At a glance.
- NATO Secretary General speaks at Cyber Defence Pledge Conference.
- Australia considers making ransomware payments a crime.
- European Commission urges Germany to reduce its dependence on Huawei.
- US and Spain partner to fight ransomware.
- EU considers plans for cyber defense.
NATO Secretary General speaks at Cyber Defence Pledge Conference.
Co-hosted by Italy and the US, NATO’s 2022 Cyber Defence Pledge Conference took place in Rome at the Ministry of Foreign Affairs and International Cooperation last week. During his keynote address, NATO Secretary General Jens Stoltenberg pledged to continue to support Ukraine in fighting against Russian aggression. “We will keep supporting Ukraine, for as long as it takes,” he promised. As NATO notes, Stoltenberg used the war in Ukraine as an example of the growing threat of cyberwarfare targeting satellites, critical infrastructure, and government departments. “Cyber is a constantly contested space and the line between peace, crisis and conflict is blurred. That is why NATO has taken the threat to cyberspace from state and non-state actors so seriously for so long. And why we have taken determined steps to guard against cyber-attacks. It is key to our collective defence.” He concluded his speech by calling on all NATO members to recommit to defending cyberspace “with more investment. More expertise. And enhanced cooperation. This is a vital part of our collective defence. And we are all in this together.”
Australia considers making ransomware payments a crime.
As Australia continues to grapple with the recent wave of cyberattacks targeting corporate and customer data, Australia's Home Affairs Minister Clare O'Neil on Sunday told ABC News that the government is considering making it illegal for ransomware attack victims to meet attackers’ ransom demands. “The idea that we're going to trust these people to delete data that they have taken off and may have copied a million times is just frankly silly," O’Neil stated. As Reuters notes, O’Neil on Saturday formalized a new cyber-policing model combining the efforts of the Australian Federal Police (AFP) and the Australian Signals Directorate in order to crack down on cybercrime. Composed of about one hundred officers, the task force would "day in, day out, hunt down the scumbags who are responsible for these malicious crimes," O’Neil explained. After Australia’s leading insurance provider Medibank was recently hit with a ransomware attack, the company, heeding advice from the Australian government and cybersecurity experts, refused to meet the attackers’ $15 million ransom demand. O’Neil also noted that the government needs to address data retention, citing the fact that the victims of the Medibank breach included former customers who had not conducted business with the company for up to a decade. "What we need to make sure is that companies are only holding data for the point in time where it's actually useful," she stated.
European Commission urges Germany to reduce its dependence on Huawei.
On Thursday the European Commission called on all EU member countries to sever ties with Chinese telecoms equipment in 5G networks, POLITICO reports. Margrethe Vestager, executive vice president of the Commission in charge of digital issues, stated, "We are urging member states who have not yet imposed restrictions on high-risk suppliers to do that without delay, as a matter of urgency…A number of countries have passed legislation but they have not put it into effect ... Making it work is even better.” She singled out Germany, where operators like Deutsche Telekom and Vodafone have relied heavily on equipment from Chinese tech giant Huawei, as a country that has yet to implement the bloc's joint 5G security guidelines. Though Berlin has passed a law which allows the government to intervene on telco contracts with Huawei, the law does not specify how exactly government ministries can impose restrictions. In 2020 bloc members agreed to the 5G Security Toolbox, a set of measures aimed at reducing their reliance on "high-risk vendors" like Huawei and its rival ZTE.
US and Spain partner to fight ransomware.
The US Cybersecurity and Infrastructure Security Agency on Thursday announced it’s joining forces with the U.S. Department of State and the Spanish Ministry of the Interior to “develop a capacity-building tool to help countries utilize public-private partnerships (PPPs) to combat ransomware.” The joint project was developed as part of the Second International Counter Ransomware Initiative (CRI) Summit, a coalition of thirty-six nations and the US partnering to fight ransomware. Spain is the chair of the CRI’s Public-Private Partnership (P3) Working Group, and the new tool will guide nations toward deeper collaboration between the public and private sectors by featuring a series of case studies of PPPs that have been used to defend against ransomware, highlighting the practices that made these partnerships successful. Guillermo Ardizone Garcίa, Spain’s Political Director of the Ministry of Foreign Affairs, explained, “Spain has the strong conviction that this project will contribute in a decisive manner to expose the most innovative state of the art of PPP best practices to fight against ransomware. Thereby, all multi-stakeholders and partners involved in the CRI will be benefited from this line of action. Spain will actively encourage state and non-state stakeholders to join in this project poised to broadly share the PPP best practices, including creative financing schemes.”
The EU prepares closer cooperation for cyber defense among its members.
The European Union yesterday announced its intention to prepare a cyber defense plan that would include closer cooperation among the EU's member states. The plan is motivated explicitly by concern over the threat from Russia. Reuters quotes EU foreign policy chief Josep Borrell as saying, "War is back to our borders and the Russia aggression against Ukraine is undermining peace and the international rule-based system globally. It affects us and we have to adapt our defence policies to this new environment." The EU's plan has four broad elements:
- "Act together for a stronger EU cyber defence."
- "Secure the EU defence ecosystem."
- "Invest in cyber defence capabilities."
- "Partner to address common challenges."