Janet Broadband Policy Watch

Last updated: 
6 days 15 hours ago
Blog Manager
Log in to request membershipHide blog description
This blog monitors and reports on broadband policy and marketplace developments in the UK, Europe and worldwide that are likely to be of interest to the Janet community. Posts here may also reference my Broadband Policy Watch blog and you can also find me on Twitter.

Group administrators:

Recent members:

Cyber security news roundup July 2017

Thursday, August 3, 2017 - 16:24

Policy developments:

  • The Government announced an extension to the GCHQ Cyber Accelerator programme; the scheme brings together GCHQ and industry expertise to develop new cyber security technologies.
  • A major new cyber security innovation centre is to be established in London; up to £14.5 million will be invested in the new centre and a competition to develop and design the new centre has been launched by the Department for Digital, Culture, Media and Sport (DCMS).
  • Teenagers are being encouraged to register their interest in taking part in a cyber security schools programme being rolled out as part of plans to help the nation address the risk of a future skills shortage. The £20 million programme to train almost 6,000 teenagers is due to launch in the autumn. Students, teachers and industry can register their interest here.
  • PublicTechnology reported that NHS Digital has published a request for information (RFI) looking for feedback from the supplier community to help ensure its tender process its planned Security Operations Centre is fit for purpose.
  • Computer Weekly reported on the opening by Harriett Baldwin, UK minister for defence procurement, of Lockheed Martin’s new cyber security centre intended to boost UK cyber defence capability and skills.
  • Computer Weekly also reported how Wales has become a global hotspot for cyber security innovation: “The country has become a UK leader in the sector thanks to the success of companies such as Alert Logic, Wolfberry, ITSUS Consulting and Pervade Software, which are hailing it as the prime location for the research and development (R&D) and commercialisation of defence and security products.”

New research & analysis:

  • A new Jisc survey indicates that universities’ cybersecurity budgets are increasing rapidly, but investment alone is not enough to tackle the problem. While the sector is making good progress in raising awareness of threats, some universities report difficulties in recruiting staff with the right skills and suggest there is not enough support for cybersecurity from senior decision-makers.
  • Computing reported that half of UK firms have been hit by ransomware, with 12 per cent saying these types of attacks had not been detected until after they had entered corporate systems.
  • Research by business ISP Beaming found a significant increase in the amount of cyber attacks targeting UK’s businesses in the second quarter of 2017: firms were, on average, subjected to almost 65,000 internet-borne cyber attacks each in the three months to June, an increase of 52 percent on the first quarter of 2017.
  • ENISA, the European Union Agency for Network and Information Security, published the findings from its latest cyber crisis exercise: over 1 000 participants from all 28 EU Member States, along with Switzerland and Norway, joined last year in a simulated crisis which lasted for over 6 months, culminating in a 48‑hour event on 13 and 14 October 2016.
  • A survey of 580 attendees at the 2017 Black Hat security conference found that most information security professionals believe that the US critical infrastructure will be breached by a cyber attack within the next two years. Only 26% are confident that US government and defence forces are equipped and trained to respond appropriately. Most also believe that their own enterprises will be breached in the next 12 months.
  • A study presented at Black Hat 2017 by researchers at Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering showed that ransomware victims have paid more than $25 million in ransoms over the last two years. Also see coverage from The Verge, threatpost and BBC News.
  • The International Telecommunications Union (ITU), the United Nations specialized agency for information and communication technology, has published the Global Cybersecurity Index 2017 (GCI-2017, full report here), measuring the commitment of the ITU's 193 Member States to cybersecurity: “The overall picture shows improvement and strengthening of all five elements of the cybersecurity agenda in various countries in all regions. However, there is space for further improvement in cooperation at all levels, capacity building and organizational measures.”
  • New initiatives from the Cybersecurity Policy & Research Institute at the University of California, Irvine will help combat vulnerabilities and attacks in cyberspace. They include research on cyber attack attribution and supply chain security, the development of law enforcement training, the launch of a cyber victims defence clinic and a curriculum development effort for high school students.
  • A survey by security firm Glasswall found that firms are exposing themselves to sophisticated and targeted attacks by publishing documents on their websites that contain underlying data about the file, author and software that was used to create it.
  • Accenture’s 2017 Cyber Threatscape Report  (full report here) found that the first six months of 2017 saw “an evolution of ransomware producing more viral variants unleashed by potential  state-sponsored actors and cybercriminals.”
  • Malwarebytes published research findings reporting that in a survey of more than 1,000 small and medium-sized businesses, 35 per cent had been victims of a ransomware attack. Twenty-two per cent had had to cease business operations immediately because of ransomware. Ninety per cent of ransomware infections resulted in more than one hour of downtime, while one in six caused 25+ hours of downtime.

Attacks & threats:

  • BBC News reported that security firm Positive Technologies had managed to decrypt files damaged by the recent Petya ransomware attack on one infected computer; while the process is too technical for most average computer users, the firm hopes that the information security community will help to simplify the process of reversing the ransomware encryption. BBC News later reported that Peyta was still causing problems several weeks after the attack was first identified (also see this report on the impact in Ukraine), and also on how the sharp increase in ransomware attacks is in part a result of how easy the malware is to acquire.
  • Prospective students of Newcastle University were targeted by a scam website using the Newcastle University brand and accepting credit card payments to apply for courses; also see coverage from BBC News.
  • The Telegraph reported that the National Cyber Security Centre believes hackers may have compromised the UK’s energy grid and that other sectors have also been affected in a series of attacks targeting national infrastructure.
  • The Telegraph also reported that security experts cracked the security of digital ballot boxes used in US elections within 90 minutes at the Def Con hacking summit in Las Vegas; also see coverage from New Scientist.
  • BBC News also reviewed last month’s cyber attack on Parliament, when hackers made around 200,000 attempts to access online user accounts. The National Crime Agency and National Cyber Security Centre are both investigating the attack.

Advice & guidance:

  • BT and KPMG published a new cyber security report offering practical advice to businesses of all sizes on how best to manage their security journey and turn it into a business opportunity. The report defines five maturity stages in the security journey of any business: Denial; Worry; False Confidence; Hard Lessons; and True Leadership.
  • The National Cyber Security Centre (NCSC) published a blog post promoting its Web Check service for public sector websites, which is a free to use website configuration and vulnerability scanning service, available to all UK public sector organisations.
  • The US Communications Sector Coordinating Council (CSCC) published a white paper on protecting against botnets attacks amongst key participants in the internet ecosystem; also see commentary from NCTA. Key to the paper is the conclusion that by sharing responsibility, the entire internet ecosystem can better mitigate the threats posed by malicious botnets and other automated systems.

Other news:

  • Speaking on BBC Radio 4’s Today Programme Robert Hannigan, the former head of GCHQ said that cooperation between government agencies and private companies is the best solution "to target the people who are abusing encryption systems”, rather than seeking to build backdoors into encrypted systems.
  • Also speaking on BBC Radio 4’s Today Programme Inga Beale, the chief executive of Lloyd's of London, said the increasing threat of cyber attacks means cyber insurance premiums are likely to double in three years.
  • Zenedge and Internet2 announced an agreement to provide a best-in-class DDoS mitigation solution and 24/7 managed security service across Internet2’s research and education network.
  • Network World and BBC News reported that China is about to launch a supposedly unhackable Internet network, based on quantum cryptography.
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo