Cyber resilience

One of the most important aspects of resilience in the information age is understanding the environment in which we exist. Resilience is adaptability in a changing environment, the more we understand that change, the less painful it is. Here are a few  current issues that might help your cyber resilience.

Alert, but not alarmed

Alert, but not alarmed! – Photo AWebling

Cyber Security Summit – Stanford November 2013

In the shadow of the Snowden revelations about the US and UK, security experts and leaders from more than 40 countries have been at Stanford University in California, USA for a gathering on cyber security.

If you have a sense of irony, you may have listened to the debate on Syria and comparing that to the NSA / Snowden / Internet debate.
– US Secretary of State John Kerry has recently made broad and I think reasonable statements saying that

President Assad had lost the moral authority to rule Syria.

– However that same test can be made against the USA.

 The USA has lost its moral authority to control the Internet

through the activities of the NSA and other government agencies. The full text of Secretary Kerry’s Syria speech can be found here via usembassy.gov. Of course although the USA is the biggest culprit here, the UK, Canada, Australia and NZ have all been shown up.

China was prominently represented at the conference. The Minister of State Council Information spoke about China’s problems. In his speech Cal Mingzhao said that in the first six months of 2013, 20,000  websites were hacked and 8 million servers compromised. According to Minister Mingzhao this indicated a rise of 14% year on year.

China has used the conference to repeat its call for global efforts in building a robust legal system, and strengthening international cooperation. Although I am somewhat cautious about their motives. I believe that the Chinese are on the right track with this view. I have previously made my views clear here in this post about why the world needs the cyber equivalent of an international law of the sea.

It is good to read  that Scott Charney ex US Department of Justice and current Microsoft VP on privacy and security is publicly calling for the US to show more information about what it collects and what happens to that data. Few sensible people disagree that the US and its allies should use maximum efforts against terrorists.

The US has lost support because it has strayed away from its stated goal of combatting terrorists and towards industrial espionage and employed tactics which compromise the majority in the pursuit of this goal such as the backdooring of encryption algorithms.

 

In other news

The Canadian Office of the Superintendent of Financial Institutions has released a ‘Cyber-Security Self Assessment Guidance for Canadian financial institutions, but which provides some good advice to any organisation looking for a template to help them.

Unlike the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) Preliminary Cybersecurity Framework, which was released for public comment on October 22, 2013, the Guidance does not prescribe a common language or mechanism for financial institutions to control and manage cyber security risk nor does it expressly build on existing standards, guidance and best practices for managing cyber security risk. In fact, in the Guidance, OSFI indicates that it “does not currently plan to establish specific guidance for the control and management of cyber risk.”

Rather, the Guidance sets forth an 11-page self-assessment template that sets out “desirable properties and characteristics of cyber security practices that could be considered by a FRFI when assessing the adequacy of its cyber security framework and when planning enhancements to its framework.” Of course if you’re a Canadian bank trying to do business in the US..

www.offi-bsif.gc.ca

Lastly, in the ‘this might be a little insane’ category

A US (Missouri) based cyber crime prevention network is advising parents to teach their children about cyber-security from the time they are toddlers.

www.kshb.com

I can just imagine it – “Our little Johnny fixes our firewall whilst we sit him on the potty…..” But seriously, of course keeping kids safe online is important in the same way as keeping them safe in the real world, but maybe they should learn to read first.