By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.
National law and policy
- United States Secretary of Defense James Mattis requested congress remove from the Department of Defense 2018 spending plan language that compels the US to alert foreign governments when it is carrying out cyber operations using their infrastructure.
- The US Department of Justice moved to limit the use of secrecy orders, allowing technology companies to inform users about government requests to access information.
- In the US legislation was introduced that would ensure political adverts on social media platforms face the same transparency requirements as television and radio advertising.
- At the 19th National Congress of the Communist Party of China, President Xi Jinping announced the country would enhance internet censorship to resist ‘erroneous viewpoints’, continue a programme of military modernisation and push for ‘deep integration between the real economy and advanced technologies including the internet, big data and artificial intelligence’.
- A cyber espionage group with links to China is targeting defence contractors, universities, legal organisations and government agencies in the US, Western Europe and the South China Sea.
- Russia’s defence ministry proposed legislation that would prohibit soldiers from publishing personal information on social media, citing concerns that the information could be used to undermine military activity or facilitate influence operations.
- Russian-linked hacking group APT28 is spreading malware by distributing fake fliers for an upcoming conference organised by NATO’s Cooperative Cyber Defence Centre of Excellence.
- Researchers linked a North Korean hacking group to the recent attack on a bank in Taiwan, in the latest indication that North Korea is increasingly using cyber capabilities for financial gain.
- The United Kingdom issued cyber security guidelines for the defence supply chain.
- Canada’s intelligence agency will make public the code of one of the cyber defence tools used to protect the country’s networks.
- Australia’s intelligence agency released its annual report describing the ‘extensive, unrelenting and increasingly sophisticated’ threat cyber espionage poses to the country’s national security.
- Italy is introducing curriculum to help high school students recognise ‘fake news’ online.
- Ghana’s communications minister announced the country would set up a national cyber security centre in the coming months. Ghana will also work with Facebook, Google and Microsoft to tackle cybercrime.
- The first annual review of Privacy Shield, the agreement governing data transfers between the European Union and the US, found the agreement adequately protects the data of EU citizens.
- A G7 meeting in Italy focused on terrorist use of the internet included representatives from major technology companies.
- An EU court issued a non-binding opinion finding that national regulators in EU countries do have the right to take direct action against Facebook if they suspect it has illegally processed data. The European Court of Justice is expected to issue a decision on the case in the next six months.
- The Canadian armed forces hired its first batch of ‘cyber operators’, who will be charged with carrying out offensive cyber operations.
- YouTube’s relationship with Russian state-run media company RT has come under scrutiny. The channel, described by the US intelligence community as the Kremlin’s propaganda outlet, has 2.2 million subscribers on the platform.
- On 1 November Twitter, Facebook and Google will testify before congressional investigations into Russian interference in the 2016 US presidential election.
- Facebook announced it would take measures to safeguard Canada’s federal election against fake news and hacking, including supporting digital literacy campaigns and releasing a cyber hygiene guide for politicians. Canada’s intelligence agency said in June that it expected interference in the election.
- Kaspersky Labs CEO Eugene Kaspersky said the company would allow an independent third party to inspect its software.
- Twitter detailed a series of steps it will take to make the platform safer. Early changes will include a stricter policy on non-consensual nudity and greater transparency around account suspensions.
NATIONAL SECURITY THREATS
- The US House Committee on Science, Space and Technology held a hearing on the risk Kaspersky Labs products posed to national security.
- The US Department of Defense is reviewing whether Kaspersky Labs software is used in any military systems.
- Another ransomware attack has hit organisations across Ukraine and Russia, including the Kiev metro, Odessa airport, and Ukraine’s ministries of finance and infrastructure. Russian news media company Interfax was also affected.
- US Homeland Security and the Federal Bureau of Investigation issued a warning about cyber attacks against US energy, water, nuclear, aviation and critical manufacturing companies.
- A denial-of-service attack took down two Czech websites associated with the country’s parliamentary election, but did not interfere with the election itself.
- Spain’s high court was targeted as part of Operation Free Catalonia, with hackers reportedly gaining access to its computer systems.
- Civil liberties groups called for the EU to scrap its proposal to require online service providers to scan the content they host for copyright infringements, arguing that the measure would lead to companies deleting content out of caution.
- A hacking group linked to the Chinese government is reportedly using mobile spyware to monitor the country’s minority Uyghur citizens.