In this article we give a wrap-up of four recent events in the cyber and data breach space, both locally and internationally.
Australia-China cybersecurity agreement
On 24 April 2017, the Government announced its plan to work alongside China towards enhancing cybersecurity cooperation between the two countries. The agreement follows a meeting between Prime Minister Turnbull and China’s Premier Li Keqiang, where the issue of cyber-enabled intellectual property threats was raised.
Moving forward, both countries will focus on cooperating to prevent the cyber-enabled theft of trade secrets and confidential business information. They will also work towards establishing mechanisms to tackle cyber-crime and prevent threats that have created problems for Australia and China in the past.
Notably, these measures will prevent hacking scandals, such as the 2015 hacking of the Australian Bureau of Meteorology by Chinese attackers. Further, both countries have agreed to act in accordance with the standards established by the UN Group of Governmental Experts on Cyber.
The plan signals that Australia is moving in the same direction as the US, who signed a similar agreement with China in 2015, where the two Governments aimed to establish a ‘high level joint dialogue mechanism’ on fighting cybercrime and related issues.
Introduction of harsher sanctions to Singapore’s cybersecurity law
Earlier in April, Singapore amended its Computer Misuse and Cybersecurity Act (CMCA) to include harsher sanctions for using hacked personal information. Significantly, there are two key amendments to the Act, which has now makes it illegal to:
- deal with personal information obtained from a cybercrime that contravenes the CMCA; and
- deal in tools that have the capability to commit a CMCA offence.
The reach of the CMCA has now extended beyond Singapore, with overseas offences falling under the ambit of the CMCA if they are deemed to have potential to create serious harm in Singapore. Further, the CMCA now allows prosecutors to combine a series of cybercriminal acts related to one computer into a single charge, if all the attacks occurred over a one-year period. This enables greater penalties to be attached to the offence.
The changes are an appropriate response to the rise of complex cyberattacks in Asia. It also reflects Singapore’s move to keep up with more stringent laws adopted by neighbouring countries, where criminal sanctions are attached to more serious cyber offences.
Given the impending release of a standalone Cybersecurity Act later this year, the amendments signal Singapore’s progressive approach towards cybercrime.
ACSC Survey highlights 60% of companies suffer from impact of cyber incidents
Last week, the Australian Cyber Security Centre released the results of its 2016 Cyber Security Survey. The survey was conducted on 113 participants and aims to explore cyber security attitudes and experiences across private and government organisations. The report stipulates that 60% of organisations surveyed had felt a “tangible impact” on their business after an attempted cyber compromise. In circumstances where there was a successful cyber compromise, the level of impacted companies rose to 82%.
This survey reveals that although most cyber incidents are of relatively low severity, there are still negative consequences that impact organisations. The most affected areas relate to resources and staff productivity, with more than half of the organisations requiring extra time to recover from cyber incidents. Of concern is the fact that 35% of organisations that experience a cyber compromise have had their staff prevented from doing their work as a result.
The findings of the survey reiterate the importance of adopting a proactive stance to prevent any potential cyber compromises.
US Cybersecurity executive order “close” to release
The US Government stated the release of a US Cybersecurity Executive Order (EO) was “close and nearby”. The cybersecurity EO is anticipated to be intertwined with innovation as the two initiatives are seen to be closely aligned.
Currently, the contents of the EO have not been clearly specified. However, during the Georgetown Conference on Cyber Engagement on April 24 2017, the White House Cybersecurity Coordinator, Robert Joyce, outlined three key priorities the EO will seek to address:
- the EO will focus on protecting federal IT systems, specifically, its ability to recover information from a serious data breach;
- there will also be a movement towards modernising parts of the Government’s IT infrastructure through the introduction of shared services, which will allow smaller government agencies to meet more stringent cybersecurity standards; and
- the EO will also seek to create strategies to prevent other countries from attacking the US through “malicious use of cyber”. Joyce notes that the US will seek to increase partnerships with other countries that focus on cyber, in order to improve shared security.
Undeniably, the US Cybersecurity EO will have a notable impact on the way other countries shape their respective strategies in the future.