{"id":28544,"date":"2016-09-07T13:57:58","date_gmt":"2016-09-07T03:57:58","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=28544"},"modified":"2016-09-07T14:05:25","modified_gmt":"2016-09-07T04:05:25","slug":"cyber-wrap-135","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cyber-wrap-135\/","title":{"rendered":"Cyber wrap"},"content":{"rendered":"
There were some high-powered bilateral discussions about cyber incidents this week, with Barack Obama meeting Vladimir Putin and Xi Jinping on the sidelines of the G20 in China. Following the Putin meet, Obama sought to tone down discussion about any US response<\/a> to recent high-profile cyber incidents related to the US election. While Obama acknowledged<\/a> that Russia was the source of some of the cyber threats facing the US, he noted the US would prefer to establish norms of behaviour rather than begin a cycle of escalating responses resembling the \u2018wild, wild West.\u2019<\/p>\n The British took their cyber security seriously during the G20, with British officials attending the summit warned about their host\u2019s proclivity for cyber espionage<\/a> and provided with temporary phones and email accounts for use while in China. They were also advised not to accept gifts including USB sticks and phone chargers.<\/p>\n In further UK news, it appears data centre operator GlobalSwitch<\/a> will be sold to a Chinese consortium for \u00a35 billion. Senior British politicians are reportedly concerned about the security implications<\/a> of such a deal, as the centre houses IT servers for government organisations and financial institutions. Also in the UK, Parliament has returned for a short two-week stint during which it will consider the Investigatory Powers Bill,<\/a> also known as the \u2018Snooper\u2019s Charter\u2019. The Bill has been criticised<\/a> for the power it provides signals intelligence agency GCHQ to collect bulk data, and was reviewed over the parliamentary recess by the Independent Reviewer of Terrorism Legislation David Anderson QC. Anderson\u2019s report was largely supportive of the Bill<\/a>, but found no actual justification for bulk collection and recommended that a Technical Advisory Panel be appointed to consider the effect of technological developments on investigatory powers.<\/p>\n Closer to home, cybersecurity firm iSIGHT has reported that the Hong Kong government had been targeted<\/a> by what it\u2019s been described as politically-motivated cyber espionage from the mainland. The firm has reported that a group dubbed APT3 has targeted government personnel at least three times with spear phishing emails containing malware designed to infiltrate government networks. This comes in the same week that 30 pro-democracy candidates were elected to the city\u2019s legislature, including one of the leaders of the Umbrella protests in 2014. In the US, the Chamber of Commerce released a study called \u2018Preventing Deglobalisation\u2019<\/a>, which warned China that restrictions on foreign access to its technology market could damage GDP growth by between 1.77% and 3.44% per annum, or about US$200 billion a year.<\/p>\n Warfare in cyberspace remains a topic of significant interest, so here are a few recent pieces. Mathew Cohen looks at Israel\u2019s offensive cyber capability in a blog for Oxford University Press<\/a>, noting that Israel has significant offensive cyber capabilities, but may lack the strategic depth to respond to simultaneous cyber-attack and invasion. In Canada, the former head of its national signals intelligence agency\u2014the Communications Security Establishment (CSE)\u2014has urged the Canadian government to consider developing an offensive cyber capability<\/a> in its defence policy review. A CSE spokesperson told media only that, \u2018CSE does not have a mandate to conduct offensive cyber activities.\u2019<\/p>\n On the campaign trail Hillary Clinton has told the American Legion in Cincinnati<\/a> that as president she would consider cyber attacks the same as physical attacks, and the US would respond with political, military and economic measures. Over at Lawfare<\/em>, Herb Lin has raised some concerns<\/a> about recent reports that US Cyber Command is working to develop cyber tools that are \u2018loud\u2019 (that is, tools that don\u2019t mask attribution). Meanwhile, ZDNet<\/em> and TechRepublic<\/em> have good summaries of the history of offensive cyber capabilities<\/a> and major international cyber exercises<\/a>, some of which Australia has participated in.<\/p>\n International bank settlements company SWIFT has disclosed that there have been more attempts to hack its network<\/a>, some of which have been successful. SWIFT sent its clients the news in a private letter, imploring them to comply with new security procedures or risk SWIFT releasing information about breaches at banks without consultation or agreement. A cybercrime analyst who consults for the FBI this week told a conference in Sydney that cyber criminals are continually evolving their tactics, techniques and procedures<\/a>. However, he noted that 90% of incidents are the result of successful spearphishing, meaning that user education is critical to turn the tide.<\/p>\n Compounding this problem is the continuing shortage of skilled cybersecurity personnel. A study by our friends at CSIS, commissioned by Intel Security, found that technical skills in intrusion detection, software development and attack mitigation were in short supply in Australia<\/a>, and Australian IT managers won\u2019t be able to fill about 17% of vacancies out to 2020. They also criticised the quality of formal cybersecurity education, with 75% of Australian respondents under the impression that these qualifications don\u2019t adequately prepare individuals for the workforce.<\/p>\n","protected":false},"excerpt":{"rendered":" There were some high-powered bilateral discussions about cyber incidents this week, with Barack Obama meeting Vladimir Putin and Xi Jinping on the sidelines of the G20 in China. Following the Putin meet, Obama sought to …<\/p>\n","protected":false},"author":364,"featured_media":28546,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[531],"tags":[391,672,728,843,500],"class_list":["post-28544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-2","tag-cyber","tag-g20","tag-hacking","tag-hillary-clinton","tag-surveillance"],"acf":[],"yoast_head":"\n