At a glance.
- Preparing for, or seeking to deter, Russian aggression against Ukraine.
- Tough cookies.
- India plans for a national cybersecurity task force.
The world continues to prepare for Russian aggression in Ukraine.
As worries of another Russian invasion of Ukraine mount (incursions into eastern provinces have been in progress for years, and the Crimea was seized and annexed in 2014), the New York Times reports that cybersecurity experts from the US and UK have been working to help Ukraine defend against the possibility of a Russian cybercampaign to take down Ukraine’s electric energy grid, banking system, and other critical infrastructure. Russia has used this tactic in the past: in 2015 and 2016 Russian hackers attacked Ukrainian regional electric utilities’ control center. Such an attack could be used now to make Ukrainian President Volodymyr Zelensky look incompetent and provide justification for Russian intervention.
Though neither UK and US officials have chosen not to reveal details about the cyberteams defending Ukraine, the White House did state, “We have long supported Ukraine’s efforts to shore up cyberdefenses and increase its cyberresiliency.” Meanwhile, Ukrainian cyber experts have been testing the country’s large-scale incident response by running war games on the electricity grid. Infosecurity Magazine explains that two-hundred fifty participants and nearly fifty teams composed of private industry experts and university researchers competed to defend against a fake attack on a fictitious energy provider, with the goal of finding the most effective methods of cutting off attackers and remediating the impacted systems.
Newsweek reports that Poland and Lithuania are urging the West to tighten the screws on Russia by threatening tougher sanctions, as a deterrent. Ukrainian President Volodymyr Zelensky met with his Polish and Ukrainian counterparts, President Andrzej Duda and President Gitanas Nauseda yesterday to discuss the impending threat of the 70,000 Russian troops gathered at the Ukraine border. Zelensky stated, "Our common task is to deter the threat posed by Russia and defend Europe from Russia's aggressive policies.” The three leaders released a joint statement calling “upon the international community to step up sanctions on the Russian Federation over its ongoing aggression against Ukraine and once again urged the Kremlin to de-escalate the situation by withdrawing its troops from the Ukrainian border and temporarily occupied territories."
France’s CNIL cracks down on cookies consent.
In October, France’s data protection authority, the CNIL, established new cookies guidelines emphasizing the authority’s assertion that “Refusing cookies should be as easy as accepting them.” Earlier this month, the CNIL served thirty new formal notices to comply with its cookies guidelines, adding to the approximately sixty organizations that were found noncompliant earlier this year. Cooley unpacks the CNIL’s strong stance when it comes to cookies compliance, noting that the authority served notices to organizations in a wide array of industries including digital economy platforms, IT hardware and software manufacturers, online consumer goods providers, and even car rental companies. If noncompliant companies fail to meet the requirements, they could face fines of up to 2% of their global annual turnover, and sanctions ranging from €50,000 to €60 million have already been issued. To avoid being labeled noncompliant, Cooley’s experts recommend organizations obtain clear user consent and keep record of user choices, keeping in mind that “strictly necessary cookies” are not subject to consent, and always be transparent about the purposes of trackers and the consequences of accepting or refusing the cookies.
India plans for national cybersecurity task force.
ETCIO reports that the Indian government is establishing a cybersecurity task force at the national level, according to an unidentified source. The group would include an internal sub task force focused on risks originating from the telecom sector, as the government is simultaneously creating a list of vendors considered “trusted sources” for telecom equipment. The source explained, “The [Prime Minister’s Office] has been informed about the efforts to explore the possibility of setting up a sub department for Telecom Cyber Security under a unified national level cyber security task force instead of setting up a separate task force under the telecom ministry.” The source added that twenty officers have already been selected for an internal sub task force that will concentrate on securing the telecom sector. At the Sydney Dialogue, PM Narendra Modi (whose twitter account was hacked earlier this month) called for democracies to collaborate in the fight against cyberthreats. Currently, cyberthreats are managed by India’s Computer Emergency Response Team (CERT-In), operating under the Ministry of Electronics and IT, but the recent rise in cyber incidents has indicated a need for a specialized force with input from international experts.