bill

now browsing by tag

 
 

Singapore #passes new #Cybersecurity Bill: Here’s what you #need to #know before it comes into #force

Source: National Cyber Security News

The Singapore Parliament passed the much discussed Cybersecurity Bill (the Bill) on 5 February 2018 and it is anticipated that the new law will come into force soon.  The new law creates a regulatory framework for the monitoring and reporting of cybersecurity threats to essential services in Singapore through the appointment of the Commissioner of Cybersecurity.  It also creates a licensing regime that will require certain data security service providers in Singapore to be registered.

We set out below four key points that you should know about this new Bill.

1. Creation of a cybersecurity regulator

The Bill provides for the appointment of a Cybersecurity Commissioner (the “Commissioner”) as a regulator for the sector.

The Bill confers on the Commissioner significant powers to respond to, and prevent, cybersecurity incidents affecting Singapore. These powers include the powers of investigation such as the power to examine persons, require the production of evidence and to seize evidence. In addition, where satisfied that a cybersecurity threat meets a certain specified severity threshold, the Commissioner may require a person to carry out remedial measures or to cease certain activities.  These powers apply to all computer or computer systems in Singapore and are not limited to only Critical Information Infrastructure (CII) which is described in further detail below.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Far-reaching #cyber-security #Bill not uncommon in other #countries, say #Singapore experts, #industry players

Source: National Cyber Security – Produced By Gregory Evans

Singapore is not alone in proposing a far-reaching Bill to beef up cyber security, said experts, even as it wins the support of stakeholders following a recently concluded public consultation on the issue.

Concerns about the Cyber Security Agency (CSA) of Singapore’s far-reaching powers had surfaced during the consultation. Firms must surrender any information requested when CSA investigates a suspected cyber attack, as its proposed Bill would take precedence over bank and privacy rules that prohibit data sharing.

Convinced that Singapore should not have it any other way, lawyer Gilbert Leong, senior partner at Dentons Rodyk & Davidson, said: “The far-reaching Bill is justifiable in the light of the potential damage from state-sponsored cyber espionage.”

CSA’s powers, like those of the police, are calibrated and are strictly meant to keep the lights on for essential services, Mr Leong said.

In announcing on Monday (Nov 13) its decision to keep most of its proposed ideas in the Bill, CSA responded to public feedback received during the consultation, and said the designation of a computer as critical information infrastructure would no longer be an official secret under the Official Secrets Act.

The proposed Bill, to be tabled for debate in Parliament next year, also mandates that owners of critical information infrastructure, such as those in banking, telecom and energy sectors, report security breaches and attacks “within hours”.

Similar mandatory data breach reporting requirements have been in place in the US, Europe, Japan, Australia and South Korea for years.

Mr Shlomo Kramer, founder and chief executive officer of Israeli cyber-security start-up Cato Networks, said Singapore is, in fact, playing “catch-up” with these nations in this respect.

“Such regulation will move the needle in a positive way and make organisations feel accountable,” said Mr Kramer, who also co-founded what was the first firewall solutions provider Check Point in 1993.

He spoke to The Straits Times three weeks ago when he was in Singapore to meet local cyber-services resellers ViewQwest and Quann.

Checks and balances – which are included in the proposed Bill – prevent the abuse of disclosed information, Mr Kramer noted. For instance, CSA officers may be held criminally liable if they are found to have misused the information.

Mr Bryce Boland, chief technology officer for Asia-Pacific at cyber-security firm FireEye, said laws are generally stronger in countries with a high dependence on technology. Thus, the far-reaching aspects of Singapore’s cyber-security Bill could be compared to similar laws in the United States and Britain, said Mr Boland.

Said lawyer Koh Chia Ling from law firm OC Queen Street: “The general global trend is that countries are enacting such laws and Singapore is essentially doing the same.”

Mr Jack Ow, technology partner at law firm RHTLaw Taylor Wessing, said Germany, the Czech Republic and China have similar cyber-security regimes. “The loss or compromise of such computers and computer systems could adversely affect national security or public health, safety and order,” said Mr Ow.

Technology lawyer Bryan Tan of Pinsent Masons MPillay said that debates are ongoing in the United States just like they have taken place in Singapore, arising from an ever-growing tension between security and privacy.

Referring to preserving privacy in the US, he added: “All bets are off when it comes to fighting terror or a national security issue – no one will compromise.”

Owners of critical information infrastructure said the Bill is necessary. They are waiting to work out implementation details with CSA and their sectors’ regulators.

A spokesman for telco Singtel said: “The risk of cyber-security breaches is growing, especially now as Singapore pursues its ambition to become a Smart Nation.”

An M1 spokesman said: “It is important that the powers under the Bill are exercised reasonably.”

Meanwhile, such stringent reporting requirements are not new to the banking sector.

Mr Patrick Chew, OCBC Bank’s head of operational risk management, said: “Under the Technology Risk Management Guidelines introduced in 2013, financial institutions in Singapore are already required to notify our regulator as soon as possible of any critical system failures arising from (technology) and cyber security incidents.”

The post Far-reaching #cyber-security #Bill not uncommon in other #countries, say #Singapore experts, #industry players appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

His backpack got stolen in San Francisco. Then he got a hospital bill for $52,310.

Source: National Cyber Security – Produced By Gregory Evans

His backpack got stolen in San Francisco. Then he got a hospital bill for $52,310.

It’s well documented that emergency room surgeries can be shockingly expensive.

That fact was driven home recently for one Daly City man who got a call from the billing department of Seton Hospital asking if he needed help paying off a $52,310 bill for an emergency room medical procedure.

The man was floored; he’d gotten no such procedure and had no idea what the hospital employee was talking about.

The problems began when the man’s backpack was stolen from a car parked in San Francisco, according to Daly City Police Sgt. Ron Harrison.

“In his backpack he had credit cards, passports, a bunch of stuff,” Harrison said.

The victim set up an Equifax fraud alert and was alerted to some fraudulent activity shortly after the theft, then thought the problems were behind him.

Then he got the call from the hospital. Apparently, the thief used the victim’s identity to get the expensive surgery on Sept. 2 and stuck him with the bill.

“It’s something new — you don’t see that very often,” said Harrison. “Usually with identity theft you see people fill a bunch of vehicles with gas, buy goods, electronics.”

Harrison said the victim won’t be responsible for paying for the surgery, but the hospital may be stuck with the cost. The exact nature of the surgery was not disclosed.

Police ask anyone with information on the suspect to call their anonymous tip line at (650)-873-2467 and reference Daly City Police Case No. 17006868.

The post His backpack got stolen in San Francisco. Then he got a hospital bill for $52,310. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

New #bill could let #companies #retaliate against #hackers

Source: National Cyber Security – Produced By Gregory Evans

New #bill could let #companies #retaliate against #hackers

– A new proposed bill could make it legal for companies to retaliate against hackers.

Dubbed the “hack back” bill, it was introduced last week to allow businesses to hack the hackers who’ve infiltrated their computer networks.

Called the Active Cyber Defense Certainty (ACDC) Act, it amends the Computer Fraud and Abuse Act anti-hacking law so a company can take active defensive measures to access an attacker’s computer or network to identify the hackers, as well as find and destroy stolen information. It was introduced by two U.S. Representatives, Tom Graves, a Georgia Republican, and Kyrsten Sinema, an Arizona Democrat.

“I’ve heard folks say this is like the Wild West what we might be proposing, but in fact it’s not,” Graves told CNN Tech’s Samuel Burke in an interview. “We are already dealing with the Wild West and there’s a lot of outlaws out there but we don’t have a sheriff, we don’t have a deputy and all we were asking for is a neighborhood watch.”

But security experts warn the legislation could have serious consequences if passed.

According to digital forensics expert Lesley Carhart, the fundamental problem with the idea is that a majority of organizations who would want to hack back aren’t qualified to do so responsibly. It often takes a long time to correctly identify who was responsible for a hack.

“In cybercrime and in nation state attacks, there are often lots of attempts to mislead and confuse researchers analyzing the attack timeline or malware,” Carhart said. “A savvy bad guy could fairly easily emulate an innocent third party, and draw down the wrath of unskilled analysts on them.”

One way researchers place blame on a person or group for a hack is by looking at the evidence left in code. For example, researchers found similarities between the WannaCry code and malware created by Lazarus group, a hacking operation that has been linked to North Korea, earlier this year. Intelligence agencies later connected the country to the massive ransomware attack.

But it’s not uncommon for hackers to spoof that evidence and try and trick analysts into thinking it came from somewhere else, such as putting code from known hacking groups, or innocent third-parties, into their malware.

The bill says active defense measures could only be taken inside the U.S., which means it would have limited benefit. A majority of attacks are based outside the country or route their attacks through servers overseas so it looks like they’re coming from overseas, said Amanda Berlin, author of the Defensive Security Handbook.

Companies would also be required to alert the National Cyber Investigative Joint Task Force, an organization led by the FBI, before trying to hack their hackers. The agency could also review active defensive measures before they’re taken.

The FBI and other law enforcement agencies are already involved in investigating and prosecuting cybercrime. They work closely with major security firms and companies impacted by breaches. However, a relatively low number of businesses in the private sector report ransomware, a common and lucrative cyberattack.

Carhart says poking around in a hacker’s network could impede law enforcement investigations and court proceedings by potentially contaminating evidence.

The FBI defense review also introduces some thorny foreign retaliation issues. Kristen Eichensehr, assistant professor at UCLA School of Law, explained in Just Security, a national security publication.

“The FBI’s participation in the review process may trigger the U.S. government’s international legal responsibility for actions of private actors,” she wrote.

However, some firms already engage in hacking back, despite the illegality. Graves said the bill could put some parameters on that behavior.

“Word on the street is many companies are already doing some of these things,” Graves told Burke in an interview. “They know, you know, and I know that they are doing is illegal. What we would be doing is bringing clarity to what some might already be doing and what tools might be successful.”

He also said he hopes additional tools will be developed by the security community that can protect people from hackers.

Some experts believe resources may be better spent elsewhere than through retaliation. According to Berlin, companies should invest in their existing infrastructure to prevent hacks in the first place.

“So many corporations get the basics wrong, or skip steps to spend money on some fancy blinky box that’s supposed to protect them from everything,” Berlin said.

This year’s most serious hack was not sophisticated. Equifax failed to patch a software hole despite a fix existing for months before hackers compromised data on 145.5 million people.

To keep systems secure, Berlin advised companies to remove non-essential machines from direct internet access, and patch early and often to prevent hackers from exploiting known holes. If something can’t be updated or fixed, it should be separated from other networks.

Experts warn that hacking back could also hurt innocent third-parties.

Consider Mirai, a massive botnet that turned connected home devices into an army of zombie computers controlled by one attacker. If a company was attacked by a botnet like Mirai and tried to hack back, they could be hitting an innocent family’s network connected to a security camera, instead of the real person behind the attack.

“I’m afraid it will take us back to ancient Babylon and Hammurabi code which called for an eye for an eye and a tooth for a tooth,” said Bassel Ojjeh, cofounder and CEO of security firm LigaData. “And everyone at this rate will go blind.”

The post New #bill could let #companies #retaliate against #hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CYBERSECURITY BILL TAKES AIM AT VULNERABILITIES IN MEDICAL DEVICES

Source: National Cyber Security – Produced By Gregory Evans

On July 27, U.S. Senator Richard Blumenthal (D-CT) introduced the Medical Device Cybersecurity Act of 2017, a bill that CHIME supports. The legislation, S.1656, would make the cybersecurity capabilities of medical devices more transparent to providers, clarifies expectations concerning security enhancements and maintenance of medical devices and establishes a cybersecurity…

The post CYBERSECURITY BILL TAKES AIM AT VULNERABILITIES IN MEDICAL DEVICES appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Proposed ‘Hack Back’ Bill Would Help Companies Hunt Down Hackers

Source: National Cyber Security – Produced By Gregory Evans

Proposed ‘Hack Back’ Bill Would Help Companies Hunt Down Hackers

Today’s topics include a Georgia congressman looking to breathe new life into a controversial proposed hack back bill; Google adding new anti-phishing features to Gmail; IBM and Cisco joining forces to integrate threat intelligence to improve cyber-security; and Microsoft partners readying Windows mixed reality headsets in time for the holidays….

The post Proposed ‘Hack Back’ Bill Would Help Companies Hunt Down Hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

This Bill Would Allow Hacking Victims to Hack Their Attackers

Source: National Cyber Security – Produced By Gregory Evans

This Bill Would Allow Hacking Victims to Hack Their Attackers

Call it a Stand Your Ground law for cyberspace. A Republican congressman is floating a bill that would make it legal for victims of hacker intrusions to hack back against the attacker, the first move to legalize any form of computer intrusion since the federal Computer Fraud and Abuse Act…

The post This Bill Would Allow Hacking Victims to Hack Their Attackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Former tech adviser to Bill Gates raises $2M for cybersecurity startup that discourages hackers

Source: National Cyber Security – Produced By Gregory Evans

Former tech adviser to Bill Gates raises $2M for cybersecurity startup that discourages hackers

Cybersecurity company Polyverse has raised $2 million in a new round of funding to continue building out its “moving target defense” platform. What is moving target defense, you ask? Polyverse CEO Alex Gounares, who previously served as CTO of AOL, corporate vice president at Microsoft and technology advisor to Bill Gates, explains it well. It can be related to, of …

The post Former tech adviser to Bill Gates raises $2M for cybersecurity startup that discourages hackers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

ETHICAL HACKERS RAISE MONEY TO HELP REPEAL BILL REDUCING INTERNET PRIVACY

Source: National Cyber Security – Produced By Gregory Evans

ETHICAL HACKERS RAISE MONEY TO HELP REPEAL BILL REDUCING INTERNET PRIVACY

A UTD group called Ethical Hackers is donating the profits from its first annual fundraiser to protest a federal bill overturning previous Federal Communications Commission regulations protecting consumer privacy. On …

The post ETHICAL HACKERS RAISE MONEY TO HELP REPEAL BILL REDUCING INTERNET PRIVACY appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Local lawmakers introduce bill for child sexual abuse task force

Sen. John Grabinger, D-Jamestown, and Rep. Bernie Satrom, R-Jamestown, are sponsoring a bill that would create a task force on preventing sexual abuse of children and reporting recommendations for legislation.

Senate Bill 2342 was introduced by Grabinger and had a hearing in the Human Services Committee on Jan. 30. No vote or other action has been taken since.

The task force would gather information concerning child sexual abuse throughout the state, receive testimony and reports from individuals, state and local agencies and organizations, and create goals for state policy that would prevent child sexual abuse during the 2017-2018 interim period. The task force would submit a final report with recommendations to the governor and legislative management, which is a group of legislators who determine interim studies and committee memberships.

Read More

The post Local lawmakers introduce bill for child sexual abuse task force appeared first on Parent Security Online.

View full post on Parent Security Online