IEEE Global Internet Policy Monitor
23 March 2016
The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.
This week witnessed developments a plenty from across the breadth of the ICT world. Similar to the week previous, cyber-security has continued to feature highly on the news agenda, however coverage has also spanned other areas of interest as explored further below.
Europe this week welcomed the arrival of U.S. delegates sent to drum up support for the recently agreed EU U.S. data transfer pact. The Privacy Shield pact will underpin $260 billion dollars of transatlantic trade in digital services by giving companies such as Alphabet's Google, Intel and Apple Inc. an easy way to move users' data from Europe to the United States.
Linked to this, EU member states are preparing for a meeting scheduled for the 7th of April which will focus on a review of the details of the aforementioned Privacy Shield. This will be the first time EU member national officials will meet to assess the new agreement. While they can make changes, their approval of the deal is needed for it to go into effect.
Other news of note from Europe included the announcement this week by the UK administration that the planed National Cyber Security Centre (NCSC) will focus on the financial sector as a top priority. One of the NCSCs first tasks will be to work with the Bank of England to produce advice for the financial sector for managing cyber security effectively, the government announced.
Also on a cyber-security theme, the Polish Ministry of Digital Affairs has this week released a draft framework document for Poland's new cyber-security strategy and is considering establishing a new institution to oversee the country's cyber-security efforts. With the widespread proliferation of cyber-threats across the continent and wider world, increased resilience to the dangers posed is clearly becoming a high priority for many administrations and organisations.
In the US, news of particular importance included the announcement that a comer department component is close to approving a plan to move control of the architecture that maps and maintains stability of the Internet address system to a global, multi-stakeholder group. The National Telecommunications and Information Agency has for years controlled the critical IANA contract (short for Internet Assigned Numbers Authority) that serves as the address book of the global Internet. On March 10, a proposal to transition the IANA function away from NTIA was announced at a global Internet governance meeting in Marrakech, Morocco.
Cyber-security developments included the rejection of an amendment by the US Congressional house Budget Committee which had been tagged on to US President Barack Obamas cyber proposal plans. The amendment would have funded the White Houses proposal for a $3 billion technology modernization initiative. Rep. Ted Lieu (D-Calif.) , who sponsored the amendment, said he was greatly disappointed with the vote, accusing Republicans of putting politics ahead of national security."
In other cyber-security news from the US, a White House audit this week revealed that the U.S. government was hit by more than 77,000 "cyber incidents" like data thefts or other security breaches in fiscal year 2015, a 10 percent increase over the previous year. Part of the increase stems from federal agencies improving their ability to identify and detect incidents, the annual performance review from the Office and Management and Budget said.
Predictably, encryption also received widespread coverage in the US media this week. As the debate regarding encryption continues to engulf the ICT sector in the nation, stories of note are seemingly breaking on a daily basis. From the week just passed, such updates included the announcement by the National Security Agencys internal civil liberties watchdog that the agency has no interest in spying on Americans under its controversial spying tools. Our employees are trained to not look for U.S. persons, NSA privacy and civil liberties officer Rebecca Richards said.
Encryption didn’t just engulf the news cycle but also the US political system, with a bipartisan group of U.S. senators this week beginning to circulate a long-awaited draft legislation that would give federal judges clear authority to order technology companies like Apple to help law enforcement officials access encrypted data, according to sources familiar with the discussions.
In addition to this, two House committees revealed this week the creation of a joint encryption working group. The panel, composed of four Republicans and four Democrats, will examine potential solutions to the challenges law enforcement officials face as encryption becomes more widespread.
Finally, it was revealed this week that the FBI are now confident of unlocking the iPhone 5c they have been trying to crack following the San Bernadino shootings. US prosecutors said Monday that a "third party" had presented a possible method for opening the iPhone in question, a development that could bring an abrupt end to the high-stakes legal showdown between the government and Apple Inc.
In Asia this week, news of note included the visit by Facebook founder and chief executive, Mark Zuckerberg, to China in order to hold a meeting with Chinas propaganda chief amid a crackdown by the Beijing authorities on the use of the Internet. Facebook and other western social media companies including Twitter are banned in China. Zuckerberg has long been courting Chinas leaders in a so far futile attempt to access the country with the worlds largest number of Internet users 668 million as of last year.
Also of interest, the Indian telecom regulator, TRAI, this week announced that it expects to finalise its views on net neutrality in a couple of months. DoT has sought a comprehensive view from us on Net neutrality. It should be done in a couple of months, Trai Chairman R S Sharma said on the sidelines of an event of the CASBAA India Forum.
Finally, concerning cyber-privacy, there were anxieties expressed this week following the revelation that India’s parliament is set to pass legislation that gives federal agencies access to the world's biggest biometric database in the interests of national security, raising fears the privacy of a billion people could be compromised. The move comes as the ruling Bharatiya Janata Party (BJP) cracks down on student protests and pushes a Hindu nationalist agenda in state elections, steps that some say erode India's traditions of tolerance and free speech.
From the rest of the ICT world, global institutions and all, developments this week were relatively sparse. However, news of interest included the conclusion of the first meeting of the Global Commission on Internet Governance (GCIG) which was organized to discuss internet governance and cyber-security/cyber-privacy amongst other issues.
Also of note, Australias 2016 Defence Whitepaper published this week suggested that the IT environment will be shaped by complex non-geographic threats over the next 20 years, but provides scant clues as to how it will address those threats. The long-awaited paper which commits to raising defence spending to $A42.4bn by 2021, or 2% of projected GDP acknowledges the threat of computer-based attack, both on industry and directly on the defence force. This will be a story worth watching closely in the coming weeks and months as policy formulation and resilience plans become clearer.
16 March 2016
The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.
This week saw further developments of interest from across the ICT world. Of particular note being the overwhelming focus on cyber-security related issues, a continuing theme as organisations and nation states increasingly seek to enhance their resilience against the ever burgeoning range of cyber threats they now face.
In Europe this week, news of note included the announcement that the Privacy Shield data transfer agreement with the US could go into effect this June, as revealed by the EUs Digital Commissioner Günther Oettinger. At the end of February the European Commission published several letters from US officials, including Secretary of State John Kerry, who promised to step up their response to EU citizens privacy complaints as part of the new deal. A committee made up of officials from member states is still negotiating over the details in closed-door meetings. The agreement will be finalised once the committee gives its stamp of approval, although details can still be changed until then.
From a cyber-security perspective, the two stories of particular interest emanating from Europe this week centred on a report published by the Estonian Information Board, and an EU agency publication on big data systems.
The report published by the Estonian Information Board suggested that Russia poses a major cyber security threat to the European Union and NATO, alleging that Russia employs attacks involving denial-of-service, malware and security vulnerabilities to wage an information war against the European Union and NATO
With regards to the aforementioned big data systems publication, the European Network and Information Security Agency (ENISA) this week called for policy makers to help shape the security of big data systems deployed in "critical sectors" of the economy. ENISA stated that policy makers should provide guidance to organisations operating in critical sectors to help them use big data systems securely.
In the US, developments of interest included the announcement that the White House is planning to put its full backing behind a plan to offer Internet subsidies to low-income Americans, a plan revealed in last weeks monitor. The Federal Communications Commission later this month will vote to update the Lifeline program so it can begin offering $9.25 per month subsides to help the poor pay for home or mobile Internet service.
With regards to cyber-security issues in the US, this week witnessed a report published by the Institute for Critical Infrastructure Technology (ICIT) warning that ransomware will wreak havoc on Americas critical infrastructure community in 2016. The report compiled reported incidents of ransomware and predicted that previously exploited vulnerabilities will soon be utilized to extract ransom.
Also of interest, the development of a new app announced this week. The iWatch Army app has been developed to support the US Army in order to boost its anti-terrorism and anti-crime efforts. The crime reporting application for smart phone is currently being used at 17 US bases and is expected to be rolled out to another 100 military bases in the US this year alone.
Other developments in the US of note this week included the roll out of another set of commitments to the technology sector made by the Obama administration. The White House announced this week that it will expand the TechHire initiative, which is aimed at increasing the workforces command of the kind of skills crucial to tech jobs.
Demonstrating President Obamas keen interest in the ICT sector, his appearance this week at the South by Southwest festival, the first appearance at the tech Confab by a sitting president. During the festival, the President addressed the highly topical issue of encryption, and asserted that law enforcement must be legally able to collect information from smartphones and other electronic devices, making clear, despite disagreement within his administration, that he opposes the stance on encryption taken by technology companies like Apple. However, the President declined to comment specifically on the efforts by the F.B.I. to require Apples help in gaining data from an iPhone used by one of the terrorists in the December attack in San Bernardino, California.
From a Pan-Asian perspective, developments this week were relatively few and far between. However, there were certain stories of note, including Chinas revelation of its five-year cyber power strategy, which is aimed at using the Internet to bolster the slowing Chinese economy and transform the country into a world leading cyber power.
With regards to cyber-security, North Korea this week denied the accusation made by South Korea that the North Korean administration had sanctioned and conducted cyber-attacks against officials from the South Korean government. South Korea's spy agency told lawmakers this week that North Korea had recently stepped up cyber-attack efforts against the South and succeeded in hacking the mobile phones of 40 national security officials.
Also of interest, it was revealed this week that the Chinese government has contracted China Electronics Technology Group to develop technology, similar to that used in the sci-fi thriller "Minority Report," that can predict acts of terrorism before they occur based on large amounts of surveillance data. The technology will collect data on ordinary citizens including information on their jobs, hobbies, consumption habits, and other behaviours and will flag unusual behaviour that could signal a potential terrorist threat.
Concluding the news roundup, developments of note associated with Global Institutions this week included the announcement that the Plan to Transition Stewardship of Key Internet Functions has been submitted by the Internet Corporation for Assigned Names and Numbers (ICANN) Board Chair to the US Government. The plan developed by the international Internet community, if approved, will lead to global stewardship of some key technical Internet functions..
Finally, the United Nations Secretary-General Ban Ki-moon has this week appointed Lynn St. Amour of the United States as the new Chair of the Multistakeholder Advisory Group of the Internet Governance Forum. The Multistakeholder Advisory Group advises the Secretary-General on the programme of Internet Governance Forum meetings. It comprises 55 members drawn from Governments, the private sector and civil society, including representatives of the academic and technical communities.
9 March 2016
The following is summary of the most recent IEEE Global Internet Governance Monitor report. To access the full reports containing additional details and other news items, please join the Internet Technology Policy Community on IEEE Collabratec.
A busy week this time around with developments of interest featuring in the monitor from across the breadth of the ICT world.
In Europe, the recently agreed Privacy Shield arrangement, the intended successor to the recently invalidated Safe Harbor agreement, between the EU and the US came under significant fire from the digital rights group the Electronic Frontier Forum (EFF). In a blog post published by the EFF, the organisation asserted that the new Privacy Shield agreement contains a patchwork of concessions that continue to leave the door open for the digital surveillance of hundreds of millions of Europeans by U.S. government agencies. It's unclear what, if anything, the new Privacy Shield is supposed to be shielding people from except perhaps shielding U.S. companies from the inevitable consequences of their country's mass surveillance program, the post concluded. This is an issue that continues to gather attention due to the contentious nature of the agreement reached, and will no doubt receive considerable coverage in the coming weeks and months.
Other regulatory developments included the leaking of a government document exposing the German Governments intentions to implement softer telecoms rules. The position paper outlines the country’s demands for a fresh EU-wide telecoms law: Germany wants less regulation and to boost investment in telecoms networks as fast as possible. The paper could be a boon for giant Deutsche Telekom, which has pushed for lighter regulation and vowed to invest in exchange.
In net neutrality terms, the news of interest from Europe this week centred on the establishment of an online platform, RespectMyNet, set up by an alliance of European digital rights organisations to report net neutrality violations across Europe. RespectMyNet claims it will enable Internet users to whistle-blow any cases of discrimination, blocking, restricting access and so on that they come across while online.
Cyber-privacy issues also featured in Europe this week, with the most significant update being Google’s announcement that it will expand the way it applies the right to be forgotten ruling in the continent next week. Under a ruling from a European court, E.U. citizens are allowed to petition search engines to take down links to content about then that isnt accurate or is outdated. That has applied to Google’s search engine domains in Europe and will now be applied in practice.
In the US, news of note this week included the announcement that the Federal Communications Commission (FCC) is finalising plans to approve a broadband subsidy of $9.25 a month for low-income households, in the governments boldest effort to date to narrow a technological divide that has emerged between those who have web access and those who do not. While more than 95 percent of households with incomes over $150,000 have high-speed Internet at home, just 48 percent of those making less than $25,000 can afford the service, the F.C.C.s chairman, Tom Wheeler, has said. The new plan is part of an overhaul of a $2 billion phone subsidy program called Lifeline and will go to vote on March 31. It is expected to be approved by the F.C.C.s commissioners, who have a Democratic majority.
From a cyber-skills perspective, it was revealed this week that the US Governments ongoing battle with Apple over encryption is harming the Department of Defenses ability to recruit talent from Silicon Valley. The US administration are attempting to recruit some of the nations top technology talents in order to combat and overcome the growing arsenal of cyber-threats faced by the nation. As part of the drive, Defense Secretary Ash Carter spent this week meeting with tech executives and launching new cybersecurity initiatives that will rely on help from the Bay Area.
Rather predictably, cyber-privacy concerns in the US this week were consumed by the aforementioned ongoing battle surrounding encryption between the US administration and Apple.
It was reported this week that Tech industry leaders including Alphabet Inc's Google, Facebook Inc, Microsoft Corp, AT&T and more than two dozen other Internet and technology companies filed legal briefs on Thursday asking a judge to support Apple Inc in its encryption battle. This news was followed by the announcement that the US Justice Department has formally appealed a decision made by a New York Judge preventing the body from forcing Apple to access a locked iPhone in a drugs case.
This will undoubtedly continue to gain traction and coverage in the coming period and will be a debate worth monitoring closely as encryption issues rage both in the US and the wider ICT world.
Across Asia, Internet governance issues received considerable coverage this week. Of particular significance, China this week submitted a draft outline of the country’s 13th Five year Plan to the national legislature which included an intention to build a multilateral, democratic and transparent Internet governance system. The draft document states that China will actively take part in international cooperation in making rules for international cyberspace security, fighting cyber-crimes, cyber security technology and standards, and others.
Also of note, the Indian Telecom Minister, Ravi Shankar Prasad, re-iterated at this weeks ICANN Summit in Morocco that India will continue to support a multi-stakeholder model for governance of the Internet. He declared to those assembled that while fully endorsing the multi-stakeholder model, the issue of security should also remain in focus, where the government has a very important role to play, as safety and security remains the primary responsibility of the governments.
Net neutrality also featured in the headlines associated with India this week, with the Indian telecom regulator, TRAI, reportedly having second thoughts about issuing a clarification of its recent rule on discriminatory pricing of data services. TRAI have recently weighed in on the side of net neutrality and barred discriminatory pricing of data services. However, it exempted data services offered on a closed user network, or intranet, from the regulation, leading to calls for clarification.
A busy week in the Pan-Asian ICT world also witnessed cyber-security issues come to the fore. The most significant of these included the accusation from the South Korean administration that the North Korean Government has tried to hack into South Korea state websites. This accusation comes amid rising tensions between the two countries, with the cyber-front proving a key area of conflict.
News from the rest of the world featured a heavy focus on the recent RSA conference in San Francisco. Of note was the announcement made by Intel Security Group head Chris Young who called on the global security industry to do more to share threat intelligence and address the digital skills gap and hence enhance the resilience of the ICT world and its workings.
There were a range of developments of interest this week associated with Global institutions, those of primary significance included the announcement of new members of the EC3 advisory groups; the publication of ENISAs new report on Big Data Security and the beginning of ICANN 55th meeting in Marrakesh. The meeting this week is expected to finalise the last proposal necessary for the transition of the Internet Assigned Numbers Authority (IANA), a set of core functions necessary for the running of the Internet.
2 March 2016
This week saw a flurry of activity in the ICT world, with the predominant focus applied to cyber-security and cyber-privacy issues.
Amongst the range of developments, there were multiple announcements which may be of direct interest to IEEE. These are explored further in the engagement opportunities section further below.
In Europe, Internet governance featured heavily, with the news of upmost prominence revealing that the European Commission is currently racing to rubberstamp the recently agreed privacy shield arrangement with the US. The Privacy Shield agreement will replace the now infamous Safe Harbour deal, which was toppled by the European Court of Justice last October on grounds that surveillance agencies have broad access to EU citizens data once its transferred to the US. The end of June is the supposed target date for ratification of the agreement, with commission officials declaring they hope the agreement worth nearly $300 billion in trade commerce gets the green light from a committee of member states representatives during the Dutch Council presidency, which runs until the end of June.
Linked to this, the privacy principles underlining the aforementioned EU-US privacy shield were published this week. Amongst other things, the principles outline that any businesses signing up to the new privacy framework will need to engage with a new system of dispute resolution, including a new 45 day timeframe for responding to complaints about their data handling.
Other news of note from the European ICT sector included the announcement that Google is set to train up to two million people in digital skills this year across Europe. Last February (2015) the search engine giant pledged to train one million Europeans in crucial digital skills as it promised to invest an additional 25 million to broaden its training programme across the continent, which included plans to build a Europe-wide hub to support small businesses. The company said it now plans to double its outreach programme due to its popularity.
In the US, developments were dominated by issues related to net neutrality, cyber-security and cyber-privacy.
In net neutrality terms, issues flared up as a year on from the Federal Communications Commission approval of landmark internet rules, critics are pushing forwards to have the courts or Congress curb or strike down the rules entirely. This in spite of opposition from the regulators, who continue to push forwards with the rules, seeking to develop new standards for application. The issue has even received coverage during the ongoing US election, with Republican presidential hopefuls Marco Rubio and Ted Cruz having decided to join six other Senators in pushing forwards the new Restoring Internet Freedom Act which would dismantle the rules, change the FCCs Title II reclassification of ISPs as common carriers, and prevent the FCC from trying to pass net neutrality rules in the future.
Cyber-security and cyber-privacy issues in the US this week merged, with the boundaries between encryption, privacy and security blurred by the ongoing saga between Apple and the US government.
One cyber-security development of particular importance from this week was the testimony given by the US Secretary of Defence Ash Carter, who appeared before the House Appropriations Committee to detail the US Governments cyber-security investment programme. He told the Committee that his department's request for $582.7 billion for fiscal 2017 puts a priority on funding the nation's cyber strategy.
Carter said in his testimony that the budget invests a total of $6.7 billion in fiscal 2017 and $34.6 billion over the FYDP (Future Years Defense Program) . He went on to say the budget includes $336 million over the FYDP to support more capable network perimeter defenses, as well as $378 million to train and strengthen Department of Defense's (DoD) Cyber Protection Teams to respond to security breaches. He also outlined that an additional $347 million will be invested over the FYDP to help provide cyber tools and support infrastructure for the Cyber Mission Force and U.S. Cyber Command.
Rather predictably, much of the ICT coverage from the US this week focused on the issues at play in the showdown between Apple and the US government regarding encryption. Of primary significance, a New York judge this week ruled in favor of apple in the case of the FBI attempting to force the tech giant to unlock the iPhone of a suspected drug trafficker. It was suggested this may set a precedent for the debate surrounding the San Bernardino case, which is due to progress further when Apple and the U.S. Federal Bureau of Investigation make their cases before a congressional panel due to be held on Tuesday. This centering on a court order to force the technology company to give the FBI data from the iPhone belonging to one of the San Bernardino shooters. A parallel can be drawn here between this situation, and the debates encircling it, and the UK Governments work on the Draft Investigatory Powers Bill which was published in earnest this week.
From a pan-Asian perspective, cyber-security also featured highly on the agenda, with news of note from this week being that Japans technology industry is continuing to build cyber-security muscle. This has developed in response to the increasing threats Japan now faces, with the state being ever further targeted by email viruses and ransomware attacks which threaten to harm critical infrastructure and key commercial organisations. On the cyber-security note more generally, it was reported this week that the Cyber Five nations -- South Korea, Australia, New Zealand, Japan, and Singapore -- appear nine times more vulnerable to cyberattack than other Asian economies, according to the 2016 Asia-Pacific Defense Outlook released by Deloitte Touche Tohmatsu Limited (DTTL) .The study noted that these nations are the most heavily dependent on Internet-based interactions.
Also of interest from the Asian ICT sector this week, the news that a record-breaking filibuster by South Korean opposition members of parliament has entered its seventh day. The opposition party to the Government is determined to block a vote on a government-backed anti-terrorism bill which they argue threatens personal freedoms. The proposed legislation allows the National Intelligence Service (NIS) to collect a wide range of personal information - including phone records - on anyone deemed to pose a security risk.
A plethora of developments of interest from the rest of the ICT world and Global institutions this week. The news of primary importance included the publication of the Alliance for Affordable Internets 2015-2016 Affordability Report; the announcement that a final transition plan for the top level of the internet away from the US to ICANN will be published next month and finally, the launch of Googles Project Shield DDos mitigation service, which aims to preserve free speech by protecting news, human rights and election monitoring sites around the world.
24 February 2016
A relatively quiet week in the world of ICT this time around, with the monitor reflecting this.
However, there were certain stories of note which may prove to be of interest for IEEE both now and moving forward. In Europe, Internet governance and net neutrality received some coverage in the form of developments relating to the next generation mobile broadband network. It was reported that in the coming months, it is anticipated that the European Commission, tech firms, and various industries will demonstrate European progress on developing 5G. A Commission official revealed that the intention is to come up with fresh ideas by July, in order to showcase the first results by 2018. Linking this to issues of governance, key objectives of the 5G public private partnership (PPP), launched last year, are outlined in a Commission white paper on 5G: empowering vertical industries, that will be unveiled during the Mobile World Congress in Barcelona on 22-25 February.
Net neutrality implications are also tied to the development of this mobile broadband network, with Vodafone CEO Vittorio Colao having issued a stark warning this week that 5G services will be a disappointment in Europe unless standards meet local needs and without uniform telecom regulations from one country to the next. Evidently this will be an issue to monitor moving forwards.
Also featuring heavily in Europe this week, cyber privacy issues arose with the European Commission Vice-President Andrus Ansip stating that he supported Apples decision to refuse unblocking the iPhone of a terrorist, as requested by US authorities. He declared Identification systems are based on encryption. I am strongly against having any kind of backdoor to these systems. With the issue causing considerable dispute in the US, this will clearly be a debate to monitor moving forwards as other regions and states may face similar circumstances and hence will be required to formulate/articulate opinions on the issue.
The US ICT agenda this week was dominated by discussions and disagreement regarding Apples decision to refuse unblocking the iPhone of a terrorist, as requested by US authorities. It was reported that a number of major tech firms, such as Google, WhatsApp, Facebook and Twitter have all come out in support of Apples position on the issue. However, contesting the stance taken by Apple, the U.S. Department of Justice filed a motion on Friday seeking to compel Apple Inc to comply with a judge's order to unlock the encrypted iPhone in question. In response, a senior Apple executive, speaking with reporters on condition of anonymity, characterized the Justice Department's filing as an effort to argue its case in the media before the company has a chance to respond. This back and forth has caused an escalation in the ongoing dispute between the Obama administration and Silicon Valley firms over security and privacy.
Despite the over-arching theme of US reporting this week being focused on the aforementioned issue, cyber-security concerns did receive a degree of coverage. The news of note being that a group of experts from the private and public sectors, including former White House Special Assistant to the President for Cybersecurity Ari Schwartz, this week launched the Coalition for Cybersecurity Policy and Law to collaborate with and help educate policymakers and develop consensus-driven policy solutions.
In addition to this, this week the Department of Homeland Security (DHS), along with the Department of Justice, issued two sets of guidelines and procedures, required by the Cybersecurity Act of 2015, for federal agencies and the private sector to use regarding the sharing of cyber threat indicators.
From a pan-Asian perspective, developments of interest this week included the announcement by the Chinese state that new regulations will be enforced in order to ban foreign companies from publishing online media, games and other creative content within Chinas borders from next month onwards. This marks a decisive step forwards in the nations Internet Governance regime, and, perhaps a worrying one.
Cyber-security issues also achieved prominence in the pan-Asian ICT news cycle, with it being reported that the Indian Government, as well as industry, are now reaching out to major cyber-security companies in United States and Israel to boost their internal systems. Companies including software giant Microsoft and cyber security expert Blackduck are in talks with the government to address cyber security concerns and needs. "The industry needs smart and powerful tools to protect the network, which needs to be fully secured. Special protection is required, which the service provider has realised," said Peeyush Agrawal, Member (Technology), Department of Telecommunications (DoT).
On this theme, it was also reported this week that a rapidly widening cyber-vulnerability gap between the most and least internet-dependent Asia-Pacific nations is threatening to encourage online attacks on critical infrastructure. The report which detailed this, published on Wednesday by consultancy firm Deloitte, coincides with a growing tone of caution over the internet of things technology projects that seek to build greater web connectivity into everyday items and services but may leave users and the systems themselves open to ever more pernicious attacks.
On a somewhat more positive note, it was revealed this week that Raytheon, the international defense and technology solutions provider, has partnered with Khalifa University in Abu Dhabi on a program to build cyber skills in the UAE. The four-day cyber security workshop on the Khalifa University campus was launched on Monday, marking the launch of Raytheon's global 'Cyber Academy' designed to train cyber-skilled workforces for the future.
News of interest from other parts of the ICT world included the announcement that there are now more than a billion 4G mobile connections in use around the world, and 4G will account for a third of all mobile connections at the end of the current decade, according to the latest sector forecast from the GSM Association (GSMA). Also of note, Dells latest annual threat report, published this week, has highlighted that acquiring the capability to analyse encrypted traffic should be a top priority for businesses in 2016. The report reveals that a continued surge in SSL/TLS encryption is giving cyber criminals more opportunities to conceal malware from firewalls. Something to consider for the entire ICT world moving forwards as it seeks to strengthen its resilience against cyber-threats.
News of note from Global institutions this week included the announcements that Europol's and Chainalysis have reinforced their co-operation in the fight against cyber-crime, the First Digital Advisory Council hosted by DIGITALEUROPE was a reported success and that the EU and Brazil have signed an agreement to work together in order to develop 5G, the next generation of communication networks.
17 February 2016
Developments in the ICT world this week continued to be predominantly focused on issues pertaining to cyber-security and cyber-privacy. This was perhaps to be expected following the recent announcement of the US Governments annual budget which included provision for a Cybersecurity National Action Plan (CNAP).
Amongst the news related to this, other stories of prominence did however emerge. In Europe for example, there was considerable scrutiny applied to the recently negotiated Privacy Shield, a data sharing agreement between the US and the EU which is set to be finalised by the end of month, according to an EU commissioner. It has been reported that following the draft agreement being reached, the European Commission is now facing challenges on the arrangement: with the Parliament legal service and MEPs arguing the so-called Umbrella Agreement doesnt comply with EU law. MEPs in the Civil Liberties, Justice and Home Affairs (LIBE) Committee also criticised the agreement.
On this note, an EU privacy watchdog declared this week that the data protection framework agreed should not apply when sensitive information is to be transferred to the US in bulk. With this proving an issue of considerable contention, it is clear that further coverage will emerge in the weeks to come.
From a cyber-security perspective, it was announced this week that the right to be forgotten will be extended to all Google domains in the EU. Until now, search results removed under the ruling were only omitted from European versions of Google like google.co.uk. In September 2015, the French data protection authority threatened Google with a fine if it did not remove the search results data from all worldwide sites, including non-European search sites like Google.com. The tech giant has now let up while fending off claims that it doesn't respect Europe's tough privacy rules.
In the US, it was revealed this week that a fight over privacy at the Federal Communications Commission (FCC) is starting to heat up again following last years net neutrality rules. The FCC is expected to craft regulations in the coming months on how broadband providers handle sensitive customer data and advocates on both sides of the issue are gearing up to make their case.
As mentioned earlier, much of the coverage from the US this week focused on the announcement of President Obamas Cybersecurity National Action Plan (CNAP). Despite the budget proposals put forwards including a provision of $19 billion for cyber-security measures, certain critics have suggested this amount is still not proportionate to the threat faced by the US. Although the US cyber security budget allocation for 2017 represents a 35% increase on the previous budget, it is still a small fraction of the overall US defence budget. Critics have argued that the federal government spends about $700bn on defence, intelligence and homeland security, so the spending on cyber security represents only 2.7% of the total defence budget, up from 2% previously, and therefore isn't a substantial enough spending commitment.
In cyber-privacy related updates, The Department of Homeland Security (DHS) this week released interim guidelines for how the government will protect and share data gathered under a new major cybersecurity law. This represents the first of several planned steps being taken with the aim of assuaging fears that the Cybersecurity Act of 2015 which encourages companies to share hacking threat information with the government will simply shuttle more personal data on Americans to intelligence agencies.
In Asia, internet governance issues received some attention, with the announcement this week that the Chinese State is seeking to further tighten its control over content published online by foreign companies and their joint ventures in mainland China under a new regulation that will take effect next month. The Regulation for the Management of Online Publishing Services, is expected to introduce more stringent rules on online publication of original or adapted creative works, such as games, animation, comics, audio recordings and video.
Furthermore, it was reported that months after the Indian government endorsed the multistakeholder model of internet governance at the 53rd meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) the Indian position is being carefully examined internally. A potential re-alignment may culminate in a landmark cyber deal this year between India and Russia, which if signed, would be a marked change of approach not just in this space but for Indian foreign policy as a whole.
Regarding net neutrality, a topic which has been at the top of the agenda in the Indian ICT world in recent weeks, the TRAI Chairman RS Sharma announced this week that although the regulation of one part of net neutrality tariff has now been dealt with, the other part of either throttling or speeding up certain websites still needs to be tackled. He stated, our regulation is very clear. Anything on the internet cannot have discriminatory pricing. Integration between content and access provider is not allowed. We are against any integration between the two.
In addition to these developments, Pan-Asian cyber-security issues also drew some attention, as a report published this week by Recorded Future noted a strong correlation regarding diplomatic flare ups and cyber-attacks between India and Pakistan. In particular, the report notes, The continuing rivalry between India and Pakistan has spilled over into cyber-space, very visibly with hacktivism.
Finally, news from elsewhere in the ICT world included the announcement that the Director-General of the Swedish Post and Telecom Authority, Göran Marby, has been named the next President and Chief Executive Officer of the Internet Corporation for Assigned Names and Numbers (ICANN). Marby, a Swedish citizen, currently living in Stockholm will be relocating to Los Angeles for the role, the location of one of ICANN's three global hubs. He will succeed current President and CEO Fadi Chehadé whose term finishes on 15 March, and will join ICANN in May.
10 February 2016
A relatively subdued week this time around, with the US Government’s annual budget announcement including within it a Cybersecurity National Action Plan (CNAP). The plan has been devised in an effort to fortify America's digital defenses and protect Americans, government agencies and companies against the growing number of cyberattacks aimed at everything from national defense and health care to personal consumer data.
However, news from elsewhere did filter through, albeit in the shadow of these developments. In Europe, much of the coverage and discussion was focused on the recently agreed upon EU-US data privacy shield, agreed upon last week to replace the old Safe Harbour agreement regarding transatlantic data flows. Of note was the revelation from data protection watchdogs around the EU that companies will be permitted to continue transferring personal data to the US under alternative legal means – at least for the time being whilst the EU certifies the finer details of the newly agreed upon ‘privacy shield’ framework. “Until we have analysed the content of the arrangement and the possible consequences on the other transfer tools we will allow data controllers to use the BCRs [binding corporate rules] and standard contractual clauses,” said Isabelle Falque-Pierrotin, president of the Article 29 Working Party, which represents the powerful privacy authorities from EU member states.
Linked to this, and of note, the French data protection authority this week gave Facebook three months warning to stop tracking non-users' web activity without their consent and ordered the social network to stop transferring personal data to the United States. The French order is the first significant action to be taken against a company transferring personal data to the United States following an EU court ruling last year that struck down an agreement that had been relied on by thousands of companies, including Facebook, to avoid cumbersome EU data transfer rules. It would seem at a glance that the analysis offered by the EU watchdogs, as explored above, may be contradicted by the action of individual member states keen to establish privacy arrangements in the coming weeks.
Other big news from the European continent this week included the announcement that new legislation drafted by the European Commission could force all EU countries to ensure the 700 MHz band of spectrum is made exclusively available for mobile services by the middle of 2020. The European Commission has published proposals to introduce new laws that would require EU countries to “allow the use of the 694-790 MHz frequency band for terrestrial systems capable of providing wireless broadband electronic communications services”, in accordance with technical conditions it will lay out by 30 June 2020.
As aforementioned, news in the US was dominated this week by President Obama’s budget announcement and the Cybersecurity National Action Plan (CNAP). The draft budget put to Congress by the US administration includes the provision to boost cybersecurity spending to $19 billion for fiscal year 2017, a 35 percent increase over this fiscal year. The White House also wants to launch a $3.1 billion Information Technology Modernization Fund to retire and replace aging systems in the federal government. To oversee all initiatives, President Obama plans to create a federal chief information officer who would coordinate cybersecurity practices across agencies.
As part of the plan, President Obama is keen to engage with Silicon Valley tech companies in an effort to collaborate against cyber-security threats posed to the US. This marks the continuation of a dialogue between the administration and major US tech companies which has focused on issues such as encryption, data privacy and cyber-security in the past.
In other developments, the US Senate this week passed a privacy bill considered integral to the pending transatlantic data transfer pact with the EU. The so-called Judicial Redress Act, which gives EU citizens the right to challenge misuse of their personal data in U.S. court, is also a prerequisite of a law enforcement data-sharing “umbrella” agreement reached last fall.
From a Pan-Asian perspective, the news of utmost significance this week was that The Telecom Regulatory Authority of India (TRAI) has laid down rules that strictly prohibit the differential pricing of data on the basis of content in India — which effectively bans zero-rating initiatives such as Facebook’s Free Basics and Airtel’s Airtel Zero programme. The new rules came after a two-month-long consultation process that saw Facebook launching a big advertising campaign in support of its Free Basics program, which runs in more than 35 developing countries. The service, earlier known as internet.org, has also run into trouble in other countries that have accused Facebook of infringing the principle of net neutrality - the concept that all websites and data on the Internet be treated equally.
Cyber-security also received a degree of coverage in Asia this week, as it was revealed that hacker in China have attempted to access over 20 million active accounts on Alibaba Group Holding Ltd's Taobao e-commerce website using Alibaba's own cloud computing service. The news was revealed via a state media report posted on the Internet regulator's website.
As for news from other parts of the globe and developments associated with Global Institutions, this week represented a particularly quiet one. However, some stories of interest did emerge, including the announcement in Cisco’s latest Visual Networking Index mobile report that by the end of the decade, Global mobile data traffic will have reached 30.6 exabytes – approximately 30 quintillion bytes or 30 billion gigabytes – per month, up from 3.7 exabytes in 2015.
Finally, it was also revealed this week that NATO has become the first organisation to deploy Polycom’s RealPresence Centro unified communications system ahead of a wider launch in the coming months, as it seeks to enhance its internal collaboration capabilities.
3 February 2016
Rather predictably, issues pertaining to Safe Harbour and the negotiations between the EU and the USA over a key data transfer pact dominated the headlines this week.
In the midst of the deadline for an agreement being missed, all other Global ICT developments were somewhat overshadowed. Data protection authorities had given the European Commission until the end of January to fix a new arrangement to replace the Safe Harbour deal knocked down in October 2015 by the European Court of Justice (ECJ), however with complications arising an agreement remained elusive earlier this week. Emphasising this, Justice Commissioner Vera Jourova declared during a meeting of the European Parliament's Civil Liberties, Justice and Home Affairs (LIBE) Committee earlier this week that there was a need for an “arrangement that is fundamentally different from the old Safe Harbour,”.
Despite these difficulties, the European Commission did eventually reach a deal with the US yesterday (2nd February 2016), replacing the old Safe Harbour agreement with a rebranded ‘EU-US privacy shield’. The new agreement arrives following months of hurried negotiations and will come into effect after the deal is formally drafted, which EU Justice Commissioner Vera Jourova estimated could take roughly three months.
Other news of interest from Europe this week included the announcement that the European Commission will issue ‘sharing economy guidelines’ to member states in early March on how to regulate emerging companies like Uber and Airbnb, which have shaken up the taxi and hotel sector. This in addition to the revelation that the European Commission also plan to shake up regulation of the European radio spectrum, with EU member states National governments being asked to announce their plans to move TV broadcasters below the 700 MHz band by 2017, which will be assigned exclusively to wireless broadband by 2020.
Also of note, a European industry group has this week proposed cyber-security policy recommendations for the European Union during the International Cyber-Security Forum. The European Cybersecurity Industry Leaders, or ECIL, is comprised of a number of cybersecurity and defense contractors, including Thales Group, Atos, Airbus Group, Deutsche Tekekom, Ericcson, Infineon and others. The group was created to draft a report to the European Commission recommending increased consolidation and integration of the union's cybersecurity assets.
In the US, there was also wide ranging coverage of the EU-US data pact negotiations, but amongst these developments, other news of interest included the announcement that a US delegation has visited Cuba in recent days in order to urge the Government there to more rapidly build out its Internet infrastructure and make it more widely available. Officials said they had recommended that Cuba “leapfrog” current buildout of aging technology, such as DSL and 3G mobile service, for faster technology such as fiber and high-speed mobile. Officials also urged the country to relax regulations that are preventing many in Cuba from getting Internet in their homes, along with other censorship or blocking policies.
Net neutrality issues also reared their head again this week in the US, with a leading Stanford Law professor claiming that the ‘Binge On’ video streaming service set up by T-Mobile stifles competition, free speech and customer choice and as a result violates basic principles of Net Neutrality. This will doubtless be an issue to watch moving forwards, with Professor Barbara van Schewick warning in her report on the issue that it may represent the dawn of the end of the “innovation without permission” era.
Cyber-skills received attention this week too, with the announcement that US President, Barack Obama, has included a provision in his budget proposal for the new fiscal year that $4 billion is to be provided to states to develop computer science programs, along with $100 million in grants available directly to school districts to advance computer learning. The funds will be used to encourage states and districts to not only create computer science programs, but also build programs that draw in students who are typically left out of that education right now. However it remains unclear whether the plan will come to fruition, as despite the recent bipartisan support for computer science education, the budget in full will require approval from the U.S. Congress before coming into effect and so as ever, there is a risk that the plan may change or be scrapped entirely.
A relatively quiet week from a Pan-Asian ICT perspective, perhaps not altogether surprising considering the aforementioned attention lavished on the transatlantic negotiations saga between the EU and the US. However, news of note included the announcement that the Telecom Regulatory Authority of India said it might soon take a decision on the differential pricing for data services. TRAI recently held an open-house discussion on the issue, which saw huge participation from telecom operators, consumer rights groups, industry bodies and individuals. TRAI Chairman R S Sharma claimed it was a very ‘lively consultation’ and that the body hopes to come out with their position on the issue of net neutrality ‘by the end of the month’.
From a cyber-security angle, it was revealed this week that the NEC Corporation has launched a Cyber Security Factory in Singapore, the latest addition to the company’s global portfolio of security operation centres. The newly opened Cyber Security Factory in Singapore will collaborate with NEC’s Security Operations Centres located in strategic parts of the world including Japan, with an aim to provide an inter-connected network to share intelligence on cyber threats and deliver 24/7 security to customers. This news follows the continually emerging recognition of and focus on the merits of effective Cyber-Security and the need for robust ICT systems to counter and overcome potential cyber-threats which is taking place across the Pan-Asian region.
Plenty of developments of interest from elsewhere around the World this week too. Of particular note, Australian ICT issues featured heavily, with it being reported that the need for cyber-security skills in the nation has ballooned in light of the fact the country’s ICT systems are not sufficiently robust to withstand targeted cyber-attack. Worsening this issue, it was reported that Australian businesses are far too willing to pay when hit by ransomware, serving to only encourage further attacks, according to security experts at Deloitte.
Finally, announcements of interest from Global Institutions this week included the call from ENISA for enhanced cooperation among private and public sector stakeholders in light of the recent significant increase in cyber threats to critical services and infrastructures. Following its study of Critical Information Infrastructures (CIIs) across the European continent, ENISA declared that EU Member States and the private sector alike need to further co-operate with each other if they are to effectively address these threats today. Yet, it was found that only half of the examined countries have established such cooperation models as public–private partnerships, working groups and contact forums.
Lastly, with data protection stealing the show for this week at least, it seems only right to end with the news that Europol this week celebrated the 10th Anniversary of it’s established European Data Protection Day. The 28th January 2016 marked the ten year anniversary of the first legally binding international law in the field of data protection. 10 years later, as this week shows, progress is still being strived for, and made.
27 January 2016
This week witnessed developments of interest from around the Globe in the domain of ICT.
In Europe, it was announced that businesses operating in multiple EU countries may be forced to comply with each of the different national data protection laws that apply in the countries in which they operate. The new guidance, issued by the Article 29 Working Party (a committee made of up representatives from the 28 national data protection authorities within the EU) could have potentially dramatic impacts for companies across the continent as clarification is sought on how organisations that have more than one establishment in the EU best move forwards in line with the varying data protection regulatory regimes in place.
From a cyber-security perspective, issues pertaining to Ukraine continued to dominate the headlines this week. Following a new wave of cyber-attacks reported to have hit power companies in the country, it was announced that Ukraine will establish a cyber-police unit as part of reforms underway in the nation’s law enforcement system. It has been reported that the newly established agency will focus on the fight against cyber-crime in Ukraine as well as protecting the country's state IT security interests.
Furthermore, cyber-privacy issues received considerable attention, with the US proposing to create an ‘ombudsman’ to deal with EU citizens' complaints about U.S. surveillance as part of talks to clinch a new EU-U.S. data transfer pact. Washington and Brussels are currently working against the clock in an attempt to seal a deal on protecting Europeans' data transferred across the Atlantic following the quashing of the previous agreement, Safe Harbour, on privacy concern grounds.
In the US, developments were overwhelmingly focused on cyber-privacy issues this week. However, cyber-security also received a fair degree of coverage, with the announcement that the US Government has handed over the its sensitive cybersecurity role to the military. The move has been reported as a snub to the Office of Personnel Management, the agency at the center of last year’s scandal over one of the worst government data breaches known to the public.
As aforementioned, encryption and privacy issues were of the greatest prominence in the USA this week, with a range of stories of significant interest cropping up. The first of these was the announcement that the American Civil Liberties Union is set to take its privacy fight to various states around the USA. The group has organized local lawmakers in 16 states to introduce a range of privacy legislation — related to student and employee rights as well as protection from government surveillance.
In addition to this, the NSA chief this week declared that ‘encryption is foundational to the future’ as the debate surrounding the topic continues to swirl and consume considerable media attention. In the wake of the terror attacks in Paris and San Bernardino, Calif., law enforcement and some lawmakers have been pressing tech companies to give investigators guaranteed access to secure data. But the tech and privacy community have resisted the push. They say any type of guaranteed access to data introduces vulnerabilities that weaken encryption and expose everyday Internet activity to hackers.
Finally, with an eye cast forward towards next month, the prospect of negotiations coming down to the wire on privacy legislation regarding the EU-USA data pact looms large over the ICT world. Developments can be expected in the coming days as the clock ticks down and the legislative cliff rapidly approaches.
In Asia, developments spanned across a range of topics. Of interest was the announcement that the People's Bank of China (PBOC), China's central bank, hopes to launch its own virtual currency to cut the cost of handling paper money and to give the government more control of the country's money supply. With discussion fermenting regarding the benefits and drawbacks of such systems, this move will doubtless generate considerable attention from across the Globe as one of the world’s premium economies moves forwards with implementation.
The net neutrality issues which have dominated ICT in India in recent weeks appear to be coming towards a head, with the open house discussion on differential pricing of Internet services coming to a close last week, and TRAI Chairman R.S Sharma indicating that the regulator will come out with its position by the end of the month.
Cyber-security developments were multiple and of particular note, with the most prominent stories including the assertion from Security researcher firm Palo Alto Networks, who revealed this week that a Chinese adversary group C0d0so0 or “Codoso” has reappeared. In addition to this it was announced that Singapore is currently planning the development of a cyber-security bill as a means of granting greater powers to the state’s cyber security agency. According to the Ministry of Communications and Information (MCI), in association with this, the state’s spending on cyber security will also rise, to at least 8% of the government's IT budget.
Elsewhere, it was reported this week that some of the world's biggest banks have tested using blockchain technology to process payments without the involvement of a central clearing house, according to the financial technology company that facilitated the test. Also of interest, ISIS hackers have vowed to take revenge for a recent drone strike that took out top ISIS hacker Junaid Hussain. The Cyber Caliphate, one of the main ISIS hacking groups, posted an image with the proclamation on Tuesday to its official account on the messaging app Telegram.
Finally, announcements of interest from Global Institutions this week included the news that ICANN have extended the deadline for submissions relating to the their request for proposal for the Independent review of the At-Large community.
Last, but certainly not least, this week witnessed a new global dialogue established at the WEF in Davos, focused on getting the next 1.5 billion unconnected people online. A specified session was held as part of the efforts to build momentum and reach out to world leaders to push the issue of broadband connectivity to the top of the global agenda. It is the first time that so many world leaders have affirmed the vital importance of broadband to national growth and coalesced around a common broadband vision. A new Discussion Paper developed by ITU estimates that it will take global investment of USD 450 billion in network infrastructure to connect the next 1.5 billion unconnected people worldwide.
21 January 2016
This week saw developments continue a pace in the ICT world, with multiple stories of interest emerging from across the Globe.
In Europe, news of note included the announcement that EU regulators are due to meet next month on the Safe Harbour replacement, with data protection bodies scheduled to come together on the 2nd of February to discuss solutions for filling the current ‘data-transfer void’. Also on the topic of internet governance, this week witnessed the European Parliament passing a resolution urging the European Union body to immediately table the 16 Digital Single Market initiatives announced by the European Commission last May (2015). The Parliament has called for a more open approach to providing digital goods and services, and has requested for the EU to be more proactive in seizing on the opportunities around big data, cloud, the internet of things and 3D printing.
In net neutrality developments, the Council of Europe stated that Internet Service Providers (ISPs) ought to check with regulators before using tools to control internet traffic. The recommendation was made by the Committee of Ministers at the Council of Europe in new net neutrality guidelines that it has published and is aimed at ensuring the privacy rights of internet users are respected.
From a cyber-security perspective, the European Parliament’s internal market committee this week has come out in support of measures to ensure that businesses supplying ‘essential services’ improve their ability to resist cyber-attacks. The new regulations would be geared towards protecting essential networks and services such as online banking and key electricity/transport infrastructure grids.
In the US, it was revealed this week that a plan to end key oversight role played by the US Government is in place and on track for completion this year. The move is a symbolic gesture aimed at asserting the independence of the web, According to Fadi Chehade, chief executive of the Internet Corporation for Assigned Names and Numbers (ICANN), the transition will not change how the internet functions but will serve to reassure users, businesses and other governments about its integrity.
Cyber-security developments in America included the revelation that cyber-attacks on the critical manufacturing sector in the country nearly doubled in the year ended Sept. 30, according to the U.S. Department of Homeland Security. The Department of Homeland Security's Industrial Control Systems Cybersecurity Emergency Response Team, or ICS-CERT, said in a report distributed this week that it investigated 97 incidents at critical manufacturers during its most-recent fiscal year.
Cyber-privacy and encryption debates continued to rumble on in the US this week. On this topic, the NSA this week defended the programme set up by the agency in order to collect domestic telephone records, claiming it meets several privacy and civil liberty benchmarks. The programme has satisfactorily complied with eight privacy safeguards that include transparency, oversight, data minimization and use limitation since its implementation in November, according to a report released by the NSA’s Civil Liberties and Privacy Office.
Additional to this, it was announced this week by House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Sen. Mark Warner (D-Va.) that new legislation is set to be introduced, aimed at establishing a national commission to figure out how police can get at encrypted data without endangering Americans’ privacy. The bill, which McCaul first discussed in a December speech, is intended to cut through the heated rhetoric that has defined the encryption debate in the wake of the terror attacks in Paris and San Bernardino, Calif.
In Asia, news this week was again somewhat limited, but of significant interest was the announcement from Singapore that the Government there is planning to merge its technology and media regulators in order to better support its plans to become a ‘smart nation’. The Infocomm Development Authority and the Media Development Authority are due to be merged into the Infocommunications Media Development Authority of Singapore (IMDA) on 1 April. In addition to this, the Govermnent has also announced the creation of a new agency to promote use of digital technology in government.
Net neutrality issues continued to flare up in India in the week passed, with sectoral regulator Trai conducting an open house discussion on differential pricing for data services, a key aspect of net neutrality, on January 21. In a notification, Trai said “interested stakeholders are invited to participate” in open house discussion on its consultation paper on ‘Differential Prices for Data Services’. Linked with this and of note, Facebook has said this week that it attempted to cooperate with the Telecom regulator's request to submit specific responses to the differential pricing paper by delivering a request for additional information, and that it got 1.4 million Indian users' responses.
Elsewhere, stories of note from around the World included the announcement by the Nuclear Threat Initiative organisation that twenty nations with significant atomic stockpiles or nuclear power plants have no government regulation in place requiring them to protect themselves from cyberattack. “The current global nuclear security system has dangerous gaps that prevent it from being truly comprehensive and effective,” said Nuclear Threat Initiative President Joan Rohlfing. “Until those gaps are closed, terrorists will seek to exploit them."
Also of interest, the Australian Prime Minister Malcolm Turnbull this week addressed internet governance issues by calling for a free, open and secure internet, in a speech at the US Center for Strategic and International Studies in Washington DC. Turnbull said it is essential for internet governance to be independent of individual governments but that it is essential at the same time that cyber space is not allowed to become a ‘lawless domain’.
Finally, announcements of interest from Global Institutions this week included the news that Egypt is set to host ITU’s 2016 Global Symposium for regulators. ITU and the National Telecom Regulatory Authority of Egypt (NTRA) have signed the Host Country Agreement for the 2016 Global Symposium for Regulators (GSR), which will take place in Sharm el-Sheikh, Egypt, from 11 to 14 May 2016. Organized by ITU and hosted by the Government of Egypt, the event will welcome world-class speakers with a dynamic programme focused around the hot topics challenging today’s ICT regulators.
From a people perspective, also of interest was the reveal of a new head of Europol’s European Cyber Crime Centre. Mr Steven Wilson has taken up his duties as the new Head of Europol’s European Cybercrime Centre (EC3 as of January 18 2016). Since its launch in January three years ago, EC3 has seen a steep increase in its activities supporting cybercrime investigations in EU Member States. The demands for its services are boosted by the positive effects of pooling cyber intelligence and resources to fight the most impactful cybercrime networks at EU level and also in close coordination with key law enforcement authorities from partners outside the EU.
14 January 2016
With 2016 now up and running, developments in the industry continued at a pace this week.
In Europe, the telecoms market was in focus, with two Committees at the European Parliament calling for the market to be regulated by a single authority moving forwards. The Committee on Industry, Research and Energy and Committee on the Internal Market and Consumer Protection made the recommendation in a motion tabled for a new European Parliament resolution on the subject of the EU's work towards a digital single market.
Once again this week, cyber-security issues took centre stage alongside cyber privacy updates. From a cyber-security perspective, the news of note was the announcement that EU ministers have called this week for greater intelligence sharing in order to prevent extremist groups slipping across borders in order to carry out attacks. Ministers urged for concrete commitments to be established at talks on Monday, with the Belgian Foreign Minister Didier Reynders admitting much more must be done on the issue. "Intelligence services must get used to not only collecting information, but to sharing it," he told reporters on the sidelines of the talks, which were attended by more than 50 countries.
Cyber privacy developments were many and significant. The key European headlines this week regarding this issue included the ECHR announcement that companies can now monitor employees private online communications whilst they are using work networks. The issue has gathered pace following the case of a Romanian engineer who was fired in 2007 after his company discovered he was using Yahoo Messenger to chat not only with his professional contacts, but also with his fiancee and brother.
Furthermore, the ECtHR this week dealt a blow to not only Hungary’s surveillance practices, but in a move which could have wide ranging consequences for similar policy frameworks across the continent, took issue with the lack of parliamentary oversight and means for judicial redress within Hungary’s current surveillance programme.
In the US, net neutrality issues featured heavily, with announcements this week that House Republicans will resume their nearly yearlong effort to nibble away at the edges of the Federal Communications Commission's (FCC) Internet rules. Also generating considerable coverage with regards to the subject, President Obama touted his administration’s strong net neutrality rules but also alluded to a need to blunt the spread of terrorism online during his final State of the Union address on Tuesday. In a portion of his speech meant to highlight the spirit of discovery in the United States, the president pointed to agency wins aimed at getting more people online and protecting the Internet through net neutrality rules.
In other news, cyber-security concerns were expressed by tech executives in the US this week, with several key industry figures telling Congress that the U.S. Government needs to spend more on cybersecurity if it wants to avoid breaches like the Office of Personnel Management hack that released sensitive data on 21.5 million Americans. This was followed by news that both the Department of Education and the Security Operations Center (SOC) (responsible for the securing the U.S. Nuclear Regulatory Commission's (NRC) network infrastructure) are currently not sufficiently robust to meet the escalating cyber threats the U.S faces. This is a problem which continues to rumble on in the U.S. and it is likely to gain further traction and scrutiny as 2016 unfurls.
Finally in the U.S., it was reported this week that the Obama administration is poised to unveil its long-term policy vision on encryption amid a global debate sparked by the recent terror attacks in Paris and San Bernardino. The issue is currently extremely highly contested with privacy advocates urging the Government to take a strong stand in favor of encryption technologies, which protect online policy. Contesting this, the FBI and other law enforcement agencies have called for guaranteed access to all encrypted communications. It remains unclear at this stage where the administration will settle on this issue, but the reveal is expected soon in the form of an official policy statement, expected to outline the Administration’s views on what role the government should — or shouldn’t — play in regulating encryption.
Asian developments were relatively few and far between this week, though news of note included the announcement that Telecoms and IT ministers from Asean nations have agreed on further co-operation to develop the region’s digital economy. The ministers approved a five-year IT roadmap (Asean ICT Masterplan 2020 - AIM2020) to 2020 in November during the 15th Asean Telecommunications and Information Technology Ministers Meeting (Asean TELMIN 2015) in Vietnam. The guidelines are aimed at driving the digital economy in Asean countries in the next 5 years.
Updates also of note included the Indian Congress seeking a ‘clear and categorical’ statement from the Indian Government in support of net neutrality this week. Also from an Indian perspective, it was determined this week in the Global Service Location Index from management consultancy AT Kearney that India remains the prime global location from which to deliver offshore ICT services.
On a somewhat lighter note, internet users in Qatar will be presumably rubbing their hands in glee this week following the Qatar Cabinet’s announcement that it has approved a draft privacy law aiming to protect residents against spam messages via email or on mobile phones. Further developments with this legislation are anticipated for the coming weeks and months, but internet users globally are likely to take a keen interest in this story as inboxes everywhere chug along under the continuing burden of spam.
As for other global developments, this week witnessed the launch of a website SecureTheInternet.org by a coalition of hundreds of technologists, privacy advocates and industry groups calling on governments worldwide to reject any policy that could infringe on people’s ability to use robust encryption.
Finally, the results of ISACA’s poll of 2,920 information technology professionals across 121 countries in order to determine their top security concerns, views on government-industry threat information exchange and IT talent recruitment efforts at their organizations, resulted in IT professionals ranking social engineering, insider and advanced persistent threats as their organizations’ most pressing concerns for 2016. Sixty-three percent of the respondents polled said they oppose the idea of governments having backdoor access to private data systems and 83 percent said they are in favor of data breach notification policies for businesses, ISACA reported.
7 January 2016
This week’s update sees a relatively subdued start to 2016, with industry slowly emerging into the new year.
In Europe, developments were predominantly focused on the issue of cyber-security, with a range of stories featuring from across the continent. Of prominence was the announcement from the Netherlands that the Dutch Government will not follow the trend of weakening encryption for security purposes, and instead endorse the “importance of strong encryption for internet security to support the protection of privacy for citizens, companies, the government and the entire Dutch economy,”. With China and the US also considering the balance of introducing similar legislation such as seen recently through the Draft Investigatory powers Bill in the UK, 2016 will present an interesting space to watch for developments regarding encryption.
In a privacy context, he independent European data protection supervisor (EDPS) announced this week it is due to set up an external ethics advisory group to address concerns over surveillance technologies. The move was announced by EDPS head Giovanni Buttarelli. Significantly, he called for enclusive Europe-wide and global co-operation on the issue and recommended a review and bolstering of existing European Union (EU) standards for the protection of human rights.
In the US, cyber-security and cyber-privacy also dominated the headlines, with two security stories being of particular interest. The first of those being that a quasi-governmental U.S. electric industry group last week advised members to review network defenses following reports regarding a cyber-attack which resulted in 80,000 customers of a Western Ukraine utility provider losing service for 6 hours.
Secondly, and of equal note, Washington Governor Jay Inslee this week signed an executive order to create a state Office of Privacy and Data Protection, and announced cybersecurity collaboration with the U.S. Department of Homeland Security. The move is targeted at ensuring the state’s office of cyber-security will work even more closely with Homeland security in order to find new ways for states to "defend against increasingly sophisticated and targeted cyber threats."
From a privacy angle, it was revealed this week that despite previous promises made to curb spying on the leaders of U.S. allies, the White House has persisted in keeping tabs on some heads of state, including the Israeli Prime Minister, Benjamin Netanyahu. Sources quoted stated that President Obama had offered a justification for the activities concerned as a matter of “compelling national security purpose”.
In Asia, net neutrality was high on the agenda, with a row erupting in India over the recently introduced Free Basics initiative by Facebook. The TRAI has set a deadline of February 7th for the submission of views related to the service, notably however, the campaign has engendered increased activity from net neutrality campaigners in the country both on and off line.
Also of considerable interest was China’s passing of new legislation in the form of a new anti-terrorism law, legislation which had been previously opposed by business groups, President Obama and human rights organisations. The new law will require companies to turn over user data and assist Chinese police or security agents with decryption in terrorist investigations and related cases.
Elsewhere, and of note, BIMCO released the first set of cyber-security guidelines for the global shipping industry and Zimbabwe announced plans to start a new project to support adoption of research data management and sharing services among government, universities and research institutions as part of its plans to pave the way for a nationwide open access mandate.
Finally, from a Global Institution perspective, the European Parliament this week informally agreed to replace the EU Data Protection Directive from 1995 with new comprehensive privacy legislation called the General Data Protection Regulation backed by 48 votes to 4, with 4 abstentions. Once ratified, the GDPR will become law in 2018 across all 28 EU Member States and will take over from the current laws EU Member States implemented in order to comply with the data protection requirements set out in the Directive.
23 December 2015
The report this week focuses on looking at the opportunities and challenges that 2016 may present in the ICT sector.
In Europe, it was reported this week that Russia faces a considerable issue with it’s cyber-security environment, with businesses in the country forecast to lose almost US$ 1 bn (70 billion rubles £662 million) from cyber-attacks this year and this figure is expected to continue to grow in the near future.
In other news, technology giant Apple has called upon the UK government to rethink the draft Investigatory Powers Bill. The company has submitted an eight-page-long document outlining it’s opposition to the draft bill as it is currently composed. In its current form, the Bill, if passed, would make it obligatory for ISPs to keep users’ browsing history for a year, as well as give the police backdoors to any of their services.
In the US, cyber-security related headlines gained prominence, with the announcement this week that the Pentagon is considering stepping up its cyber warfare against the Islamic State in Iraq and Syria (ISIS). According to several unnamed U.S. officials, Government hackers have created a slate of tools that could be deployed to sabotage the extremist group’s online recruitment efforts.
Furthermore, encryption featured heavily once again this week in the US news sources, with several news releases suggesting that debates around encryption, national security and privacy are likely to continue to heat up next year.
A particularly quiet week from a Pan-Asian perspective, with the news of note being that China will continue to take on bigger responsibilities and push for new rules in the cyber sphere following the conclusion of the World Internet Conference in Wuzhen.
Elsewhere, developments of interest included the temporary shut-down of communications app ‘WhatsApp’ in Brazil, the admission of responsibility by Anonymous regarding the DDos attacks on Turkish servers and finally, the announcement from Ovum that 2016 will witness in excess of $37 billion spent on cyber-security measures/protection globally.
Finally, developments of interest related to Global institutions this week witnessed ITU members agree an international standard for Big Data as well as agreement forged within the UN to keep control of the internet out of the hands of international governments, at least for the next decade, following the World Summit on the Information Society (WSIS).
10 December 2015
In Europe this week, internet governance featured prominently with the European Commissions announcement of a new proposal for the European copyright framework. Specifically, the new framework is geared towards enabling residents of the EU to access legal digital content whilst traveling outside the country they live in.
Also of significance on a Pan-European level this week, EU lawmakers and member states struck a deal on the bloc's first broad cyber-security law to affect multiple industry sectors. The provisionally agreed legislation will dictate that companies operating in multiple key sectors will have to ensure that the digital infrastructure that they use is sufficiently secure to withstand online attacks. Similarly, major digital marketplaces, search engines, and cloud services will be required to ensure that their infrastructure is robust, and to report major breaches if/when they occur. Under the framework smaller digital companies are due to be exempt from these requirements.
In the US, cyber privacy issues came to the fore, with US president Barack Obama hinting at the possibility of adopting a stronger stance against encryption laws. Whilst addressing the nation in response to the San Bernadino tragedy, President Obama stated he would urge high-tech leaders to make it harder for terrorists to use technology to escape from justice.
Cyber-security developments witnessed an announcement from the US Defence Department that the organisation is seeking industry advice and support as it seeks to embark on a modernisation programme related to its Global Command and Control System. In addition to this, another cyber-security update of note was the delay experienced by the US administration as it seeks to implement legislation geared towards thwarting hack attacks. Lawmakers have continued to clash over how best to protect Americans personal information with a final compromise on the legislation taking longer than expected amid disagreements over privacy provisions.
Finally, issues of net neutrality received wide coverage, with the Federal Communications Commission (FCC) in court again this week to defend the controversial net neutrality regulations it introduced in June this year. This is now the third occasion on which the agency has been required to defend rules it has developed.
In Asia, China came under pressure to defend its internet governance regulations this week ahead of the Inaugural World Internet Conference organised by the state. This week, in the build up to the Conference, China's cyber chief rejected criticism that the country's Internet was overly censored, arguing instead that maintained order was a means to online freedom. This year, the Chinese government is upping the scale of the event, to be held from Dec. 16-18, which will include a speech by President Xi Jinping and be attended by prime ministers from Russia, Pakistan, Kazakhstan, Kyrgyzstan, and Tajikistan.
From a cyber-security perspective it was reported this week that cyber-attacks are becoming an increasing concern for Asean countries, with businesses and governments in Southeast Asia increasingly likely to be a target for cyber criminals, according to a report from security supplier FireEye and Singapore-headquartered telco Singtel. On a similar note, it was also reported that online cyber security breaches in China have skyrocketed more than 500% in the previous 12 months according to the recently published PricewaterhouseCoopers (PwC) Global State of Information Security Survey 2016. The report detailed that the average financial loss incurred by China as a result of such cyber-crime rose by 10%, in stark contrast to the rest of the world, which witnessed a 5% drop in financial losses due to cyber-crimes.
Elsewhere, it was announced that an international operation involving Europol, Interpol, the US department of homeland security, the US National Cyber Investigative Joint Taskforce, the FBI, Microsoft and other private sector organisations has targeted the Dorkbot botnet. The ambition has been to disrupt the Dorkbot infrastructure, including command and control servers in Asia, Europe, and North America, including the seizure of domains.
Furthermore, the International Chamber of Commerce (ICC), Business Action to Support the Information Society (BASIS) urged global stakeholders this week to acknowledge that cyber security standards must be globally accepted, industry led and recognized by the broadest community possible. The statement was made during a session on cyber security and digital trust at the Internet governance forum (IGF) in João Pessoa, Brazil.
Finally, the US EU Cyber Dialogue meeting which took place this week witnessed a commitment from both bodies to continue working in collaboration on cyber security and internet governance issues amongst other things. Of particular note was the announcement of a pledge to continue implementing the NETmundial roadmap on multi-stakeholder Internet governance.
03 December 2015
This week global coverage of the IT sector broadened away from a previously heavy focus on cyber-security, which had been dominating headlines in recent weeks following the events in Europe.
From a European perspective, Internet Governance featured heavily with The European Commission announcing it will be considering a comprehensive plan to support the ‘Internet of Things’ by mid-2016.
Also on a Pan-European level, it has been announced that Europe's police agency, Europol, is getting new powers to combat terrorism, cyber-crime and other cross-border threats following the Paris attacks in November.
Other big news this week, was the announcement that Google has received 348,085 'forget' requests in Europe following a European court ruling that people have a right to be forgotten online. It has since emerged that Google complied with less than half of the requests, citing that decision making was based on a criteria intended to balance privacy with the right of public knowledge.
In the US, cyber security related developments took precedence, with the major announcement being that US and Chinese officials have begun talks aimed at improving cooperation on commercial cyber espionage investigations. It represents the first official cybersecurity dialogue between the two nations in almost two years.
In what has proved to be a challenging week for Google, a prominent US privacy group. The Electronic Frontier Foundation, has lodged a complaint against the company with the Federal Trade Commission. This followed accusations of Google collecting and using the personal information of students in the US contrary to a pledge it reluctantly signed earlier this year.
Linked to this, the debate between the US Government and major technology companies surrounding privacy and encryption rumbled on this week. In the latest developments, during a hearing held by the House Judiciary Committee on Email Privacy Act, Google along with tech and legal advocates voiced support for the Email Privacy Act and expressed opposition to the Securities and Exchange Commission's (SEC) request for exemption from the bill. In contrast to this stance, the privacy bill amending the Electronic Communications Privacy Act of 1986 is supported by more than 300 members of the House of Representatives.
Meanwhile, in Asia, the APrIGF Multi-Stakeholder Steering Group (MSG) announced it is calling upon the ICT community to contribute to the programme development of APrIGF 2016 Taipei. This engenders an opportunity for 3I to engage with the body, to discuss and shape a range of issues, one of which is Internet Governance regulation. Following on the theme of Internet Governance, Taiwan and the United States held their first ‘digital economy forum’, during which officials from both sides met to discuss policies regarding digital trade and the establishment of regulatory environments to enable digital development.
Finally, in cyber-security related updates it was announced this week that China has arrested the suspected OPM hackers, those accused of breaking into the United States Office of Personnel Management databases. The move was meant as a show of good faith ahead of increased dialogue between the two states on issues of cyber-security and espionage.
Elsewhere, sizeable developments included the publication of the ITU’s flagship annual ‘Measuring the Information Society Report’ for 2015. The report, released on the 30th of November gives an overview of global information society developments. Another story of note is the publication of a report by the International Institute for Strategic Studies which accuses the global policy community of being slow to appreciate the strategic implications of cyber space. The ‘Evolution of the cyber domain: The implications for national and global security’ says the cyber domain needs to be better understood and the subject of greater strategic focus.
26 November 2015
This week cyber security issues continued to pervade the majority of European news coverage following the recent events in Paris and more lately, Brussels.
Following the attacks in Paris, France is extending the state of emergency in place to three months, enabling new legislation granting the Government the powers to carry out searches of any seized devices and block websites of choice.
Elsewhere in Europe, the UK Government has committed an extra £1.9 billion to be spent on cyber-security by 2020, and Belgium has joined the NATO Cooperative Cyber Defence Centre of Excellence.
Finally, in a targeted effort to combat terrorism at a Pan-European level following the recent attacks across the continent, the European Union has announced plans to increase controls on virtual currencies, prepaid cards and money remittances.
Developments in the US witnessed the establishment of a new national counterintelligence strategy, designed to outline a plan for detecting, mitigating and preventing potential cyber-attacks.
Net neutrality also featured highly in this week’s media coverage, with the FCC’s network neutrality regulations and enforcement measures coming under intense scrutiny,
With regards to cyber privacy, the ongoing battle over encryption between major tech companies and the US Government rolled on. In the wake of the Paris attacks, US officials are once again pushing for limits on encryption and meeting resistance from key industry stakeholders.
On a Pan-Asian level, Internet governance was on the agenda, with preparations underway for Wuzhen, a town in the Zhejiang province of China due to hold the hold the second World Internet Conference (WIC) from Dec 16 to 18. It is anticipated that approximately 12,000 leading figures from governments, international organizations, companies and civil societies will attend, with the theme being "An Interconnected World Shared and Governed by All—Building a Cyberspace Community of Shared Destiny".
In cyber-security developments, China and the US announced they have reached ‘meaningful commitments’ to one another in an attempt to cut down on the trade- secret theft and pilfering of Intellectual Property which China has been renowned for.
Meanwhile, according to the Robert Walters Asia Job Index Q3 2015, the demand for cyber-skills across Asia remains high, with the region’s developing IT infrastructure generating significant growth in this particular employment market.
Elsewhere, Iran is said to have ramped up its cyber espionage activities, namely targeting the US and it’s cyber infrastructure following the historic nuclear agreement reached between the two states recently. Analysis suggests the activity signals a marked shift in cyber strategy for Iran, with an increasing focus on espionage as opposed to cyber-attacks.
Finally, select members of the UN this week are having closed door meetings in preparation for the high level summit due to take place in December, with 190 countries scheduled to meet at the UN to determine the ‘future of the internet’. The summit in December is a planned ten year review of policies for global internet deployment, including issues such as internet governance and the ‘digital divide’.