in Minneapolis on charges of wire fraud, computer fraud and conspiracy after he orchestrated a ‘scareware’ campaign that saw him net over US$2 million. He was extradited to the US from Poland, where he was arrested in November.
- During the Shanghai Cooperation Organisation (SCO) annual summit, Chinese president Xi Jinping said China hoped to host another cyber-focused counter-terrorism exercise with SCO member states. Russian Deputy Foreign Minister Morgulov called for the organisation to take efforts to safeguard cybersecurity and the presidents of Kazakhstan, China, Kyrgyzstan, Russia, Tajikistan and Uzbekistan signed the Astana Declaration, which includes a commitment to combat cyber terrorism.
- Chancellor of Germany Angela Merkel called for a rules-based digital world during a meeting with Mexican president Enrique Peña Nieto.
- Australia and Thailand signed a cybercrime agreement, which will strengthen bilateral cooperation in digital forensics.
- From 12–16 June Geneva will host the WSIS Forum to facilitate a multistakeholder discussion about the role information communications technologies can play in development.
- EuroDIG 2017, a pan-European dialogue on internet governance, was held in Tallinn from 6–7 June.
- AFRINIC, the body that allocates IP addresses in Africa, rejected a proposal that would penalise governments that shut down internet access by refusing to provide them with new IP addresses.
- UK Prime Minister Theresa May and French president Emmanuel Macron discussed stepping up bilateral cooperation on the issue of extremist content online.
- A US Army training exercise in Fort Irwin, California, included use of cyber weapons and electronic warfare technology to deter a simulated tank assault.
- A Chinese National Defence University professor said military academy reforms would include making programmes in information technology and intelligence studies more prominent.
- Reports suggest Russia is targeting the US military with active measures, including with propaganda campaigns directed at service members and veterans, sophisticated phishing attacks and the exploitation of social media networks for intelligence gathering.
- Canada released a new defence policy which states that the Canadian Armed Forces will undertake ‘active cyber operations against potential adversaries in the context of government authorized missions’.
- Former senior director for counterterrorism at the National Security Council Joshua Geltzer is quoted in the New York Times saying efforts to counter ISIS through cyber operations have been less successful than anticipated.
- A South Korean court ruled that military orders sent via social media are binding in a case over a reserve forces personnel disobeying a Kakao Talk message from his immediate commander.
- US Army Cyber Command and Dutch Defence Cyber Command held a joint training exercise focused on cyber capabilities for special operations forces.
- The Egyptian government is demanding Uber and regional ride-sharing company Careem provide real-time access to user data.
- Facebook is reportedly cooperating with the Armed Forces of the Philippines to delete user accounts that have been identified as promoting terrorism.
- Microsoft released a series of updates for older Windows operating systems, citing an elevated risk for destructive cyber attacks coming from nation-state actors.
- Following the recent hack of Qatar’s state news agency which sparked a diplomatic crisis in the region, the Qatari-funded media network Al-Jazeera has stated it is facing ‘systematic and continual hacking attempts’. It was also reported that Qatari IP addresses were intermittently blocked in Egypt and the United Arab Emirates.
- New reporting suggests that election infrastructure in 39 states across the US was hit by Russian hackers in the lead up to the 2016 presidential election.
- The US Department of Homeland Security and Federal Bureau of Investigation issued a joint Technical Alert on malicious cyber activity associated with the North Korean government, referred to as Hidden Cobra.
- US cybersecurity firm FireEye said APT28, a hacking group with links to the Russian government, attacked Montenegro using malicious Microsoft Word document attachments as the country prepared to join NATO.
- The New Zealand Government Communications Security Bureau said it was working to improve cyber security in government departments, critical infrastructure and big business.
- In Russia, the Yaroslavl Region public prosecutor’s website was hacked and made to display a movie produced by the Anti-Corruption Foundation.
- Wnet, an internet provider in Ukraine, denied allegations made by the state’s security agency that it was illegally routing internet traffic through Crimea in the interests of the Russian government.
- New analysis of the malware used to disable Ukrainian electricity substations in December 2016 found that the malware was purpose-built for attacking critical infrastructure, more sophisticated than the malware used for the same effect in late 2015, and includes plug-in components that would enable it to be used against other targets.
- The newly-appointed enforcement co-directors of the US Securities and Exchange Commission said cybercrime poses the greatest threat to markets.
- A report from the Bank of Canada said that cyber threats pose a ‘structural vulnerability’ to financial institutions.
- The Bank of Korea said it was taking precautions against a possible attack by Anonymous, after the group threatened to target central banks.
- A group of six Canadian mining companies agreed to start the Mining and Metals Information Sharing and Analysis Centre to share information on cyber security threats. The platform is expected to begin in July.
- Reuters reported that the US is drafting legislation to strengthen the ability of the Committee on Foreign Investment in the United States to block technology investments. Chinese efforts to invest in artificial intelligence were cited as a particular concern.
- Canadian opposition parties called on Prime Minister Justin Trudeau to reverse approval of the sale of Norsat International Inc. to Chinese-owned Hytera Communications, amid national security fears. The head of the US–China Economic and Security commission also said the purchase ‘raises significant national security concerns’.
- David Kaye, UN Special Rapporteur on Freedom of Expression, presented his report on the role of the private sector in safeguarding free expression online.
- United Arab Emirates General Prosecutor Hamad Saif al-Shamsi warned that showing sympathy for Qatar on social media would be considered a cybercrime.
- Tajikistan restored access to YouTube and Facebook.
- Authorities in Egypt have blocked access to five popular VPN providers without giving an official reason.
- In Saharanpur, India, internet services were blocked for two days to ‘prevent social media being misused’ after the arrest of Bhim Army founder Chandrashekhar.
- In Ethiopia, authorities restored internet access after a contentious blackout was imposed between 31 May and 8 June to prevent leaks of university entrance exams.
- The Cyberspace Administration of China (CAC) shut down several online accounts on media platforms such as Weibo for posting ‘vulgar’ content, including many ‘entertainment industry gossip accounts’. Meanwhile, the Communist Party’s anti-graft inspectors criticised the CAC for failing to effectively implement President Xi’s internet policies.
- Pakistan sentenced 30-year-old man Taimoor Raza to death for sharing blasphemous content on social media.
- Nepal is introducing a ‘smart card’ for foreign nationals spending over 15 days in the country. The move is targeted at missionaries and will enable the government to monitor data on their movements and activities.