Iceland prepares for next-generation cybersecurity

A booming data-centre industry and plans to improve connectivity are amplifying Iceland’s role in the global digital ecosystem.
Experts estimate that Iceland loses nearly USD 72 million (ISK 10 billion) to cybercrime each year – equivalent to roughly 0.3 per cent of the north Atlantic island nation’s gross domestic product.
Bringing together the wide range of institutions and experts that regulate, implement, and maintain cybersecurity systems can be a daunting task.
The GCI measures each country’s level of development and engagement in terms of five dimensions of cybersecurity: legal measures, technical measures, organizational measures, capacity development, and cooperation. The result is aggregated into an overall score and ranked among others worldwide.
In fast-moving fields like cybersecurity important steps related to documentation, coordination, and deliberation are easily neglected. To address this challenge, the Cyber Security Council used the GCI framework to review and revise national cybersecurity priorities, considering the framework in the context of Iceland’s priorities.
At the 2020 ITU Global CyberDrill online events, a series of sessions promoting hands-on exercises for national Computer Incident Response Teams (CIRTs), discussions on current cybersecurity issues and information sharing sessions, Iceland’s Cyber Security Council worked with practitioners from across the island to document the island’s readiness to withstand cyberattacks. Identifying best practices from around the world, the local experts discussed ways to improve their own ecosystem.
Efforts like this helped Iceland boost its GCI performance from 87th to 77th in the global rankings between 2017 and 2018 – and the results of this continued commitment will be revealed in the forthcoming 2020 edition of the Global Cybersecurity Index.
Room to improve
Iceland’s mapping of its cybersecurity progress demonstrates the GCI’s versatility. While such tools are mainly promoted to build capacity in developing countries, similar kinds of engagement can also benefit the most developed.
Technical measures, such as its frameworks for implementing cybersecurity standards, are similarly ripe for improvement. These actions would complement the country’s existing Computer Emergency Response Team (CERT-IS) and the Icelandic National Cybersecurity Strategy.
[Source: ITU]

NCSC CEO warns that ransomware is key cyber threat

The chief of the UK’s National Cyber Security Centre said ransomware was the key threat facing the UK and urged the public and business to take it seriously.
Speaking virtually to an audience at the Royal United Services Institute (RUSI) Annual Security Lecture, Lindy Cameron warned of the “cumulative effect” of failing to properly deal with the rising threat.
She also revealed the threat faced by think tanks, noting that it is “almost certain” that the primary cyber threat they face is from nation state espionage groups, and it is highly likely that they seek to gain strategic insights into government policy and commercially sensitive information.
The CEO of the NCSC – which is a part of GCHQ – also warned that for the vast majority of UK citizens and organisations, the primary key threat is not state actors but cyber criminals.
She highlighted the importance of building organisational cyber resilience which, in combination with government capabilities and law enforcement action, is the most effective way to counter threats in cyberspace.
Lindy Cameron said:
“For most UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals, and in particular the threat of ransomware.
“While government is uniquely able to disrupt and deter our adversaries, it is network defenders in industry, and the steps that all organisations and citizens are taking that are protecting the UK from attacks, day in, day out.
“The protection they provide is crucial to the digital transformation of the economy, and every organisation, large and small, has a role to play.”
On the recent rise in ransomware attacks, Lindy Cameron noted that the ecosystem is evolving through the Ransomware as a Service (RaaS) model, whereby ransomware variants and commodity listings are available off the shelf for a one-off payment or a share of the profits.
As the RaaS model has become increasingly successful, with criminal groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the down time while their services are offline, the market for ransomware has become increasingly “professional”.
Elsewhere, Lindy Cameron also set out the context of the Integrated Review and forthcoming cyber strategy, highlighting the need to better integrate our security, economic, technical, and diplomatic capabilities in support of shared national objectives.
She outlined how our allies and adversaries alike are betting on cyber, and that the UK needs to continue setting the pace.

eu-LISA to Extend its Portfolio with a New Large-Scale IT System

The Council of the EU approved a general approach on the regulation on cross-border judicial tool e-CODEX, which foresees handing over its operational management to eu-LISA, in order to provide a sustainable, long-term legal framework for the system.
e-CODEX – which aims to improve the efficiency of cross-border communication between European judicial authorities and facilitate access to justice for citizens and businesses – has been developed by a consortium of Member States, who are in charge of its management until 2024.
The draft regulation introduces provisions protecting the independence of the judiciary and details the governance and management structure to be implemented within eu-LISA.
The decision was taken during the Justice and Home Affairs Council meeting taking place 7-8 June 2021. "The COVID-19 pandemic has put the spotlight on the need to, among others, speed up the digitalisation and interoperability of our justice systems. Providing our judicial authorities with a sustainable, secure system to communicate in cross-border procedures is an important step in this direction", said Francisca Van Dunem, Portuguese Minister of Justice, during the segment dedicated to discussing e-CODEX.
As part of eu-LISA's growing role in the justice domain, the Agency is set to take over operational management of the system as of 1 July 2023.
e-CODEX – which stands for "e-Justice Communication via Online Data Exchange" – offers a digital, decentralised infrastructure for secure communication between national systems, facilitating its users (judicial authorities, legal practitioners and citizens) to send and receive documents, legal forms and evidence. The reasoning behind e-CODEX is that access to justice should not be discouraged by the complex variety of the different legal systems across EU Member States.
The transfer of the system to eu-LISA is not an end in itself, as very soon e-CODEX will be ready for further expansion and will require the introduction of new security and interoperability features. As with all new technology, the implementation must occur hand in hand with the respect of fundamental rights, data protection and privacy regulations. eu-LISA will be responsible, among others, for technical development, maintenance, bug fixing, updates and support, as well as development of new features in order to respond to emerging requirements.

TSA Could Better Monitor Its Efforts to Reduce Infectious Disease Spread at Checkpoints

Within TSA, approximately 46,000 TSOs stationed across the nation's commercial airports perform screening and other activities that often require close interaction with passengers. As a result, both passengers and TSOs may be at an increased risk of infection during pandemics such as COVID-19.
The CARES Act included a provision for GAO to conduct monitoring and oversight of the federal government's response to the COVID-19 pandemic. This report identifies 1) what steps TSA has taken to reduce the spread of COVID-19 at passenger screening checkpoints; and 2) how TSA is monitoring TSOs' implementation of amended safety and screening procedures, among other objectives.
GAO analyzed TSA data on TSOs' use of paid leave, reviewed documentation on policies and procedures, and interviewed TSA officials at headquarters and eight U.S. airports. We selected these airports to reflect diversity in the number of COVID-19 cases among TSOs, airport size, and geographic region. In addition, for six of these airports, GAO reviewed closed circuit television footage to observe how TSOs were implementing COVID-19 procedural changes.
To reduce the spread of COVID-19 at passenger checkpoints, Transportation Security Administration (TSA) officials issued amended safety measures to require that Transportation Security Officers (TSOs) use surgical masks and face shields, change gloves after pat-downs, and physically distance themselves from coworkers and passengers as practicable. TSA also adjusted some screening procedures, such as asking passengers to remove more items from carry-on baggage to reduce the potential for alarms that require bag searches. In addition, TSA modified the use of certain checkpoint screening technologies, and granted TSOs additional paid leave. In January 2021, TSA began an employee vaccination program, and is in the process of vaccinating TSA employees, including TSOs.
TSA's monitoring and analysis of its measures to reduce the spread of COVID-19 is limited. For example, supervisors' operational checklists do not specifically include the revised COVID-19 procedures, and the data that TSO monitors collect (e.g., on whether TSOs are properly wearing masks or changing gloves) reflect implementation at a point in time rather than throughout a shift. Conducting more complete monitoring would help TSA ensure that its TSOs are properly implementing COVID-19 procedures. In addition, TSA field leadership analyzes available monitoring data for different subsets of airports to understand how COVID-19 procedures are being implemented. However, TSA headquarters officials said they had no plans at the time of our review to analyze this data across all airports nationwide to identify common implementation problems, such as incorrectly wearing face shields and challenges with maintaining physical distance. Analyzing monitoring data across all airports would help TSA identify and address any system-wide deficiencies in implementing COVID-19 procedures, so that it may better protect its workforce and the traveling public.

CISA Publish Rising Ransomware Threat to Operational Technology Assets Fact Sheet

CISA has published Rising Ransomware Threat to Operational Technology Assets, a fact sheet for critical infrastructure owners and operators detailing the rising threat of ransomware to operational technology (OT) assets and control systems. The document includes several recommended actions and resources that critical infrastructure entities should implement to reduce the risk of this threat.
The guidance:
- Provides steps to prepare for, mitigate against, and respond to attacks;
- Details how the dependencies between an entity’s IT and OT systems can provide a path for attackers; and
- explains how to reduce the risk of severe business degradation if affected by ransomware
Given the importance of critical infrastructure to national security and America’s way of life, CISA published this fact sheet to help organizations build effective resilience.

Italy announced the creation of the national cybersecurity agency

The Italian government has announced the creation of a new agency focused on cybersecurity. Prime Minister Mario Draghi provided its strong commitment to the creation of the agency that is tasked to protect the country and its critical national infrastructure from cyber threats.
The creation of the agency follows warnings by Prime Minister Mario Draghi that Europe needed to protect itself from Russian "interference". The announcements comes after a slew of ransomware attacks in recent months, with recent high profile examples including Colonial Pipeline and JBS.
It will need to "protect national interests and the resilience of services and essential functions of the State from cyber threats," a government statement said. Speaking in Brussels, following a European Union summit, Draghi said urgent action was needed.
"We need to strengthen ourselves a lot, especially in terms of cybersecurity, all of us, at national level and at EU level... because the level of [Russian] interference both with spies and with manipulation of the web has become truly alarming," he said.
The new Italian cybersecurity agency will develop and implement cyber strategies to prevent, monitor, detect and mitigate cyber attacks, and increase the level of cyber security of the country’ infrastructures.

ACSC’s Critical Infrastructure Uplift Program (CI-UP) will help to protect Australia’s essential services from cyber threats

The ACSC is calling for ACSC Partners to help pilot the Critical Infrastructure Uplift Program (CI-UP). CI-UP will help protect Australia’s essential services from cyber threats by raising the security levels of critical infrastructure organisations. CI-UP is part of the Australian Signals Directorate’s Cyber Enhanced Situational Awareness and Response (CESAR) package and compliments the Australian Government’s ongoing work to protect critical infrastructure security through proposed amendments to the Security of Critical Infrastructure Act 2018.
CI-UP will build knowledge and expertise for critical infrastructure providers to strengthen their cyber defences. CI-UP has been designed to:
- evaluate critical infrastructure cyber security maturity;
- deliver prioritised vulnerability and risk mitigation recommendations; and
- assist partners to implement the recommended risk mitigation strategies.
Critical infrastructure entities that are ACSC Partners can register their interest via the CI-UP form. Following the pilot, all organisations in the critical infrastructure and systems of national significance sectors, as defined in the Security of Critical Infrastructure Act 2018, can register to participate. If you are not currently an ACSC Partners, and wish to participate in the CI-UP, you will first need to register to become an ACSC Partner through the ACSC Partner Hub.

NCSC's Early Warning service

Early Warning helps organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.
Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.
Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names you provide, correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal.
Organisations will receive the following high level types of alerts:
- Incident Notifications – This is activity that suggests an active compromise of your system.
For example: A host on your network has most likely been infected with a strain of malware.
- Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
For example: A client on your network has been detected scanning the internet.
- Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
For example: You have a vulnerable application, or you have an exposed Elasticsearch service.
Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls, and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert your organisation about potential attacks on your network.
Full details at www.ncsc.gov.uk/information/early-warning-service

Cyber attacks on operational technology increasing

Ransomware: What board members should know and what they should be asking their technical experts
A recent report by FireEye’s Mandiant looked at attacks on operational technology control processes. Once viewed as complex due to access requirements, there are now many more internet-facing endpoints offering a wider attack surface.
Mandiant noted that attackers are not necessarily sophisticated, nor do they know what they are targeting. Graphical user interfaces have been accessed allowing attackers to modify variables without understanding the process being controlled.
The recent attack on Colonial Pipeline disrupted supply lines causing shortages is just one of a number of attacks against critical infrastructure networks.
Last year, in joint work, the NCSC released information for Critical National Infrastructure (CNI) organisations on effective use of the Security design principles and CISA, in the US, issued a summary of best practices for the security of Industrial Control Systems (ICS).

New ITU tools to foster digital development

Data is critical to our goal of connecting the world. It tells us where we were, where we are, what works and what doesn’t. It is a key ingredient of empirical research for establishing correlation, determining causality, identifying good practices, and formulating policy recommendations.
Since the advent of the Internet, data volumes have grown exponentially. And yet, reliable and meaningful data remain surprisingly scant, because producing such data is often complex, costly, and time-consuming.
To enhance its offerings, ITU has released three new tools: an online training course; a new edition of ICT price trends; and the Digital Development Dashboard.
Developing statistical capacity
ITU is responsible for setting the international statistical standards for ICT indicators. The Manual for measuring ICT access and use by households and individuals and the Handbook for the collection of administrative data on telecommunications/ICT describe approximately the 200 or so standards maintained by ITU.
These publications are complemented by capacity development activities on the ground. To reach a broader audience, ITU is also creating several online training courses on ICT statistics. The first, Measuring digital development: Telecommunication/ICT Indicators, is now available for free on the ITU Academy platform.
Tracking the cost of connectivity
The cost of connecting to the Internet partly is one of the key reasons why some 3.7 billion people are still offline and prevents many of the 4 billion who are connected from harnessing the potential of the Internet.
The 2020 edition of ICT price trends provides analyses and compares prices of key ICT services for more than 200 economies, providing unique insights on the status of ICT affordability.
Number of economies achieving the Broadband Commission target with data-only mobile-broadband services. Includes 188 economies for which data is available from 2020 data collection. Source: ICT Price trends 2020, ITU
The report takes stock of progress towards the UN Broadband Commission’s affordability target for 2025, according to which entry-level broadband services – i.e., the cheapest data-only broadband mobile or fixed subscription available – should amount to less than two per cent of monthly gross national income (GNI) per capita.
The report features new measures of affordability that reveal vast disparities within countries: even where the target has been met at country level, services often remain unaffordable for the 40 per cent poorest.
As a complement to the report, a new ICT price app enables users to compare prices of various ICT services across countries and regions and visualise trends going back 10 years.
ICT price trends follow a massive data collection effort by ITU, its Member States, and the Alliance for Affordable Internet (A4AI).
Making data more accessible
Hidden data cannot create impact.
The newly launched Digital Development Dashboard provides a user-friendly overview of digital development for 196 economies.
The Dashboard features 37 indicators related to infrastructure and access, Internet use, and enablers and barriers. It presents 10-year trends and comparisons with regional peers. A ‘light’ version is available for mobile and low-resolution devices, while two-page country profiles can be downloaded as PDFs. The underlying data can also be downloaded in Excel format.
1 31 32 33 34 35 53