by Robert Whitcomb | Aug 24, 2016 | Initiative
U.S. political parties and government need to boost cybersecurity
Politico article shows why it’s past time for both major U.S. political parties to get much serious about tightening cybersecurity to protect the American political system from being sabotaged by the likes of Vladimir Putin. Hit this link for the full story.
by Robert Whitcomb | Aug 12, 2016 | Initiative
Rejecting the criticism of rights groups, Pakistan has enacted a cybersecurity law that grants sweeping powers to the government to block private information that they deem illegal, or possibly, simply just critical of the government.
The National Assembly approved the Prevention of Electronic Crimes Bill 2015 on Aug. 13 after the Senate had unanimously adopted it last month.
Government officials say tha the new Internet restrictions are needed to ensure security against growing threats, such as terrorism.
But human rights and pro-democracy activists worry that its vague language could curn free speech and lead to unfair prosecutions.
“The overly broad language used in the bill ensures that innocent and ignorant Pakistani citizens, unaware of the ramifications of what the bill entails, can be ensnared and find themselves subject to very harsh penalties,” said Nighat Daad, founder of a group called the Digital Rights Foundation.
“There have been no provisions set in place to protect sensitive data of Pakistani users … The state should not police people’s lives in this manner.”
To read the Reuters story on this, please hit this link.
by Robert Whitcomb | Aug 3, 2016 | Initiative
By Allan M. Cytryn, principal at Risk Masters International, and John E. Savage, An Wang Professor of Computer Science at Brown University. Both are members of The Boston Global Forum.
We recommend a series of short- and long-term actions to block cyberattacks in Vietnam. The ultimate goals of these actions are to 1) ensure that the appropriate international agencies are fully engaged in addressing this issue and its longer-term implications; 2) operationally address the issue immediately and restore reliable, safe operations for air travel, and 3) more broadly enhance Vietnam’s cyber-resilience so that it is less vulnerable to such incidents.
Ensure that the appropriate international agencies are engaged:
- This is an airline-security issue. We recommend reporting it to the International Civil Aviation Organization (ICAO) and requesting its assistance. While that agency may not have cybersecurity expertise, its leaders are very concerned about security and thus may be able to help address the problem.
- We recommend reporting the late July incident affecting Vietnamese airports to FIRST, the global Forum for Incident Response and Security Teams. FIRST describes itself as the “premier organization and recognized global leader in (computer-security) incident response.” As you can see from its Web site, it can provide much help with long- and short-term solutions.
- This serious incident should also be reported to other international bodies, including ASEAN, the G7, the G20 and UNGA.
Address the issue immediately and restore reliable, safe operations:
- Consultants should be hired to do a forensic analysis of the affected systems. Friendly nations, such as the United States, can advise on companies that are highly qualified to do this analysis and that can be trusted as well.
- Companies that we would recommend include Crowdstrike and Fidelis.
Longer-term, more broadly enhance the cyber-resilience of Vietnam:
- Implement broad-based cybereducation at multiple levels.
- Train local specialists in computer security.
- The Vietnam Education Foundation (VEF) can help to develop university-level cybersecurity-education programs.
- The Boston Global Forum can also help with this effort.
- Vietnam could also emulate the U.S. Computer Science for All program, which encourages young Americans to acquire computer-science skills.
Educate policymakers and academics about Internet-governance issues.
- The DiPLO Foundation has cybersecurity programs to help diplomats acquire the knowledge necessary to participate in international policy development.
- The Boston Global Forum can also help with this matter.
- Develop programs in cyberhygiene for the general population and develop policies and practices to ensure that the general population is appropriately educated in this area:
- Begin classroom training in early education and continue through all levels of schooling.
- Provide online courses to let all persons, including those not in school, to be properly educated.
- Consider policies and incentives to encourage people to take the cyberhygiene courses.
- Develop a cyber-resilient infrastructure.
- Broadly adopt the principle of cyber-resilience across all the IT and communications infrastructure in Vietnam.
- Jumpstart the process by targeting key industries, individual businesses and other organizations that have the highest level of exposure and risk.
- Consider “pooling” or sharing resources and teams across multiple organizations where appropriate and practical to maximize the speed and effectiveness of the initial programs.
- Identify and address reasonable impediments to success, including funding, product availability, staff availability and training.
- Align these efforts with training goals, using these implementation activities to further the nation’s plan to train individuals who can then apply their learning to other enterprises.
by Robert Whitcomb | Jul 6, 2016 | News
Inside the European Parliament.
The European Parliament has approved the first rules on cybersecurity for the European Union. This will force businesses to strengthen defenses against cyberattacks — and to promptly report to regulators when they do happen. This puts a particular onus on such digital giants as Google , Facebook and Amazon.
The new law will impose security and reporting obligations on such industries such as banking, energy, transport and health and on such all-digital operators as companies running search engines and online marketplaces. The law also requires the governments of E.U member states to cooperate much more than they have in network security.
The rules “will help prevent cyberattacks on Europe’s important interconnected infrastructures,” Andreas Schwab, a German member of the 28-nation Parliament who steered the measures through the parliament. E.U. governments had already supported the legislation.
Russian and Chinese government-linked and other hackers, some of them Islamic terrorists, have targeted essential infrastructure and services in several nations.
For the full article, please hit this link.
by Robert Whitcomb | Jul 5, 2016 | Initiative
Here’s a Wall Street Journal interview with cyberspace expert Tim Maurer on the future of Chinese-U.S. cybersecurity relations and Beijing’s ambitions for managing the Internet.
He says data-stealing is his greatest fear for the Internet:
“The vast majority of hacking incidents so far have been relatively unsophisticated stealing of data, which is the low-hanging fruit. In most instances, that’s because defenses are so bad — including at the government level. But now you’re starting to see increasingly sophisticated malware, and there’s a concern about hackers not just stealing data, but altering it.”
To read The Wall Street Journal article, please hit this link.
by Robert Whitcomb | Jul 4, 2016 | AI World Society Summit
Needless to say, the colleagues of Prof. John Savage at the Boston Global Forum (BGF) were very pleased to read the announcement below from Brown University, which we have slightly edited for clarity. John Savage is a BGF member and the An Wang Professor of Computer Science at Brown.
The press release from Brown:
“Congressional Quarterly Roll Call recently interviewed Professor John Savage of Brown University‘s Department of Computer Science (Brown CS) to document a unique moment in history. ‘The May 26-27 meeting of the Group of Seven in Ise-Shima, Japan,’ writes Paul Merrion, ‘produced the G7’s first-ever stand-alone agreement on cybersecurity, data protection and Internet governance.’
“To give a bit of history, the Boston Global Forum (BGF), chaired by former {Massachusetts Gov.} Michael Dukakis, was founded to bring together thought leaders and experts from around the globe to participate in open public forums to discuss and illuminate the most critical issues affecting the world at large. In February, Nguyen Anh Tuan, the BGF’s CEO and a co-founder of the nonprofit think tank, asked John to address the BGF and prepare an agenda for the G7 Summit, working with other individuals affiliated with the BGF to develop his presentation into a formal proposal.
“The G7 agreement (‘The G7 Ise-Shima Leaders’ Declaration’), which draws on the work of Savage and his colleagues, makes the landmark statement that cyberspace is under the rule of national law, and advocates for responsible state behavior during peacetime and the development of confidence-building measures to increase security. ‘It’s very significant,’ John says. ‘It’s progress, it’s recognition that nations need to help one another.”’
For more information, please his this link.
by Robert Whitcomb | Jun 29, 2016 | News
Chinese President Xi Jinping has named Xu Lin to become the government’s new head Internet regulator, succeeding Lu Wei.
Mr. Xu has vowed to maintain the ruling Communist Party’s tight grip over cyberspace, which is overseen by the Cyberspace Administration of China.
The Chinese government has long imposed controls over the Internet, in part to stifle political dissent, and is codifying that policy in law. Officials assert that such restrictions are needed to ensure security in the face of such rising threats as terrorism. However, most of China’s crackdown seems directed against speech that, however carefully, criticizes the Communist dictatorship.
For the Reuters article on this, please hit this link.
by Robert Whitcomb | Jun 27, 2016 | News
You would think that with all the cybersecurity threats these days that a company like Intel would want to hang on to its cybersecurity unit. But in fact, Intel is considering selling Intel Security, including perhaps McAfee, the anti-virus company, Bloomberg reports.
The reason for the potential sale:
The slowing of the personal-computer sector is pushing Intel to move more into such higher-growth areas as chips for data-center machines and Internet-connected devices.
by Robert Whitcomb | Jun 12, 2016 | World Leaders in AIWS Award Updates
(June 13th, 2016) The news service V3 reports that international cybersecurity expert Bruce Schneier warned that governments lack the expertise to, as V3 paraphrased him, “define security policy when it comes to the rapidly growing Internet of Things.’’
The Boston Global Forum honored Mr. Schneier last Dec. 12 as a “’Business Leader in Cybesecurity for dedicating his career to the betterment of technology, security and privacy’’ in the Internet.’’ The security technologist is also a member of the Infosecurity Europe Hall of Fame.
V3 reported that Mr. Schneier “explained that that governments approach topics such as the Internet of Things and cybersecurity without the technical knowledge to understand the challenges.’’
“A lack of relevant expertise is really going to hurt us. There is a fundamental mismatch between the way government works and the way technology work,” Mr. Schneier said.
In any case, he said: “I think that more government involvement in cybersecurity is inevitable simply because the systems are more real. I think we are going to see more cyberwar rhetoric, more cyberterrorism rhetoric, more calls for surveillance, more calls for use control, more trusting of the government.’’
V3 noted: “Concerns about Internet of Things security are becoming more pertinent because the threats posed to some connected devices have the potential to cause physical harm.’’
For the V3 story, hit this link.
