This report was prepared by The Institute for National Security Studies (INSS) and The Cyber Security Forum Initiative (CSFI) to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-up measures.
U.S. to discuss Cyber Legislation this summer
According to the Secretary of Homeland Security, Jeh Johnson, the U.S. Congress is processing new cyber legislation this summer. The new legislation is a necessary action as the U.S. is in need of clear cyber legislation to help industries in sharing cyber-attack information with the government.
Lawmakers have been considering legislation to define how and if private companies should be required to disclose security breaches and cyber threats; however, disagreement over liability and privacy protection repeatedly thwarted comprehensive cybersecurity bills.
Additionally, lawmakers are looking for a legal way to define how the private sector should disclose security weaknesses and cyber threats. According to Johnson, “This new legislation will potentially include some transaction-specific form of limitations on civil liability to protect companies that share information about cyber breaches.”
During the past month, efforts to adopt cyber legislation got a second chance in Congress as leaders of the U.S. Senate Intelligence Committee drafted their own bill. According to the draft, this law would create the opportunity to share data not only with government bodies but also with military and intelligence agencies.
However, protectors of privacy are opposed to this law/bill. They declare that by giving companies liability protection, they will easily abuse consumer data. The United States is probably one of the most sensitive countries on privacy law. The real challenge is on one hand to allow private companies to be able to share information and on the other, to not give them too many rights.
Israeli research on online privacy
New research conducted by Dr. Yuval Dror indicated most Israeli citizens are aware that their cyber privacy online is limited due to marketing companies, but Israelis are doing little to cease the obstruction. 54% of the people asked claimed knowledge of companies using their information for commercial purposes.
Nevertheless, 61% of online users are not using private mode on their browsers, and 53% of them never change their email password after initial creation of the account. The research shows half of participants felt unable to stop companies’ information gathering.
Dr. Dror concludes: “The digital age enables government bodies, commercial companies, and private entities to hurt the privacy of the users, but most of them don’t link their behaviour to the intrusion of their privacy. Most Internet users should understand they can minimize the risks substantially if only they would notice how they are acting online.”
Russian cyber community wants creation of an Information and Defense Ministry
The Director of National Intelligence (DNI) James Robert Clapper recently claimed that U.S. intelligence agencies are currently collecting information about non-U.S. citizens located outside the country via the Internet. This statement caused a wide resonance in the world. Representatives of the Russian cyber community believe the U.S. declared cyber war with all foreign nations, significantly with Russia.
The Russian cyber community announced it would send an open letter to Russian President Vladimir Putin clarifying the need for a new ministry, mainly to be the Ministry of Information and Defense. This office should promote a nation-wide information security program due to recent developments and with Russia being isolated by the West.
Jail for Saudi editor who discussed religion online
A Saudi Arabian court sentenced the editor of a website discussing religion in the ultra-conservative Islamic kingdom to 10 years in jail and 1,000 lashes. His website included articles that were critical of senior religious figures, such as Saudi Arabia’s Grand Mufti, and allegedly insulted Islam and religious authorities, the Human Rights Watch reported. Prosecutors demanded Badawi be tried for apostasy, a charge which carries the death penalty, but this was dismissed by the judge.
Expert speaks on Islamic inspired cyber terrorism
Professor Gabriel Weimann outlined the cyber terrorism threat on May 1 during a talk at Magen David Sephardic Congregation. Weimann’s lecture outlined his over 15 years of research on terrorism in cyberspace.
“In 1998, there were 12 terrorist websites. Today, there are 9,800. All terrorist organizations today are online, and some of them have hundreds of websites. The Internet is so useful because they can use it to communicate with their audiences, find potential recruits among their followers, and launch psychological campaigns,” he explained.
“In the early years, they used only websites. Later, they moved to a more interactive forum: chat rooms. Today, terrorists use all the platforms we know: Facebook, Instagram, Flickr, Twitter, and Google Earth. Google Earth, in fact, is a terrorist’s dream comes true. Google Earth images of the CIA headquarters in Langley, Va., are posted on al-Qaida websites,” he said.
Terror cyber-indoctrination in Syria
French sources warned against the cyber indoctrination of westerners to al-Qaeda, stressing there are currently several hundreds of French nationals in Syria fighting with militias affiliated to Al Qaeda. It is estimated between 500 and 700 French nationals joined the fighting in Syria, more than doubling their number over the last four months. This phenomenon is not limited to France, as every European country is concerned.
China and APAC
Japan and the E.U. on the way to their first cyber agreement
The Japanese Prime Minister, Shinzo Abe, and the European Commission President, José Barroso, held their first “EU-Japan Cyber Dialogue” during their 22nd EU-Japan Summit. This dialogue was part of the “Strategic Partnership Agreement” being negotiated between Japan and the E.U. According to these statements, the goal of this cyber dialogue is to “promote the cooperation on cyberspace through exchanges of our respective extensive experience and knowledge.”
The E.U. declared there is an increase of worldwide cyber-attacks beyond borders, therefore, making international cyber security cooperation vital for the security of states. This agreement is not the first one for Japan, as the Asian state recently signed a cyber-cooperation agreement with U.S.
Moreover, the Japanese cyber industry is in constant advancement and a strong resource for the nation, which raises concern within about the international cyber defense cooperation. All these international cyber security agreements demonstrate that cyber defense is one of the biggest security challenges of the 21st Century. It is apparent that states believe international cooperation is a key to increasing and solving the challenge.
British IT workers targeted by foreign intelligence agencies
The British Security Agency MI5 alerted U.K. businesses that foreign intelligence services are recruiting some of their IT employees in order to gather confidential information to conduct cyber-attacks. During the past month, MI5 warned the leading U.K. companies about these threats.
Despite the fact that U.K. corporations invested millions of pounds to protect their infrastructure from external cyber-attacks, there is still a lack of internal security measures. Companies are usually more focused on protecting their systems than controlling the internal activities of the company.
To reduce internal threats, U.K. business companies should establish security procedures to recruit their employees such as security investigation and polygraph tests. These measures are already used in the defense industry but should be applied to the banking, business, and telecommunications industries.
Currently, intelligence services are working on both sides developing cyber intelligence programs and using human intelligence to infiltrate foreign networks and gather sensitive information.
These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-‐mail at: firstname.lastname@example.org.
CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.
- Locating ICS and SCADA Systems on .EDU Networks with SHODAN
- Privacy, National Security and Mass Surveillance: The Role of Crypto
- Cyber Counterintelligence: From Theory to Practice
- Defensive Cyberspace Operations and Intelligence
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock