6 January 2018

Five Biggest Cyber Security Stories of 2017

Five Biggest Cyber Security Stories of 2017
-- Maj Gen P K Mallick,VSM (Retd)

There has been cyber security stories in  2017. This year when cyber security’s role in global politics became undeniableand  the threats kept coming. Social media continued to be a battleground for voters but didn’t seem to play a significant role in the British, French or German elections. Ransomware is still the most common attachment in spam emails and the trojan became more potent on Macs and Androids. And the role of antivirus companies even became a global controversy.


F-Secure comes out with the  the current threat landscape and the larger trends that we will be forced to contend with in the new year and beyond.

1. The Internet of Things: If it’s smart, it’s vulnerable. It is  easy for hackers to use vulnerabilities make it to take control of a device. In 2018, the number of consumer IoT devices will likely exceed the human population of the earth. Meanwhile, there’s still no evidence that manufacturers are taking security seriously enough to sustain this sort of mass adoption safely.

2. Internet Service Providers in the U.S. can now sell your browsing history without your consent. In April, the U.S. reversed a regulation that prevented ISP’s from selling your browsing history without your consent. This move shifted regulation of providers from the Federal Communication Commission to the Federal Trade Commission (FTC). Cable companies prefer FTC regulation because it puts them on a more equal footing with the firms that dominate web advertising, Google and Facebook. However, it also means all your web traffic may be sold so advertisers can more effectively target you. 

3. WannaCry and NotPetya Explode. In May and June, we saw the two largest ransomware outbreaks ever — WannaCry and then NotPetya. Both used vulnerabilities that have been stockpiled by the U.S’s National Security Agency and then leaked into the public. And both exploited unpatched systems to spread like worms through networks. Luckily, both threats didn’t do nearly as much damage as they could due to flaws in their design. While both reminded the world of the importance of basic security hygiene like installing updates and designing networks to prevent worms from spreading, they both also raised numerous questions, like why did someone release ransomware like NotPetya when it didn’t seem capable of collecting ransoms? 

4. Breaches from Hell.If you’ve used the internet in the last decade or have a credit card, chances are you were somehow caught up in the breaches that were reported in 2017. Over 143 million Americans had data compromised in the Equifax breach alone. For businesses, breaches are becoming even more crucial to prevent and manage. This is not just true because trust destroyed by hacks can potentially do catastrophic damage to a brand but because of the rise of the the European General Data Protection Regulation (GDPR), which enters full force on May 25th. There are many myths surrounding the GDPR, but in general these regulations may be good news for consumers’ data privacy and potentially a huge opportunity for businesses that take a proactive approach to cyber security.

5. Bitcoin Boom. Ransomware has been around for years and years, way before Bitcoin. But the megatrend that really made ransomware such a problem is crypto-currencies like Bitcoin.” As the year neared its end, the price of Bitcoin exploded, at one point hitting over $19,000. It’s unclear what this means for ransomware crooks, given how difficult it may be to run a business with a payment method that gains or loses $1,000 in a day. And using Bitcoin to purchase real world items can be difficult. But it’s clear there’s a hunger for virtual currency that’s not subsiding as we head into 2018.

Behind the ‘enemy’ line: the borders of J&K

Happymon Jacob

“Why do you want to visit our side of the Line of Control (LoC)?” a senior Pakistan army officer asked me. My request to go on a field trip to Pakistan-occupied Kashmir with the Pakistan army for research on ceasefire violations along the India-Pakistan border was still being reviewed by the higher echelons of the Pakistan Army in Rawalpindi when this question was posed to me. He wanted to know the source of my interest (or ‘angle’). I am not sure if he was convinced by my reply about my hope that my research would contribute to bilateral peace, but an invitation came through a few weeks later.

India needs to work harder, both in its own backyard and in its near-abroad



While there is absolutely no doubt that Donald Trump has on more than one occasion sent harsh warnings to Islamabad – calling upon Pakistan to give up its support for terrorist groups or face the consequences – Trump’s predecessors had begun to reduce aid to Pakistan. During the Obama years, for example, American aid to Pakistan dropped from over 2 Billion USD in 2014, to a little over 1.1 Billion USD in 2016. In his latest tweet, Trump minced no words, saying that Pakistan had fooled the US all these years, and that US will not take this lying down: The United States has foolishly given Pakistan more than 33 billion dollars in aid over the last 15 years, and they have given us nothing but lies & deceit, thinking of our leaders as fools. They give safe haven to the terrorists we hunt in Afghanistan, with little help. No more!

It's Time to End Pakistan's Double Game


President Trump, in his tweet about Pakistan, called a spade a spade. Since 9/11, Pakistan has consistently played a double game, providing just enough sporadic assistance in capturing members of Al Qaeda and logistical support for our forces to give an impression of helpfulness, while at the same time harboring, training, and assisting violent extremist groups such as the Taliban and the Haqqani network that have killed thousands of American, Coalition, and Afghan soldiers and an even greater number of innocent Afghan civilians.

Staying the Course in Afghanistan How to Fight the Longest War

By Kosh Sadat and Stanley McChrystal

The cigarette glowed red as he took a drag, and the smoke rose rapidly as he exhaled. It had been a long afternoon. It had been a long war. It was February 2010, and after months establishing a relationship, Pakistan’s chief of army staff, Ashfaq Parvez Kayani, and one of us, Stan McChrystal, were having the kind of conversation senior military commanders are supposed to have, discussing the role of the NATO-led coalition’s efforts in Afghanistan and northwestern Pakistan. We’d spent hours alone, each laying out in detail a strategy for the conflict. While not quite my second home, the Pakistani army’s headquarters in Rawalpindi was now familiar ground, and Kayani, a colleague with whom I spoke easily. Nothing, however, could soften the blow of his message to me. “For the mission you’ve been given, you have the right strategy,” he told me. “But it won’t work, because you don’t have enough time.”

The New Geopolitics of Central Asia: China Vies for Influence in Russia's Backyard

Philippe Le Corre

What will it mean for Kazakhstan?

China’s emerging Belt and Road Initiative—BRI, or the so-called “New Silk Road”—aims to improve dramatically trade connectivity between growing industrial production in China and lucrative European markets. As part of the initiative, Beijing also promises to deliver outcomes for transit countries. China is said to be spending several billions of dollars per year in 60-odd countries.Kazakhstan is a critical node and is now on the verge of China’s embrace. Not surprisingly, the government in Astana is keen to benefit from the project: It seeks to diversify its economy away from exporting oil and natural resources and wants to improve its road and rail infrastructures in order to expand its logistics sector. If successful, this could help Kazakhstan move from being a middle-income to a high-income country.

A NEW SILK ROAD

by Davide Monteleone

The Silk Road was established during the Han dynasty, beginning around 130 B.C. Markets and trading posts were strung along a loose skein of thoroughfares that ran from the Greco-Roman metropolis of Antioch, across the Syrian desert, through modern-day Iraq and Iran, to the former Chinese capital of Xian, streamlining the transport of livestock and grain, medicine and science. In 2013, President Xi Jinping announced that the Silk Road would be reborn as the Belt and Road Initiative, the most ambitious infrastructure project the world has ever known—and the most expensive. Its expected cost is more than a trillion dollars. When complete, the Belt and Road will connect, by China’s accounting, sixty-five per cent of the world’s population and thirty per cent of global G.D.P. So far, sixty-eight countries have signed on.

Stratfor: Iran’s Mullahs face their greatest challenge

Larry Kummer

Summary: Iran’s Mullahs led it to a draw with Iraq, withstood four decades of sanctions, Israeli assassination of their nuclear scientists, and the collapse of oil prices after 2008. Now Stratfor describes the Mullahs’ greatest challenge: their own people.Unrest in Iran. Stratfor/AFP/Getty Images.
“The Voices of Discontent in Iran Crank Up the Volume, to a Point”

The Crisis in Iran: A Broader Perspective

BY Anthony H. Cordesman

It is easy to take a strong position on the level of current unrest in Iran, and some of the motives behind it. The fact is, however, that it is far from clear how it will develop, or how much support it really has. Iran scarcely permits the kind of polling that would expose its internal divisions, and many Iranians would be more than cautious if such polling was ever attempted. As a result, many see what they want to see in latest round of unrest, particularly those who want the regime to fall. It is far from clear, however, that a regime that controls the security forces, the justice system, the media, and much of the economy is all vulnerable. The current uprisings in Iran have so far been relatively limited, although they have been broadly distributed throughout the country, have grown in scope, and have taken place in spite of the major improvement in internal security that has taken place in recent years.

The Battle for Iran Change will not come easily, peacefully, or soon.

KARIM SADJADPOUR

Protest movements in the Middle East face enormous repressive hurdles and rarely have happy endings. Even when protesters “succeed” in toppling an autocrat, they’ve rarely succeeded in ending autocracy. In Iran, the obstacles to success are daunting. Whereas most Middle Eastern countries are ruled by secular autocrats focused on repressing primarily Islamist opposition, Iran is an Islamist autocracy focused on repressing secular opposition. This dynamic—unarmed, unorganized, leaderless citizens seeking economic dignity and pluralism, versus a heavily armed, organized, rapacious ruling theocracy that espouses martyrdom—is not a recipe for success. 

Waiting for the Bomb to Drop

BY ELIOT A. COHEN

The decision to move the American embassy to Jerusalem makes a war in Korea more likely. Not because there is any direct connection between the two, nor because it was a bad idea, recognizing as it did the simple fact that the western part of Jerusalem has been Israel’s capital for over 70 years and will most assuredly remain so. The dangerous bit, rather, was when pundits and diplomats wrung their hands and predicted calamity and (far more predictably) nothing happened. The Arab street grumbled, while Cairo, Riyadh, and Abu Dhabi looked the other way, and Donald Trump could be forgiven for thinking that his instincts had been proven entirely correct.

Don’t panic: Fears of nuclear escalations and cyber warfare are overblown


First, the potential for North Korea to weaponise a nuclear missile, and then escalate the probability of actually firing it. The second is that Hezbollah will launch a conventional missile attack – from its arsenal of 120,000 – on Israel, ordered by its masters in Iran. The third threat is that jihadists will fly drones into major demographic concentrations – such as football stadiums – and detonate biological or chemical devices. Finally, there is the threat of a seismic cyber attack which takes down the economy, such as on the US electricity grid. All of these are scary prospects, but what are the odds of them actually happening?

Preventive Priorities Survey 2018

By Paul B Stares

The Center for Preventive Action’s annual Preventive Priorities Survey (PPS) evaluates ongoing and potential conflicts based on their likelihood of occurring in the coming year and their impact on U.S. interests. The PPS aims to help the U.S. policymaking community prioritize competing conflict prevention and crisis mitigation demands.

What If... Conceivable Crises: Unpredictable in 2017, Unmanageable in 2020?


This collection of essays focuses on eleven scenarios that may appear unlikely today, but which could come to pass in the near future. The primary aim of each text is to highlight the EU’s current strengths and weaknesses, specifically in its decision-making processes and crisis management structures. Some of the potential crises include 1) a repeat intervention by Russia in Ukraine; 2) the disintegration of Bosnia-Herzegovina; 3) the so-called Islamic State taking over an enfeebled African state; 4) the toppling of Cameroon’s government; 5) Japan acquiring nuclear weapons; and 6) India and Pakistan stumbling into another armed conflict.

The Predictable Volatility of Iran and North Korea

By Jacob L. Shapiro

GPF’s 2018 forecast predicted that the world’s two most volatile regions would be the Middle East and East Asia. So far, so good. Popular frustration in Iran over the country’s economic performance boiled over at the end of last week and has continued into the new year. It’s at the point that it threatens the position of the region’s most influential actor in 2018. Meanwhile, on New Year’s Day in East Asia, North Korean leader Kim Jong Un suggested that North Korea and South Korea should meet urgently to discuss his country’s participation in the Winter Olympics in February in Pyeongchang, South Korea. This raised the serious question of whether North Korea is finally open to negotiations on its nuclear program.

America Still Needs an Asia Strategy

By Sandy Pho & Michael Kugelman

North Korea’s November 28 missile test, which involved an intercontinental ballistic missile that may be capable of reaching the United States, underscores the clear and present danger that Pyongyang poses to America. It also provides a resounding reminder about the dangerous implications for the United States of not having a clear, comprehensive and, above all, workable Asia strategy. After President Donald Trump returned to the United States following a 12-day trip to Asia last month, he boasted of working with regional actors toward the goal of eliminating North Korea’s nuclear weapons. “We have to denuclearize North Korea,” he insisted.

Ukraine: Will the Centre Hold?



What’s the issue?

While the war in Ukraine’s eastern region of Donbas rumbles on, the regions of Polissya and Zakarpattya in the country’s west are corroded by systemic state corruption. Resentment toward Kyiv in these peripheral regions is pushing many into the shadow economies and exacerbating state fragility.

Why does it matter?

Widespread corruption in Ukraine’s western regions demonstrates that state fragility is not limited to areas controlled by Kremlin-backed separatists. This is undermining Kyiv’s capacity to withstand Russian aggression and restore its sovereignty over Donbas, meaning Moscow’s withdrawal from eastern Ukraine will not necessarily lead to national cohesion.

Speak to the Heartland: Lessons from Kissinger’s Defense of Détente

By Matthew F. Ferraro

Twice in October 2017, Sen. John McCain (R-Az.) spoke eloquently to public audiences about the liberal world order that his and his father’s generation helped to build and the moral obligation the United States has to defend it from threats at home and abroad. Battling terminal cancer, McCain has entered the twilight of his public life. But in these speeches, McCain has called for a national, not a personal, convalescence. He has sought to rally a weary nation to a view of American morality and purpose in the world consistent with the internationalism that the country practiced with great effect from 1945 until the past year. 

Researchers Found Two Major Security Flaws In Processors That Affect Most Of The World's Computers

Blake Montgomery

Cybersecurity researchers have discovered two flaws in microprocessors that could grant hackers access to the entire memory stored on practically any computer in the world. On a website created to explain the flaws, researchers wrote that they "don't know" if hackers have exploited the bug. Researchers said they named one flaw "Meltdown" because it "basically melts security boundaries which are normally enforced by the hardware." The name "Spectre" for the second flaw came from the fact that there is no easy fix, which means it will likely "haunt us for quite some time."

Google discovers ‘serious’ flaws in Intel and other chips

Security researchers at Google say they’ve discovered serious security flaws affecting computer processors built by Intel and other chipmakers. Google’s Project Zero team said Wednesday that the flaw could allow bad actors to gather passwords and other sensitive data from a system’s memory. The tech company disclosed the vulnerability not long after Intel said it’s working to patch it. Intel says the average computer user won’t experience significant slowdowns as it’s fixed. Both Intel and Google said they were planning to disclose the issue next week when fixes will be available. Tech companies typically withhold details about security problems until fixes are available so that hackers wouldn’t have a roadmap to exploit the flaws. But in this case, Intel was forced to disclose the problem Wednesday after British technology site The Register reported it, causing Intel’s stock to fall.

Report: Most agencies vulnerable to phishing

By: Jessie Bur 


Nearly half of federal agency email domains have adopted policies to collect data on unauthorized emails, a move mandated by the Department of Homeland Security in October, according to a report by cybersecurity company Agari. The new policies do not block malicious emails or prevent employees from receiving phishing emails, but instead allow email domain owners, such as CIOs, to receive reports on unauthorized messages sent through their domain.

To fight cyber crime, we need swords, not just shields

BY MARKUS JAKOBSSON, OPINION CONTRIBUTOR

For three decades after the Cold War ended, Americans lived with confidence that their lives and assets were protected by the unchallenged U.S. military and the deeply established rule of law. That era is over. We’re now engaged in asymmetrical warfare, fighting super-empowered individuals and groups that are wreaking havoc on American society from abroad.Relentless cyberattacks over the past year have exposed the confidential personal information of at least half of all Americans; undermined faith in fundamental pillars of our democracy; and penetrated the electronic fortresses protecting some of our most highly-classified secrets.

The Labs that protect against on line warfare

By Christian Borys 

Several months after the WannaCry cyber-attack, much of the world still seems to be asleep to the potential catastrophic effects of cyber-attacks on critical infrastructure systems. The first nation state-level cyber-attack on critical infrastructure, widely attributed to a joint collaboration between American and Israeli intelligence against Iran, was uncovered in 2010. Known as the Stuxnet virus, the attack aimed to take down Iran’s nuclear program. The virus failed to achieve its mission. But by destroying nearly 1,000 uranium-enriching centrifuges, it was unprecedented for having caused physical damage by way of virtual attack. And it ushered in a new era of conflict: that of offensive cyber-warfare. 

Going Underground: The U.S. Government’s Hunt for Enemy Tunnels


In April of last year, the U.S. military dropped the most powerful non-nuclear bomb ever used in combat on a tunnel complex in Afghanistan’s Nangarhar province. The airstrike targeted the Islamic State’s Khorasan branch. The use of the GBU-43/B Massive Ordnance Air Blast weapon, the so-called “Mother of All Bombs,” highlighted the growing threat posed by adversaries’ underground structures.

TRADOC chief: Army needs to break free from ‘tyranny of training’

By: Jen Judson

When the U.S. Army first needed to figure out how to make its AirLand Battle concept operational to focus more on the central plains of Europe and the threat from the Soviet Union after the Vietnam War, it used training to drive the combined-arms maneuver concept into the service, according to Gen. David Perkins, the commander of the Army’s Training and Doctrine Command. mAnd now the Army is poised to use training again to bring its new Multi-Domain battle concept to life. But the service’s approach, Perkins said at the Interservice/Industry Training, Simulation and Education Conference on Tuesday, must be different from what it did post-Vietnam when the Army stood up exquisite combat training centers, beginning first with the National Training Center in California, which used top-of-the line equipment and instrumentation and duplicated a world-class opposing force.

2018 Forecast: Can The Army Reinvent Itself?

By SYDNEY J. FREEDBERG JR.

WASHINGTON: Over the next few weeks, US Army leaders will make major decisions about the Futures Command they’re standing up this summer. The new organization will be the biggest departure in how the Army buys weapons in 40 years. Important as it is, however, it’s also just one of many changes the Army must make in 2018. One of the unsung stories of 2017 was how the US Army made big down payments towards progress on multiple fronts: new weapons, new concepts, new organizations. But reinventing a huge institution takes years, and the post-Cold War Army in particular has tended to take two steps forward and 1.9 steps back. Under the irrepressibly energetic Gen. Mark Milley, who became chief of staff in 2015, the largest service seems to be overcoming inertia at last. The challenge is keeping the momentum.