U.S. political parties need to boost cybersecurity fast

U.S. political parties and government need to boost cybersecurity

Politico article shows why it’s past time for both major U.S. political parties to get much serious about tightening cybersecurity to protect the American political system from being sabotaged by the likes of Vladimir Putin. Hit this link for the full story.

New Pakistan cybersecurity law alarms rights activists

 

Rejecting the criticism of rights groups, Pakistan has  enacted a cybersecurity law that grants sweeping powers to the government to block private information that they deem illegal, or possibly, simply just critical of the government.

The National Assembly approved the Prevention of Electronic Crimes Bill 2015 on Aug. 13 after the Senate had unanimously adopted it last month.

Government officials say  tha the new Internet restrictions  are needed to ensure security against growing threats, such as terrorism.

But human rights and pro-democracy activists worry that its vague language could curn free speech and lead to unfair prosecutions.

“The overly broad language used in the bill ensures that innocent and ignorant Pakistani citizens, unaware of the ramifications of what the bill entails, can be ensnared and find themselves subject to very harsh penalties,” said Nighat Daad, founder of a group called the Digital Rights Foundation.

“There have been no provisions set in place to protect sensitive data of Pakistani users … The state  should not police people’s lives in this manner.”

To read the Reuters story on this, please hit this link.

Action plan to block cyberattacks in Vietnam

By Allan M. Cytryn, principal at Risk Masters International, and John E. Savage, An Wang Professor of Computer Science at Brown University. Both are members of The Boston Global Forum.

We recommend a series of short- and long-term actions to block cyberattacks in Vietnam. The ultimate goals of these actions are to 1) ensure that the appropriate international agencies are fully engaged in addressing this issue and its longer-term implications; 2) operationally address the issue immediately and restore reliable, safe operations for air travel, and 3) more broadly enhance Vietnam’s cyber-resilience so that it is less vulnerable to such incidents.

Ensure that the appropriate international agencies are engaged: 

  • This is an airline-security issue. We recommend reporting it to the International Civil Aviation Organization (ICAO) and requesting its assistance. While that agency may not have cybersecurity expertise, its leaders are very concerned about security and thus may be able to help address the problem.
  • We recommend reporting the late July incident affecting Vietnamese airports to FIRST, the global Forum for Incident Response and Security Teams. FIRST describes itself as the “premier organization and recognized global leader in (computer-security) incident response.” As you can see from its Web site, it can provide much help with long- and short-term solutions.
  • This serious incident should also be reported to other international bodies, including ASEAN, the G7, the G20 and UNGA.

Address the issue immediately and restore reliable, safe operations:

  • Consultants should be hired to do a forensic analysis of the affected systems. Friendly nations, such as the United States, can advise on companies that are highly qualified to do this analysis and that can be trusted as well.
  • Companies that we would recommend include Crowdstrike and Fidelis.

Longer-term, more broadly enhance the cyber-resilience of Vietnam:

  • Implement broad-based cybereducation at multiple levels.
  • Train local specialists in computer security.
    • The Vietnam Education Foundation (VEF) can help to develop university-level cybersecurity-education programs.
    • The Boston Global Forum can also help with this effort.
    • Vietnam could also emulate the U.S. Computer Science for All program, which encourages young Americans to acquire computer-science skills.

Educate policymakers and academics about Internet-governance issues.

  • The DiPLO Foundation has cybersecurity programs to help diplomats acquire the knowledge necessary to participate in international policy development.
  • The Boston Global Forum can also help with this matter.
  • Develop programs in cyberhygiene for the general population and develop policies and practices to ensure that the general population is appropriately educated in this area:
    • Begin classroom training in early education and continue through all levels of schooling.
    • Provide online courses to let all persons, including those not in school, to be properly educated.
    • Consider policies and incentives to encourage people to take the cyberhygiene courses.
    • Develop a cyber-resilient infrastructure.
  • Broadly adopt the principle of cyber-resilience across all the IT and communications infrastructure in Vietnam.
  • Jumpstart the process by targeting key industries, individual businesses and other organizations that have the highest level of exposure and risk.
    • Consider “pooling” or sharing resources and teams across multiple organizations where appropriate and practical to maximize the speed and effectiveness of the initial programs.
    • Identify and address reasonable impediments to success, including funding, product availability, staff availability and training.
  • Align these efforts with training goals, using these implementation activities to further the nation’s plan to train individuals who can then apply their learning to other enterprises.

E.U. approves its first cybersecurity rules

parl

Inside the European Parliament.

The European Parliament has  approved  the first rules on cybersecurity for the European Union. This will force businesses to strengthen defenses against cyberattacks — and to promptly report to regulators when they do happen. This puts a particular onus on such digital giants as Google , Facebook and Amazon.

The new law  will impose security and reporting obligations on   such industries such as banking, energy, transport and health and on  such all-digital operators as companies running search engines and online marketplaces. The law also requires the governments of E.U member states to cooperate much more than they have in network security.

The rules “will help prevent cyberattacks on Europe’s important interconnected infrastructures,”   Andreas Schwab, a German member of the 28-nation Parliament who steered the measures through the parliament. E.U. governments had already supported the legislation.

Russian  and Chinese government-linked and other hackers, some of them Islamic terrorists, have targeted essential infrastructure and services in several nations.

For the full article, please hit this link.

Expert talks about U.S.-Chinese cyber issues

 

Here’s a Wall Street Journal interview with  cyberspace expert Tim Maurer on the future of Chinese-U.S. cybersecurity relations and Beijing’s ambitions for managing the Internet.

He says data-stealing is his greatest fear for the Internet:

“The vast majority of hacking incidents so far have been relatively unsophisticated stealing of data, which is the low-hanging fruit. In most instances, that’s because defenses are so bad — including at the government level. But now you’re starting to see increasingly sophisticated malware, and there’s a concern about hackers not just stealing data, but altering it.”

To read The Wall Street Journal article, please hit this link.

BGF’s John Savage cited for cybersecurity work for G7

img_2461.JPG.600x600_q85

Needless to say, the colleagues of Prof. John Savage at the Boston Global Forum  (BGF) were very pleased to read the announcement below from Brown University, which we have slightly edited for clarity. John Savage is a  BGF member and  the An Wang Professor of Computer Science at Brown.

The press release from Brown:

“Congressional Quarterly Roll Call recently interviewed Professor John Savage of Brown University‘s Department of Computer Science (Brown CS) to document a unique moment in history. ‘The May 26-27 meeting of the Group of Seven in Ise-Shima, Japan,’ writes Paul Merrion, ‘produced the G7’s first-ever stand-alone agreement on cybersecurity, data protection and Internet governance.’

“To give a bit of history, the Boston Global Forum (BGF), chaired by former {Massachusetts Gov.}  Michael Dukakis, was founded to bring together thought leaders and experts from around the globe to participate in open public forums to discuss and illuminate the most critical issues affecting the world at large. In February, Nguyen Anh Tuan,  the BGF’s CEO and a co-founder of the nonprofit think tank, asked John to address  the BGF and prepare an agenda for the G7 Summit, working with other individuals affiliated with  the BGF to develop his presentation into a formal proposal.

“The G7 agreement (‘The G7 Ise-Shima Leaders’ Declaration’), which draws on the work of Savage and his colleagues, makes the landmark statement that cyberspace is under the rule of national law, and advocates for responsible state behavior during peacetime and the development of confidence-building measures to increase security. ‘It’s very significant,’ John says. ‘It’s progress, it’s recognition that nations need to help one another.”’

For more information, please his this link.

 

China names tough new Internet czar

Chinese President Xi Jinping has named Xu Lin to become the government’s new head Internet regulator,  succeeding Lu Wei.

Mr. Xu has  vowed to maintain the ruling Communist Party’s tight grip over cyberspace, which is overseen by the Cyberspace Administration of China.

The Chinese government has long imposed  controls over the Internet, in part to stifle political dissent, and is codifying that policy in law. Officials assert that such restrictions are needed to ensure security in the face of such rising threats as terrorism. However, most of China’s crackdown seems directed against speech that, however carefully, criticizes the Communist dictatorship.

For the Reuters article on this, please hit this link.

 

Intel mulls selling cybersecurity unit

 

Cybersecurity expert Schneier warns of deficit in security policy for Internet of Things

(June 13th, 2016) The news service V3 reports that international cybersecurity expert Bruce Schneier warned that governments lack the expertise to, as V3 paraphrased him, “define security policy when it comes to the rapidly growing Internet of Things.’’

bruce-schneier-cryptography-580x358

The Boston Global Forum honored Mr. Schneier last Dec. 12 as a “’Business Leader in Cybesecurity for dedicating his career to the betterment of technology, security and privacy’’ in the Internet.’’ The security technologist is also a member of the Infosecurity Europe Hall of Fame.

V3 reported that Mr. Schneier “explained that that governments approach topics such as the Internet of Things and cybersecurity without the technical knowledge to understand the challenges.’’

“A lack of relevant expertise is really going to hurt us. There is a fundamental mismatch between the way government works and the way technology work,” Mr. Schneier said.

In any case, he said: “I think that more government involvement in cybersecurity is inevitable simply because the systems are more real. I think we are going to see more cyberwar rhetoric, more cyberterrorism rhetoric, more calls for surveillance, more calls for use control, more trusting of the government.’’

V3 noted: “Concerns about Internet of Things security are becoming more pertinent because the threats posed to some connected devices have the potential to cause physical harm.’’

For the V3 story, hit this link.

Chinese government uses fake social-media posts to distract public

(June 13th, 2016) A fascinating article in The Harvard Gazette tells how the Chinese government “fakes 448 million social-media posts a year in a strategy that seeks to create the appearance of ‘viral’ outbursts of Web activity, according to a new study by Harvard data scientists.’’

Gary King is the Albert J. Weatherhead III University Professor at Harvard University, based in the Department of Government. He is pictured in the CGIS Knafel Building. Stephanie Mitchell/Harvard Staff Photographer
Gary King is the Albert J. Weatherhead III University Professor at Harvard University, based in the Department of Government. He is pictured in the CGIS Knafel Building. Stephanie Mitchell/Harvard Staff Photographer

“The posts appear under the names of apparently ordinary people, and aim to distract from topics related to actual or potential collective action, said Gary King, the Albert J. Weatherhead III {Harvard} University Professor, who carried out the research with two of his former graduate students….’’

“The research shows that assumptions about the Chinese government’s tactics in this area are wrong, King said. The prevailing belief among journalists, academics, and activists, he said, has been that the government maintains an aggressive social media strategy that actively rebuts anti-government posts and tries to cast opponents, whether domestic or foreign, institutional or individual, in a negative light.

“In fact, such posts make up a tiny minority, the researchers found. Most qualify as ‘cheerleading’: praise for the government and items on revolutionary history, national holidays, and other patriotic themes. In short, King said, the government is trying to distract people, and defuse tension over fraught issues.’’

To read the whole article, hit this link.

G7 leaders approve historic cybersecurity agreement

(June 6th, 2016) Leaders at the G7 Summit approved the first international stand-alone agreement on cybersecurity, including data protection and Internet governance. A number of organizations, including  the Boston Global Forum (BGF), submitted recommendations to the leaders for their consideration. The BGF’s  recommendations included what it calls the Ise-Shima Norms for cyberbehavior, which builds on the BGF’s Ethics Code of Conduct for Cyber Peace and Security (ECCC). (Ise-Shima is the Japanese region where this year’s summit was held on May 26-27.)

 

World leaders attend the G7 2016 Ise-Shima Summit in Japan.
World leaders attend the G7 2016 Ise-Shima Summit in Japan.

The BGF’s recommendations were part of its BGF-G7 Summit Initiative.

“We endeavor to develop policy frameworks that further promote effective privacy and data protection across jurisdictions to meet high standards of privacy and data protection,” according to a statement of principles in the G7 leaders’ agreement.

“We also welcome proactive approaches such as ‘Privacy by Design,’ which take privacy and protecting personal data into account throughout the engineering process. We recognize that protecting privacy and enhancing cybersecurity help ensure business and consumer trust and promote innovation crucial to our economic growth.”

“It sounds innocuous, but it’s not. It’s actually very significant,” John Savage, An Wang Professor of Computer Science at Brown University, told Roll Call’s Paul Merrion. Professor Savage is a BGF member who helped draft the Ise-Shima Norms.

“It’s progress, it’s recognition that nations need to help one another.”

The agreement also states that “no country should conduct or knowingly support ICT (information and communication technology)-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to its companies or commercial sectors.’’

It continued: “We commit to facilitate the free flow of information to ensure openness, transparency and freedom of the Internet, and a fair and equal access to the cyberspace for all actors {in the} digital economy while respecting privacy and data protection, as well as cybersecurity.’’

Further, the G7 affirmed: “We continue to support ICT policies that preserve the global nature of the Internet, promote the flow of information across borders and allow Internet users to access online information, knowledge and services of their choice. We oppose data localization requirements that are unjustifiable, taking into account legitimate public policy objectives.”

Professor Savage told Mr. Merrion: “That’s directed at the Chinese and Russians, but mostly the Chinese.” While it doesn’t directly and immediately affect these countries, “it’s a talking point,” he told Mr. Merrion

Cybersecurity is in G7 Summit’s closing declaration

(June 6th, 2016) We at The Boston Global Forum were very pleased that the G7 leaders at their May 26-27 summit in Japan included in their final declaration an important statement on cybersecurity. BGF experts had submitted to the leaders the BGF’s Ise-Shima Norms for cyberbehavior (named after the region where the summit was held).

Cover

The BGF’s recommendations were part of the BGF-G7 Summit Initiative.

Among the leaders’ comments on cybersecurity:

“We strongly support an accessible, open, interoperable, reliable and secure cyberspace as one essential foundation for economic growth and prosperity.’’

The leaders also announced initiatives on improving the global economy through coordinated fiscal and monetary policies; on migration and refugees; on trade; on infrastructure; on health; on improving the condition and status of women; on battling political and other corruption; on climate change, and on energy, including decarbonization.

 

Cybersecurity lessons for campus security

(June 6th, 2016) There are some lessons from cybersecurity that can be used to improve on-campus physical security, writes John Vallasenor in the wake of the recent murder/suicide on the campus of the University of California at Los Angeles.

shooting

Among them are:

  • “Create a mechanism for disseminating critically important alerts, and don’t clutter it with less important messages.’’
  • “Have the ability to control access points.’’
  • “Before an emergency arises, fully test emergency responses to find gaps.’’

 

Australian cyberexpert warns of simple solutions

(June 6th, 2016) Major Gen. Stephen Day, the former head of Cyber and Information Security at the Australian Signals Directorate, says that a trusted and ethical cybersecurity industry is vital to Australia’s socio-economic well being and national security.

Maritime-Cybersecurity-The-Old-and-New

General Day discussed America’s heightened awareness of cyberattacks; that there is a real concern about the threat of an attack in the U.S., in stark comparison to Australia.

“Out of this {the U.S.} atmosphere, one tinged with a little bit of fear, has arisen some less-than-honorable businesses and business practices. There is a risk that the reputation of the cybersecurity industry could be harmed, and if that happens then the industry will be kept at arm’s length, and that is in no one’s interests.”

“If you are a cybersecurity vendor and you have a single technical product offering, do the right thing and explain to your customers that your offering will work best when it is part of a bigger plan,” he said. “If you are a consumer of cybersecurity products, and you have a vendor that insists that they have a single silver bullet solution, then you’re probably best off showing them the door.”

Expert warns of great cyberspace vulnerability in India

(May 30th, 2016) Pavan Duggal, an Indian cyberlaw and cybersecurity expert, warned that as governments around the world struggle to stop cyberattacks and data breaches, India needs to come up with a more comprehensive legal approach and framework to address various issues in cyberspace. Read this link to The Times of India story.

peopleoncomputer--621x414

“Today, a lot of work in personal, professional, social and governance space is being done on the internet. Therefore, there is a need to look at the issues in cyberspace. It is here that issues like cyberlaw, cybercrime and cybersecurity come in,” Mr. Duggal, president of cyber laws.net and a lawyer who argues before the Indian Supreme Court, said at meeting on cyberlaw, cybercrime and cybersecurity in New Delhi.

He warned that, given recent cyberspace trends in India, cyberterrorism and political radicalization via the Internet are going to hit big time in India.

Economy, refugees, Chinese expansionism, cybersecurity top summit agenda

 

The biggest issues at the G7 Summit have been how to get the global economy humming again; the refugee crisis in Europe and the Mideast; Chinese expansionism in the East and South China Sea, and cybersecurity. Read this link.

The last item has been a priority of The Boston Global Forum this year. BGF experts have presented their proposals on how to improve cybersecurity in particular and cyberbehavior in general to the G7 leaders. Indeed, a key part of the BGF’s BGF-G7 Summit Initiative is its Ise-Shima Norms for cyberbehavior, named for the location of the summit.

As for the refugees: European Council President Donald Tusk said on Thursday he would seek G7 support for more global aid for them.

“If we (G7) do not take the lead in managing this crisis, nobody would,” Mr. Tusk told reporters. A flow of migrants to Europe from Syria, other parts of the Mideast and Africa confronts the continent with its biggest refugee crisis since World War II.

In a closing communiqué, leaders were also expected to cite the importance of maritime security, including calling for respect for the rule of law and opposition to provocative acts that try to change the status quo by force – in a clear reference to Chinese expansionism.

Although full agreement on macro-economic policy looks difficult, the G7 leaders are expected to promote monetary, fiscal and infrastructure policies to spur growth in the final summit communiqué.

Britain and Germany are resisting calls for fiscal stimulus, and so Japanese Prime Minister Shinzo Abe will urge the G7 leaders to adopt a flexible fiscal policy, taking into account each country’s economic and political situation.