By Harriet Ellis, Consultant Research Analyst, Cyber, Space and Future Conflict Programme
National law and policy
- United States Secretary of State Rex Tillerson proposed a new Bureau for Cyberspace and Digital Economy in the State Department. Tillerson had been criticised for dismantling the previous unit responsible for cyber diplomacy, and in January lawmakers in the House of Representatives passed legislation to reinstate it.
- The US Senate will debate a bill, known as the CLOUD Act, which would create a legal framework for law enforcement to access data stored overseas.
- The United Kingdom’s National Cyber Security Centre published a report on the effectiveness of its active cyber defence programme. An estimated 54 million low-level attacks were thwarted in 2017.
- UK parliamentarians will travel to Washington DC to question US technology firms about the political and societal implications of fake news and disinformation on social media platforms.
- Australia’s mandatory data breach notification law entered into force.
- Pakistan’s counter-terrorism agency launched an application that will allow citizens to report extremist content online.
- The Indian government announced it would take steps to regulate cryptocurrency exchanges.
- Iran is reportedly supporting Hizbullah’s ambition to strengthen its cyber capability by providing training and cooperating on cyber operations.
- Cambodia’s telecommunications regulator will question internet service providers for failing to block a website as ordered by the government.
- A UK-led international law enforcement operation involving Europol has ended the distribution of Luminosity Link, a popular remote hacking tool that was available for sale for £30.
- Spain extradited Peter Levashov, a prolific Russian spammer, to the US. The decision concludes a year-long battle between the US and Russia over his extradition.
- NATO’s annual exercise Crossed Swords took place in Latvia. The drill involved participants from 15 countries and comprised of attacks on military units and critical information infrastructure.
- The Swedish armed forces will strengthen their capability to conduct operations in cyberspace.
- The Australian Defence Force established a new Defence Signals Intelligence and Cyber Command.
- Defence officials in Thailand discussed the military’s cyber security policies, including the possibility of establishing a cyber defence command centre. The Ministry of Defence is planning to recruit 1,000 cyber security personnel.
- US Cyber Command’s operational defence arm – Joint Force Headquarters Department of Defence Information Networks – reached full operating capacity.
- The Washington-based US-China Business Council issued a report that found China’s cyber security law made businesses more vulnerable to cyber attacks.
- YouTube will label videos from news providers that receive government funding. The policy will initially only affect US-based users.
- Twitter revised upwards to 1.4 million its estimate of the number of users who engaged with Russian propaganda on the platform during the 2016 US election.
- Chinese internet company Tencent, the owner of WeChat, briefly trialled a credit system for users.
- WeChat users outside China were unable to access certain content from the app, including articles from the New York Times.
NATIONAL SECURITY THREATS
- Norway’s Police Security Service stated that Russian intelligence and influence operations present a major threat to the country’s national security.
- Hackers gained access to the mailbox of a regional branch of China’s central bank, using it to send out an email about bitcoin regulation.
- A spokesperson for the US Department of Homeland Security stated Russian hackers penetrated the voter registration rolls of several US states prior to the 2016 presidential election.
- Hackers linked to Russia’s military intelligence agency targeted US defence contractors in a phishing scheme.
- The UK’s National Health Service remains vulnerable to cyber attacks. According to testimony provided by a government official, all NHS trusts assessed failed to meet cyber security standards.
- Hackers allegedly linked to the Iranian government launched a phishing campaign against Israeli nuclear scientists.
- The Chadian government restored internet services after a period of shut down.