We live in an age where, unfortunately, it is essential for us all to be adequately protected from the various dangers we, and our devices and networks, may encounter online. In order to combat these cyber threats, the cyber security industry is working tirelessly to try and outpace those that may wish to do harm to us or our technologies. In this series of articles, we'll be looking at what cyber security is overall, what the threats we face are, and how we could overcome the challenges we face using various different cutting-edge technologies currently in development. Cyber security is a term that encompasses an extremely large area of operations within nearly every industry on the face of the planet. Since the digital revolution began over twenty years ago, the way we both do business and go about our daily lives has transformed immeasurably.
An ongoing failure to act with "meaningful sense of purpose or urgency" in the face of threats posed by cyber criminals and hackers puts critical national infrastructure at unnecessary risk from cyber attacks, a UK Parliamentary committee has warned. The UK experienced a taste of the damage that cyber attacks can cause when the global WannaCry ransomware outbreak took down large portions of the National Health Service in 2017, causing disruption to hospitals and patients across the country. Meanwhile, a recent warning from the National Cyber Security Centre (NCSC) suggested that hostile states will attempt deadly cyber attacks against the UK that threaten loss of life and other major consequences. Despite these threats, the general public still only has a "limited appreciation" of what could be the "devastating" results of a major cyber attack against critical national infrastructure such as energy, health services, transport or water, according to a new report from the UK Parliament's Joint Committee on the National Security Strategy. The problems go to the very top, the report says: despite the growing and evolving threat to the UK's critical national infrastructure, the country lacks the political leadership required to face the issue.
The Chinese telecoms giant Huawei is to spend $2bn (£1.5bn) in an effort to alleviate British security services' concerns about vulnerabilities in its products, capping a torrid week for the firm. In July, a British government centre established to verify the integrity of Huawei's technology warned that it had security concerns about the company's technology and could only provide "limited assurance" that risks to national security had been mitigated. On Thursday BT confirmed it was removing Huawei equipment from key areas of its 4G network over concerns about the Chinese firm's presence in critical telecoms infrastructure. Both Huawei and the government declined to dispute the details of reports in the Financial Times and Reuters that the firm intends to make the investment in an effort to address concerns over national security risks. These included technical problems which limited security researchers' ability to check internal product codes and concerns about the security of third-party components.
Today's security teams are tasked with protecting critical embedded, IT, and business systems from a growing number of cyber threats, some of which can mutate to expose vulnerabilities and evade traditional defense mechanisms. In this interview with Amir Husain, Founder and CEO of SparkCognition, he addresses the shortcomings of traditional security technologies against advanced attacks, such as Stuxnet, and reveals how artificial intelligence (AI) can augment the expertise of security professionals equipped with limited resources. With all the attack vectors in the Internet of Things (IoT), what is the biggest challenge security teams face? HUSAIN: The challenge is enormous and actually has two dimensions. First, attacks are becoming more sophisticated and the likelihood is increasing that an attack that has never been seen before will target physical infrastructure.
With the impending summer effective date of China's Cyber Security Law (the Law), the Cyber Administration of China (the CAC) issued clarifying draft "Inspection Measures on Network Products and Services" (the Draft, available here) on February 4, 2017. We previously discussed the Law here and provide details about the Draft. The Draft focuses on safety certification and inspections, as well as the obligations of "critical information infrastructure operators" (CIIOs) to undergo certain inspections. The Draft's focus on security inspection began with CAC's network security self-inspection initiative for critical information infrastructures, announced in July 2016 (official report available here). Comments on the Draft -- to the extent made public -- will help inform this important administrative process.