Organizations quite often spend millions of dollars on deploying various technologies on cybersecurity to defend against data breaches. Despite that, devastating hacking continues to occur. Let's not forget the breaches at Target, Sony, Home Depot, along with the recent theft of millions of dollars from a Bangladesh bank by attacking financial transaction network SWIFT and the many examples of ransomware in news headlines this year. Does it mean that the technology is not advanced enough to outwit hackers? The race between security professionals and hackers seems to be a never-ending game, and hackers are seemingly always ahead in this race.
Businesses and governments will need to relook their approach to cybersecurity in order to cope with the current technology landscape, and this may mean changing their country's legislation and law enforcement capabilities. Singapore, for instance, had been reassessing the way it addressed cybersecurity and identifying areas that needed to be tweaked, according to its Minister of Home Affairs and Minister for Law K Shanmugam. He pointed to the country's National Cybercrime Action Plan, which aimed to coordinate local efforts in deterring, detecting, and disrupting such activities. Speaking at the RSA Asia-Pacific Conference 2016 this week, Shanmugam further underscored the need to focus on prevention as well as establish a speedy and strong response to cybercrime. The local legal framework also must be able to facilitate efforts in this area, he said, adding that industry collaboration should be encouraged as the ability to combat cybercrimes would have to come from a shared responsibility.
Guidance from the National Highway Traffic Safety Administration for improving motor vehicle cybersecurity has attracted criticism from lawmakers who said that mandatory security standards were required. "This new cybersecurity guidance from the Department of Transportation is like giving a take-home exam on the honor code to failing students," said Senators Edward J. Markey, a Democrat from Massachusetts, and Richard Blumenthal, a Democrat from Connecticut, who are both members of the Commerce, Science and Transportation Committee. "In this new Internet of Things era, we cannot let safety, cybersecurity, and privacy be an afterthought," the senators added. On Monday, NHTSA released a document, titled "Cybersecurity best practices for modern vehicles," that laid out the agency's "non- binding guidance" to the automotive industry for improving motor vehicle cybersecurity. Markey and Blumenthal introduced in July last year in the Senate the Security and Privacy in Your Car Act, also known as the SPY Car Act, which would direct the NHTSA and the Federal Trade Commission to establish federal standards for vehicles made for sale in the U.S. that would protect them from unauthorized access to their electronic controls or data collected by electronic systems.
For years, the US government's offensive hacking operations were kept in dark shadows, neither acknowledged nor discussed. That changed with the discovery of Stuxnet in 2010--a computer sabotage operation reportedly conducted by the US and Israel to destroy machines used in Iran's once-illicit nuclear program. Stuxnet was the first US digital sabotage operation to be exposed, but it's not the first government hacking operation ever conducted. Documents leaked by Edward Snowden in 2013 shone a light on a vast underground operation conducted by the NSA's Tailored Access Operations team (TAO), responsible for what the government refers to as computer network exploitation and computer network attacks. Those may sound similar, but there are important differences between them.
Alex Gibney: I have a habit, I guess, of going in after big stories and trying to find out a little bit more about them; doing a deeper dive. Sometimes, in the kind of of relentless 24-hour news cycle, a simple and easy narrative develops and then you just move on without understanding the broader implications. It seemed to me this story had legs. Gibney: To really take stock of this idea that it was a crossing of the Rubicon, as [former director of the NSA and CIA] Michael Hayden said. It's a kind of a moment that changed everything, that launched us into a new era.