U.S. political parties and government need to boost cybersecurity
Politico article shows why it’s past time for both major U.S. political parties to get much serious about tightening cybersecurity to protect the American political system from being sabotaged by the likes of Vladimir Putin. Hit this link for the full story.
Rejecting the criticism of rights groups, Pakistan has enacted a cybersecurity law that grants sweeping powers to the government to block private information that they deem illegal, or possibly, simply just critical of the government.
The National Assembly approved the Prevention of Electronic Crimes Bill 2015 on Aug. 13 after the Senate had unanimously adopted it last month.
Government officials say tha the new Internet restrictions are needed to ensure security against growing threats, such as terrorism.
But human rights and pro-democracy activists worry that its vague language could curn free speech and lead to unfair prosecutions.
“The overly broad language used in the bill ensures that innocent and ignorant Pakistani citizens, unaware of the ramifications of what the bill entails, can be ensnared and find themselves subject to very harsh penalties,” said Nighat Daad, founder of a group called the Digital Rights Foundation.
“There have been no provisions set in place to protect sensitive data of Pakistani users … The state should not police people’s lives in this manner.”
To read the Reuters story on this, please hit this link.
By Allan M. Cytryn, principal at Risk Masters International, and John E. Savage, An Wang Professor of Computer Science at Brown University. Both are members of The Boston Global Forum.
We recommend a series of short- and long-term actions to block cyberattacks in Vietnam. The ultimate goals of these actions are to 1) ensure that the appropriate international agencies are fully engaged in addressing this issue and its longer-term implications; 2) operationally address the issue immediately and restore reliable, safe operations for air travel, and 3) more broadly enhance Vietnam’s cyber-resilience so that it is less vulnerable to such incidents.
Ensure that the appropriate international agencies are engaged:
- This is an airline-security issue. We recommend reporting it to the International Civil Aviation Organization (ICAO) and requesting its assistance. While that agency may not have cybersecurity expertise, its leaders are very concerned about security and thus may be able to help address the problem.
- We recommend reporting the late July incident affecting Vietnamese airports to FIRST, the global Forum for Incident Response and Security Teams. FIRST describes itself as the “premier organization and recognized global leader in (computer-security) incident response.” As you can see from its Web site, it can provide much help with long- and short-term solutions.
- This serious incident should also be reported to other international bodies, including ASEAN, the G7, the G20 and UNGA.
Address the issue immediately and restore reliable, safe operations:
- Consultants should be hired to do a forensic analysis of the affected systems. Friendly nations, such as the United States, can advise on companies that are highly qualified to do this analysis and that can be trusted as well.
- Companies that we would recommend include Crowdstrike and Fidelis.
Longer-term, more broadly enhance the cyber-resilience of Vietnam:
- Implement broad-based cybereducation at multiple levels.
- Train local specialists in computer security.
- The Vietnam Education Foundation (VEF) can help to develop university-level cybersecurity-education programs.
- The Boston Global Forum can also help with this effort.
- Vietnam could also emulate the U.S. Computer Science for All program, which encourages young Americans to acquire computer-science skills.
Educate policymakers and academics about Internet-governance issues.
- The DiPLO Foundation has cybersecurity programs to help diplomats acquire the knowledge necessary to participate in international policy development.
- The Boston Global Forum can also help with this matter.
- Develop programs in cyberhygiene for the general population and develop policies and practices to ensure that the general population is appropriately educated in this area:
- Begin classroom training in early education and continue through all levels of schooling.
- Provide online courses to let all persons, including those not in school, to be properly educated.
- Consider policies and incentives to encourage people to take the cyberhygiene courses.
- Develop a cyber-resilient infrastructure.
- Broadly adopt the principle of cyber-resilience across all the IT and communications infrastructure in Vietnam.
- Jumpstart the process by targeting key industries, individual businesses and other organizations that have the highest level of exposure and risk.
- Consider “pooling” or sharing resources and teams across multiple organizations where appropriate and practical to maximize the speed and effectiveness of the initial programs.
- Identify and address reasonable impediments to success, including funding, product availability, staff availability and training.
- Align these efforts with training goals, using these implementation activities to further the nation’s plan to train individuals who can then apply their learning to other enterprises.
Inside the European Parliament.
The European Parliament has approved the first rules on cybersecurity for the European Union. This will force businesses to strengthen defenses against cyberattacks — and to promptly report to regulators when they do happen. This puts a particular onus on such digital giants as Google , Facebook and Amazon.
The new law will impose security and reporting obligations on such industries such as banking, energy, transport and health and on such all-digital operators as companies running search engines and online marketplaces. The law also requires the governments of E.U member states to cooperate much more than they have in network security.
The rules “will help prevent cyberattacks on Europe’s important interconnected infrastructures,” Andreas Schwab, a German member of the 28-nation Parliament who steered the measures through the parliament. E.U. governments had already supported the legislation.
Russian and Chinese government-linked and other hackers, some of them Islamic terrorists, have targeted essential infrastructure and services in several nations.
For the full article, please hit this link.
Here’s a Wall Street Journal interview with cyberspace expert Tim Maurer on the future of Chinese-U.S. cybersecurity relations and Beijing’s ambitions for managing the Internet.
He says data-stealing is his greatest fear for the Internet:
“The vast majority of hacking incidents so far have been relatively unsophisticated stealing of data, which is the low-hanging fruit. In most instances, that’s because defenses are so bad — including at the government level. But now you’re starting to see increasingly sophisticated malware, and there’s a concern about hackers not just stealing data, but altering it.”
To read The Wall Street Journal article, please hit this link.