US is stepping up digital incursions into Russia’s electric power grid, New York Times reports. By infecting Russia’s energy facilities, US Cyber Command would potentially be able to turn them off, causing power cuts and havoc. While officials, including at the National Security Council, declined to comment, they said they had no national security concerns about the New York Times report. John Bolton, National Security Adviser to President Trump, has confirmed that the US is engaged in offensive cyber operations against broad list of potential targets, with a purpose “to say to Russia, or anybody else that’s engaged in cyberoperations against us, ‘You will pay a price.’” The development follows strengthened authorities of Cyber Command to conduct offensive cyber operations, and the “defend forward” approach taken by its commander Gen. Paul Nakasone to establish “persistent presence” deep in an adversary’s networks. The move is seen by some experts as a deterrence tactics, or the ‘gunboat diplomacy’ of the twenty-first century - though consequences of potential escalations could be more devastating, ZDnet comments.
After the Russian State Duma adopted the law on stable operation of the Runet, it has been approved by the Federation Council which is the upper chamber and signed by President Putin on 1 May. The law is set to take effect on 1 November 2019 and should ensure what Kremlin refers to as a ’sustainable, secure, and fully functioning' Russian Internet in case it is disconnected from the global infrastructure of the world wide web. Critics have warned that it will expand governmental control over the Internet and lead to censorship and surveillance over wide parts of the network. Russian officials first submitted the new measures in December 2018 as a response to the United States cyber strategy following the 2016 presidential elections.
The US Department of Homeland Security and its Cybersecurity and Infrastructure Security Agency (CISA) released al list of national critical functions of government and private sector that have vital importance to the US national and economic security, public health, and safety. The list covers all areas of critical infrastructures and divides them into four broad categories: connect, distribute, manage, and supply. The main purpose of the list is for cyber risk management and prioritisation in incident response and decision-making. The next step for CISA is the creation of a Risk Register to identify scenarios that could potentially cause national-level degradation to national critical functions and, according to the CISA director, ‘map out how a single digital threat might ricochet across numerous industries’.
The Kanawa subsea cable which links the French Guiana with Martinique and Guadeloupe in the French Caribbean was launched by Orange in January 2019. The two pair fibre system is 1,746km in length and has been upgraded to provide up to 10 terabyte per second to users. This increased high-speed connectivity is expected to meet the rapid growth and demand for digital services in the Caribbean region.
Russia’s Armed Forces are to lay a new fiber optic cable along Russia’s Arctic coastc coast as part of the construction of a new closed Internet. This new communication system that has been under development is named the Multi-service Transport Network System (MTSS) and is expected to support the exchange of 20 GB of information at a time between military units allowing for increased efficiency in the management of these units.
Members of the European Parliament adopted the EU Cybersecurity Act that defines the voluntary cybersecurity certification schemes for EU countries. It serves to provide compliance with cybersecurity standards for critical infrastructure, including energy grids, water, energy supplies, and banking systems, including other products and services. According to the act, the European Union Agency for Network and Information Security (ENISA) will be responsible for the preparation of the voluntary certification schemes. By 2023, the European Commission shall assess whether any of the voluntary schemes should become mandatory.
In addition, the European Parliament adopted a resolution that express concerns about growing technological presence, especially the use of Chinese 5G equipment products in the EU.
European Council approves rules for screening foreign direct investment to protect critical infrastructure
The European Council has formally approved a new regulation which will set up an EU-level tool to support member states screening foreign direct investment (FDI) on grounds of security and public order. The new regulation, which will protect critical infrastructure, will be published on 21 March 2019. It will enter into force 20 days later.
On the upcoming elections for the European Parliament ENISA released a paper with EU-wide recommendations for providing cybersecurity of electoral processes. The paper explores malign actors and their motivations, cyber threat landscape and human factor in online disinformation. For all issues ENISA suggest twelve recommendations to mitigate the negative effect on the upcoming elections. Among others are: to identify unusual traffic patterns that could be associated with the spread of disinformation or cyberattacks on election processes; to take down botnets; to use back-up channels/technologies to validate the results with the count centres; to classify election systems, processes and infrastructures as critical infrastructure; to consider introducing national legislation to tackle the challenges associated with online disinformation.
The European Union Agency for Network and Information Security (ENISA), released a paper on the upcoming elections for the European Parliament with EU-wide recommendations for providing cybersecurity of electoral processes. The paper explores malign actors and their motivations, the cyber-threat landscape, and the human factor in online disinformation. For all issues, ENISA suggests twelve recommendations to mitigate the negative effects on the upcoming elections. Including: identifying unusual traffic patterns that could be associated with the spread of disinformation or cyberattacks on election processes; taking down botnets; using back up channels/technologies to validate the results with the count centres; classifying election systems, processes and infrastructures as critical infrastructure; considering introducing national legislation to tackle the challenges associated with online disinformation.
The European Parliament has agreed to set up an EU-level tool which will support member states’ screening foreign direct investment (FDI) on grounds of security and public order. The new regulation protects critical infrastructure such as energy, transport, communications, data, space, finance; and technologies, including semiconductors, artificial intelligence, and robotics. EU countries will co-operate and exchange information on FDI, and may issue comments on FDI targeting other member states. The European Commission may ask for information and deliver its opinion to the country where the investment is planned. The European Council is expected to formally endorse the agreement on 5 March.