NEW Report: The global rise of ransomware & Australia’s policy options | Tech Firms buy COVID vaccines for Taiwan | Biden and Merkel to discuss cyber-security this week
Follow us on Twitter. The Daily Cyber Digest focuses on the topics we work on, including cyber, critical technologies & strategic issues like foreign interference.
While cybercrime is huge in scale and diverse in form, there’s one type that presents a unique threat to businesses and governments the world over: ransomware. A new policy report by ASPI's International Cyber Policy Centre argues the current policy vacuum makes Australia an attractive market for these attacks, and ransomware is a problem that will only get worse unless a concerted and strategic domestic effort to thwart the attacks is developed. ASPI
Taiwan is struggling with the pandemic, short on vaccines and locked in a geopolitical fight with China over access to the shot BioNTech SE co-developed with Pfizer Inc. Now, in a twist, two of the world’s most important technology players—who also happen to be Taiwan’s two best-known homegrown companies—are stepping in to buy millions of BioNTech doses on behalf of the Taiwanese government. The Wall Street Journal
President Joe Biden is slated to discuss an array of pressing issues with German Chancellor Angela Merkel this week, in what may be her last trip to Washington after nearly 16 years at the helm of Europe’s largest economy... Biden and Merkel are also expected to discuss an alarming number of cyberattacks that have shown the potential of reaching across multiple industries and international borders. CNBC
ASPI ICPC
Exfiltrate, encrypt, extort - The global rise of ransomware and Australia’s policy options
ASPI
@rachael_falk @ALBrownAus
While cybercrime is huge in scale and diverse in form, there’s one type that presents a unique threat to businesses and governments the world over: ransomware. A new policy report by ASPI's International Cyber Policy Centre argues the current policy vacuum makes Australia an attractive market for these attacks, and ransomware is a problem that will only get worse unless a concerted and strategic domestic effort to thwart the attacks is developed. Our recommendations include arguments for greater clarity about the legality of ransomware payments, increased transparency when attacks do occur, the adoption of a mandatory reporting regime, expanding the official alert system of the Australian Cyber Security Centre (ACSC), focused education programs to improve the public’s and the business community’s understanding and, finally, incentivising cybersecurity uplift measures through tax, procurement and subsidy measures. We also recommend the establishment of a dedicated cross-departmental ransomware taskforce, which would include state and territory representatives, that would share threat intelligence and develop federal-level policy proposals to tackle ransomware nationally.
If your company is held hostage, should you pay the ransom? - ABC News
‘An attractive market’: policy vacuum on ransomware attacks leaves Australia vulnerable - The Guardian
Cyber crims target attacks on parents working from home - The West Australian
‘Real and present danger’: Government considers making company directors personally liable for cyber attacks - The Sydney Morning Herald
Canada imposes national-security risk assessments for researchers seeking federal funds
The Globe and Mail
@RobertFife @stevenchase
The federal government is imposing new mandatory national-security risk assessments on funding requests from university researchers to protect Canadian intellectual property from falling into the hands of foreign governments and their proxies..The federal government has been criticized for partnering with Huawei Technologies to fund computer and electrical engineering research at Canadian universities. A few years ago, a study by the Australian Strategic Policy Institute found that Canada had become the third-largest destination for scientists affiliated with the Chinese military.
Read our report Picking Flowers Making Honey here.
Australia
China
China drafts new cyber-security industry plan
Reuters
China's Ministry of Industry and Information Technology said on Monday it has issued a draft three-year action plan to develop the country's cyber-security industry, estimating the sector may be worth more than 250 billion yuan ($38.6 billion) by 2023.
China to order Tencent Music to give up music label exclusivity
Reuters
@teamlipei
China's antitrust regulator is set to order the music streaming arm of Tencent to give up exclusive rights to music labels which it has used to compete with smaller rivals, two people with knowledge of the matter said on Monday.
China Plans Security Checks for Tech Companies Listing Overseas
The New York Times
@zhonggg
China moved on Saturday toward requiring domestic tech companies to submit to a cybersecurity checkup before they can go public on overseas stock exchanges, a step that would close the regulatory gap that allowed the ride-hailing giant Didi to list shares on Wall Street last week without getting a clean bill of digital health from Beijing.
USA
Artificial Intelligence in the Intelligence Community: Money is Not Enough
Just Security
The USICA, a $200 billion proposal, dramatically expands federal government support for technological growth and innovation, and strengthens U.S. national competitiveness.. However, having spent the last 20 years in the U.S. government, 15 of them in the Intelligence Community (IC), I believe that without a visible, concerted effort to revisit current budget, acquisition, risk, and oversight frameworks – led by the Director of National Intelligence (DNI) and IC leadership – the IC will not be able to effectively identify, develop, and incorporate in real-time the technological advances needed to keep its competitive edge, regardless of how much USICA money comes its way.
The US needs a 'Digital Marshall Plan' to counter China's Digital Silk Road
The Hill
@OritFrenkel @j_a_hillman
The pandemic drove home that America’s future is digital. But with more people on the web than any other country, China has aspirations to be the global internet leader, remaking cyberspace in its own image. China’s Digital Silk Road ($200 billion and growing) has become an increasingly important part of its larger Belt and Road Initiative. When China sells its equipment to middle-income and developing countries, their governments receive the tools to censor and control the internet while leaving their networks vulnerable to Chinese government cyber theft and interference. The Digital Silk Road also gives China a sufficiently dominant market share in many markets to set the technical standards to favor Chinese products over all others.
Biden and Merkel to discuss Afghanistan, cybersecurity and Nord Stream pipeline this week
CNBC
@amanda_m_macias
President Joe Biden is slated to discuss an array of pressing issues with German Chancellor Angela Merkel this week, in what may be her last trip to Washington after nearly 16 years at the helm of Europe’s largest economy... Biden and Merkel are also expected to discuss an alarming number of cyberattacks that have shown the potential of reaching across multiple industries and international borders.
Senate unanimously approves Jen Easterly to lead DHS cyber agency
The Hill
@magmill95
The Senate on Monday unanimously approved the nomination of Jen Easterly to serve as director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency.
North-East Asia
Tech Firms to Buy Covid-19 Vaccines on Behalf of Taiwan’s Government
Wall Street Journal
@chao_deng @joyuwang
Taiwan is struggling with the pandemic, short on vaccines and locked in a geopolitical fight with China over access to the shot BioNTech SE co-developed with Pfizer Inc. Now, in a twist, two of the world’s most important technology players—who also happen to be Taiwan’s two best-known homegrown companies—are stepping in to buy millions of BioNTech doses on behalf of the Taiwanese government.
Russian hackers hit US and Europe. Is Asia the next target of a Massive Attack?
South China Morning Post
The region has a high instance of automated attacks, though despite accusations from the US, China is more victim than perpetrator. With Japan, Australia and the Philippines hosting most of the regional bad guys, it may be time for an IT clampdown.
South-East Asia
Ransomware and botnets among top cyber threats in Singapore
Computer Weekly
Singapore’s cyber threat landscape was dominated by the proliferation of ransomware, botnet drones and phishing attacks last year as threat actors capitalised on the anxiety and fear wrought by the pandemic.
South and Central Asia
Chinese investors miss out on record year for Indian tech fundraising
The Financial Times
Chinese investors have effectively been cut out of India’s tech sector, leaving the field clear for US and European venture capitalists in what is shaping up to be a record year of fundraising for the country’s start-ups.. While tech giants such as Alibaba and Tencent were previously among the most influential investors in India’s fast-growing start-up scene, they have been largely sidelined by regulation introduced last year in response to rising tensions between India and China.
UK
Jesus College, Cambridge, urged to cut ties with China
The Times
@LOS_Fisher
The Times has revealed that the college, which produced a controversial “white paper” on global communications reforms, accepted £200,000 from a Chinese government agency and £155,000 from Huawei. Jesus College hinted last night that it could sever its connections with China.
UK’s trade chief Liz Truss seeks closer ties with tech firms in US visit
Politico
@g_lanktree
Britain's Trade Secretary Liz Truss is headed to the United States for a five-day visit where she'll try to forge new ties with the country's tech giants.
Boris Johnson condemns racist abuse of England players
The Telegraph
@imctagga
The social media giants whose users abused players within minutes of the match ending have faced pressure to take action. Tory MP Tom Tugendhat condemned tech companies for allowing the racist abuse to be published on their platforms, saying that firms have "algorithms that target ads to you but won’t stop the racist abuse against some exemplary young men".
Europe
Yellen to Press Europe on Digital Tax Plan Following G-20 Accord
Bloomberg
@chrisjcondon @WHorobin @aoifewhite101
U.S. Treasury Secretary Janet Yellen will press European Union officials in Brussels this week to reconsider their plan to propose a digital levy after securing the Group of Twenty’s endorsement for the principles of a global corporate-tax agreement.
The Americas
Cuba clamps down on social media and internet access as protests spread
The Record
@johnnysaks130
In an effort to quell a historic show of popular dissent against Cuba’s communist dictatorship, the Cuban government throttled internet access across the country on Sunday and Monday.
Middle East
Jordan’s government used secretly recorded Clubhouse audio to spread disinformation
Rest of World
@telliotter
When Clubhouse started taking off earlier this year, some users worried that sensitive conversations on the social audio app might be secretly recorded for nefarious purposes. In places like Saudi Arabia and Hong Kong, people were increasingly using Clubhouse to discuss taboo political topics, sparking concerns that authorities could be listening in. Now, researchers say that fear has come true.
Misc
Google boss Sundar Pichai warns of threats to internet freedom
BBC
@amolrajanon
The free and open internet is under attack in countries around the world, Google boss Sundar Pichai has warned. He says many countries are restricting the flow of information, and the model is often taken for granted.
Events
ASPI Webinar: Exfiltrate, encrypt, extort: The global rise of ransomware & Australia's policy options
ASPI ICPC
Please join us online on Tuesday 13 July at 5.30pm AEST for the launch of the ASPI International Cyber Policy Centre’s latest report on the global rise of ransomware and Australia’s policy options.
Indigenous Cyber and Digital Skills Conference
ASPI’s IndigiCyber, Defence and Space Program
This half-day conference will canvas a range of curriculum and engagement initiatives in cyber-security and STEM as well as government and industry responses to both support those already in work, and to attract diverse candidates. What can defence, and defence-related sectors, do to support the next generation of technology champions?
23 Jun 2021 at 9:00 am - 1:00 pm AEST
ASPI Webinar: In-Conversation with Marietje Schaake
ASPI ICPC
SPI's International Cyber Policy Centre is delighted to invite you to an in-conversation with Marietje Schaake, President of the Cyber Peace Institute, the International Policy Director at Stanford's Cyber Policy Center and International Policy Fellow at Stanford’s Institute for Human-Centered Artificial Intelligence. Join Fergus Hanson for an online ‘fireside chat’ with Marietje focusing on technology, democracy and the question of accountability. They will discuss how democracies can cooperate amidst rising authoritarianism and the privatised governance of technologies. They will also consider the rule of law and how it relates to the oversight of existing and emerging technologies.
27 July 2021 at 5:00 pm - 6:00 pm AEST
Research
Effective state practices against disinformation: Four country case studies
Hybrid CoE
@jeangene_vilmer
States and civil societies have been taking many initiatives to counter disinformation in recent years. However, not all of them can be said to be effective. This Hybrid CoE Research Report is focused on the issue of effectiveness, from the perspective of state-actors only, through the means of country case studies from Sweden, Canada, the United Kingdom, and France.
Jobs
ICPC Senior Analyst or Analyst - Information operations & disinformation
ASPI ICPC
ASPI’s International Cyber Policy Centre has an outstanding opportunity for a talented and proactive senior analyst or analyst to join its centre. The successful candidate will work with a small, high-performing team to produce original research and analysis centred around policy responses to information operations and disinformation by state and non-state actors. They will also work with senior staff in the centre to engage globally with governments, social media and Internet companies.
ICPC Analyst or Senior Analyst - Cyber & technology
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for an exceptional cyber-security or technology focused analyst or senior analyst to join its centre in 2021. This role will focus on policy relevant cybersecurity analysis, informed public commentary and either original data-heavy research and/or technical analysis. Analysts usually have around 7-15 years work experience. Senior analysts usually have a minimum of 15 years relevant work experience and tend to be involved in staff and project management, fundraising and stakeholder engagement.
ICPC Senior Analyst or Analyst - China
ASPI ICPC
ASPI’s International Cyber Policy Centre (ICPC) has a unique opportunity for exceptional and experienced China-focused senior analysts or analysts to join its centre. This role will focus on original research and analysis centred around the (growing) range of topics which our ICPC China team work on. Our China team produces some of the most impactful and well-read policy-relevant research in the world, with our experts often being called upon by politicians, governments, corporates and civil society actors to provide briefings and advice. Analysts usually have at least 5 years, often 7-10 years’ of work experience. Senior analysts usually have a minimum of 15 years relevant work experience and, in addition to research, they take on a leadership role in the centre and tend to be involved in staff and project management, fundraising and stakeholder engagement.