Indian authorities are investigating the possibility that October’s electrical outages in Mumbai were deliberately induced by cyberattacks, presumably attacks originating in China, the Wall Street Journal reports. An ambiguous form of confirmation appears in the India Times, which writes that “Maharashtra Energy Minister Nitin Raut on Monday said [a] New York Times report claiming that the massive power outage in Mumbai last year might have been due to a cyber attack from China was true.”
Technology Review reports that Apple’s well-known, locked-down, walled garden offers clear security advantages, but that once a threat actor gets in, those very walls serve to protect malicious activity from detection and expulsion. Apple acknowledges that there are trade-offs, and that no lockdown is perfect, but the company remains confident it’s made the right trades.
An Atlantic Council report discusses one aspect of cyber proliferation: the growth of access-as-a-service brokers. Such vendors offer “Vulnerability Research and Exploitation, Malware Payload Development, Technical Command and Control, Operational Management, and Training and Support.” The report recommends international action, specifically by the US and its allies, to:
- “Understand and partner” with like-minded governments, elevating the issue and enacting appropriate laws and regulations.
- “Shape,” by developing lists of troublesome vendors, standardizing risk assessment, incentivizing corporate ethics moves, and controlling foreign military sales and other assistance to states that deal with banned vendors.
- “Limit,” by widening the scope of vulnerability disclosure, restricting post-employment activities for former government cyber operators, taking legal action against access-as-a-service business, and encouraging “technical limits on malware payload jurisdiction.”