Gates: French cyber spies stealing U.S. technology - Philip Ewing. Washington made clear this week that China is America’s biggest cyber nemesis, at least in terms of the theft of U.S. intellectual property. So who’s next? Not Russia, nor North Korea, according to former Defense Secretary Robert Gates. It’s France — one of America’s closest allies. Continue Reading “There are probably a dozen or 15 countries that steal our technology in this way,” Gates said in an interview the Council on Foreign Relations posted online Thursday. “In terms of the most capable, next to the Chinese, are the French — and they’ve been doing it a long time.” (Also on POLITICO: IRS to rewrite nonprofit rules) Gates, who was also director of the Central Intelligence Agency in the first Bush administration, said that when he talks to business audiences, he asks, “How many of you go to Paris on business?’
But the U.S. government doesn’t do that kind of thing, Gates said, although he acknowledged that “it’s hard for people to believe this. (Also on POLITICO: Anatomy of a scandal) United Nations Launches Global Cybersecurity Index. By Aimee Rhodes The United Nations (UN) International Telecommunications Union (ITU) announced the launch of the Global Cybersecurity Index (GCI) to measure the status of cybersecurity worldwide, the UN said in a statement. The GCI, partnered with ABI Research, said its aim in the short term was to close security gaps, particularly in developing countries, while in the long it was to drive the efforts in the adoption of cybersecurity on a global scale. “A comparison of national cybersecurity strategies will reveal those countries with high rankings in specific area, and consequently highlight lesser know – yet successful – cybersecurity strategies,” the ITU statement said.
The UN announcement came during the agency’s World Telecommunications Development Conference (WTDC) in Dubai. “Greater connectivity also brings with it greater risk,” said ITU Secretary-General Hamadoun Touré. The challenges of cyber security and the role of CISOs. The issue of cyber security is one that has been growing and making its way up the priority lists of companies all over the world, as attacks become more sophisticated and commonplace. This is particularly true within the financial services sector, where cyber attacks are taking place more regularly and have the potential to cause serious damage. The vulnerability of the financial sector to attack has led many major players in the industry, as well as politicians, regulators and policymakers to voice their concerns over the possibility that cyber security failures could lead to the potential instability of the global financial system.
Attacks on the World Federation of Exchanges led to the creation of its first cyber security committee to develop more information sharing on issues such as threat intelligence, attack trends, and common policies, standards and technologies. New threats to cyber security So, what are the most common types of cyber attack at the moment? The role of the CISO. Boucle OODA. Un article de Wikipédia, l'encyclopédie libre. John Boyd a développé un concept permettant de formaliser le cycle des décisions face à un pilote ennemi. Les bonnes décisions, étant ici celles qui déroutent l'adversaire, donnent l'initiative et bloquent ou désamorcent les attaques adverses. L'outil nommé « cycle de Boyd » ou « boucle OODA » permet de savoir quand une décision a été prise et d'éviter de rester immobile. Il permet de déterminer quel est le camp le plus rapide. Il permet donc de savoir qui est en train de gagner. L'objectif est aussi de pouvoir réévaluer très vite ses décisions à l'aide du test de la réalité.
Les quatre phases de la boucle[modifier | modifier le code] Observer[modifier | modifier le code] Pour le premier O, il s'agit d'observer. S'orienter[modifier | modifier le code] Pour le second O, il s'agit de s'orienter. Décider[modifier | modifier le code] Pour le D, il s'agit de décider. Cette hypothèse est qu'une action est meilleure que les autres possibilités. Pilot Exercise for Strategic Decision Making in Cyber Defence. 25 mars 2014 2 25 /03 /mars /2014 11:50 Brussels - 24 March, 2014 European Defence Agency A pilot Decision-Making Exercise on Cyberspace Crisis Management will take place in Lisbon in May 2014.
The pilot exercise aims to prepare strategic leaders for situations involving a major cyber-attack. With an increasing amount of critical infrastructure - as well as military and government activities - now online the threat of cyber-attacks is growing every day. For this reason, at the European Council meeting in December 2013, Cyber was recognised as one of four key capabilities for future EDA activity. The pilot exercise in Lisbon aims to prepare strategic leaders with the experience and structures necessary to deal with a cyberspace crisis. Used to develop further training courses One of the aims of the pilot is to help to develop a coherent conceptual toolkit that could be used in assessing current and future decision-making frameworks and could be used in future training plans. More information. OAS assists Jamaica in development of national cyber security strategy. KINGSTON, Jamaica -- The Inter-American Committee against Terrorism (CICTE) of the Organization of American States (OAS) on Wednesday concluded a three-day visit to Kingston, Jamaica, as part of the technical assistance provided to that government for the development of a national cyber security strategy, through an initiative that will be coordinated by CICTE’s cyber security program together with the ministry of science, technology, energy, and mining of Jamaica.
This visit was led by OAS/CICTE cyber security specialists with the participation of members of the Commonwealth. Expert advice was given on various approaches that can be taken in the development and implementation of the national strategy, and participants were guided through working group sessions to formulate the main tenants of the strategy. “This initiative with the OAS/CICTE is therefore consistent with the government’s thrust towards strengthening our cyber security framework. 5 Tips for Improving Your Small Business Cybersecurity | Cybersecurity. Cloud computing has made it possible for today's small businesses to work from anywhere, on any device. They can transfer files easily between computers with DropBox, video-conference across the country with Skype, and work from their smartphones and tablets without stepping foot in the office.
But as some business owners have learned the hard way, the tradeoff for these collaborative benefits is the potential for a serious data security breach. Cybersecurity experts shared their thoughts on best IT practices and tips for improving your security policies. Control your admin access Research has shown that unmanaged administrator privileges are some of the biggest IT security threats to an organization. Yet many small businesses still don't take the time to set up the proper access limitations for non-admin employees, especially when those workers are using their own devices. [7 Top Cybersecurity Risks for Business] Layer your security Ask about cyberinsurance Have a process in place.
Don't Forget DNS Server Security. Late last August, some visitors to the New York Times website received an unexpected surprise - the website was down. The source of the interruption was not a power outage or even a denial-of-service attack. Instead, it was a battle against a DNS hijacking attempt believed to be connected to hacktivsts with the Syrian Electronic Army. The attack was one of several in 2013 that focused on DNS (domain name system) infrastructure, and security experts don't expect this year to be all that different - meaning organizations need to stay aware of DNS security threats. Just last month, domain registrar and hosting provider Namecheap was hit with a distributed denial-of-service (DDoS) attack targeting its DNS platform that impacted roughly 300 sites.
"DNS providers are often targets of attack because they are a central point for disrupting all services, web, mail, chat, etc. for an organization," said Michael Hamelin, lead X-Force security architect at IBM. Previous Columns by Brian Prince: The NIST Cybersecurity Framework - Improving Cyber Resilience? A few weeks ago, the National Institute of Standards and Technology (NIST) issued the final version of a new set of cyber security guidelines designed to help critical infrastructure providers better protect themselves against attacks. The framework was the result of an executive order issued by President Barack Obama last year that in part directed NIST to come up with a set of voluntary cyber security standards for critical infrastructure companies.
The big question that remains is whether the proposed guidelines can truly improve cyber resilience and if they should be adopted by enterprises of all shapes and sizes. Data breaches at Adobe, Target, and Neiman Marcus made headlines over the last few months. However, they’re just the tip of the iceberg. According to the Data Breach QuickView Report 2013 broke the previous all-time record for the number of exposed records caused by reported data breach incidents. Previous Columns by Torsten George: Cybersécurité en Europe : les géants de l'Internet dispensés de déclarer les incidents.
Les géants de l'Internet ont été dégagés de obligation de signaler des incidents de sécurité sur leur plate-forme. Selon la loi sur la cybersécurité votée hier par le Parlement européen, l'obligation de signaler les intrusions ou les piratages ne concernera que les entreprises « qui possèdent, exploitent ou fournissent des infrastructures critiques ». La nouvelle directive sur la sécurité de l'information et des réseaux (NIS) adoptée hier, à une large majorité, par les membres du Parlement européen omet d'exiger des géants de l'Internet comme Google, Amazon, eBay et Microsoft, le signalement des incidents de sécurité.
Une directive très discutée au Parlement Les organisations professionnelles ont été promptes à saluer la loi, félicitant « le Parlement européen d'avoir judicieusement limité la directive aux infrastructures critiques ». 93% des entreprises victimes d'un cyberattaque Selon la Commission, 93 % des grandes entreprises ont été victimes d'une cyberattaque en 2012. Windows XP Security Issues: Fact Vs. Fiction. Are you prepared for the end of Microsoft support for Windows XP next month? Windows 8.1 Update 1: 10 Key Changes (Click image for larger view and slideshow.) In less than a month, Microsoft will stop supporting Windows XP, still the second most widely used PC operating system in the world. The company announced the OS's April 8 termination date years ago, but with as many as 500 million XP systems still active last month, not everyone is going to make a move in time. XP users have vocally protested Microsoft's abandonment of such a popular product.
Objections include upgrade costs, application compatibility concerns, and whether customers should be effectively forced to leave a product that they are happy with. Despite Microsoft's increased efforts, which now include daily pop-up notifications on XP systems, almost one in three computers still ran the 12-year-old OS in February, according to web-tracking firm Net Applications. [Will Microsoft win back users with Windows 8.1 Update 1? L'effet Snowden a fait de la cybersécurité un défi collectif prioritaire. « Il y a une prise de conscience grandissante. » Cette formule revient dans les propos de la plupart des entrepreneurs du secteur, réunis fin janvier à Lille dans le cadre du 6e Forum international de la cybersécurité (FIC 2014). Depuis les révélations d'Edward Snowden, ils assistent à de grands changements au sein des entreprises avec lesquelles ils travaillent. « Il y a cinq ans, je grossis à peine le trait, c'était le monde de techniciens, de responsables de la sécurité en entreprise qui savaient ce qu'ils avaient à faire, commente Luc-François Salvador, PDG du groupe Sogeti.
Puis, avec le temps, à cause de la sophistication des attaques, la croissance des vulnérabilités, les Wikileaks, les Snowden, les attaques telles que Stuxnet [un virus informatique, ndlr], le monde a compris qu'il se passait quelque chose dans un espace où se rencontrent le consommateur, le citoyen, l'entreprise et les autorités. » Comment se traduisent les nouveaux besoins exprimés ? L'armée, un cyber acteur. Imaz Press Réunion | L'actualité de la Réunion en photos.
L’emploi des capacités cyber russes en Ukraine [Par Julien Lepot, CEIS]Secuinsight. Le déploiement des forces russes en Ukraine n’a pas manqué de surprendre par son envergure et sa rapidité. Alors que les services de renseignement américains ne croient pas à l’invasion que condamne le gouvernement ukrainien par intérim, la Russie a tout de même pris le contrôle d’une partie des installations militaires ukrainiennes en Crimée. Beaucoup d’observateurs de la crise actuelle ont fait un parallèle avec l’intervention des troupes russes en 2008 en Géorgie, troupes qui avaient été appuyées par l’emploi à grande envergure de cyberattaques.
Or, à l’heure actuelle, la Russie « retient son bras » en matière cyber en Ukraine. La Russie possède de très bonnes informations sur l’Ukraine, qui lui permettraient de lancer des cyberattaques de grande ampleur. Tout d’abord, l’organisation et la structure du réseau télécom ukrainien sont bien connus des services russes qui ont aidé le pays à se doter d’une capacité de surveillance de masse dès 2010[1]. Pourquoi « retenir le bras »? FIC2014[1] : non, la cybersécurité n’est pas un échec ! | Blog de l'EMSST. 21, 22 janvier 2014, Forum International de la Cybersécurité, plus de 3000 participants. Question: la cybersécurité est-elle un échec ? Sur fond d’affaire Snowden, 70% de réponses positives. Sur scène lors de la plénière introductive, un thuriféraire des libertés individuelles, un alarmiste du cyber Pearl Harbour, deux représentants de groupes industriels et deux représentants institutionnels ont chacun donné leur avis.
A l’instar de ce que dit Patrick Pailloux, alors directeur de l’Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI), non, la cybersécurité n’est pas un échec : elle évolue. S’il reste des obstacles à franchir, une réelle approche globale de cette problématique est en train d’émerger. Une question mal formulée Parler d’échec supposerait que l’on soit à l’heure du bilan. Enfin, si l’on reprend la définition de l’ANSSI[4], la cybersécurité est un état recherché pour résister à des événements issus du cyberespace.
Quelques obstacles à surmonter. Cyber Security Market in South Korea 2014-2018: Impact of Drivers and Challenges. (M2 PressWIRE Via Acquire Media NewsEdge) Dublin - Research and Markets ( has announced the addition of the "Cyber Security Market in South Korea 2014-2018" report to their offering. The analysts forecast the Cyber Security market in South Korea to grow at a CAGR of 21.24 percent over the period 2013-2018. One of the key factors contributing to this market growth is the need to improve the quality of protection. The Cyber Security market in South Korea has also been witnessing the increasing demand for cloud-based security solutions. However, the high cost of implementation could pose a challenge to the growth of this market.
Key vendors dominating this space are Cisco Systems Inc., Fortinet Inc., Juniper Networks Inc., McAfee Inc., Symantec Corp., and Trend Micro Inc. Other vendors mentioned in the report are AhnLab Inc., and Check Point Software Technologies Ltd. CONTACT: Research and Markets, Laura Wood, Senior Manager. The risk of offshoring security. Cybersécurité : il ny a pas que la LPM dans la vie par @gbillois. Africa must share cyber security info. News Republic. Issa_V2_light.
B_sydney : C'est parti pour le spot de... Cybersecurity and the board of directors: avoiding personal liability-part III of III: policies and procedures. Civilian cyber training camps launch in England and Scotland. ENISA's Cybersecurity Annual Incident Reports 2012 - FIC2014. Table of Contents — September/October 2013, 69 (5) Hadi el-Khoury, un Libanais engagé dans la cybersécurité.
Observatoire FIC. Vers une évolution du cadre légal de la cybersurveillance aux Etats-Unis [Par Aude Gery, CEIS] | Observatoire FIC. Défense en profondeur pour le Système d’information [Par Laurent Bloch, chercheur] | Observatoire FIC. Une « Défense Active » pour lutter contre les attaques ciblées ? [Par Nicolas Caproni, BSSI] | Observatoire FIC. Coming Soon: The Cybercrime of Things - Christopher Mims.
Chinese hackers attack honeypot water utility. Routeurs WiFi : des équipements oubliés de la sécurité ? Village:LaQuadratureduOhm - OHM2013. FBI launches cyberattack reporting portal for industry. Government To Develop Cyber Security Policy. Scotland Yard refuse to give hacking list to Parliament. Cyber security is central to long-term economic growth. Nigeria: Cyber Security Bill draws closer. Cybercriminals increasingly use the Tor network to control their botnets, researchers say.
Gaming Regulators Cite Need for Cyber Security Experts as Online Gaming Legalized. DHS to Launch Cybersecurity Marketplace. Escalating Cyber Security Threats Mean Rise of the CISO. DHS Scales Back Cybersecurity Programs for Critical Infrastructure at ICS-CERT - The CIO Report. Cybersecurity in Canada: Finance industry, government seek ways to share data | Financial Regulatory Forum. Expert insights 3: Cyber threats and security in the Caribbean 2013 update.
The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities. BRICS Cable To Offer New Possibilities. HP warns on presence of backdoor in storage devices. FIC2014 » » Géopolitique du cyberespace : La Chine et la région Sud-est-asiatique, une relation de bon voisinage ?Par Maxence Even, CEIS. FIC2014 » » Dossier : Cybersécurité et santé, état des lieuxCEIS. Observatoire du FIC : Petit-déjeuner du 4 juillet 2013 #pdjFIC #ANSSI #SCADA #Cloud #Cybersécurité (with tweets) · FIC_Obs. Snowden : une mise en perspective bienvenue ! What Smaller Institutions Can Learn from DDoS Attacks on Big Banks. FIC2014 » Retour sur le dossier #cybersécurité d’Alternatives Internationales. Moins d’une entreprise sur quatre évalue l’impact financier d’une attaque informatique. Livre blanc et cybersécurité des OIV : point sur les chantiers législatifs en coursSecuinsight. Edito : Le “0day”Par Nicolas Ruff, EADS. Federal News Radio.
Op-ed: The Human Side of Cyber Threats. Terrorisme : «La traque sur Internet doit être une priorité» selon Valls. Government wants more Indian software for better cyber security. La paranoïa, méthode favorite des experts en cybersécurité.
Australian prime minister calls Chinese hacking report 'inaccurate' Offensif. Faits divers. Initiatives originales. Etat des lieux / menaces / modes opératoires. Report - Brandishing Cyberattack Capabilities - M. Libicki. Prospective. Infrastructures, usages, utilisateurs. Tribunes. Influence. R&D.