Special Section: breaking news from the Georgetown Cybersecurity Law Institute (our regular summary appears below)
Georgetown's Cybersecurity Law Institute opens this morning with discussions of legal and regulatory frameworks. We'll be expanding our summaries with tomorrow's and Friday's issues, but early speakers have stressed the multinational regimes companies effectively operate under, the importance of data discovery and a sound assessment of the value enterprises have at cyber risk, managing exposure to third-party risk, and corporate organization for effective cyber security.
Today's regular daily summary starts here.
THE CYBERWIRE (Wednesday, May 21, 2014) — More details concerning the US indictment of Chinese military personnel on charges of industrial cyber espionage emerge. The enterprises targeted (for the most part big ones) proved surprisingly vulnerable to social engineering: the principal route into their systems was phishing. The PLA hackers were also allegedly hired and tasked by Chinese government-owned companies, who thereby contracted out their own industrial espionage.
The Chinese government continues to express outrage, both in public denials of espionage and (paradoxically) tu quoque attacks on American policy: "you're hypocrites; you do it too."
The (very unequal) Russo-Ukrainian conflict gives rise to an interesting if implausible information operations campaign. Russia publishes stories (supported by photos) of US "mercenaries" conducting anti-Russian operations inside Ukraine. The US denies any such involvement, pointing out that the photos appear to be of police and National Guard working during Hurricane Katrina.
A warning has appeared in eBay sites advising users to change their passwords. It's still unclear, however, what to make of this, and how serious any breach might be (if there's actually been a breach at all).
The US Department of Homeland Security announces that an unnamed American public utility's control network has been hacked, but without disruption to its operations.
In industry news, Proofpoint buys automated incident response provider NetCitadel. Congratulations to Lunarline, Tenable, and Duo Security, all of whom receive awards.
The US Congress advances surveillance reform legislation, but privacy advocates remain dissatisfied. Congress also considers legislation designed to help the Department of Homeland Security hire cyber talent.
Today's edition of the CyberWire reports events affecting Bahrain, Belgium, China, France, Iran, Kuwait, Oman, Qatar, Russia, Saudi Arabia, Ukraine, the United Arab Emirates, the United Kingdom, and the United States.
The CyberWire is published daily, Monday through Friday, except for US holidays. Format and summary copyright Pratt Street Media LLC. To subscribe and to manage your subscription, visit our sign-up page. Follow us on Twitter @thecyberwire.
Cyber Trends (7)
Cyber Events (27)
Cyber Attacks, Emerging Threats, and New Vulnerabilities
Products, Services, and Solutions
Technologies, Techniques, and Standards
Design and Innovation
Research and Development
Legislation, Policy, and Regulation
Litigation, Investigation, and Law Enforcement
For a complete running list of events, please visit the event tracker on the CyberWire website.