This report was prepared by The Institute for National Security Studies (INSS) and The Cyber Security Forum Initiative (CSFI) to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-up measures.
Senate panel begins crafting cybersecurity bill
A key Senate panel took the first step toward crafting legislation to give businesses greater incentives to share information about cyber threats with the federal government.
The Senate Homeland Security and Governmental Affairs Committee asked corporate leaders and civil liberties experts how best to write a bill that would boost information-sharing while still protecting consumers’ personal data.
“One of our missions for this Congress is to address the cybersecurity threat,” said the committee’s new chairman, Sen. Ron Johnson, R-Wis.
Lawmakers appear to be moving quickly to take a bill to the new Congress as President Obama and a coalition of tech and business groups push for action in the wake of the high-profile hack of Sony Pictures in November.
China puts cybersecurity squeeze on US technology companies
US business lobbies have responded with alarm after China’s government moved to force American companies selling technology to Chinese banks to hand over their software secrets and adopt encryption algorithms dictated by Beijing.
The American Chamber of Commerce in China and 17 similar US business groups have called for “urgent discussions” with the Chinese government over the new cybersecurity regulations and urged Beijing to postpone the implementation of the new policies.
In a letter to China’s top cybersecurity policy group dated 28 January, they said the new rules would require “intrusive” security testing and the disclosure of sensitive intellectual property.
UK fighting alongside US to counter cyber threats against financial institutions
During his visit to the White House in Washington on Thursday, January 15, UK Prime Minister David Cameron announced that he would strengthen cyber cooperation with the US. He announced that the MI5 and FBI plan to join forces in a series of exercises to counter cyber-attacks. The two intelligence agencies will share information on emerging threats and trends.
Prime Minister David Cameron and President Barak Obama discussed a series of joint cyber war games, which will simulate cyber-attacks against UK financial institutions. This cyber cooperation will involve both countries’ intelligence agencies as well as financial organizations and banks. The goal of this new cooperation is to counter large-scale cyber-attacks that the UK is currently experiencing and strengthen the security of their critical national infrastructures. This new cooperation between the two countries is just another among others already established. Indeed, The UK and US have been working together for a while.
The NSA and the GCHQ are the two largest communication intelligence agencies currently cooperating on issues such as counter terrorism, cyber jihad, and cyber threats. Moreover, this new cyber security agreement was announced following the release of a cyber security report made by the UK CERT of the GCHQ. The report focused several issues such as the current cyber-attacks and the threats toward British businesses. Moreover, the report revealed that over 80 per cent of large UK firms suffered from cyber-attacks in 2014. The UK is on constant alert due to the number of cyber-attacks against their infrastructures, which include financial institutions, industrial systems, and defense corporations.
France held International Forum on Cyber Security
The International Forum on Cyber Security was held in France on January 20th and 21st in Lille. The forum discussed the recent cyber-attacks, trends, and emerging threats. On this occasion the French Vice Admiral Armand Coustillère, who is leading the French Cyber Command, has recently declared that the recent international cyber-attacks have been considered as an act of cyber-warfare. His US counterpart, John Davis, has meanwhile expressed that “a growing number of countries are entering in the club of security threats targets.”
In France, the defense minister, Jean-Yves Le Drian, announced on January 13th the creation of a “Fourth Army” with “cyber soldiers.” To reach this goal, France has released a “cyber defense pact” which includes a budget of one billion euros over five years. Today, French intelligence services count about 250 cyber specialists, and this number is expected to reach 400 by 2017. For the past few years, France started to change its cyber defense strategy. Indeed the hexagon increased its number of cyber security specialists and its budget. Moreover, cyber security degree programs have been developed in several French universities in cooperation with French authorities.
France is developing its national cyber policy. Similar to China or Russia, France wants to only use French cyber products developed and made in France for its national security in order to avoid backdoors. This strategic choice is becoming more popular, due to the number of backdoors introduced by manufacturers in order to gather intelligence on several country infrastructures and defense corporations.
Cyber warfare: Army creates ‘Twitter troops’
Members of the British Army’s new 77th Brigade have been trained to use guerrilla tactics and will be experts in psychological warfare operations. The Army hopes the brigade will impact the traditional battlefield using non-lethal techniques including social media to reflect the digital age. Using creative thinking, it is hoped that 77th Brigade will influence the minds and shape the behaviour of the enemy and local populations.
CHINA & APAC
Obama discussed cyber security issues with India
Cybersecurity was among the topics discussed between President Barack Obama and Indian Prime Minister Narendra Modi. Obama was the chief guest at the Indian Republic Day Parade, which was held on January 26. US Deputy National Security Advisor Ben Rhodes said during the visit that cybersecurity “was identified as an area where there can be increased cooperation.” As he noted further, “The cyber discussion came up specifically in that context with the need to protect intellectual property.” President Obama later added, “In knowledge-based economies, entrepreneurs and innovators need to feel confident that their hard work and, in particular, their intellectual property will be protected.”
Much of India’s cyber security infrastructure is inadequate and has been penetrated on a number of occasions. Given an obvious shared concern for securing cyber infrastructure, expanding the scope of cooperation with the US seems to be a natural course of action for both nations. As detailed in a US-India joint statement, “The President and the Prime Minister also noted the serious risks to national and economic security from malicious cyber activity and agreed to cooperate on enhancing operational sharing of cyber threat information, examining how international law applies in cyberspace, and working together to build agreement on norms of responsible state behavior.”
A dedicated agency for national cyber security
The Cyber Security Agency (CSA) of Singapore will come under the Prime Minister’s Office and will provide dedicated and centralised oversight of national cyber security functions.
The agency will take over the functions of the Singapore Infocomm Technology Security Authority (SITSA) and some roles of IDA.
The CSA will consolidate and build upon the government’s cyber security capabilities. These include strategy and policy development, cyber security operations, industry development, and outreach. CSA will also work closely with the private sector to develop Singapore’s cyber security eco-system.
First conference for information security of Russia in the global information society
On February 5, Moscow will host a plenary congress called “information security of Russia in the global information society,” in which the following will participate: The First deputy Minister of Defense – Chief of the General Staff of the Russian Armed Forces, First Deputy Head of the scientific and technical service of the Russian FSB service, Director of Information Security of Microsoft Russia, and The Director of the Department of Information Technologies and Communications of the Government of the Russian Federation. On the same day, February 5, Positive Technologies Co. will hold a conference on “how it hacked and protected the global network in 2014.” Company experts will introduce the conference participants with the most modern methods of attacks and will present proven methods of protection.
Abu Dhabi Police issue warning on new cyber bank scam
Police in Abu Dhabi have issued a warning about an increasing number of cyber email scams aimed at stealing bank savings of their targets.
Police have urged potential victims not to respond to the emails sent by international gangs operating from abroad, adding that some of these emails contain malware or phishing scams to trick people in order to get information like their bank account numbers and passwords.
Colonel Dr. Rashid Borshid, head of the Criminal Investigation Department (CID), warned against the increasing number of cyber crimes.
New Israeli Cyber Defense Authority
A new executive decision will soon be submitted for government approval in Israel. The decision proposes the establishment of a national authority for cyber defense within the Israeli Prime Minister Office. The proposed decision aims to provide up-to-date measures for “cyber defense.” According to the proposed decision, the present measures are incomplete and insufficient. The new authority will absorb most of the powers currently vested with National Authority for Information Security (NISA, Hebrew: RE’EM) that operates under the Israeli Security Agency (ISA, Hebrew: Shabak).
These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: email@example.com.
CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.