DOCSLIB.ORG

Information Security in 2020 – Annual Report of the National Cyber

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Information Security in 2020 – Annual Report of the National Cyber Information security in 2020 Annual report of the National Cyber Security Centre Finland Traficom Publications 25/2021 1 Contents EDITORIAL 3 Cyber weather phenomena 4 Network functionality 5 Espionage and influencing 9 Malware and vulnerabilities 10 Data breaches and data leaks 12 Phishing and scams 14 Internet of Things and automation systems 15 Our services 16 Coordination Centre – first aid for information security violations 17 Need for vulnerability coordination has increased 18 Security regulation 19 Assessments 21 Satellite systems are already visible in the everyday lives of people 22 Cooperation and sharing information 26 The coronavirus crisis electrified the international cybersecurity cooperation 28 More reliability with training 28 Cybersecurity Label 29 The free Traficom Anycast service will improve the reliability of .fi domains 30 Safer 5G with lessons learned 31 KYBER 2020 and the revamped HAVARO service 31 Kybermittari – A new cyber threat management tool for managers 32 Our key figures 34 Cyber weather 2020 and a look towards 2021 36 10 information security forecasts for 2021 36 Cyber weather in 2020 38 2 EDITORIAL Cybersecurity became a permanent item on the management’s agenda The safety of mobile networks, especially 5G, was The difficult year still had some good news, too. one of the hottest discussion topics around the Jouko Katainen (Ilmarinen), Jussi Törhönen (Enfo), world. Instructions on measures to minimise the Tomi Vehkasalo (Aditro), Jani Raty (Aditro) received cybersecurity risks of 5G networks were drawn up the ‘Tietoturvan suunnannäyttäjä’ (Information secu- in the EU post-haste. New legislation was prepared rity trendsetter) award for their active cooperation in Finland to protect the critical parts of communi- with the National Cyber Security Centre Finland. cations networks. The national perspective is in a We were also involved in creating the Koronavilkku more prominent position than before in the new coronavirus contact tracing application. It seems legislation and additionally, provides new tools that its information security and data protection for addressing potential cybersecurity risks that solutions were chosen well. Now millions of Finns use threaten national security and defence. the application and support the management of the In the past year, we faced the worst data breach in coronavirus situation in our country. Finland so far when the patient records of the psycho- The exceptional year showed that work and busi- therapy centre Vastaamo ended up in the hands of ness can be safely moved online. We also saw that by criminals. Using the stolen data, the attacker black- cooperating with the authorities and NGOs, we can help mailed both Vastaamo, as well as tens of thousands with human crises caused by cybercrime. The sever ity of citizens who had used its services. We helped the and impacts of the events brought cybersecurity to the victims by means such as collecting instructions on management’s agenda as a permanent item. the website tietovuotoapu.fi together with authorities, In 2021, we celebrate the 20th anniversary of our organisations and companies. The case of Vastaamo CERT activities. These decades have held many surprises. sparked discussion in society on the responsibility of Make sure you follow our website and social me- corporate management to protect critical information dia channels! If you are interested in cyber forecasts pools and systems. It also served as a reminder that a for 2021, you can find them at the end of our report. personal identity code is not a suitable identification method in online services. Helsinki, 11 February 2021 The year was also marked by the Emotet malware; we published a warning about it in August. Sauli Pahlman The purpose of the malware is to steal data from Acting Deputy Director-General organisations. The attack makes it possible to National Cyber Security Centre Finland penetrate deep into the target’s network and start a ransomware attack, for example. Emotet is a good example of a professionally implemented data breach that is used to gain a foothold and create a backdoor in the targeted organisation. At the start of the year, the global pandemic sent us to work remotely in unprecedented numbers. This also meant that the use of vulnerabilities of remote work solutions in data breaches, for example, clearly increased. In addition, international cyber trends entered the Finnish telecommunications networks in February, when a wave of scam calls swept over our country. During February alone, Finnish telecommu- nications operators reported millions of scam calls. 3 Cyber weather phenomena 4 Network functionality Disturbances in 150 Thousands of users Tens of thousands of users communications networks Hundreds of thousands of users 100 It is important to ensure that Finnish communica- tions networks operate as reliably and free from disturbances as possible. Otherwise, the digital 50 services of our society, for instance, cannot func- tion. Based on the disturbance data we collect, we can analyse the root causes of disturbances and improve the reliability of networks by developing 0 2016 2017 2018 2019 2020 regulations, among other things. The number of significant disturbances Number of significant disturbances of the functioning of decreased clearly until 2018, and it has remained communications services in 2016–2020. between 65 and 68 ever since. There were 67 significant disturbances in 2020. The number 300 Mass communi- Mobile services cations services of critical disturbances that apply to at least E-mail Fixed network internet 250 connection service 100,000 users decreased, however. As a whole, Other wireless Fixed network network telephone service the trend can be considered positive, even if 200 the decrease in the number of significant distur- bances has stopped. 150 The majority of significant disturbances in Finnish communications networks involve mobile 100 network services, i.e. the functioning of calls, 50 internet connections and SMS. They are caused by factors such as power cuts due to storms that 0 also affect the power supply of mobile network 2016 2017 2018 2019 2020 base stations. The mobile network is also tech- Effects of significant disturbances on general communications nically more complex than the fixed broadband services in 2016–2020. One disturbance may affect several network, for example, which is why disturbances services. due to software errors, among other things, are more common in the mobile network. 200 Other cause Fault in the power supply system The number of software and power supply Unknown Software failure system failures has increased since 2019. Careful Equipment 150 Cable break testing of systems may reduce disturbances. Still, facility fault Power cut Hardware failure the quality of hardware and software components Update or modif ication should also be monitored because unreliable 100 components may not be found in the testing. As for updates and modifications, they caused fewer disturbances than before. This is good news 50 and shows that telecommunications operators have worked systematically to develop the 0 maintenance of their services. 2016 2017 2018 2019 2020 Root causes of significant disturbances in 2016–2020. One disturbance may have several root causes. 5 Dec Jan Feb Internet connections were breaking Nov 2 1 6 up all around Finland and storms 8 Mar caused power failures 4 Oct The nationwide disruption of the internet connec- 44 tion service in Telia’s mobile network on 25 April 7 Apr Total also attracted the media’s interest. Storms also caused significant incidents. In Sep 88 67 particular, Päivö on 30 June and Aila from 16 to 7 17 September caused communication service May disruptions. Telecommunications operators, power 5 Aug grid companies and rescue departments managed 4 11 the disruptions with established routines. The effects of the disturbances remained comparably Jul Jun small compared to the storms a few years before. Distribution of significant disturbances over the calendar months. Remote tools caused concern The public communications services in Finland ment of remote work tools and services was not and the rest of Europe worked well, even though fully controlled, which could lead to uncontrolled a large number of people started working remote- security risks. ly as the coronavirus pandemic spread. We gave advice on using the split tunnel method, In the early stages of the pandemic, the among others. For example, the method can be organisations’ own VPN services and international used to steer the software update traffic past VPN, cloud services, among other things, had capacity which reduces the load on the organisation’s issues. They were resolved mainly in a matter of VPN service. weeks. In March, the use of cloud services multi- The errors and memory lapses in the process- plied globally. In many organisations, the deploy- ing of online service certificates caused widespread Failure in customer data management Data leak Denial-of-service attack Other report >100 Gbit/s 10–100 Gbit/s 1–10 Gbit/s Vulnerability or threat Data breach 0.1–1 Gbit/s 600 4,000 500 3,000 400 300 2,000 200 1,000 100 0 0 2016 2017 2018 2019 2020 2017 2018 2019 2020 Reports by telecommunications operators on significant The development of denial-of-service attack volumes information security violations and personal data breaches in Finland. Source: Telia in 2016–2020. 6 1 disruptions in the usability of many services. 169 Several of the certificates of Microsoft Teams expired in February. Fortunately, the situation >100 Gbit/s was under control again before the pandemic, because the disturbance struck hard in Western 10–100 Gbit/s 1,446 2,165 countries where the Teams service is popular. In 1–10 Gbit/s early March Let’s Encrypt had to invalidate in a 0.1 – 1 Gbit/s short notice certificates it had issued. DigiCert had to do the same in July, because it had made mistakes in the processing of certificate requests.
Load more

Recommended publications
  • Cyber Law and Espionage Law As Communicating Vessels
    Maurer School of Law: Indiana University Digital Repository @ Maurer Law Books & Book Chapters by Maurer Faculty Faculty Scholarship 2018 Cyber Law and Espionage Law as Communicating Vessels Asaf Lubin Maurer School of Law - Indiana University, lubina@iu.edu Follow this and additional works at: https://www.repository.law.indiana.edu/facbooks Part of the Information Security Commons, International Law Commons, Internet Law Commons, and the Science and Technology Law Commons Recommended Citation Lubin, Asaf, "Cyber Law and Espionage Law as Communicating Vessels" (2018). Books & Book Chapters by Maurer Faculty. 220. https://www.repository.law.indiana.edu/facbooks/220 This Book is brought to you for free and open access by the Faculty Scholarship at Digital Repository @ Maurer Law. It has been accepted for inclusion in Books & Book Chapters by Maurer Faculty by an authorized administrator of Digital Repository @ Maurer Law. For more information, please contact rvaughan@indiana.edu. 2018 10th International Conference on Cyber Conflict CyCon X: Maximising Effects T. Minárik, R. Jakschis, L. Lindström (Eds.) 30 May - 01 June 2018, Tallinn, Estonia 2018 10TH INTERNATIONAL CONFERENCE ON CYBER CONFLicT CYCON X: MAXIMISING EFFECTS Copyright © 2018 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1826N-PRT ISBN (print): 978-9949-9904-2-9 ISBN (pdf): 978-9949-9904-3-6 COPYRigHT AND REPRINT PERmissiONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence (publications@ccdcoe.org).
    [Show full text]
  • 10Th International Conference on Cyber Conflict Cycon X: Maximising Effects
    2018 10th International Conference on Cyber Conflict CyCon X: Maximising Effects T. Minárik, R. Jakschis, L. Lindström (Eds.) 30 May - 01 June 2018, Tallinn, Estonia 2018 10TH INTERNATIONAL CONFERENCE ON CYBER CONFLicT CYCON X: MAXIMISING EFFECTS Copyright © 2018 by NATO CCD COE Publications. All rights reserved. IEEE Catalog Number: CFP1826N-PRT ISBN (print): 978-9949-9904-2-9 ISBN (pdf): 978-9949-9904-3-6 COPYRigHT AND REPRINT PERmissiONS No part of this publication may be reprinted, reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior written permission of the NATO Cooperative Cyber Defence Centre of Excellence (publications@ccdcoe.org). This restriction does not apply to making digital or hard copies of this publication for internal use within NATO, or for personal or educational use when for non-profit or non-commercial purposes, providing that copies bear this notice and a full citation on the first page as follows: [Article author(s)], [full article title] 2018 10th International Conference on Cyber Conflict CyCon X: Maximising Effects T. Minárik, R. Jakschis, L. Lindström, (Eds.) 2018 © NATO CCD COE Publications NATO CCD COE Publications LEGAL NOTICE: This publication contains the opinions of the respective authors only. They do not Filtri tee 12, 10132 Tallinn, Estonia necessarily reflect the policy or the opinion of NATO Phone: +372 717 6800 CCD COE, NATO, or any agency or any government. NATO CCD COE may not be held responsible for Fax: +372 717 6308 any loss or harm arising from the use of information E-mail: publications@ccdcoe.org contained in this book and is not responsible for the Web: www.ccdcoe.org content of the external sources, including external websites referenced in this publication.
    [Show full text]
  • Cyber-Attacks to Critical Energy Infrastructure
    Cyber-attacks to critical energy infrastructure and management issues: overview of selected cases Tomas Plėta, Manuela Tvaronavičienė, Silvia Casa, Konstantin Agafonov To cite this version: Tomas Plėta, Manuela Tvaronavičienė, Silvia Casa, Konstantin Agafonov. Cyber-attacks to critical en- ergy infrastructure and management issues: overview of selected cases. Insights into Regional Develop- ment, Entrepreneurship and Sustainability Center, 2020, 2 (3), pp.703 - 715. 10.9770/ird.2020.2.3(7). hal-03271856 HAL Id: hal-03271856 https://hal.archives-ouvertes.fr/hal-03271856 Submitted on 27 Jun 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. INSIGHTS INTO REGIONAL DEVELOPMENT ISSN 2669-0195 (online) http://jssidoi.org/IRD/ 2020 Volume 2 Number 3 (September) http://doi.org/10.9770/IRD.2020.2.3(7) Publisher http://jssidoi.org/esc/home CYBER-ATTACKS TO CRITICAL ENERGY INFRASTRUCTURE AND MANAGEMENT ISSUES: OVERVIEW OF SELECTED CASES* Tomas Plėta ¹, Manuela Tvaronavičienė ², Silvia Della Casa ³, Konstantin Agafonov 4 1,2 Vilnius Gediminas Technical University, Saulėtekio al. 11, LT-10223 Vilnius, Lithuania 2General Jonas Zemaitis Military Academy of Lithuania, Šilo 5a, LT-10322, Vilnius, Lithuania 3Daugavpils University, Parades Str. 1-421, Daugavpils, LV-5401, 3 NATO Energy Security Center Of Excellence, Šilo g.
    [Show full text]
  • Strategic Culture and Cyber Strategy
    University of Central Florida STARS Honors Undergraduate Theses UCF Theses and Dissertations 2021 Strategic Culture and Cyber Strategy Andrew S. Olejarski University of Central Florida Part of the Political Science Commons Find similar works at: https://stars.library.ucf.edu/honorstheses University of Central Florida Libraries http://library.ucf.edu This Open Access is brought to you for free and open access by the UCF Theses and Dissertations at STARS. It has been accepted for inclusion in Honors Undergraduate Theses by an authorized administrator of STARS. For more information, please contact STARS@ucf.edu. Recommended Citation Olejarski, Andrew S., "Strategic Culture and Cyber Strategy" (2021). Honors Undergraduate Theses. 877. https://stars.library.ucf.edu/honorstheses/877 STRATEGIC CULTURE AND CYBER STRATEGY by ANDREW S. OLEJARSKI A thesis submitted in partial fulfillment of the requirements for the Honors in the Major Program in Political Science in the College of Sciences and in the Burnett Honors College at the University of Central Florida Orlando, Florida Spring 2021 Thesis Chair: Ted Reynolds, Ph.D. ABSTRACT The intent of this paper is to explore the relationship between strategic culture theory and how it interacts with war-parallel usage of cyber methods. Cyber methods, at times incorrectly classified as “cyberwarfare”, as a means of statecraft are becoming increasingly prevalent, and developing an understanding of how states use them, particularly during conflicts, would be a great boon to the field of security studies. Strategic culture theory, an international relations theory focusing on the relationship between culture and strategy, may be an effective means to analyze conflict-parallel use of cyber methods.
    [Show full text]
  • Combating Ransomware Chapter Title 1
    IST Combating Ransomware Chapter Title 1 Combating Ransomware A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force Prepared by the Institute for Security and Technology IST Combating Ransomware Chapter Title 2 Contents A Note from RTF Co-Chairs 3-4 Executive Summary 5-6 Introduction 7-19 Ransomware as a National Security Threat 8 Understanding Ransomware 11 Ransom Payments 12 Cyber Insurance and Ransomware 13 The Role of Cryptocurrency 14 A Global Challenge 15 The Threat Actors 16 Existing Efforts to Mitigate Ransomware Attacks 18 A Comprehensive Framework for Action: 19-48 Key Recommendations from the Ransomware Task Force Goal 1: Deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy 21 Goal 2: Disrupt the ransomware business model and decrease criminal profits 28 Goal 3: Help organizations prepare for ransomware attacks 35 Goal 4: Respond to ransomware attacks more effectively 42 A Note on Prohibiting Ransom Payments 49-50 Conclusion 51 Summary of Recommendations 52-54 Acknowledgments 55-56 Appendices 57-72 Appendix A: Cyber Insurance 58-61 Appendix B: The Cryptocurrency Payment Process 62-67 Appendix C: Proposed Framework for a Public-Private Operational Ransomware Campaign 68-72 Glossary 73-76 Endnotes 77-81 Short cut: To go directly to each section in the PDF please click on the section title in the Contents. This report is published under a 4.0 International Creative Commons License (see terms here). IST Combating Ransomware A Note from the RTF Co-Chairs 3 A Note from the RTF Co-Chairs We are honored to present this report from the Ransomware Task Force.
    [Show full text]
  • A Report on Attackers in the Energy Industry CONTENTS
    The state of the station A report on attackers in the energy industry CONTENTS Introduction 3 Outmoded and out there 4 Changing the game 4 The names 5 The profiles 5 Two groups, one spillover 9 A plethora of opportunity 10 Attack targets and the reasons behind them 10 The ‘How’ 11 Investigating and naming 12 Still succeeding 12 Mitigating 13 Conclusions 15 THE STATE OF THE STATION 2 INTRODUCTION Interconnected systems in the energy industry increase cyber vulnerabilities, with cyber attacks often going undetected for some time. Malicious actors are increasingly targeting critical infrastructure (CNI) sites and distribution facilities for energy, and cyber attacks have real-world effects. As energy companies save costs against the backdrop of a lower oil price, consolidating operations can weaken business resilience and redundancy levels. This gives rise to new, single critical points of failure, with any disruption across the supply chain potentially having increased consequences. Cyber attacks using individual vulnerabilities and exploits have, and always will be directed against the vast number of Programmable Logic Controllers (PLCs) in existence. However, connecting Industrial Control Systems (ICS) to the Internet and enterprise business networks is increasing. These factors, plus fewer backups in place with an increased dependency on fewer facilities, are only part of the picture. OUTMODED AND OUT THERE Many Operational Technology (OT) components connection was usual. Cyber security was not a have built-in remote operation capabilities, but are realistic threat when they were manufactured, and partly or entirely lacking in security protocols such legacy protocols and systems never had built-in as authentication.
    [Show full text]
  • Check Point Threat Intelligence Bulletin
    May 25 - 31, 2020 YOUR CHECK POINT THREAT INTELLIGENCE REPORT TOP ATTACKS AND BREACHES The US NSA has warned that Russia’s Sandworm APT group, an arm of Russian military intelligence, has been exploiting a vulnerability in the Exim mail traffic agent since August of last year, giving it remote code execution abilities. Sandworm is believed to have been responsible for the Ukraine grid disruptions in 2015. Check Point IPS provides protection against this threat (Exim Mail Server Remote Code Execution (CVE-2019-10149)) New ransomware called FuckUnicorn has been targeting Italian health entities through emails with links to a COVID-19-related app for PC. The links direct users to a malicious domain imitating the site of the Italian Pharmacist Federation. Researchers suspect the actors behind this attack are Italians. In a supply chain attack, threat actors have used GitHub projects to spread the Octopus Scanner backdoor. 26 open-source NetBeans Java projects included the malware, intended to steal information from developers. Popular math app, Mathway, has been breached and its database of 25M users is offered for sale in various forums. The hacker behind that attack, ShinyHunters, responsible for multiple recent attacks, is believed to have sold access to more than 200 million user details. Michigan State University has been compromised by the NetWalker ransomware. Threat actors shared images of the stolen information and threatened to leak sensitive data unless ransom is paid. Six of Cisco’s Virtual Internet Routing Lab Personal Edition (VIRL-PE) backend servers have been compromised by exploiting critical SaltStack vulnerabilities, patched last month.
    [Show full text]
  • North American Electric Cyber Threat Perspective January 2020
    North American Electric Cyber Threat Perspective January 2020 Summary The electric utility industry is a valuable target for adversaries seeking to exploit industrial control systems (ICS) and operations technology (OT) for a variety of purposes. A power disruption event from a cyberattack can occur from multiple components of an electric system including disruptions of the operational systems used for situational awareness and energy trading, targeting enterprise environments to achieve an enabling attack through interconnected and interdependent IT systems, or through a direct compromise of cyber digital assets used within OT environments. Attacks on electric systems – like attacks on other critical infrastructure sectors – can further an adversary’s criminal, political, economic, or geopolitical goals. As adversaries and their sponsors invest more effort and money into obtaining effects-focused capabilities, the risk of a disruptive or destructive attack on the electric sector significantly increases. The number of publicly known attacks impacting ICS environments around the world continues to increase, and correspondingly the potential risk due to a disruptive cyber event impacting the North American electric sector is currently assessed as high. This report highlights multiple threats and adversaries focusing on critical infrastructure and their capabilities. Dragos anticipates the threat landscape associated with the sector will remain high as the detected intrusions continue to rise. Of the activity groups that Dragos is actively tracking, nearly two-thirds of the groups performing ICS specific targeting and disruption activities are focused on the North American electric sector. Additionally, existing threats to ICS are expanding and establishing new interest in electric utility operations in North America.
    [Show full text]
  • Enisa Threat Landscape for Supply Chain Attacks
    ENISA THREAT LANDSCAPE FOR SUPPLY CHAIN ATTACKS JULY 2021 ENISA THREAT LANDSCAPE FOR SUPPLY CHAIN ATTACKS July 2021 ABOUT ENISA The European Union Agency for Cybersecurity, ENISA, is the Union’s agency dedicated to achieving a high common level of cybersecurity across Europe. Established in 2004 and strengthened by the EU Cybersecurity Act, the European Union Agency for Cybersecurity contributes to EU cyber policy, enhances the trustworthiness of ICT products, services and processes with cybersecurity certification schemes, cooperates with Member States and EU bodies, and helps Europe prepare for the cyber challenges of tomorrow. Through knowledge sharing, capacity building and awareness raising, the Agency works together with its key stakeholders to strengthen trust in the connected economy, to boost resilience of the Union’s infrastructure, and, ultimately, to keep Europe’s society and citizens digitally secure. More information about ENISA and its work can be found here: www.enisa.europa.eu. CONTACT For contacting the authors please use etl@enisa.europa.eu. For media enquiries about this paper, please use press@enisa.europa.eu. EDITORS Ifigeneia Lella, Marianthi Theocharidou, Eleni Tsekmezoglou, Apostolos Malatras – European Union Agency for Cybersecurity Sebastian Garcia, Veronica Valeros – Czech Technical University in Prague ACKNOWLEDGEMENTS We would like to thank the Members and Observers of ENISA ad hoc Working Group on Cyber Threat Landscapes for their valuable feedback and comments in validating this report. We would like to also thank Volker Distelrath (Siemens) and Konstantinos Moulinos (ENISA) for their feedback. LEGAL NOTICE Notice must be taken that this publication represents the views and interpretations of ENISA, unless stated otherwise.
    [Show full text]
  • Conceptualizing a Continuum of Cyber Threat Attribution
    Table of Contents Introduction 2 Defining an Attribution Continuum 3 Behavioral Attribution 4 Primary Attribution 5 General Attribution 6 Attribution Action Constraints 8 The “Mushy Middle” of Attribution 9 Reviewing Russian-Related Intrusion Operations and SUNBURST 10 HAFNIUM Operations and Widespread Vulnerability Exploitation 12 The Multitude of Possible Midpoint Errors 16 Orienting Cyber Threat Intelligence to Defensible Attribution Actions 17 A Note on Names 19 Conclusion 21 Introduction Few topics in the field of Cyber Threat Intelligence (CTI) prompt as much passion and debate as the concept of threat attribution. From numerous conference talks, to blogs and papers, to various applications in CTI analysis, the question of threat attribution repeatedly emerges. While CTI attribution discussions can take many forms and aim at specific audiences—for example, policy-makers and state strategy1—this discussion will focus on the technical analyst’s perspective. In adopting this viewpoint, the question of attribution typically manifests in a very binary fashion.2 Whereas attribution, as described below, represents various gradations, most discussion limits itself to “yes or no” discussions as to the value and need for CTI attribution, when the actual answer (as with most things in CTI) is, “it depends.” In this paper, a concept of attribution that moves the CTI community away from binary conceptions of CTI attribution value and instead approaches a continuum of attribution types will be introduced. In doing so, multiple possibilities emerge for CTI attributive statements, of different values and significance for different parties—as 1 “Publicly attributing cyber attacks: a framework” - Florian J. Egloff & Max Smeets, Journal of Strategic Studies (https://www.tandfonline.com/doi/pdf/10.1080/01402390.2021.1895117) 2 “Achieving Effective Attribution: Case Study on ICS Threats” - Robert M.
    [Show full text]
  • MANAGING CYBER RISK with HUMAN INTELLIGENCE a Practical Approach
    MANAGING CYBER RISK WITH HUMAN INTELLIGENCE A Practical Approach Citi GPS: Global Perspectives & Solutions May 2019 Citi is one of the world’s largest financial institutions, operating in all major established and emerging markets. Across these world markets, our employees conduct an ongoing multi-disciplinary conversation – accessing information, analyzing data, developing insights, and formulating advice. As our premier thought leadership product, Citi GPS is designed to help our readers navigate the global economy’s most demanding challenges and to anticipate future themes and trends in a fast-changing and interconnected world. Citi GPS accesses the best elements of our global conversation and harvests the thought leadership of a wide range of senior professionals across our firm. This is not a research report and does not constitute advice on investments or a solicitations to buy or sell any financial instruments. For more information on Citi GPS, please visit our website at www.citi.com/citigps. Citi GPS: Global Perspectives & Solutions May 2019 Elizabeth Petrie Walter H Pritchard, CFA Elizabeth Curmi Managing Director, Citi U.S. Software Analyst, Global Thematic Analyst, Technology & Cyber Risk Citi Research Citi Research +1 (202) 776-1518 +1 (415) 951-1770 elizabeth.petrie@citi.com walter.h.pritchard@citi.com +44-20-7986-6818 elizabeth.curmi@citi.com Jeremy E Benatar, CFA Catherine T O'Neill Dr. Andrew Coburn U.S. Software Team, European Media Analyst, Chief Scientist Citi Research Citi Research Cambridge Centre for Risk Studies,
    [Show full text]
  • Cyber Threats and NATO 2030: Horizon Scanning and Analysis
    King’s Research Portal Document Version Publisher's PDF, also known as Version of record Link to publication record in King's Research Portal Citation for published version (APA): Stevens, T., Ertan, A., Floyd, K., & Pernik, P. (Eds.) (2021). Cyber Threats and NATO 2030: Horizon Scanning and Analysis . NATO Cooperative Cyber Defence Centre of Excellence. https://ccdcoe.org/uploads/2020/12/Cyber-Threats-and-NATO-2030_Horizon-Scanning-and-Analysis.pdf Citing this paper Please note that where the full-text provided on King's Research Portal is the Author Accepted Manuscript or Post-Print version this may differ from the final Published version. If citing, it is advised that you check and use the publisher's definitive version for pagination, volume/issue, and date of publication details. And where the final published version is provided on the Research Portal, if citing you are again advised to check the publisher's website for any subsequent corrections. General rights Copyright and moral rights for the publications made accessible in the Research Portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognize and abide by the legal requirements associated with these rights. •Users may download and print one copy of any publication from the Research Portal for the purpose of private study or research. •You may not further distribute the material or use it for any profit-making activity or commercial gain •You may freely distribute the URL identifying the publication in the Research Portal Take down policy If you believe that this document breaches copyright please contact librarypure@kcl.ac.uk providing details, and we will remove access to the work immediately and investigate your claim.
    [Show full text]