Total Pageviews

Friday, March 31, 2017

Donald Trump intends to extend by one year the Executive Order 13694

Interpol - "Cybercriminalité"

Interpol - "Cybercriminalité" - 2017 - Brochure de 12 pages. 
Dans ce document Interpol distingue deux catégories de criminalité liées aux TIC: la cybercriminalité et la criminalité facilitée par Internet. 
On peut y lire également que "jusqu’à présent, la cybercriminalité était principalement le fait d’individus ou de petits groupes. Aujourd’hui, INTERPOL constate l’apparition de réseaux de cybercriminalité d’une grande complexité qui réunissent, en temps réel, des individus de tous pays pour perpétrer des infractions d’une ampleur sans précédent."  Vraiment? Le cybercrime n'est-il pas organisé en gros réseaux d'assez longue date? Ne parlait-on pas du cybercrime organisé russe et chinois il y a dix ans déjà? Les hackers n'ont-ils pas une tradition de coopération internationale depuis bien des années?  

Sajda Qureshi "The forgotten awaken: ICT’s evolving role in the roots of mass discontent"

Sajda Qureshi, "The forgotten awaken: ICT’s evolving role in the roots of mass discontent", Information Technology for Development, 2017, Vol.23, n°1, pp.1-17. Full text...

About "key terrain" in cyberspace

Applegate, Scott Douglas, Christopher L. Carpenter, and David C. West. “Searching for Digital Hilltops: A Doctrinal Approach to Identifying Key Terrain in Cyberspace.” Joint Force Quarterly, no. 84 (1st Quarter 2017): 18-23. 

The proposed definition of "key terrain'" is : "Any locality, or area, the seizure or retention of which affords a marked advantage to either combatant". According to the author of this article, the "key terrain" is different from the notion of "critical asset", defined as "a spacific entity that is of such extraordinary importance that its incapacitation or destruction would have a very serious, debilitating effect on the ability of a nation to continue to function effectively". 

Thomas Rid, Hearing on Disinformation: A Primer in Russian Active Measures and Influence Campaigns"

Thomas Rid, Hearing on "Disinformation: A Primer in Russian Active Measures and Influence Campaigns", US Senate, March 30th, 2017.

Prepared Statement of GEN (Ret) Keith B. Alexander on Disinformation: A Primer in Russian Active Measures and Influence Campaigns

Opening speach.

Thursday, March 30, 2017

Disinformation: A Primer in Russian Active Measures and Influence Campaigns


Witnesses:
Panel I
Eugene Rumer, Director of Russia and Eurasia Program, Carnegie Endowment for International Peace. He previously served as the National Intelligence Officer for Russia and Eurasia from 2010-2014.
Roy Godson, Professor of Government Emeritus at Georgetown University. From 1993-2015, he also served as President of the National Strategy Information Center.
Clint Watts, Senior Fellow, Foreign Policy Research Institute Program on National Security
*Other witnesses may be added
Panel II:
Kevin Mandia, Chief Executive Officer, FireEye
General (Ret.) Keith Alexander, Chief Executive Officer and President, IronNet Cybersecurity.  He previously served as Director of the National Security Agency and Chief of the Central Security Service.

Wednesday, March 29, 2017

Hearing on The Promises and Perils of Emerging Technologies for Cybersecurity

Hearing on The Promises and Perils of Emerging Technologies for Cybersecurity, EPIC Letter to US Senate, March 22, 2017

A Borderless Battle: Defending Against Cyber Threats - by GEN (Ret) Keith B. Alexander

"A Borderless Battle: Defending Against Cyber Threats" - by GEN (Ret) Keith B. Alexander, Statement before the United States House of Representatives Committee on Homeland Security,  March 22, 2017, 8 pages. 

Saturday, March 25, 2017

Cyber Security : job opportunities

* PRI is seeking an individual with expertise in corporate cyber security policies and practices to undertake data analysis and a summary report of findings and recommendations for engagement on behalf of the Principles for Responsible Investment. Detailed Information. Deadline for application: April 7, 2017

* NATO Cooperative Cyber Defence Centre of Excellence, Internship opportunity in Public Relations in Spring 2017. Detailed Information. Deadline for application: April 3, 2017

Thursday, March 23, 2017

Etats-Unis: projet de budget 2018 et place de la cybersécurité

Le 16 mars 2017 l'administration Trump a publié un budget prévisionnel 2018, qui donne déjà une idée des grandes lignes de dépenses (et d'économies) pour les mois à venir. 
Le projet procède par réductions, coupes dans le financement de quantité de programmes et organismes jugés trop peu efficaces ou comme ne devant pas relever des budgets de l'administration. Pratiquement tous les ministères sont touchés par ces mesures, sauf le Département de la Défense. La cybersécurité est l'un des axes qui bénéficiera de budgets conséquents, mais elle n'apparaît pas spécifiquement mise en avant, du moins à la lecture de ce seul document. 

Understanding Russian "Hybrid Warfare" - RAND Corporation

Understanding Russian "Hybrid Warfare", by Christopher S. Chivvis, RAND Corporation, Testimony presented before the House Armed Services Committee on March 22, 2017, 12 pages. According to the author, Russia's hybrid warfare is a mix of information operations, cyber, proxies, economic influence, clandestine measures, and political influence. 

Monday, March 20, 2017

Des cyber-opérations pour contrer le programme de missiles nord-coréen?

Le New York Times a publié le 6 mars dernier un article soulevant la question suivante: les Etats-Unis sont-ils en mesure de paralyser le programme de missiles nord-coréen, en ayant recours à des cyberopérations agressives?  Certains observateurs virent dans les quelques échecs rencontrés par le programme coréen au cours de ces derniers mois (missiles qui explosent en vol) l'efficacité de l'action américaine. Mais d'autres tests coréens ont été menés à bien, et ont remis en cause la croyance en l'efficacité de la stratégie cyberoffensive américaine. Existe-t-elle seulement? Les Etats-Unis sont-ils capables d'enrayer le programme de missiles à l'aide de cyberattaques ? Utilisent-ils les mêmes méthodes que celles déployés contre le programme nucléaire iranien il y a de cela quelques années? 

The Australia–US Cyber Security Dialogue

Tobias Feakin, Liam Nevill and Zoe Hawkins, "The Australia–US Cyber SecurityDialogue", ASPI Special Report, 20 pages, March 2017. 
Contents: cyber cooperation in the Asia-Pacific, fighting cybercrime in the Asia-Pacific, Australia-US cyber cooperation... 

Cybersécurité - Courrier du Département de l'Energie au Président Trump

Quand le Comité à l'Energie et aux Ressources Naturelles du Sénat s'inquiète des futurs projets d'executive order. Le Comité souhaite que lorsqu'il s'agit de la cybersécurité du Département de l'Energie, ce dernier assure lui-même sa cybersécurité, et que la tâche ne soit pas confiée au DHS ou à quelque autre agence. Voir la lettre adressée au Président, en date du 14 mars 2017.  

Saturday, March 18, 2017

Common challenges in combating cybercrime - Eurojust / Europol

"Common challenges in combating cybercrime"  - Eurojust / Europol,  13 March 2017, 14 pages. Document

Joint Meeting of the Horizontal Working Party on Cyber Issues (capital level) and the JHA Counsellors (COPEN)

Council of the European Union. Joint Meeting of the Horizontal Working Party on Cyber Issues (capital level) and the JHA Counsellors (COPEN). 22 March 2017. Topics: Cyber Threat Landscape - emerging trends, EU Cyber Security Strategy review - state-of-play and future steps, Common challenges to LEA and judiciary in combatting cybercrime, Carrier Grade NAT - exchange of good practices, Digital Object Architecture - cyber risks, Joint EU Diplomatic Response to Cyber Operations (Cyber Toolbox), Prevention and cyber awareness. 

Call for Papers - Cyber Risks and Insurance

Call for Papers - "Cyber Risks and Insurance", The Geneva Association is pleased to announce a special April 2018 issue of The Geneva Papers on Risk and Insurance - Issues and Practice. Submission deadline: 12 May 2017. More details...

Wednesday, March 15, 2017

Undermining Democratic Institutions and Splintering NATO: Russian Disinformation

Prepared Testimony and Statement for the Record of Toomas Hendrik Ilves, Bernard and Susan Liautaud Visiting Fellow, Center for International Security and Cooperation, Freeman-Spogli Institute for International Studies, President of Estonia 2006-2016, At the Hearing on “Undermining DemocraticInstitutions and Splintering NATO: Russian Disinformation”. Before the House Foreign Affairs Committee, March 9, 2017, 9 pages. 

Federal Information Security Modernization Act of 2014, Annual Report to Congress, Fiscal Year 2016


Publication par les autorités américaines du rapport annuel présentant l’état d’avancement de la mise en application de la loi FISMA de 2014 (Federal Information Security Modernization Act of 2014). Cette loi a pour objectif de moderniser l’administration et les agences gouvernementales sur le plan de la cybersécurité. 

Thursday, March 9, 2017

Wednesday, March 8, 2017

Maintaining U.S. Leadership on Internet Governance - Megan Stifel

Maintaining U.S. Leadership on Internet Governance - Megan Stifel, February 2017, 6 pages

China's Cybersecurity Law

KPMG propose un aperçu de la législation chinoise en matière de cybersécurité, dans un document très synthétique (16 pages) publié en février 2017, intitulé "Overview of China's Cybersecurity Law". L'utilité du document réside dans le travail de mise en lumière des quelques différences qu'offre la nouvelle version de la loi par rapport aux textes juridiques qui l'ont précédée. Mais le rapport ne propose aucune analyse, aucune lecture critique. Dommage. 

The ACM Turing 50th Celebration Conference - China

The ACM Turing 50th Celebration Conference. May12 - 14, 2016, Shanghai, China. 
Une liste de thèmes et de mots-clefs impressionnante pour cette conférence. Les organisateurs ne sauraient-ils cibler davantage leur objet d'étude? Cette pratique est désormais courante dans le monde, mais cela ne rend pas les programmes nécessairement plus attractifs. 

Sergey Lavrov and cybersecurity political issues

Lire la retranscription d'un récent discours (18 février 2017) de Sergey Lavrov, Ministre des Affaires Etrangères russe, où il est entre autres points, question de cybersécurité et cyberespionnage. Le Ministre russe renvoie les américains à leurs responsabilités: ils auraient ignoré les nombreuses demandes de dialogue lancées par Moscou, accuseraient sans preuves la Russie, etc. 

Vault 7

Le site WikiLeaks a mis en ligne un ensemble de documents, regroupés sous le titre "Vault 7: CIA hacking tools revealed". Accès aux documents

Plusieurs articles résument ce qu'il faut retenir des contenus exposés. En voici quelques uns, intéressants car synthétiques: 
- Sur le site Nextimpact
- Sur le site du Washington Post
- Article du New York Times
- Sur Security Affairs

Colloque - Le cadre juridique applicable aux traitements de données à caractère personnel

Colloque - Le cadre juridique applicable aux traitements de données à caractère personnel. Université Lille 2, 28 avril 2017. Programme, inscription. 

Colloque - Des logiciels à tout faire ? Les algorithmes d’aide à la décision en matières médicale et judiciaire

Colloque - Des logiciels à tout faire ? Les algorithmes d’aide à la décision en matières médicale et judiciaire. 29 mars 2017, Nantes, Maison de l'Avocat. Programme, inscription.  

Traitement algorithmique des activités humaines : le sempiternel face-à-face homme/machine

"Traitement algorithmique des activités humaines : le sempiternel face-à-face homme/machine", Céline Castets-Renard, Cahiers Droit, Sciences & Technologies, p.239-255, 2016

Cyber Strategy & Policy: International Law Dimensions

"Cyber Strategy & Policy: International Law Dimensions". Testimony Before the Senate Armed Services Committee, Matthew C. Waxman, Liviu Librescu Professor of Law, Columbia Law School Co-Chair, Columbia Data Science Institute Cybersecurity Center, March 2, 2017, 6 pages. 

Monday, March 6, 2017

Statement of GEN (Ret) Keith B. Alexander on Cyber Strategy and Policy

Prepared Statement of GEN (Ret) Keith B. Alexander on Cyber Strategy and Policy before the Senate Armed Services Committee, March 2, 2017, 5 pages. 

Cyber Deterrence - Statement Before the Armed Services Committee, United States Senate

Cyber Deterrence - Statement By Dr. Craig Fields Chairman, Defense Science Board And Dr. Jim Miller Member, Defense Science Board Former Under Secretary of Defense (Policy), March 2, 2017, 9 pages

Martin Libicki Testimony presented before the House Armed Services Committee on March 1, 2017.

Singapour - nouvelle organisation de cyber défense

Singapour annonce la création d'une nouvelle entité de cyberdéfense au sein de ses forces armées (DCO - Defence Cyber Organization), venant compléter l'organisation actuelle (Cyber Security Operations Centre 2.0 initiative; Cyber Defence Operations Hub...) Le DCO comptera 2600 hommes, et sera organisé en 4 composantes: la Cyber Security Division (opérationnel), le Policy and Plans Directorate (développer les capacités), le Cyber Security Inspectorate (évaluer les vulnérabilités), le Cyber Defence Group.  Plus d'information... 

Horizon 2020 Sécurité et SHS: journée d'information 27 mars 2017

Horizon 2020 Sécurité. Matinée d'information. Lundi 27 mars 2017. Paris. "Appels d'Horizon 2020 Sécurité avec SHS prépondérantes".  Interventions sur les thèmes: cybercriminalité, criminalité financière, frontières, vie privée, identité numérique, etc. 

Avant-programme et inscriptions.

Scénarios pour un monde d'objets connectés: mieux vaut en rire?

"I think we all find it comfortable if our refrigerators re-order milk in the future, … but it might be disturbing of the milk starts ordering refrigerators after a hack attack.” (source de la citation, page 7).

Les compteurs électriques "intelligents" surestiment largement la consommation réelle des foyers. Selon une étude menée par l'Université de Twente (Pays-Bas). 

Saturday, March 4, 2017

ICCWS 2018 - Call for Papers

ICCWS 2018 - Call for Papers. Abstracts submission deadline: 17 August 2017. Topics: cyber warfare, cyber crime, cyber defence, etc. The conference will be held in Washington DC, USA. 

UCLAN Conference on cybercrime

UCLAN Conference on cybercrime, 3-4 July 2017, Lancashire, UK. Abstract submission deadline: 30th April 2017. 

ICCCIS 2017 - Call for Contributions

ICCCIS 2017: 19th International Conference on Cyber Crime and Information Security. May 25-26, 2017, London. Call for contributions: deadline March 20, 2017. 

Cyber Security Summer School - Estonia - July 10-14, 2017

Cyber Security Summer School - Tallinn, Estonia - July 10-14, 2017. 

A main focus on this year's Cyber Security Summer School will be social engineering. With experts from all faculties, including computer science, law, criminology, forensics and psychology, the Summer School tries to give an impression on how and why social engineering works, how to prevent social engineering and how to find evidence for social engineering attacks. 
Cyber Security Summer School 2017 is organised by Information Technology Foundation for Education (Estonia), Tallinn University of Technology (Estonia), Ravensburg-Weingarten University of Applied Sciences (Germany), the University of Adelaide (Australia), the University of Tartu (Estonia), and supported by Estonian Ministry of Education and Research. 

Ecole d'été Defence Security Cyber (DSC) 26-29 juin 2017

Ecole d'été Defence Security Cyber 26-29 juin 2017. L’Initiative d’Excellence (IdEx Bordeaux) et le Forum Montesquieu de l’université de Bordeaux organisent en juin 2017 la troisième session de l’International Summer School « Defence Security Cyber » (DSC). Programme, inscriptions...

Thursday, March 2, 2017

AJIC Call for Submissions: 2017 Thematic Section on Cyber Security

AJIC Call for Submissions: 2017 Thematic Section on Cyber Security. The African Journal of Information and Communication (AJIC) is seeking submissions for a 2017 Thematic Section on Interdisciplinary Cyber Security Studies. 

Submission deadline: 30 April 2017

Submissions: Submit to Dr Kiru Pillay: kiru2010@gmail.com

Text of the call

Peter W. Singer Hearing on “Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities”

Peter W. Singer Hearing on “Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities”, Before the House Armed Services Committee March 1, 2017, 13 pages

Stratégie nationale de cybersécurité 2017-2022 - Pologne

La Pologne a publié sa nouvelle stratégie nationale de cybersécurité, pour la période 2017-2022. Le document est disponible ici (Strategia Cyberbezpieczeństwa Rzeczypospolitej Polskiej na lata 2017 - 2022) 

«Section 702 of the Foreign Intelligence Surveillance Act», Testimony of Jeff Kosseff

« Section 702 of the Foreign Intelligence Surveillance Act », Testimony of Jeff Kosseff, The United States House of Representatives Judiciary Committee, March 1, 2017, 12 pages. 

Cyber-Resilience: Seven Steps for Institutional Survival

"Cyber-Resilience: Seven Steps for Institutional Survival", by William Arthur Conklin et Dan Shoemaker, EDPACS Journal, pp.14-22, March 2017.  
Le thème de la résilience est d'actualité, à la mode dirons-nous, venant ainsi ajouter aux longs débats sur la dissuasion ou l'attribution. 

An Uneven Playing Field: The Advantages of the Cyber Criminal vs. Law Enforcement-and Some Practical

"An Uneven Playing Field: The Advantages of the Cyber Criminal vs. Law Enforcement-and Some Practical", SANS Institute, 2002, 17 pages. Cet article qui date de 2002 évaluait la nature du déséquilibre existant entre cybercriminels et forces de police et justice, à l'avantage des premiers. Le texte pourra être relu à la lumière de 15 années d'expérience. Force est de constater que les quelques recettes formulées alors, et toujours d'actualité, pour limiter la puissance de la cybercriminalité, n'ont guère porté leurs fruits (les statistiques font chaque année état d'une hausse exponentielle du crime): former les personnels de la justice, de la sécurité, des directions; adapter la loi; coopération (public-privé, mais aussi au sein des institutions et divers niveaux de l'organisation des Etats, du pouvoir central aux régions; sensibilisation du public...) 

Wednesday, March 1, 2017

Speech TALLINN MANUAL 2.0 – Minister Koenders

Discours du Ministre Koenders (13 février 2017) à l'occasion de la parution du Manuel de Tallinn version 2.0 (publié par Cambridge University Press). " ... cyberspace is not simply a jungle, where the strong do what they want and the weak suffer what they must. The law applies there just as it does elsewhere. Especially in times of tension and conflict, the law should not be silent."

"Cyberspace in Peace and War" by Martin Libicki

"Cyberspace in Peace and War" by Martin Libicki, Naval Institute Press, 2016, 496 pp. Reviewedby: David Benson

The Convergence of Information Warfare

"The Convergence of Information Warfare", by Martin Libicki, Strategic Studies Quarterly, Spring 2017, pp.49-65. 
Abstract: If information technology trends continue and, more importantly, if other countries begin to exploit these trends, the US focus on defeating a cyberwar threat will have to evolve into a focus on defeating a broader information warfare threat. It is far less plausible to imagine a cyber attack campaign unaccompanied by other elements of information warfare—in large part because almost all situations where cyber attacks are useful are those which offer no good reason not to use other elements of information warfare. Thus the various elements of information warfare should increasingly be considered elements of a larger whole rather than separate specialties that individually support kinetic military operations.

Five Kinds of Cyber Deterrence

"Five Kinds of Cyber Deterrence", by N.J. Ryan, Phylosophy & Technlogy, Springer, January 2017. 

Warfighting for Cyber Deterrence: a Strategic and Moral Imperative

"Warfighting for Cyber Deterrence: a Strategic and Moral Imperative", by David J. Lonsdale, Philosophy and Technology, Springer, 21 pages

“Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities"

"Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities"

Date: Wednesday, March 1, 2017 - 10:00am
Location: 2118 Rayburn House Office Building, Washington, DC 20515

Witnesses: 
Mr. Jason "Jay" Healey , Nonresident Senior Fellow, Cyber Statecraft Initiative, Atlantic Council
Dr. Martin C. Libicki , Adjunct Management Scientist, RAND
Dr. Peter Singer, Strategist and Senior Fellow, New America Foundation


115th Congress

What Is the Cyber Offense-Defense Balance? Conceptions, Causes, and Assessment

"What Is the Cyber Offense-Defense Balance? Conceptions, Causes, and Assessment", by Rebecca Slayton, International Security, Winter 2016/17, Vo.41, n°3, p.72-109. 
Abstract: Most scholars and policymakers claim that cyberspace favors the offense; a minority of scholars disagree. Sweeping claims about the offense-defense balance in cyberspace are misguided because the balance can be assessed only with respect to specific organizational skills and technologies. The balance is defined in dyadic terms, that is, the value less the costs of offensive operations and the value less the costs of defensive operations. The costs of cyber operations are shaped primarily by the organizational skills needed to create and manage complex information technology efficiently. The current success of offense results primarily from poor defensive management and the relatively simpler goals of offense; it can be very costly to exert precise physical effects using cyberweapons. An empirical analysis shows that the Stuxnet cyberattacks on Iran's nuclear facilities very likely cost the offense much more than the defense. The perceived benefits of both the Stuxnet offense and defense, moreover, were likely two orders of magnitude greater than the perceived costs, making it unlikely that decisionmakers focused on costs.

Deterrence and Dissuasion in Cyberspace, by Joseph Nye

"Deterrence and Dissuasion in Cyberspace", by Joseph Nye, International Security, Winter 2016/17, Vol. 41, No. 3, Pages: 44-71
Abstract: Understanding deterrence and dissuasion in cyberspace is often difficult because our minds are captured by Cold War images of massive retaliation to a nuclear attack by nuclear means. The analogy to nuclear deterrence is misleading, however, because many aspects of cyber behavior are more like other behaviors, such as crime, that states try (imperfectly) to deter. Preventing harm in cyberspace involves four complex mechanisms: threats of punishment, denial, entanglement, and norms. Even when punishment is used, deterrent threats need not be limited to cyber responses, and they may address general behavior as well as specific acts. Cyber threats are plentiful, often ambiguous, and difficult to attribute. Problems of attribution are said to limit deterrence and dissuasion in the cyber domain, but three of the major means—denial by defense, entanglement, and normative taboos—are not strongly hindered by the attribution problem. The effectiveness of different mechanisms depends on context, and the question of whether deterrence works in cyberspace depends on “who and what.” Not all cyberattacks are of equal importance; not all can be deterred; and not all rise to the level of significant national security threats. The lesson for policymakers is to focus on the most important attacks and to understand the context in which such attacks may occur and the full range of mechanisms available to prevent them.

Kensho Cyber Security Index

Le Kensho Cyber Security Index mesure l'évolution du marché de la cybersécurité. Le dernier rapport  datant du 28 février 2017 est disponible ici. L'indice actuel tourne autour de 180 points (base 100 au 15 mai 2013),