President Obama released a new Presidential Policy Directive (PPD) on US Cyber Incident Coordination last week. The document laid out who’s in charge during ‘significant cyber incidents’ targeting the US, with significant incidents rated at three or above on the White House’s severity scale. Level three events are ‘likely to result in a demonstrable impact to public health or safety, national security, economic security, foreign relations, civil liberties, or public confidence’.
The PPD established that the Justice Department, via the FBI and the National Cyber Investigative Joint Task Force, will take the lead in ‘threat response’ and investigations, Homeland Security will spearhead asset protections and the Office of the Director of National Intelligence will direct supporting intelligence activities. The National Security Council-chaired interagency Cyber Response Group will lead policy and strategy responses, and a Unified Coordination Group will be created by relevant agencies to lead technical co-ordination. The new directive applies to the both the private and public sectors and is intended to help clarify who in the US bureaucratic maelstrom of cyber agencies is in charge when the rubber hits the road.
Following the high-profile hacking of the Democratic National Committee’s email servers—allegedly by Russian actors—Moscow is now dealing with its own high-profile infiltration. The Federal Security Service of the Russian Federation (FSB) has identified an advanced persistent threat that targeted over 20 organisations, including government and military bodies, critical infrastructure, scientific and defence companies. The FSB told the media that the malware allowed the attackers remotely turn on cameras and microphones, take screenshots and log text input on the infected computers. The FSB is now working to identify all the organisations affected and likely trying to establish which information has gone missing. Beyond commenting that the attacks were ‘planned and made professionally’, the Russian government hasn’t attributed the intrusion to a specific country or organisation.
South Korea has pointed the finger squarely at North Korea following a recent compromise of government email accounts. Sixty individuals from across government, including the ministries of Foreign Affairs, Defense and Unification, had their email accounts compromised in a phishing campaign—which also targeted academics and several journalists. Experts are now trying to discern what, if any, information was stolen by the attackers.
Last week, Washington DC played host to the 4th US–Japan Bilateral Cyber Dialogue. It was led by State Department Coordinator for Cyber Issues Chris Painter and Koichi Mizushima, Japan’s Ambassador for Cyber Policy and Deputy Director-General of the Foreign Policy Bureau. The dialogue reaffirmed that the countries shared interest and cooperation in areas including the cybersecurity of critical infrastructure, capacity-building, information-sharing, military-to-military cyber cooperation, cybercrime, and international security issues in cyberspace. Discussion topics likely included Japan’s ongoing cyber security ramp-up in the lead up to the Tokyo games, and both countries shared pursuit in cementing cyber norms of behaviour. Following the US talks, Japan will host a cyber-policy dialogue with Australia this week in Tokyo. This is the second cyber-policy meeting between our two counties and we’ll be sure to have more on the discussions in next week’s cyber wrap.
And finally, Vietnam’s two largest airports have fallen victim to an embarrassing attack launched by hackers sympathetic to China’s maritime claims in the South China Sea. Hackers were able to manipulate the flight information boards in Hanoi’s Noi Bai and Ho Chi Minh’s Tan Son Nhat airports, replacing flight details with distorted information regarding the contested area. Not content with just accessing the interface, the group then took over the airports’ PA systems, which began loudly broadcasting similar messages. Hacking group 1937cn claimed responsibility for the attack, and the related theft of Vietnam Airline’s database of frequent flier details. This is the latest iteration of maritime tensions in region spilling over into cyber space.