43 Matching Annotations
  1. May 2023
    1. And what auto GPT does is it allows systems to access source code, access the internet and so forth. And there are a lot of potential, let’s say cybersecurity risks. There, there should be an external agency that says, well, we need to be reassured if you’re going to release this product that there aren’t gonna be cybersecurity problems or there are ways of addressing it.

      ||VladaR|| Vlada, please follow-up on this aspect on AI and cybersecurity.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  2. Oct 2022
    1. Could the UN Framework Convention on Climate Change be an approach to a global Cyber Framework Convention? Few thoughts here. Thanks Asoke for the idea! PS I made public comments, so that we could possibly involve others to comment as well in future.

      ||asokemATdiplomacy.edu|| ||Pavlina|| ||JovanK||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. 2022 Annual Report on Implementation

      This is the most serious analyusis of the US cybersecurity. It provides useful summary of international activities in the field of cybersecurity.

      ||VladaR||||AndrijanaG||||sorina||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Security of and in the use of ICTs

      always interesting to observe the terminology. SCO for instance uses 'international information security' and 'threats in the information space, creating a safe, fair and open information space'

    2. Promoting open, secure, peacefuland cooperative ICT environment

      Reference to 'open'.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  3. Aug 2022
    1. The United States has historically separated cyber and information security, but American adversaries have traditionally not distinguished between the two. In their view, the confidentiality, integrity, and assurance of computer networks are integral—and in some sense subordinate—to the battle over information spaces, and cyberattacks enabled significant capabilities in information operations. Numerous Russian documents and strategies describe cyber operations as integral to information security. After the creation of U.S. Cyber Command (CYBERCOM), at a meeting of Russian and U.S. defense officials, one Russian officer reportedly derided the lack of information warfare in Cyber Command’s mission. General Nikolai Makarov told his counterparts, “One uses information to destroy nations, not networks.”

      A well presented crucial difference between the two paradigms. Yet, this gap is vanishing. In a way, Russians (to the extent they were behind disinformation campaigns) managed to change the US position to accept the same paradigm.

      Could this close-to-common understanding that both networks and information are part of the dialogue change the course of future negotiations, and perhaps even allow for more space for comprimise as everyone discusses the same issues?

      ||Pavlina|| ||AndrijanaG|| ||JovanK||

    2. known cyber campaign to cause physical damage

      Same old vocabulary: Stuxnet, which destroyed a facility, was 'cyber campaign' ('to cause physical damage'), not 'an attack'. Yet, Iranian strike against Saudi Aramco (just a line below) is 'attack'.

      [Maybe it's only to me, but this is the same pattern of 'campaign' (and not 'attack' or 'aggression') against Iraq or Yugoslavia, yet 'aggression' (and not 'special operation') about Russia's strike against Ukraine.]

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Patrick Hillmann, chief communications officer at the world’s largest crypto exchange, Binance, claims scammers made a deepfake of him to trick contacts into taking meetings.

      The CCO of the world biggest cryptocurrency exchange, wrote about this case in his blog published on a company website. In his words: 'this deep fake was refined enough to fool several highly intelligent crypto community members”

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  4. May 2022
    1. Of the European SMEs that the EU Agency for Cybersecurity (ENISA) surveyed in 2021, 90% stated that cybersecurity issues would have serious negative impacts on their business within a week of the issues happening, with 57% of them likely to become bankrupt or go out of business.

      ||MarcoLotti|| We should use this statistics as intro for FONGIT exercise on cybersecurity.

      ||VladaR||||AndrijanaG|| ||MariliaM|| This nexus economy - cybrsecurity is emerging. We should cover it on Dig.Watch + use in our courses. Vlada/Andrijana, it could be a possible nexus for Geneva Dialogue.

      The more we use cross-cutting on nexus coverge, the closer we are getting to our core advantage and mission.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  5. Apr 2022
    1. Apple and Meta exposed client information to hackers disguised as law enforcement agencies. All of these incidents occurred in response to emergency requests, which can be used to circumvent conventional procedure with a court order.

      Requests were often sent from law enforcement agencies' hacked e-mail accounts.

      These data breaches point to severe flaws in the system's handling of data requests. The situation is becoming more serious as the number of requests increases. From January to June 2021, Meta received 21.700 data requests from law enforcement agencies worldwide.

      Typically, these demands are delivered via email. This improvised approach introduces several dangers of misunderstanding, inaccuracy, and intentional hacking.

      As a solution, a "single point of contact" is required where all law enforcement agencies can issue demands and businesses can collect them. With adequate safeguards, such a collaboration platform might be an effective solution to preventing hacking, data breaches, and the growing cyber vulnerabilities around the world.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. TITLE: Cybersecurity of EU institutions, bodies and agencies - Special Report by European Court of Auditors

      CONTENT: The audited report of the cybersecurity of EU institutions, bodies and agencies (EUIBAs) concluded that EUIBAs' cyber preparedness is not adequate to cyber threats. It based this conclusion on the following elements:

      • increase level of cyber attacks of EUIBAs in times of pandemic and security crisis. The risk exposure is not likely to stop given global dynamcis.
      • cyber risks are based on technical interconnectenes of EUIBAs (networks, servers). Technical interdependence is not followed by organisational and human one. There is lack of synergies on projects, tools and platforms such as email or videoconferencing.
      • cybersecurity governance is lacking: strategies, policies, risk assessment, etc.
      • cybersecurity training is not always systematic.
      • two main cybersecurity institutions The Computer Emergency Response Team of the EUIBAs (CERT-EU) and the European Union Agency for Cybersecurity (ENISA) are not adequately supported for cybersecurity challenges they face.

      Report proposes a few immediate steps:

      • legal framework for cybersecurity binding rules for all EUIBAs
      • increased resources for CERT-EU
      • promotion of synergies via the Institutional Committee for the Digital Transoformation
      • focus work on CERT-EU and ENISa on the less cybersecurity mature EUIBAs.
    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  6. Feb 2022
    1. Microsoft’s Digital Defense Report, published last October, attributed 58 per cent of all known nation state cyber attacks to Russia over the previous year.

      ||VladaR|| da li si znas za ovaj Microsoft Report

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  7. Jan 2022
    1. ||VladaR||||AndrijanaG|| Here is a good summary of action against Revil group.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. the U.S. government passed a sweeping cybersecurity bill called the Internet of Things Cybersecurity Improvement Act of 2020 at the very tail end of that year. The law is a more flexible and adaptable approach to cybersecurity than previous laws. Crucially, it requires the National Institute of Standards and Technology to establish best practices that other government agencies must then follow when purchasing IoT devices. The initial rules unveiled by NIST in 2021 include requiring an over-the-air update option for devices and unique device IDs. And while the law pertains only to devices purchased by the U.S. government, there’s little reason to suspect it won’t have ongoing and broad effects on the IoT industry. Companies will likely include NIST’s cybersecurity requirements in all of its devices, whether selling to the U.S. government or elsewhere.

      About US IoT cybersecurity improvement act 2020

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Of the big three vendors, only Huawei is not a member, citing its belief that Open RAN systems cannot perform as well as the company's proprietary systems

      It will be important to follow China's attitude towards ORAN. Currently, it seems ORAN is not as efficient as proprietary - but this is likely to change. At some point, Huawei model may become less 'sellable' (ultimately, operators around the world decide on profit, especially when difference is big). Will Chinese industry ultimately turn to ORAN to some extent? Also, will China try to 'emphasise' some of the weaknesses of ORAN, eg. through cyberattacks against its virtualised elements? ||JovanK|| ||sorina|| ||AndrijanaG||

    2. When an operator buys an end-to-end system from Nokia or Ericsson or Huawei, it also knows it can depend on that vendor to support the network when problems crop up. Not so with Open RAN deployments, where no single vendor is likely to claim responsibility for interoperability issues. Larger operators will likely be able to support their own Open RAN networks, but smaller operators may be reliant on companies like Mavenir, which have positioned themselves as system integrators.

      Another possible drawback of ORAN: ensuring interoperability of various vendors, in contrast to responsibility of big vendors (similar challenge to open source software). Open question: how can this impact security (similar to open source security issues)?

    3. inevitably create more points in the network for cyberattacks

      Important issue to study. Argument that more open standards bring more risks is somewhat true: it is harder to create attacks against more closed and specialised networks (plus, an attack against Huawei's network couldn't be applied to Ericsson's, etc) - but obscurity is not really a cure for security (most experts don't believe in 'security by obscurity'). More important element is that much of the functionality of ORAN will be moved to software and cloud, much like other ordinary services. This makes core telecom networks more 'ordinary', and prone to common cyber-attacks and vulnerabilities related to common digital networks. It is important to further study those risks. ||AndrijanaG|| ||VladaR||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. The attack exploited a vulnerability in a legacy compression tool used to process text in images from a physical scanner, enabling NSO Group customers to take over an iPhone completely. Essentially, 1990's algorithms used in photocopying and scanning compression are still lurking in modern communication software, with all of the flaws and baggage that come with them.

      ||VladaR|| This could be an interesting example how legacy standard from photo-copying machines impacted nowdays security.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  8. Nov 2021
  9. Oct 2021
    1. President Biden has unveiled plans for more extensive cooperation on cybersecurity, artificial intelligence, and quantum computing.
    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  10. Sep 2021
    1. The complexity of modern conflicts and crises continues to grow with the marriage of emergingfactors, such as climate change, cyber threats anddisinformation,and the old foesof authoritarianism andtyranny.
    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Regional instability, weakening state structures, refugee and migrant flows, religious extremism and terrorism, and new forms of conflict – hybrid, digital, environmental and resource-based.

      new form of conflicts

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. From this standpoint, theCovid-19 p andemic was tantamount to a mirror to the world, reflecting its weaknesses and revealing its flaws, manifested in several chronic aspects, among which is the increase in rates of hunger and p overty, p rolonged conflicts, uncontrolled p rogress of modern technology, and its ramifications on cyber security
    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. The dependence on digital space has revealed also our vulnerability to security threats and to cyberattacks.It has highlighted the extent of the damage caused by such attacks with regard to critical infrastructure, the economy, society or even loss of life.
    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. U.S.-EU Trade and Te chnology Council InauguralJoint State me ntSe pte mbe r 29, 2021Pitts burgh, Pe nns ylvania

      Leaked draft of the TTC outlining cooperation steps in tech between US and EU. France wants to postpone the meeting for a month (submarine issue), Germany and others insist on 29 September. Touches on most of the issues, except for the data transfers, which was requested to be left out by the EU. ||Jovan|| ||StephanieBP|| ||Katarina_An|| ||NatasaPerucica||||AndrijanaG||||VladaR||

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. we will continue to work closely with partners on cyber security digital public good and to call irregular migration of persons
    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. he very first official discussion on cybersecurity in the Council earlier this year, whichallowedusto raise awareness on threats to international peace and security stemming from the malicious use of cyberspace and create momentum for the implementation of our existing framework
    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. But on the other hand, the world has felt the effects of the misuse of cyberspace, including breaching private domains of individuals and international piracy and the serious threat it poses to the security and stability of the international community. From this standpoint, we reiterate the call for the United Nations to lead the process of unifying the efforts to prevent the misuse of the scientific progress in cybersecurity and regularize these vital aspects according to the rules of international law.

      on the misuse of cyberspace; UN to lead the efforts to prevent the misuse of cyberspace

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Bucharest brings its contribution byhosting the European Cybersecurity Centre, which will improvecyber-resilience and cybersecurity research across the European Union.

      Romania hosting the European Cybersecurity Centre

    2. Recently we have also witnessed the potential and the challenges of digital technologies. We must ensure meaningful and safe access to the Internet, strengthen cybersecurity and promote responsible behavior in the cyberspace, while addressing the digital spread of hatred and disinformation.
    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Cyber securityis perhaps one of our fastest growing concerns. Trendsappear to indicatean increasingdiversification ofmalicious efforts, perhapsstate-sponsoredones being the most worrisome. Particularly upsetting incidents involvecyber-attacks targetingour critical health infrastructures,alreadyexhausted in the struggle with the COVID-19 pandemic.
    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. We’re hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, and working to establish clear rules of the road for all nations as it relates to cyberspace.  We reserve the right to respond decisively to cyberattacks that threaten our people, our allies, or our interests. 

      Addressing cyberattacks and response - strong language , includes attacks on allies.

    2. We have reaffirmed our sacred NATO Alliance to Article 5 commitment.  We’re working with our Allies toward a new strategic concept that will help our Alliance better take on evolving threats of today and tomorrow.

      Recommitment to NATO, interesting mention of Art. 5 as the last statements related to Art. 5 were on cybersecurity and armed attack, inferred cyberattacks in 'evolving threats'

    3. Instead of continuing to fight the wars of the past, we are fixing our eyes on devoting our resources to the challenges that hold the keys to our collective future: ending this pandemic; addressing the climate crisis; managing the shifts in global power dynamics; shaping the rules of the world on vital issues like trade, cyber, and emerging technologies; and facing the threat of terrorism as it stands today

      Change in tone. Note the order of issues the resources are to be devoted to: pandemic, climate, global power dynamics (China). Call for change in global rules - trade, digital, terrorism in that order.

    4. Will we apply and strengthen the core tenets of inter- — of the international system, including the U.N. Charter and the Universal Declaration of Human Rights, as we seek to shape the emergence of new technologies and deter new threats?  Or will we allow these universal — those universal principles to be trampled and twisted in the pursuit of naked political power? 

      International system, incl UN needs strengthening. Makes connection between international system and emerging technologies, new threats (cyber) and the need to protect principles of UN Charter

    1. Вместе с тем призываем активизировать международные усилия не только для борьбы с терроризмом и экстремизмом, но и против транснациональной организованной преступности, занимающейся незаконной деятельностью в сфере оборота наркотиков и оружия, торговли людьми, отмыванием преступных доходов, и в киберпространстве. Кыргызстан в рамках Шанхайской организации сотрудничествапрорабатывает вопрос создании Центра по противодействию международной организованной преступности в городе Бишкек

      At the same time, we urge to intensify international efforts not only to combat terrorism and extremism, but also against transnational organized crime engaged in illegal activities in the field of drug and arms trafficking, human trafficking, money laundering and cyberspace. Kyrgyzstan, within the framework of the Shanghai Cooperation Organization, is working on the issue of creating a Center for Countering International Organized Crime in the city of Bishkek

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. tecnología con el Internet de las cosas, la inteligencia artificial, la ciberseguridad, la computación en la nube y las aplicaciones,nos revelanque los avances de la virtualidad son oportunidades de desarrollo humano.

      IoT, AI, cybersecurity, cloud computing

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

    1. Mais il n’y a pas de consensus sur la manière de réglementer ces technologies.

      Today, autonomous weapons can target and kill people without human intervention. Such weapons should be banned.

    2. Aujourd’hui, des armes autonomes peuventprendre pour cible des personnes et les tuer sans intervention humaine. De telles armes devraient être interdites.

      Today, autonomous weapons can target and kill people without human intervention. Such weapons should be banned.

    3. Je suis par exemple certain que toute future confrontation majeure –et j’espère évidemment qu’une telle confrontation n’aura jamais lieu –commencera par une cyberattaque massive.

      For example, I am certain that any future major confrontation - and of course I hope that such a confrontation never happens - will start with a massive cyberattack.

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL

  11. Jun 2021
    1. Issued by the Heads of State and Government participating in the meeting of the North Atlantic Council in Brussels 14 June 2021

      Important cybersecurity event

    Created with Sketch. Visit annotations in context

    Created with Sketch. Tags

    Created with Sketch. Annotators

    Created with Sketch. URL