ENISA Report Highlights Resilience of Telecom Sector in Facing the Pandemic

ENISA is releasing its ‘Telecom Security During a Pandemic’ report at the 32nd meeting of EU telecom security authorities. Underlining the current strength of the sector in the face of the pandemic, the report also calls for increased cooperation, as telecommunications become more and more essential for Europe’s society and economy.
the European Union Agency for Cybersecurity (ENISA) is releasing its Telecom Security During a Pandemic report, which gives an overview of initiatives and good practices in the telecom sector to mitigate the impact of the pandemic. The report highlights the resiliency of telecom networks and services during the pandemic, which sustained major fluctuations in usage and traffic. The report also points to the need for increased cooperation between the public and private sectors as the role of telecoms expands.
The COVID-19 pandemic triggered major changes in the use of telecom networks and services: employees are teleworking; students are learning online; people are communicating via video. Almost overnight, the telecoms sector became a lifeline for Europe’s citizens and businesses. The pandemic put the telecom sector to the test with traffic peaks and spikes, combined with a national crisis and difficult working circumstances. Peaks followed major announcements about the pandemic; spikes occurred after news of lockdowns and closures. The diagram below shows the correlation between COVID-19 cases and fluctuations in network traffic on a single timeline. This is an example of one provider in one EU country, but it is representative of what other operators in Europe observed.
The report is divided in three parts:
- Early response phase: The report assesses the steps taken by telecom providers in the early response phase when providers activated their business continuity plans and supported emergency communications and communications via public warning systems.
- From initial strain to the new normal: Telecom providers had to deal with major surges and shifts in usage and in traffic patterns from the start of the pandemic. Gradually, this stabilised and became “the new normal”. The report examines the changes in usage, traffic patterns and network performance during the pandemic, and provides various examples of how providers managed the increased network loads.
- Response by the national authorities and collaboration with the telecom sector: The report provides a brief country-by-country summary of the pandemic response by the national telecom security authorities in the Union. It also highlights examples of industry initiatives, collaboration initiatives and information sharing between providers and authorities.

JRC proposes a new framework to raise awareness and resilience against hybrid threats

A new conceptual framework on hybrid threats designed by researchers aims to increase the understanding of hybrid threats and facilitate the development of effective measures to improve resilience against these threats.
The 'hybrid threats' concept refers to coordinated action conducted by hostile state or non-state actors with the deliberate goal to undermine or harm democratic states.
Although the topic is high on the political agenda, our understanding of hybrid threats is often limited to past experiences and known forms of interference, such as disinformation and terrorism.
Working together with the Centre of Excellence for Countering Hybrid Threats (Hybrid CoE), the JRC has developed a conceptual framework, which describes the components of hybrid threats in terms of actors, their objectives, tools, the domains that can be compromised as well as the different phases of action.
Speaking during the launch event of the conceptual framework, Mariya Gabriel, European Commissioner for Innovation, Research, Culture, Education and Youth, said: "The EU has the capacities and know-how to build its resilience against hybrid threats. But we need to understand the problem in depth to be able to design an effective response. It is our advantage that we ground our policy actions on science. The conceptual framework is an instrumental part of this process. It provides a comprehensive description of hybrid threats, actors and the tools that can be used against EU countries."
The work aims to facilitate the early detection of hybrid threats, the identification of gaps in preparedness and response and the development of effective measures to counter this complex phenomenon.
The research teams call for a whole-of-society approach, which brings together all civil, military and political actors for a more effective response to hybrid threats.
Understanding modern hybrid threats
The concept of hybrid threats is not new, but modern tools and technologies, as well as increased levels of connectivity have enabled the actors behind hybrid threats to organise attacks with potentially devastating effects.
Cyberattacks, disinformation campaigns and election interference can be part of hybrid threat activity, but none of them constitutes a hybrid threat alone.
Hybrid campaigns can be a combination of both conventional and non-conventional means, including classic warfare, cyberattacks, fake news and election interference.
They are designed to be difficult to detect or attribute to any individual or group.
The actors behind these actions aim to create ambiguity and confusion by blurring the borders of what is true and what is false, what is acceptable and what is unacceptable behaviour, manipulating legal thresholds and making it difficult attribute responsibility for wrong-doing to any particular actor.
The overarching objective of the actors is to undermine public trust in democratic institutions, challenge the core values of societies, gain geopolitical influence and weaken the decision-making capacity of countries.

Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group

Three suspects have been arrested in Lagos following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation. The Nigerian nationals are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns and extensive Business Email Compromise scams.
The suspects are alleged to have developed phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations. They then used these campaigns to disseminate 26 malware programmes, spyware and remote access tools, including AgentTesla, Loki, Azorult, Spartan and the nanocore and Remcos Remote Access Trojans. These programmes were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and syphoning funds. According to Group-IB, the prolific gang is believed to have compromised government and private sector companies in more than 150 countries since 2017.
Group-IB was also able to establish that the gang is divided into subgroups with a number of individuals still at large. While investigations are still ongoing, some 50,000 targeted victims have been identified so far.
The year-long investigation, dubbed ‘Operation Falcon, saw INTERPOL’s Cybercrime and Financial Crime units work closely with Group-IB to identify and locate threats, and ultimately, assist the Nigerian Police Force, via the INTERPOL National Central Bureau in Abuja, in taking swift action.
Group-IB’s participation in the operation came under Project Gateway, a framework which enables INTERPOL to cooperate with private partners and receive threat data directly.
Craig Jones, INTERPOL’s Cybercrime Director highlighted the outstanding cooperation between all those involved in the investigation and underlined the importance of public-private relationships in disrupting virtual crimes. “This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation,” he said.

CISA releases the insider threat mitigation guide

The Cybersecurity & Infrastructure Security Agency (CISA) has released their Insider Threat Mitigation Guide for organizations who have individuals entrusted with access to or knowledge of their organization, who represent potential risks, which includes current or former employees or any other person who has been granted access, understanding, or privilege.
Organizations of all types and sizes are vulnerable to insider threats. The CISA Insider Threat Mitigation Guide is designed to assist individuals, organizations, and communities in improving or establishing an insider threat mitigation program. It offers a proven framework that can be tailored to any organization regardless of size. It provides an orientation to the concept of insider threat, the many expressions those threats can take, and offers an integrated approach necessary to mitigate the risk. The Guide shares best practices and key points from across the infrastructure communities.
"This Insider Threat Mitigation Guide is an evolution in the series of resources CISA makes available on insider threats. This Guide draws from the expertise of some of the most reputable experts in the field to provide comprehensive information to help federal, state, local, tribal, and territorial governments; non-governmental organizations; and the private sector establish or enhance an insider threat prevention and mitigation program."
"Moreover, this Guide accomplishes this objective in a scalable manner that considers the level of maturity and size of the organization. It also contains valuable measures for building and using effective threat management teams. Through a case study approach, this Guide details an actionable framework for an effective insider threat mitigation program: Defining the Threat, Detecting and Identifying the Threat, Assessing the Threat, and Managing the Threat." said Steve Harris, Acting Assistant Director for Infrastructure Security, Cybersecurity and Infrastructure Security Agency.
The full Guide can be downloaded at CISA.org >> 

Europe deploys 7Shield - cybersecurity from space?

SHIELD – Safety and Security Standards of Space Systems, ground Segments and Satellite data assets, via prevention, detection, response and mitigation of physical and cyber threats.
The project gives an innovative boost to the protection of earth segments and satellite data resources. Protecting critical infrastructures from cyber threats. From IoT to machine learning, here are the advanced technologies integrated into the framework.
The overall concept of 7SHIELD is to provide to the European Ground Segment facilities a holistic framework enable to confront complex cyber and physical threats by covering all the macrostages of crisis management, namely pre-crisis, crisis and post-crises phases.
The Copernicus era has created a new market with the massive amounts of satellite data that the ground segments of space systems receive serve to the market and governmental bodies.
A physical/cyber-attack to their installations or communication networks, respectively, would cause debilitating impact on public safety and security of EU citizens and public authorities. A physical attack on a space ground segment makes the distribution of satellite data problematic and, on the other hand, a cyber-attack in its data storage, access and exchange affects not only the reliability of space data, but also their FAIR standards: findability, accessibility, interoperability and reusability. Current approaches do not fully exploit the recent advances in surveillance mechanisms with robotic technologies and AI.
Given the above, the Center for Security Studies (KEMEA), has successfully submitted as member of a wider consortium, 7SHIELD proposal under the topic “SU-INFRA01-2019: Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructure in Europe” of H2020. 7SHIELD has officially started on September 2020 and will have a duration of 24 months, coordinated by ENGINEERING (Italy).
7SHIELD will be an integrated yet flexible and adaptable framework enabling the deployment of innovative services for cyber-physical protection of ground segments, such as e-fences, passive radars and laser technologies, multimedia AI technologies, that enhance their protection capabilities, while integrating or interoperating with existing protection solutions already deployed at their installations. The framework will integrate advanced technologies for data integration, processing, and analytics, machine learning and recommendation systems, data visualization and dashboards, data security and cyber threat protection. The technological solution is co-designed with first responders’ teams and contributes to policy making, standardisation and new guidelines for contingency planning and service continuity. The project will be evaluated and demonstrated in five installations of ground segments of space systems.
KEMEA will be a task leader both in identifying security requirements in relation to the technology systems in use and the integration of the 7SHIELD solution and in defining the model of the Emergency Response Plan, by following the guidelines as described in international Standards such as ISO22320:2018 Security and resilience -- Emergency management -- Guidelines for incident management. KEMEA will also have a crucial role in pilot implementation, evaluation and training and an overall contribution to the whole development of the program.

ENISA publish report for cyberecurity measures in Railway Transport Sector

Representing 472 billion passenger-kilometres, 216,000 km of active railways3 and 430 billion tonne-kilometres for freight transport, the railway sector plays an important and fast-growing role. Railway infrastructure and systems are key assets, crucial to developing and protecting the European Union.
The railway sector enables goods and passengers to be transported within countries and across borders, and is key to the development of the European Union. The main players within this sector are the railway undertakings (RU), in charge of providing services for the transport of goods and/or passengers by rail; and the infrastructure managers (IM), in charge of establishing, managing and maintaining railway infrastructure and fixed installation, including traffic management, control-command and signalling, but also station operation and train power supply. Both are in the scope of the NIS Directive, and their identification as operator of essential service (OES) respects the transposition of laws to the majority of member states.
Challenges
The study also identifies the main challenges faced by the sector to enforce the NIS Directive:
- Railway stakeholders must strike a balance between operational requirements, business competitiveness and cybersecurity, while the sector is undergoing digital transformation which increases the need for cybersecurity.
- Railway stakeholders depend on suppliers with disparate technical standards and cybersecurity capabilities, especially for operational technology.
- OT systems for railways have been based on systems that were at a point in time secure according to the state-of-the art but due to the long lifetime of systems they eventually become outdated or obsolete. This makes it difficult to keep them up-to-date with current cybersecurity requirements. Furthermore, these systems are usually spread across the network (stations, track, etc.), making it difficult to comprehensively control cybersecurity.
- Railway operators report issues of low cybersecurity awareness and differences in culture, especially among safety and operations personnel.
- Existing rail specific regulation doesn’t include cybersecurity provisions. OES often have to comply with non-harmonized cybersecurity requirements deriving from different regulations.
ERTMS is also covered in this study as a separate infrastructure due to its special requirements and its cross-European nature.

NCSC defends UK from more than 700 cyber attacks while supporting national pandemic response

THE National Cyber Security Centre defended the UK from an average of 60 attacks per month during a year which saw its resources proactively focused on the coronavirus response, the organisation’s latest Annual Review revealed today.
The NCSC, which is a part of GCHQ, handled 723 incidents between 1 September 2019 and 31 August 2020, with around 200 related to coronavirus. In the previous three years since launching, they supported an average of 602 incidents annually (590 in 2017, 557 in 2018 and 658 in 2019).
The growth this year reflects ongoing NCSC efforts to proactively identify and mitigate threats, tips the organisation receives from its extensive network of partners and reports from victims themselves.
In a year heavily influenced by the pandemic, the review highlights the NCSC’s support for the healthcare sector, such as scanning more than 1 million NHS IP addresses for vulnerabilities leading to the detection of 51,000 indicators of compromise, and working with international allies to raise awareness of the threat of vaccine research targeting.
With cyber criminals looking to exploit public fear over the pandemic with coronavirus-related online scams, the NCSC and the City of London Police also launched the Suspicious Email Reporting Service, which received 2.3 million reports from the public in its first four months – resulting in thousands of malicious websites being taken down.
The NCSC also provided the technical assurances during the creation of the Virtual Parliament, as well as producing a wide range of advice for businesses and individuals switching to home working as a result of the pandemic.
A new remote working scenario was added to the NCSC’s ‘Exercise in a Box’ programme. The initiative, which allows people to test their cyber defences against realistic scenarios was used by people in 125 countries this year.

Call to action on international standards

The Riyadh International Standards Summit concluded with the call to action for “each country to recognize, support, and adopt international standards to accelerate digital transformation in all sectors of the economy to help overcome global crises, such as COVID-19, and contribute towards the achievement of the United Nations Sustainable Development Goals (SDGs)”.
The Call to Action emphasizes international standards’ important role in the implementation of the United Nations’ Global Agenda aimed at achieving all 17 SDGs by 2030. “Today’s global health crisis has highlighted the need to continue investing in our digital future, through investments to drive infrastructure development, connect the unconnected, and build confidence and trust in digital technologies: elements which are all crucial to the achievement of the SDGs.”
Reflecting on the issues addressed, ISO Secretary-General Sergio Mujica saw a strong common spirit shared by all participants. “This recognition raises the bar on supporting international standards and illustrates the critical role each country can play in overcoming our common challenges and boosting synergies for all. We look forward to the international community answering the call to recognize, support and adopt international standards as a key instrument for economic and social development.”
The Summit enabled an integrated, introspected and exhaustive look at international standards developed by IEC, ISO and ITU, and their role in global trade as well as in social and economic development. Key stakeholders and decision makers were able to exchange experiences and perspectives on the importance of international standards in addressing shared fears and aspirations for the future.
“The call to action sends a real message in support of consensus-based international standards developed by IEC, ISO and ITU. It shows that, in these challenging moments of COVID-19, we are interdependent. Mutually beneficial global solutions can be found to our common global challenges,” said IEC General Secretary Philippe Metzger.
Digital technologies used to strengthen and accelerate the collective response to the COVID-19 pandemic, as well as to enhance the ability to prevent and mitigate future crises, have been a frequent topic of this year’s G20. The call to action reinforces the need for countries to leverage international standards to deliver solutions to such global challenges.
“This pandemic calls for a robust international response. International standards developed by IEC, ISO and ITU go beyond national borders by connecting countries to global markets. They encompass global approaches that enable all countries to grow, thrive and support development for years to come,” concluded Chaesub Lee, Director of the ITU Telecommunication Standardization Bureau.

What was learned while developing Bhutan’s first National Cybersecurity Strategy

While the introduction of information and communication technologies (ICTs) brings undeniable benefits in terms of speed and efficiency of digital transformation, it can also significantly expand the cybersecurity risk landscape or “attack surface.”
Adopting and implementing an NCS can be particularly challenging for developing countries as it requires significant economic, human, and organizational resources. Committed to supporting governments by building capacity and transferring knowledge, ITU hosted a webinar on NCS development and implementation where international experts discussed key actions to build cybersecurity resilience and readiness.
A critical contribution came from the Bhutan Computer Incident Response Team (BtCIRT). We decided to share lessons learned while developing our NCS since Bhutan’s experience not only demonstrates the typical cybersecurity challenges faced by developing countries, but also how developing an NCS can turn these challenges into opportunities for stronger cybersecurity.
Embarking on a journey
Bhutan’s journey toward the definition of its first NCS began in 2012 with a readiness assessment conducted by ITU to measure not only the cybersecurity maturity level of the Kingdom of Bhutan, but also its cyberthreat landscape.
Following the assessment, the Bhutan Computer Incident Response Team (BtCIRT) was formally established in April 2016. The BtCIRT operates under the Department of IT & Telecom (DITT) of the Ministry of Information & Communications. Our formal mandate is to provide both reactive and proactive cybersecurity services to the entire nation, including guiding the development of a national strategy.
After a number of iterations, the first version of the NCS was finalized in October 2020 through two rounds of task-force workshops. At the time of writing, the NCS is awaiting public consultation after which it will be submitted to the Cabinet of Bhutan for approval.
Overcoming hurdles
Explaining the importance of cybersecurity and the necessity for a strategy was one of the most significant initial challenges. Despite the great engagement of the Kingdom of Bhutan in ICT development, many government and private sector leaders are from non-technical backgrounds. In a country where digital transformation is a work in progress, awareness of the importance of cybersecurity remains a big challenge. Senior management perceived cybersecurity as a purely technological problem with limited impact on other domains. In reality, cybersecurity is a shared responsibility that needs multidisciplinary and structured solutions from top management.
Another key challenge was gaining support and buy-in from stakeholders. As the NCS is a national endeavour and roadmap to achieving a safer online environment, it needs to cater to the whole country to ensure that it is comprehensive and inclusive through the involvement and collaboration of all stakeholders.
Not all perceived cybersecurity as a priority, and others held different views on how to implement it. It was challenging to bring everyone together in the first place, and even more difficult to achieve consensus on strategic direction and specific areas of concern.
Visibility, funding and partnerships key
Given this was the first time developing a National Cyber Security Strategy for Bhutan, all challenges constituted an important learning experience and an opportunity to enhance the country’s cybersecurity maturity.
First, developing the NCS spread cybersecurity awareness and visibility throughout the institutional apparatus. In Bhutan, the government accords the highest importance to digital transformation and information and communication technologies. The high-level ICT steering committee, with members representing top management from every sector (government, public and private), drives and monitors the implementation of ICT projects.
In terms of funding, the Department of IT & Telecom secured a dedicated budget projected over 5 years for the implementation of the NCS. Identifying critical information infrastructure, conducting cybersecurity awareness training and cybersecurity capacity building are among the initial activities to be carried out. The Strategy also clearly identifies stakeholders and their responsibilities.
After the approval of NCS, three working groups will be formed. The legal group will carry out the assessment on cybersecurity legislation, the Child Online Protection group will develop guidelines, and the Technical group will develop relevant security requirements and guidelines. All activities will be monitored monthly by BtCIRT and issues will be escalated to the High-Level ICT steering committee.
Finally, the public-private partnership model presents a potential opportunity to further build cybersecurity awareness in Bhutan. As the BtCIRT is limited in terms of human resources and capacity, it could improve incident reporting and handling, as well as enhance knowledge sharing. To that end, the implementation strategy includes a plan to set up sectoral Security Operation Centers to improve cybersecurity in critical sectors.
Looking ahead
The last two decades have seen the Kingdom of Bhutan undergo a far-reaching digital transformation, especially in terms of delivery and adoption of digital services.
Another recent trend is that many Bhutanese people have embraced cardless transactions. More recently, due to the COVID-19 pandemic, the health and education sectors have adopted innovative measures for service delivery.
As Bhutan continues its digital transformation work, global and national capacity building in this field remains a necessity for the successful development of National Cybersecurity Strategies. The result is not only the betterment of countries’ cybersecurity posture, but an opening of opportunities that will enable the benefits of digitalization to reach more citizens, for an altogether more sustainable digital future.

Building a solid foundation for measuring the impact of cybercrime

INTERPOL and the Council of Europe, in the framework of the GLACY+ Project, cooperate in publishing the Guide for Criminal Justice Statistics on Cybercrime and Electronic Evidence.
While many governments recognize the need to take action against cybercrime, they face difficulties in defining the problem at hand.
To effectively tackle the multifaceted and imperceptible nature of cybercrime, criminal justice authorities need a good understanding of the scale, types and impact of the crime. For this reason, the Council of Europe and INTERPOL have jointly developed the Guide for Criminal Justice Statistics on Cybercrime and Electronic Evidence to support countries develop a clearer vision of the global problem.
The key goal of this joint effort is to help criminal justice authorities worldwide acquire the statistics on cybercrime and electronic evidence by providing good practices and recommendations. Statistics enable the authorities to shape effective policies and operational responses. This guide lays out the agenda for compiling criminal justice statistics with key steps for data collection, analysis and cooperation among multiple stakeholders.
“Well-defined statistics produced in collaboration with criminal justice authorities will not only provide valuable insights into the changing environment, but also strategic indicators for measuring the effectiveness of policies and activities,” said Alexander Seger, Head of the Cybercrime Division of the Council of Europe.
“How countries approach cybercrime and electronic evidence at the national level has a real impact on available options on global cooperation. It also serves as the cornerstone for developing tailored operational responses to reduce the global impact of cybercrime,” said Craig Jones, INTERPOL’s Director of Cybercrime.
INTERPOL and the Council of Europe will continue to cooperate to enhance the ability of criminal justice authorities worldwide to tackle cybercrime and encourage international cooperation in collecting and analyzing electronic evidence.
1 46 47 48 49 50 60