Cyber Security/Protection

Days after it was confirmed that Russian hackers had exploited a software flaw to attack several U.S. agencies, the Government Accountability Office has released the results of an audit which showed that 23 agencies are failing to manage risks in their IT supply chains. However, the GAO’s team leader acknowledges that even with “robust” management, “most likely this particular attack would have happened because of the level of sophistication that was involved.” [node:read-more:link]

The United States “is better at cyber than anyone else” or so says President Donald Trump. Asked during a televised interview about a possible cyberattack from Iran, he replied that if it did happen, “we’ll be able to hit very hard.” He characterized cyber as “a new form of war” which the U.S. has “very well under control.” [node:read-more:link]

Some three years after the fact, details are available on a major “real world” test of cyber  cooperation between the U.S. and coalition partners in their Daesh campaign. Operation Glowing Symphony in November 2016 was the largest exercise of its kind operations and the details show that U.S. Cyber Command considered sharing information typically held closely. The details are in documents released as part of a Freedom of Information Act request by George Washington University archives. [node:read-more:link]

Israel’s military has disclosed that it has foiled a move by Palestinian Hamas militants to hack into Israeli troops’ smartphones. It uncovered the plot several months ago but let it continue under surveillance until they shut it down.  Dozens of troops were targeted by Hamas agents posing as young women, enabling them to download malware. [node:read-more:link]

The U.S. has identified four Chinese military officers it has charged with overseeing a massive 2017 cyber attack on Equifax which resulted in the theft of personal data on more than 147 Americans and some foreign nationals listed in the credit-rating agency’s files. The whereabouts of the four suspects is unknown and China denies the allegations. [node:read-more:link]

U.S. Cyber Command wants to spend $11.6 million to procure systems which would enable its personnel to deploy abroad on “hunt forward” missions to block malicious cyber activity. The proposed project is proposed for 2021 within the Air Force envelope. [node:read-more:link]

Seven variants of a malware program associated with North Korea prompted the U.S. intelligence community to issue a warning 17 February to the public and private sectors. The “Hidden Cobra” program evidently includes a remote-access trojan which would enable hackers to upload and download files as well as monitor victims’ microphones, clipboards and screens. [node:read-more:link]

Germany is moving to protect cyber technologies as national assets, enabling it to side-step European Union regulations which otherwise require procurements to be open to bids from prospective suppliers in all member states. Artificial intelligence, electronic warfare, networked operations, cryptology and defence-related information and communications technologies are deemed crucial to national security and hence are exempt. [node:read-more:link]

Growing reliance on the public cloud as a core element of public- and private-sector transition to an increasingly digital world worries Eric Trexler, vice-president of global governments and critical infrastructure at Texas-based Forcepoint, a company partly owned by Raytheon which develops and markets cybersecurity software. While the trend is expected to give agencies more data storage flexibility, he says it also amounts to an “attractive bullseye” for cyberattackers. [node:read-more:link]

U.S. Defense Secretary Mark Esper says he and his British counterpart, Ben Wallace, have agreed to “further” reduce Huawei’s presence in 5G telecom infrastructure, but Esper is not elaborating. Britain has agreed to limited Huawei involvement while the U.S. remains vehemently opposed on security grounds, and it remains unclear that the two administrations had struck an actual deal. [node:read-more:link]

The Stockholm International Peace Research Institute says that neither the European Union nor China, having benefited from their evolving relationship, seeks confrontation or an adversarial relationship going forward. However, in an “insights paper” published 03 March, SIPRI cautions that increasing connection between military and non-military dimensions of security have prompted EU states to develop new ways of addressing potential threats to transport and digital communications networks. [node:read-more:link]

The Chief of the Defence Staff, Gen. Jonathan Vance, is worried about anything that would give China easier access to Canadian military computer networks. However, he says, he is confident that any security risks from Huawei's participation in expanding 5G service in Canada can be addressed. [node:read-more:link]

A former national security advisor to the British government is recommending that plans to complete an integrated review of defense, security, foreign policy and development should be put on hold. Peter Rickets echoes others in warning a parliamentary committee that the review, announced by Prime Minister Boris Johnson in December, will suffer from being rushed. [node:read-more:link]

A seven-page document released by the U.S. administration sets out its strategy for 5G telecommunications infrastructure “arm-in-arm with closest partners and allies.” Its release marks the administration’s initial move to meet requirements in new legislation President Donald Trump signed earlier this week. [node:read-more:link]

Russian hackers are suspected of spreading COVID-19 pandemic disinformation about the Canadian-led NATO battle group in Latvia. “Definitely not true,” the task force commander, Col Eric Laforest, says of recent reports in some Baltic and Eastern European media that there was “a high number” of cases among the CAF at Camp Adazi near the capital city Riga. [node:read-more:link]