US Department of Energy invests $34m in cybersecurity
The Department of Energy in the US is set to invest $34m in 12 individual projects aimed to secure the smart grid. The projects are described as being aimed to improve the ‘reliability and resilience’ of US energy infrastructure but the main focus is on security, keeping these core services safe from potential intruders. Considering these sectors are increasingly a target for cyber warfare, which has seen both Ukraine’s and South Korea’s energy producers attacked, the investment is a wise move on the part of the Obama Administration. Participants in the twelve funded projects include General Electrics, Intel, universities and other private companies. Little information has been released as yet regarding specific technologies and the timescales involved.
Australia seek compensation over IBM census site
One of the biggest stories this week has concerned the security failures of a new Australian census site. Following a large investment of over $9m Australian Dollars in the IBM-produced site, Australian officials have been outraged by its failure to withstand a simple DDOS attack. In what one official pointed out as an entirely predictable series of events, the site went down on the very night citizens were required to complete the census, which was the country’s first attempt to conduct the census online. PM Malcolm Turnbull said in his statement that the catastrophe highlighted ‘serious failures in preparation’. However, the Prime Minister has been subject to much criticism himself, for choosing to push ahead with an online census despite public security concerns and for failing to institute it in a measured manner, leading to ‘one of the worst IT debacles Australia has ever seen’. The government are carrying out a full investigation into the incident and are expected to seek compensation from IBM in the coming weeks and months.
$500m of NSA ‘cyber weapons’ up for auction
A group calling themselves ‘The Shadow Brokers’ claim to have penetrated NSA cyber defenses and stolen cyber weapons worth around $500m. Security blogger Bruce Schneier has linked the group to a hack NSA experienced in 2013 and has written that he believes this to be a genuine breach, having seen proof data which bears links to data released by Snowden, such as specific code names. He also believes this data was indeed stolen 3 years ago and is pointing to Russia as the culprits. In his opinion, this latest move is a warning to the US government not to retaliate over the DNC hack. The ‘weapons’ are supposedly being auctioned off for Bitcoin, under a bizarre set of rules which generally involve the group doing as they wish and keeping the money regardless of whether they go ahead and deliver the data. Watch this space for updates on any further releases of stolen data.
Sage data breach could affect hundreds of UK businesses
Last week the Sage accounting software company revealed that they were the victim of a data breach, which now appears to have been an inside job. It was discovered that someone had used an unauthorized internal login to access the network, potentially affecting the data of up to 300 UK customers. However, it’s not yet known if any data was actually stolen but if it has been then this could include addresses, national insurance numbers, names, bank account details and other personal information. The UK Information Commissioner’s Office and potentially affected customers have been informed.
Further US Democrat party data appears online
A new set of DNC data has been released online by an actor calling themselves Guccifer 2.0, this time including phone numbers and personal email addresses of US Congress members. This data was stolen in a second Democrat party hack, this time targeting the Democratic Congressional Campaign Committee. Both DNC hacks have been linked to Russia, which might indicate that the country is trying to influence the US election. No major scandal has yet been raised by this latest dump but it has been promised that further data from this hack will be published on Wikileaks as part of their ‘Hilary Leaks’ series.
Civil Sector Rapid Response teams proposed by Australian scholar,
Professor Greg Austin from the Australian Centre for Cyber Security has come forward with a concept paper outlining his ideas for tackling cyber threats. His suggestion of a ‘novel institutional response’ consists of forming a core team he’s dubbed the ‘Cyber Civil Corps’, who would then coordinate a number of rapid response teams, made up of volunteers and chosen to match the specific expertise required. He justifies this idea by pointing out that extreme situations are so rare that it doesn’t make sense to have full time dedicated expertise, which would be an expensive solution. It also recognises the fact that some of the best skills are found in the private sector, thereby proposing a way which these could be drafted when required. Being just a concept paper, we’re far from seeing whether anything along these lines might be actually put in place.