At a glance.
- Japan joins NATO’s Cooperative Cyber Defence Centre of Excellence.
- UK government to scan all internet-exposed devices for bugs.
- FCC focuses on emergency alert system cybersecurity.
- New development in the Greek spyware scandal.
Japan joins NATO’s Cooperative Cyber Defence Centre of Excellence.
On Friday Japan officially became a member of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) in a move to help the Ministry of Defence (MoD) bolster its collaboration with international partners. Prime Minister Shinzo Abe announced Japan’s intention to join the CCDCOE while visiting the center, located in Tallinn, Estonia, back in 2018. East Asian cyberespionage and cybersecurity policy analyst Jiro Minier, told The Record by Recorded Future Japan’s choice to join the CCDCOE is “just one of many milestones during a busy period” for Japan’s cybersecurity efforts.
UK government to scan all internet-exposed devices for bugs.
In an effort to give device owners a better understanding of the security posture of internet-connected systems, the UK's National Cyber Security Centre (NCSC) announced it will be scanning all internet-exposed devices hosted in the UK for vulnerabilities, Bleeping Computer reports. The NCSC explained, “These activities cover any internet-accessible system that is hosted within the UK and vulnerabilities that are common or particularly important due to their high impact.” The agency also hopes the scanning process will help them better track the remediation of these vulnerabilities over time. NCSC technical director Ian Levy explained, “We're not trying to find vulnerabilities in the UK for some other, nefarious purpose…We're beginning with simple scans, and will slowly increase the complexity of the scans, explaining what we're doing (and why we're doing it).” The scanning process is designed to harvest the minimum amount of info required to check for security issues, and if any sensitive or personal data is inadvertently collected, the NCSC says it will "take steps to remove the data and prevent it from being captured again in the future." British organizations who wish to opt out of the scanning process can do so by submitting a list of IP addresses they wish to have excluded.
FCC focuses on emergency alert system cybersecurity.
In a unanimous vote, the US Federal Communications Commission (FCC) approved a proposal requiring participants in the country’s emergency alert system (EAS) to “report any incident of unauthorized access of its EAS equipment” to the commission within three days of “when it knew or should have known that an incident has occurred.” As Nextgov.com explains, the EAS and wireless emergency alert systems transmit emergency information to the public through radio, television, and mobile text messages. The proposal was in response to an August Federal Emergency Management Agency advisory warning of “certain vulnerabilities in EAS encoder/decoder devices that, if not updated to most recent software versions, could allow an actor to issue EAS alerts over the host infrastructure (TV, radio, cable network).” FCC Commissioner Geoffrey Starks noted that the agency’s Public Safety and Homeland Security Bureau data showed that “more than 5,000 EAS participants were using outdated software or using equipment that no longer supported regular software updates.” The proposed rule would also require that EAS participants certify annually that they have a cybersecurity risk management plan in place and to implement adequate security measures. The FCC’s notice of proposed rulemaking stated, “We believe the proposed rule is justified in light of the instances of false EAS alerts in recent years, caused by compromised EAS equipment being used to transmit a false message.”
New development in the Greek spyware scandal.
Greece has been embroiled in a spyware scandal for some time now, and on Saturday Greek newspaper Documento revealed the identities of thirty-three people – a mix of government officials, journalists, and businesspeople – who were targeted with illegal Predator surveillance software. Along with already known targets like the opposition Pasok leader Nikos Androulakis and journalist Thanasis Koukakis, the list included Greece’s finance minister, foreign minister, two ex-ministers of civil protection, the development minister, the labor minister, and the tourism minister, as well as with their spouses. As Politico explains, it’s unclear whether all of the people clicked on the malicious link that would allow their devices to be infected with the spyware, and those contacted by the newspaper said they were unaware that they had been targeted. Government spokesman Giannis Oikonomou said that while the list came with no supporting evidence, the report will be investigated by the Greek Justice. The European Parliament’s PEGA Committee, which is investigating the use of spyware in the EU, completed a mission in Athens on Friday, and MEP and PEGA rapporteur Sophie in ‘t Veld said the committee left “with perhaps more questions than we had when we arrived.” She added, “There are still 100 pieces missing, but you can see the image. Everything is pointing in the direction of people within government circles.”