At a glance.
- SingCERT encourages organizations to bolster cybersecurity protections.
- Japan establishes new cyber defense team.
- India’s parliament orders NIC to increase its manpower.
- The challenges of the Strengthening American Cybersecurity Act.
SingCERT encourages organizations to bolster cybersecurity protections.
As the Russian invasion of Ukraine continues, Global Compliance News reports that Singapore’s Computer Emergency Response Team (SingCERT) is urging the nation’s organizations to focus on strengthening their cyber hygiene. SingCERT has released a list of recommended measures to better secure systems, monitor network activity, and prepare an attack response plan. In addition, they advise organizations with greater resources to adhere to the more advanced recommendations issued by the UK National Cyber Security Centre, taking a more proactive approach to patching vulnerabilities, delaying system changes or even temporarily reducing high-risk functions, and extending the hours of security staff during this time of heightened international conflict.
Japan establishes new cyber defense team.
Japan’s Defense Ministry is restructuring units of the Ground, Maritime and Air Self-Defense Forces to create a cyber defense team capable of combating surging threats from China, North Korea, and Russia. The Japan News explains that the team, which consists of five hundred forty members, will be charged with protecting the information and communications networks underpinning all Self-Defense Forces units, and four hundred members will be devoted to defending against cyberattacks. It’s worth noting that, while this is an increase in manpower for Japan, these numbers pale in comparison to comparable units in neighboring countries, as China’s cyber warfare units boast 175,000 members, and North Korea’s include approximately 6,800. Japan’s new team will also have to overcome the National Defense Program Guidelines, which stipulate that Self-Defense Forces cannot operate in peacetime, and impedes counterattack measures by assuming self-defense-only posture.
India’s parliament orders NIC to increase its manpower.
The Indian Parliamentary panel on information technology has issued a report urging the National Informatics Centre (NIC), which oversees the security of government websites, to increase its cybersecurity personnel and strengthen its infrastructure. A committee spokesperson told the Hindustan Times, “The committee is disheartened to learn that despite their recommendation (in their last report in 2021) to undertake a comprehensive review of the manpower requirement and infrastructure needs of NIC, the ministry has done little to address the above issues. The committee once again recommends the ministry to look into the issue of manpower shortage in NIC.”
The challenges of the Strengthening American Cybersecurity Act.
An editorial in Fortune questions whether the cyberincident reporting measures of the Strengthening American Cybersecurity Act, signed into law last week by US President Joe Biden, might do more to hinder cyber protections than help. The legislation, which regulates reporting of cyberincidents to the Cybersecurity and Infrastructure Security Agency (CISA), is intended to help the federal government better defend against potential attacks by allowing for “greater visibility for the federal government, earlier disruption of malicious cyber campaigns, and better information and threat intelligence going back out to the private sector,” but if the UK is any example, companies might not be prepared for enacting the new measures. An Ernst & Young survey found that three months before the General Data Protection Regulation went into effect in the UK in 2018, only 33% of companies had a compliance plan in place, and 39% said they were still unclear on what, exactly, the GDPR entailed. The writer also posits that many details of the law, like exactly which incidents warrant reporting, is left to interpretation, and that the seventy-two hour reporting window might not be adequate time to properly conduct an investigation or enact a plan for resolution. Furthermore, interagency disputes could further complicate matters, as the Federal Bureau of Investigation has expressed concern at being left out of the reporting process.