Janet Broadband Policy Watch

Last updated: 
2 weeks 6 days ago
Blog Manager
Log in to request membershipHide blog description
This blog monitors and reports on broadband policy and marketplace developments in the UK, Europe and worldwide that are likely to be of interest to the Janet community. Posts here may also reference my Broadband Policy Watch blog and you can also find me on Twitter.

Group administrators:

Recent members:

Cyber security news roundup July 2016

Thursday, July 28, 2016 - 13:19

Cyber security policy developments:

  • The European Commission launched a new public-private partnership on cyber security that is expected to trigger €1.8 billion of investment by 2020:
  • “The EU will invest €450 million in this partnership, under its research and innovation programme Horizon 2020. Cybersecurity market players, represented by the European Cyber Security Organisation (ECSO), are expected to invest three times more. This partnership will also include members from national, regional and local public administrations, research centres and academia. The aim of the partnership is to foster cooperation at early stages of the research and innovation process and to build cybersecurity solutions for various sectors, such as energy, health, transport and finance.”
  • The new partnership has its roots in the Digital Single Market strategy announced last year. See this Q&A and communication for more information; the announcement was accompanied by an infographic and fact sheet on EU cyber security initiatives, together with a summary report of the public consultation on proposals for the partnership and a staff working document describing engagement activities in relation to the initiative.
  • In the U.S.A. the White House announced a new Presidential Policy Directive (PPD) on United States Cyber Incident Coordination. This has been developed in response to the increasingly significant cyber incidents affecting both the private sector and Federal government to ensure a more coordinated, integrated, and structured response in future. The announcement was accompanied by a cyber incident severity schema that “establishes a common framework within the Federal government for evaluating and assessing the severity of cyber incidents and will help identify significant cyber incidents to which the PPD’s coordination procedures would apply.”
  • Also in the U.S.A. the the Department of Justice (DOJ) Office of the Inspector General (OIG) published a report examining the Federal Bureau of Investigation’s (FBI) cyber threat prioritization. The report found that the FBI needs to identify and categorize cyber threats more quickly than it currently does if it is to stay ahead of current and emerging cyber threats.

New cyber security reports:

  • The National Crime Agency published its Cyber Crime Assessment 2016 report. Threats from distributed denial of service (DDoS) and ransomware attacks increasing significantly in 2015; the report shows that the accelerating pace of technology and criminal cyber capability currently outpaces the UK’s collective response to cyber crime. In addition under-reporting continues to obscure the full impact of cyber crime in the U.K.; ActionFraud is the UK’s national fraud and cyber crime reporting centre. The report calls for stronger collaborative working between government, law enforcement and business to reduce vulnerabilities and prevent crime.
  • The Royal Society published Progress and research in cybersecurity: Supporting a resilient and trustworthy system for the UK which warns that “public trust in digital services and the ability of the digital economy to continue to thrive could be at risk in the UK without a step change in cybersecurity.” Such a step change will require coordinated action by government, business and academia/research “to generate new security approaches and products, as well as establishing clear standards and kitemarks to help users identify trustworthy digital products and services.”
  • Cisco published its 2016 Midyear Cybersecurity Report. Key findings included that ransomware continues to dominate the malware market, with faster and more effective propagation methods likely in future. From September 2015 to March 2016, Cisco security researchers observed a fivefold increase in HTTPS traffic related to malicious activity. The research also revealed that many users still do not download and install security patches in a timely manner.

New advice & guidance:

  • CERT UK published a denial of service primer setting out how DoS attacks work, their infrastructure, types of attack, by OSI layer and how they are used. It also includes mitigation advice for organisations looking to better protect themselves from this form of attack.
  • The U.S. Department of Homeland Security recently updated the Cyber Resilience Review (CRR): “The CRR is a no-cost, voluntary, non-technical assessment to evaluate an organization’s operational resilience and cybersecurity practices. The CRR may be conducted as a self-assessment or as an on-site assessment facilitated by DHS cybersecurity professionals. The CRR assesses enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others. The assessment is designed to measure existing organizational resilience as well as provide a gap analysis for improvement based on recognized best practices.”
  • US-CERT revised its alert on ransomware and recent variants.
  • The U.S. Department of Health & Human Services (HHS) published new guidance on ransomware: this reinforces activities required by the Health Insurance Portability and Accountability Act (HIPAA) that can help organizations prevent, detect, contain, and respond to threats.

More on ransomware (also see this previous post):

  • SC Magazine, BBC News and Network World reported on research at the University of Florida to develop CryptoDrop, an early-warning detection system that alerts a user during suspicious file activity and can halt a process that appears to be tampering with a large amount of users’ data. By combining a set of indicators common to ransomware, the system can be parameterized for rapid detection of ransomware attacks.
  • Network World also reported that security researchers have released tools that could help users recover files encrypted by two relatively new ransomware threats: Bart and PowerWare.
  • BBC News reported that European police agency Europol is teaming up with cybersecurity companies in an initiative aimed at slowing an exponential rise in ransomware. The No More Ransom site will be updated as ransomware gangs are tackled. Co-ordinated by Europol, the initiative also involves the Dutch national police, Intel Security and Kaspersky Labs.

Distributed denial-of-service (DDoS) developments:

  • Arbor Networks published global DDoS attack data for 1H 2016: the data shows a continuing escalation in both the size and frequency of attacks, with an average of 124,000 events per week over the last 18 months. The company also recorded a 73% increase in peak attack size over 2015, to 579Gbit/s, with 274 attacks over 100Gbit/s monitored in 1H 2016, versus 223 in all of 2015. Forty-six attacks over 200Gbit/s were monitored in 1H 2016, versus 16 in all of 2015. The U.S.A., France and Great Britain are the top targets for attacks over 10Gbit/s.
  • Network World reported that attackers have compromised more than 25,000 digital video recorders and CCTV cameras and are using them to launch DDoS attacks (more details here). It also reported findings from Akamai on how DDoS attacks are becoming increasingly sophisticated, combining multiple attack techniques that require different mitigation strategies, and abusing new protocols: one recent attack combined six different vectors: DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood.
  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo