December 08, 2018

GCSC Cyberstability Update, December 7th, 2018

GCSC Cyberstability Update, December 7th, 2018

Your weekly news updates on the GCSC, its members, and relevant developments in the field of international cyber affairs. For more information about the GCSC, please visit


Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy

The article by Kelly Jackson Higgins was published in Dark Reading, 5th December 2018
Black Hat Europe 2018, London. As nation-state cyberattacks continue to evolve into more complex and disruptive campaigns, the pressure is on for countries to set specific cybernorms and support one another in the attribution of nation-state hacks, according to Marina Kaljurand, chair of the Global Commission on the Stability of Cyberspace (GCSC) and Member of the UN Secretary General's High Level Panel on Digital Cooperation.

Read More

‘Cyber-Attacks have become the New Normality’

The article by Catherine Chapman was published in The Daily Swig, 5th December 2018
Marina Kaljurand, current chair of the Global Commission of the Stability of Cyberspace, was the Estonian ambassador to Russia at the time her country’s critical infrastructure was hit by the politically motivated offensive. “I had two tasks,” Kaljurand said, in her keynote address to attendees at this year’s Black Hat Europe conference in London. “I had to learn in 15 minutes what DDoS meant in order to start explaining it to others, which I managed, and my second task was to find ways of cooperation with Russia – that, I failed.” “Cyber-attacks have become the new normality, and they are global and massive in their scale,” she said. “Cyber does not have borders and that’s why, if you want to be efficient, you have to cooperate with others.”

Read More

Hybrid and Transnational Threats

The discussion paper was published by Friends of Europe, 5th December 2018
In an age where hybrid tactics such as disinformation and cyber-attacks are increasingly deployed, the limitations of conventional military power have become evident. The paper includes different perspectives from a range of authors including: Giles Portman, Head of the East Stratcom Task Force at the European External Action Service, Antonio Missiroli, NATO Assistant Secretary General, Emerging Security Challenges, and Marina Kaljurand, Chair of the Global Commission on the Stability of Cyberspace. The article of Marina Kaljurand is on “The Need for International Norms to Help Govern Conduct in Cyberspace.”

Read More

International Institute for Strategic Studies Cyber Report: 30 November to 6 December

The report by IISS was published on their website, 6th December 2018
Global approaches to the vulnerabilities equity process – GCHQ, the United Kingdom’s signals intelligence agency, released details about how the department assesses the software vulnerabilities it finds in order to determine whether it should exploit them or disclose them to vendors so that they can be patched. In November 2017, the US government made public the contours of its own policies around vulnerabilities, which is known as the vulnerabilities equity process (VEP).
The Global Commission on the Stability of Cyberspace (in which IISS experts Sean Kanuck and Nigel Inkster participate) has proposed a norm for VEP: ‘States should create procedurally transparent frameworks to assess whether and when to disclose not publicly known vulnerabilities or flaws they are aware of in information systems and technologies. The default presumption should be in favour of disclosure.’

Read More

Is Responsible State Behaviour in Cyberspace Achievable?

The Chatham House event was held in London on 5th December, 2018
While attribution remains a sovereign political decision and should be established in accordance with international law, there is a clear consensus between like-minded states that malicious cyber activities need to be brought to light, coupled with other tailored measures, which would alter the perpetrating state’s risk-calculation.
On the cyber diplomacy level, the French president has recently launched the Paris Call for Trust and Security in Cyberspace. It has been supported by 370 states, companies and civil society entities so far.The Global Commission on the Stability of Cyberspace (GCSC) has also recently released its cyber Norm Package which aims at promoting stability in cyberspace and build peace and prosperity. GCSCCommissioner Christopher Painter speaks at this event alongside Carmen Gonsalves, the Head of International Cyber Policy at the Ministry of Foreign Affairs of the Netherlands.

Watch Here

Avoiding A World War Web: The Paris Call for Trust and Security in Cyberspace

The article by Arthur P.B. Laudrain was published by Lawfare, 4th December 2018
French President Emmanuel Macron delivered a charged speech [on Nov. 11] denouncing nationalism and urging all leaders to pursue peace through multilateralism. On November 12th 2018 at the Internet Governance Forum, Macron unveiled France’s first international initiative to that end, the “Paris Call for Trust and Security in Cyberspace.”
A key theme of the document is the importance of protecting individuals and critical infrastructure from harm. The document presses to safeguard the “public core of the Internet” from hostile actors. This is a clear demonstration of support for a package of norms unveiled by the Global Commission for the Stability of Cyberspace on Nov. 8 in Singapore.

Read More

It's Time To Strengthen Global Digital Cooperation

The article by Doris Leuthard was published by the World Economic Forum, 6th December 2018
Digitalization transforms, pervades and affects all aspects of our social, economic and political lives. These impacts span a wide range of issues, which through digitalization become increasingly interconnected and interdependent. However, at the global level, these issues are addressed by institutions that were founded in the 19th and 20th centuries, and which are often incapable of ensuring effective cooperation between the relevant international actors. In fact, the need to strengthen cooperation has been identified in different ways in recent years. From a general point of view, we have witnessed various initiatives, including in the field of cybersecurity, the Global Commission on Stability of Cyberspace (GCSC).

Read More

Global Cyber Security Norms: A Proliferation Problem?

The article by Paul Meyer was published on the ICT for Peace Foundation website, 3rd December 2018
Paul Meyer, Senior Advisor of the Foundation, prepared his analysis of the most recent developments at the United Nations and elsewhere regarding the development and promotion of norms of responsible state behaviour in Cyberspace. He analyses the recent process at the UN (UN GGE, Open-ended Working Group),  new instruments such as the Paris Call, Digital Peace Initiative, Digital Geneva Convention, and the recent norms proposal by the Global Commission on the Stability of Cyberspace.

Read More

Is Fake News Here to Stay?

The article by Commissioner Joseph S. Nye was published on Project Syndicate, 5th December 2018
Experience from European elections suggests that investigative journalism and alerting the public in advance can help inoculate voters against disinformation campaigns. But the battle with fake news is likely to remain a cat-and-mouse game between its purveyors and the companies whose platforms they exploit.

Read More


CSIRTs and Global Cybersecurity: How Technical Experts Support Science Diplomacy

The article by Leonie Tanczer, Irina Brass and Madeline Carr was published in Global Policy, 29thNovember 2018
Ongoing efforts by state actors to collaborate on addressing the challenges of global cybersecurity have been slow to yield results. Technical expert communities such as Computer Security and Incident Response Teams (CSIRTs) have played a fundamental role in maintaining the Internet's functional structure through transnational collaboration. Responsible for security incident management and located in diverse constituencies, these coordination centres engage in joint responses and solve day‐to‐day cybersecurity problems through diverse national, regional and international networks. This article argues that CSIRTs form an epistemic community that engages in science diplomacy, at times navigating geopolitical tensions in a way that political actors are not able to. Through interviews with CSIRT representatives, we explain how their collaborative actions, rooted in shared technical knowledge, norms and best practices, contribute to the advancement of international cooperation on cybersecurity.

Read More

Authoritarians Are Exporting Surveillance Tech, And With it Their Vision for the Internet

The article by Justin Sherman and Robert Morgus was published on the Council on Foreign Relationsblog, 5th December 2018
Chinese telecom giant ZTE is exporting surveillance technology to Venezuela, according to a recent Reuters investigation. Venezuelan officials allegedly visited Shenzhen, the Chinese technology hub, to learn about the country’s national identity card technology. It’s an insidious tool for population control, and its export—along with the export of other digital surveillance systems—is lending to the diffusion of an increasingly consolidated authoritarian model for internet governance and control. This ZTE incident is the most recent in a long line.

Read More

Hoarding Threat Information 'Not a Competitive Advantage,' DHS Official tells Corporate Leaders

The article by Sean Lyngaas was published in Cyber Scoop, 5th December 2018
Companies that view cybersecurity as a competitive advantage and fail to exchange threat data make the broader private sector more vulnerable to hacking, a Department of Homeland Security official has warned. If a good product or company fails because of a breach that could have been thwarted by sharing threat information, “there’s something that we’ve all lost,” Willke said at the Public Sector Innovation Summit. 

Read More

Resolution bloat at ITU Plenipotentiary Conferences

The article by Samantha Dickinson was published in Lingua Synaptica, 6th December 2018
Delegates who were in Dubai for the recent ITU Plenipotentiary Conference 2018 may remember the Chair of the Ad Hoc Group on Resolution 130 (about cybersecurity) regularly reporting on how many pages his group had succeeded in deleting from the original 56-page consolidated draft containing all proposed changes to the resolution. Member States engaged in long hours, including nights, weekends, and almost through to the dawn of the final day of the conference, to slowly work their way through the 18,063 words in the initial consolidated draft of proposals. 13 versions of the Ad Hoc Group’s draft resolution were to follow the first version.

Read More

Czech Republic blames Russia for Multiple Government Network Hacks

The article by Catalin Cimpanu was published on ZDNet, 3rd December 2018
Two Russian-linked cyber-espionage groups have hacked into the Czech Republic's government networks, the country's intelligence agency revealed today in an annual report. The Czech Security Intelligence Service (BIS) blamed two cyber-espionage groups --known as Turla and APT28 (Sofacy or Fancy Bear)-- for hacks of the Ministry of Foreign Affairs (MFA), Ministry of Defense, and the Army of the Czech Republic. The hacks took place in different campaigns across 2016 and 2017.

Read More


Doha forum – Diplomacy, Dialogue, Diversity

The agenda for the Forum was recently uploaded to their website.
Doha Forum is a global platform for dialogue, bringing together leaders in policy to build action driven networks. The Forum will take place from 15-16 December 2018. GCSC Co-Chair Latha Reddy will participate in a panel alongside Commissioner Marietje Schaake on 15 December from 14:00-15:00. The panel is entitled Bit-by-Bit: Enforcing Norms in Cyberspace. Commissioner Samir Saran will moderate a session on 16 December, from 10:45-11:45.

Read More

December 07, 2018

EVENT: Human Rights violations in Gilgit Baltistan

Russia Review by P.S.Raghavan

Ambassador P. S. Raghavan
Convenor, National Security Advisory Board
Former Indian Ambassador to Russia (2014-16)NOVEMBER 2018 | VOL 03 ISSUE 11 | MONTHLY

• Trump-Putin meeting postponed twice

• France, Germany sought to mediate Kerch strait standoff

• President Putin’s pivot to ASEAN and EAS

• Syrian impasse, Libyan opportunity

• Moscow format on Afghanistan recorded diplomatic success

• Defence & economic dialogue with India; military exercises with Pakistan 

Russia-US dialogue stalled twice

The much anticipated (in Russia) Putin-Trump November 11 meeting in Paris, for which the ground had been laid by the visit to Moscow of US NSA Bolton in October (Review 10/18), was postponed to the margins of the G-20 Summit in Buenos Aires (November 29-December 1), apparently to avoid deflection of focus from the World War I Armistice commemoration events. Two developments later in the month – one domestic and one external – eventually ensured that the meeting did not take place. 

Domestically, the investigation into the Trump campaign’s links with Russia got fresh momentum through new revelations from former Trump attorney Cohen about Candidate Trump’s investment intentions in Russia. Externally, a furore was created on November 25 by Russia’s forcible detention of three Ukrainian naval vessels, which were attempting to pass through the Kerch straits to a Ukrainian port on the Sea of Azov. The Ukrainian version was that they had notified the Russians about the transit (as required under a bilateral agreement of 2003). The Russians denied this and alleged that the Ukrainian ships had ignored warnings and indulged in dangerous manoeuvres with the Russian naval vessels sent out to stop them. Eventually the Russian ships opened fire, wounding three Ukrainian sailors and damaging the ships. One account is that a Russian ship rammed into a Ukrainian tugboat. The Ukrainian ships were detained and the sailors taken into Russian custody.  
The US, NATO, EU and G7 criticized the Russian action and called on Russia to return the Ukrainian vessels and crew members and restore freedom of passage through the Kerch strait. They reiterated non-recognition of Russian annexation of Crimea.

President Trump initially insisted that his meeting with President Putin would still go ahead. He only tweeted his decision to call off the meeting on November 28, while on his way to Buenos Aires. Significantly, he did not justify his decision on Russian aggression or its violation of Ukraine’s territorial integrity. He merely said that he was cancelling the meeting, since the ships and sailors had not been returned to Ukraine. In a subsequent tweet, he said he looked forward to a meaningful meeting "as soon as this situation is resolved".

Conspiracy theorists (and not only in Russia) speculated whether the timing of the Trump attorney’s revelations and of the Ukrainian “provocation” were influenced by the impending Trump-Putin meeting. In the case of Ukraine, the friction could help to shore up President Poroshenko’s flagging popularity. Opinion was also divided on whether the domestic or the Ukrainian development was the more influential factor in President Trump’s decision to call off the meeting. The speculations were not quelled by the White House Press Secretary’s statement immediately after President Trump’s decision that the "Russian witch hunt hoax" was undermining US-Russia relations, though she insisted (as did President Trump) that the meeting cancellation was prompted solely by the Ukraine situation.  

It may also be noted that, even while criticizing Russian action, the State Department and the EU called on both Russia and Ukraine to exercise restraint – a formulation that led Foreign Minister Lavrov to claim that they recognized Ukraine’s provocative role. On this point, these statements resembled China’s official statement, which called on all sides “to show restraint, prevent escalation, and reach consensus through dialogue and … settle differences". The US Secretary of State went further in his statement, urging Presidents Poroshenko and Putin to engage directly to resolve this situation and reiterating US support for the Normandy Four format (of France, Germany, Ukraine and Russia) – a format which, as both Europeans and Russians now openly say, was undermined precisely by the US when President Trump appointed Kurt Volker as his Special Envoy for Ukraine. The Russians masked their obvious disappointment at the cancellation of the meeting with stoic resignation, with FM Lavrov telling the Russian media in Buenos Aires that “love cannot be forced” and that if domestic pressures and those from “Russia-haters” like Ukraine and its sponsors “prevent the US President from building a normal relationship with the Russian President …. we will wait for another opportunity”.

Meanwhile, there were other signs of reduced confrontation. The US had been threatening Russia with substantial new sanctions, if it did not take steps to prove it has ended its chemical weapons programme, in accordance with a US legislation after the alleged nerve agent attack on former Russian spy, Skripal, in England in March. The sanctions eventually did not materialize. The strong rhetoric after the Kerch straits incident has also not led to new sanctions. Presidents Putin and Trump apparently exchanged pleasantries in Paris, besides briefly discussing (as per President Putin) crude oil prices, economic growth and regional issues. During President Putin’s visit to Singapore, he had pull-aside meetings (probably separate) with Vice-President Pence and US NSA Bolton. In early-November, a State Department statement recognized Russia’s role in persuading the Syrian government to permit humanitarian assistance to reach refugee camps in Rukban (in the al-Tanf enclave controlled by US special forces).

Franco-German engagement with Russia

Notwithstanding the fact that France was a party to the NATO, EU & G7 statements on the Kerch strait developments, President Macron went ahead with a bilateral meeting with President Putin on the margins of the G-20 summit. Equally significant was the fact that in his (public) opening remarks at that meeting, he first mentioned cooperation on Syria, before talking about the situation in Ukraine, which he linked to the implementation of the Minsk Agreements. He also said he would discuss his ideas on “the common architecture of security and defence in Europe”, which incensed President Trump in Paris and raises hackles in some parts of Europe as well. On this subject, both President Putin and FM Lavrov have declared that the new approach to a European security architecture, including President Macron’s idea of a European Intervention Initiative, is of great interest to Russia. 

Such “decoupling” of Europe from the US & NATO has been attempted before (with a stronger political momentum) in the 1990s, after the Cold War. It encountered strong pushback from the US and eventually ran aground on political and economic divisions within Europe. President Macron’s ideas may encounter even stronger headwinds in today’s political climate. 

German Chancellor Merkel called President Putin on November 27, after the Kerch Straits incident, in an effort to defuse the crisis. According to the Kremlin, President Putin asked Germany to use its influence to stop Ukraine “from taking further reckless steps”. President Putin subsequently said some measures had been agreed upon to defuse the crisis, though he gave no details. 

 President Putin's pivot to ASEAN and EAS

President Putin’s visit to Singapore for the Russia-ASEAN and East Asia (EAS) Summits was a landmark event on many counts. For all Russia’s declared focus on Eurasia, particularly after the standoff with the West since 2014, most Russian attention in Asia has been to China, India, Japan and Korea. This was President Putin’s first ever visit to Singapore, his first ever participation in EAS and the first ASEAN-Russian summit in eight years. The earlier two were in 2005 and 2010, though a Russia-ASEAN Summit was held in Sochi in 2016 to commemorate 20 years of Russia-ASEAN dialogue partnership. He had bilateral meetings with the leaders of Singapore, Malaysia, Thailand and Indonesia. The Russians believe there is an opening for their increased presence in the region, in the present context of nervousness in the region over both China’s dominance and US-China frictions (as most recently evidenced by the failure of the APEC summit in Papua New Guinea to agree on a declaration).    

The Putin-Abe meeting in Singapore created a splash because of the announcement that Russia and Japan would commence dialogue on resolution of the vexed Kurile Islands dispute on the basis of their bilateral declaration of 1956. Under this agreement, the Soviet Union agreed to cede two of the four southern islands to Japan. The Soviet and Japanese parliaments ratified the declaration, but Japan backed out of it, under pressure from the US, because of concerns that a consequent peace treaty between Japan and USSR may distort the Cold War balance of power in the Pacific region. The Soviet Union (and Russia thereafter) then hardened its position. Subsequent developments like the opening of the Northern sea corridor and strategic considerations of Russia’s naval access to the western Pacific Ocean made Russian concessions on the Kuriles more unlikely.

Therefore, on the face of it, the agreement to revive the declaration is a major Russian concession. However, President Putin dampened any expectations of an early breakthrough by pointing out (at a media conference) that specific legal grounds and procedures for ceding these islands and their subsequent jurisdiction needs “separate, additional and serious assessment”. 

The US will remain a major determinant of progress of these negotiations.  PM Abe is reported to have assured President Putin that the United States would not put military bases on the ceded islands. This would involve amendment of the U.S.-Japan security treaty, under which the US has the right to put military bases on the islands.

The larger strategic picture is that Japan seeks to “normalize” relations with Russia to “balance” China in the region. The extent to which Russia and the US see this as a viable and desirable objective from their respective strategic perspectives is, as yet, unclear. 


Remaining engaged in West Asia

Russia remained intensively engaged in the search for a political settlement in Syria. Its Foreign Ministry continued to denounce terrorists’ actions in Idlib to thwart Turkey’s efforts to fulfil its commitment to disengage them from “moderate” rebel forces and to establish a demilitarised zone (Review, 9/18). It was alleged that al-Nusra militants continued to fire on Syrian forces and populations on the outskirts of the province, including “chlorine-filled mortar rounds” at residential areas in Aleppo, poisoning over 100 people. 

Russia continued consultations with Syria, Turkey, Iran and Syrian opposition groups to generate a panel of mutually agreed names for the Constitutional Committee to convene in Geneva by end-2018 under the UN process (Review, 10/18). A meeting of the Astana process representatives on November 28-29 apparently failed to reach consensus on the list, reflecting the conflicting interests of the parties. The US State Department reacted strongly to this outcome, declaring that “the so-called Astana/Sochi initiative on the Syrian Constitutional Committee … has produced a stalemate”, delaying convening of the Constitutional Committee in Geneva. The statement accused Russia and Iran of continuing to use the process “to mask the Assad regime’s refusal to engage in the political process” as outlined in UNSCR 2254. 

Even as Russia struggled to reconcile conflicting interests in the composition of the Constitution Committee, its MFA accused the US of pursuing an agenda inconsistent with UNSCR 2254: perpetuating the control of the northeast of Syria by the Kurd-dominated Syrian Democratic Forces and thus de facto partitioning Syria. The establishment of US observation posts on Syria’s northern border with Turkey (announced by US Defence Secretary Mattis) was seen as confirming this trend, as also US media reports of “Arab forces” being deployed on the eastern banks of the Euphrates – the southern boundary of the US-backed, SDF-controlled territory.  

Separately, Russia also inserted itself forcefully into efforts to resolve the festering crisis in Libya. Leading up to the Palermo Conference hosted by Italy, many Libyan factions quietly visited Moscow, including the military leader of eastern Libya, Gen. Khalifa Haftar, who was reported to have met the Russian Defence Minister and Chief of Army Staff. Russia’s principal “private military contractor” – the Wagner group – was also reported to have participated in the talks. The fact that Russian participation in the Palermo Conference was led by PM Medvedev showed the level of Russian interest in the process. A presence in Libya (or at least preventing a hostile regime there) is important for Russia’s strategic interests in the Mediterranean Sea. Energy interests are also involved. Russian companies were engaged in a number of commercial projects in Libya at the time of Gaddafi’s fall and have huge unpaid contractual dues. Russia is believed to be assisting Gen Haftar, but also maintains contact with other major Libyan factions and has consultations on Libya with Italy, Turkey and Qatar, which support the Tripoli-based government, as well as France, Egypt and UAE, which have closer contact with the Tobruk establishment.  The Russian armed forces cannot openly operate in Libya, unlike in Syria, where they claim the invitation of the host government. It is likely, therefore, that Russian military objectives in Libya will be promoted by the Wagner group. Russia has expressed support for the efforts of UN special envoy for Libya, Ghassan Salame. There is no indication as yet of Russian intentions of an Astana-like process for Libya. 

Russia claims role in Afghanistan national reconciliation

The “Moscow format” of talks on Afghanistan, bringing together all regional and global stakeholders in the Afghan peace process, was poised for fresh take-off in September 2018, with Moscow’s announcement that Afghanistan would be a co-host and the Taliban would attend (Review, 8/18). In a loss of face for Russia, the meeting was called off at the eleventh hour, because the Afghan government withdrew from it, presumably under US pressure. On November 9, Russia was able to convene the talks. The Afghan government did not participate, but deputed a delegation of Afghanistan’s High Peace Council. The Taliban was represented by its Qatar-based leadership. India sent two former senior diplomats – former Heads of Mission in Pakistan and Afghanistan – as non-official representatives. The US Embassy in Moscow sent a representative. 

The meeting itself had no substantive outcome, other than its participants agreeing that direct intra-Afghan peace dialogue was needed to advance an Afghan-led national reconciliation process, that neighbouring countries and regional partners of Afghanistan should work in coordination to facilitate this and that the Moscow format was an appropriate mechanism to continue consultations. 

The participation level and outcome were sufficient for Russia to be able to claim a diplomatic achievement: bringing the Taliban and nominees of the Afghan government together at one table and endorsement of the Moscow format as a legitimate mechanism. It enabled Russia to claim legitimacy for its interactions with the Taliban and to claim that, while the US was engaged in separate one-to-one negotiations with the Taliban, Afghan government and some stakeholders, Russia is transparently engaging with all stakeholders.  
India’s decision to send representation (albeit non-official) was perhaps under pressure from strategic partner Russia and (as per some reports) on the recommendation of the Afghan government. It may also reflect a realization that when virtually every major stakeholder (US, Russia, Pakistan, Iran, China) admits to varying degrees of engagement with the Taliban and recognizes that any political solution in Afghanistan has to include the Taliban in some form, it cannot continue with its isolationist attitude. The fact that US envoy Khalilzad’s wide-ranging consultations on Afghan reconciliation have not included India may have also been an input.  India-Russia economic & defence cooperation, Russia-Pakistan joint exercises  

President Putin and Prime Minister Modi met on the margins of the East Asia Summit in Singapore and the G20 in Buenos Aires. The personal chemistry remains intact, as evidenced by their warm embrace in Singapore. A Russian journalist queried President Putin on its significance; his response was that they were friends and such a greeting is normal among friends. President Putin reverted to this theme at an international investment seminar in Moscow (just before the G20 summit), when he talked about “really good constructive relations with India” and his “friendly personal ties with Prime Minister Modi”, adding that it was largely thanks to his efforts that bilateral relations are moving forward in many fields. 

Niti Aayog Vice-Chairman Dr Rajiv Kumar led a delegation to Russia for the first meeting of the Strategic Economic Dialogue that the Indian and Russian leaders agreed on at their informal summit in Sochi (May 2018), as an addition to the many already-existing bilateral economic dialogue mechanisms. The idea was to give a strategic direction to the broad-basing of the bilateral economic engagement. 

Traditional defence cooperation was flagged by the Russia visit of India’s Chief of Naval Staff, Admiral Sunil Lanba. A Russian announcement before the visit said that a contract had been signed for the construction of four stealth frigates for the Indian Navy, of which the first two will be constructed in Russia. The hull of the third would be Russian and the rest would be constructed in India. The fourth would be fully constructed in India. 

Joint counter-terrorism/anti-insurgency military drills “Indra-2018” were conducted in Uttar Pradesh from November 19 to 28. Naval joint exercises (also Indra-2018) will be conducted in December 2018.

It should be noted that the Russian armed forces also had joint counter-terrorism/counter-insurgency military drills “Druzhba-2018” (Friendship-2018) with the Pakistan Army, focusing on operations in the hilly tracts of Nowshera District of Khyber-Pakhtunkhwa province in the second half of October. Druzhba-2018 is an annual exercise since 2016. Another Russia-Pakistan defence interaction was the visit to Karachi port of a group of Russian naval ships, led by a “large anti-submarine ship”. The program of the “unofficial visit” was said to include “social events” with the Pakistan Navy, and the attendance by the Russian sailors at the international defence exhibition IDEAS-2018. Refuelling, replenishment of victuals and shore leave for the crew were envisaged. 

India will have to factor this “new normal” of Russia’s South Asia engagement into its relations with Russia.


(The views expressed are personal)
The Author can be reached at

December 05, 2018

Newsletter: Global Commission on the Stability of Cyberspace


Tuesday 4th of December 2018 

Sign up to the weekly newsletter!

This Cyberstability Update is an overview of all articles included in our Weekly Newsletters for the month. Want to receive these updates on a weekly basis? Sign up here to receive our weekly newsletter on the work of the Global Commission on the Stability of Cyberspace (GCSC), its members and developments in the field of international cyber policy.

The GCSC in the News

A Rules-Based Order to Keep the Internet Open and Secure

The article by Marietje Schaake was published in the Georgetown Journal of International Affairs, 30th October 2018
When J.P. Barlow presented his 1996 “Declaration of the Independence of Cyberspace” in Davos, cyberspace was idealized as a separate universe, detached from the ‘real’ world, with no government controls and no national boundaries. Twenty-two years later, this libertarian dream of the open internet has been buried with J.P. Barlow. The internet has increasingly become an essential element to furthering people´s development and freedom, as well as a foundation for economic growth and international trade. The stakes for nation-states to exercise control over its functioning have thus become higher and the global internet has now become a platform for political, economic, and military power. Additionally, private companies have become powerful, global actors in the online environment.

Read More


Observer Research Foundation Special Report: In Pursuit of Autonomy – AI and National Strategies

The report, authored by Samir Saran, Nikhila Natarajan and Madhulika Srikumar was published on the ORF website, 16th November 2018

Industry leaders and politicians the world over are scrambling to lead the development and use of artificial intelligence (AI) for the power and value it accrues. However, AI promises to implicate more than just politics and economics. It poses fundamental questions on how societies and communities will be organised in the future–capable of radically transforming workforce and work-life as we know it. In the last 24 months alone, more than a dozen countries have devised national strategies on AI; many of these tomes run into several hundred pages. This publication examines 12 of these national strategies: the US, UK, EU, Germany, South Korea, Singapore, India, France, China, Canada, UAE and Japan.

Read More


Global Cybersecurity and the Internet Conundrum

The article by Olaf Kolkman was published on the Internet Society blog, 11th November 2018

Sunday marked the 100th anniversary of the armistice that ended the first World War. The 1918 ceasefire re-introduced a fragile peace that had collapsed when the world failed to defend common rules and international cooperation. International security and stability are as important now as they were a century ago. That’s why French President Emmanuel Macron and leaders from around the world are about to gather in Paris for the first Paris Peace Forum. The forum will attempt to pave a way forward for a world that is shifting and changing faster than most of us can keep up with. That change and shift, and the speed of it is enabled by the Internet.

Read More


IGF 13 & Paris Peace Forum: Europe Should Take Lead in Shaping a “New Deal” on Internet Governance

The article by Commissioner Wolfgang Kleinwächter, Matthias Ketteman & Max Senges was published in CircleID, 9thNovember 2018

The development of the Internet has arrived at a new Crossroads. The growing Internet Governance complexity is leading also to a higher level of confusion on how the digital future should be shaped.  Is the time ripe for a “New Deal” on Internet Governance? And which stakeholder should bear the primary responsibility for the normative framing of the key challenges internet governance is facing? As a flexible and credible provider of diplomatic solutions over decades, Europe can fulfill an important role here. The norm package, proposed by the Global Commission on Stability in Cyberspace, can be an important source of inspiration.

Read More


Hijacking the Internet Is Far Too Easy

The article by Justin Sherman was published in Slate, 16th November 2018

Did you have trouble accessing Google on Monday? If so, that’s because another country may have hijacked your internet traffic. According to a Google blog post on the incident, users were temporarily unable to reach services for about an hour due to an issue “external” to the company. The Wall Street Journal reports research firm ThousandEyes said that bad network instructions rerouted traffic to Russian network TransTelekom, Nigerian internet provider MainOne, and China Telecom. Any of these countries may have been involved, though Russia and China are the most likely suspects.

The insecurity of the internet—as these recent events show—doesn’t just apply to laptops and smartphones, but to the internet protocols that are far more vulnerable to manipulation than you might imagine (or hope). Undermining trust in these single points of failure (what, I believe, the Global Commission on the Stability of Cyberspace means when they refer to the “public core” of the internet) undermines trust in the internet at a fundamental level in a way that hacks of specific devices don’t.

Read More


Fixing the Internet

The article by Commissioner Jonathan Zittrain was published in Science Magazine(Vol. 362, Issue 6417), 23rd November 2018

Data breaches at Facebook and Google—and along with Amazon, those firms’ online dominance—crest a growing wave of anxiety around the internet’s evolving structure and its impact on humanity. Three keys to the decades-long global expansion of the internet and the World Wide Web are breaking down.

Read More


For Election Hackers, Deepfake Technology is a New and even more Dangerous Tool

The article by GCSC Co Chair Michael Chertoff and Eileen Donahoe was published in the Irish Examiner, 23rd November 2018

The election interference tactics originally deployed by Russia against the US and Europe are now global. Hackers across the democratic world have exploited weaknesses in campaign email servers, probed electronic voting machines for vulnerabilities, set up troll farms to spread highly partisan narratives, and employed armies of bots to distort the truth online.

As we look to the future — especially the 2020 US presidential election — there will be a far more dangerous interference tool, one that will be available not only to malign governments, but individual actors: Deepfake video.

Read More


HCSS Podcast with Christopher Painter: The Importance of Establishing Cyber Security Norms

The Hague Center for Strategic Studies uploaded the podcast to their SoundCloud, 29th November 2018

Podcast host Paul Verhagen, associate data analyst at HCSS, talks with Christopher Painter, a Commissioner of the Global Commission on the Stability of Cyberspace (GCSC), on how to achieve cyber stability in the future and why a cyber weapons treaty is not the solution.

Listen Here

International Cyber Affairs

The Potential Human Cost of Cyber Operations: Starting the Conversation

The article by Laurent Gisel and Lukasz Olejnik was published on the Humanitarian Law & Policy section of the International Committee of the Red Cross blog, 14thNovember 2018

Cyber attacks, defence and security are increasingly high on the agenda of technology and policy discussions. Indeed, cyber threats evolve rapidly and concerns are mounting over the use of hostile cyber operations and the potential risk for escalation. Cyber operations have damaged objects, disrupted the delivery of essential services to the population and, more generally, cost billions to governments and the private sector. While it is a struggle to keep up with the accelerating technical change, avenues to reduce the risk and effects of hostile cyber operations are proposed in various realms and discussed in many fora. This rapid evolution, its background and its consequences will be the focus of an expert meeting on the potential human cost of cyber operations organized this week by the International Committee of the Red Cross.

Read More


The Demilitarisation of Cyber Conflict

The article by Dennis Broeders and Sergei Boeke was published in Survival Journal ($), 20th November 2018

Dennis Broeders is and Associate Professor and Senior Fellow in the Hague Program for Cyber Norms, and Sergei Boeke is a researcher at the Institute of Security and Global Affairs (ISGA) at Leiden University. The article discusses the demilitarization of cyber conflict – The debate about state behaviour in cyberspace may be set in the wrong legal key.

Read More


The United States

U.S Prepared to Respond Offensively to Cyber Attacks: John Bolton

The article by the Devdiscourse News Desk was published on their website, 1st November 2018

President Donald Trump’s national security adviser warned US adversaries on Wednesday that the US is prepared to respond offensively to cyber attacks on the United States. John Bolton said that even before the administration released its cyber strategy last year, Trump had issued a classified executive order effectively reversing the Obama administration’s approach to offensive cyber operations.

Read More


U.S. Warns Countries not to ‘Manipulate the Extradition Process’ for Cybercriminals

The article by Sean Lyngaas was published in Cyber Scoop, 19th November 2018

The Department of Justice’s second-in-command has called on other countries to step up their efforts to extradite accused cybercriminals, warning that the U.S. will “expose” attempts by other governments “to manipulate the extradition process.” “We will identify nations that routinely block the fair administration of justice and fail to act in good faith,” Deputy Attorney General Rod Rosenstein told a general assembly of Interpol, an international police organization, on Sunday.

Read More


Pentagon official: Cyber Command and NSA may split infrastructure

The article by Brandon Knapp was published in The Fifth Domain, 2nd November 2018

A Department of Defense official said Nov. 1 that U.S. Cyber Command needs to have its own infrastructure and not lean as heavily on the National Security Agency for some cyber tools, a transition that may foreshadow an eventual split between the two dual-hatted agencies.

Cyber Command has operated on the NSA’s networks since its conception in 2009, but is in the process of building systems “by which we can do our own operations and not rely as heavily on the NSA infrastructure,” said Capt. Ed Devinney, director of corporate partnerships and technology outreach at Cyber Command.

Read More


National Security Telecommunications Advisory Committee Report to the President on a Cybersecurity Moonshot

The report of the NSTAC was published on the Department of Homeland Securitywebsite, November 2018

The United States is at an inflection point: simultaneously faced with a progressively worsening cybersecurity threat environment and an ever-increasing dependence on Internet technologies fundamental to public safety, economic prosperity, and overall way of life. Our national security is now inexorably linked to cybersecurity. Therefore, the Nation must build on past efforts and current strategies to seize the opportunity to strategically reorient from a largely reactive, incremental cybersecurity posture to a proactive approach that boldly assures digital trust, safety, and resilience for all Americans. Throughout this report, the NSTAC endeavors to answer several fundamental questions, including what a Cybersecurity Moonshot Initiative is, why it is necessary, and how the Nation can effectively operationalize it.

Read More


The Supreme Court and House Democrats Breathe New Life into Net Neutrality

The article by Tom Wheeler was published by Brookings, 9th November 2018

On November 5, the Supreme Court declined to review the decision of the D.C. Circuit Court that twice upheld the 2015 Open Internet Rule. The industry groups that had long opposed non-discriminatory access to broadband networks had previously stopped such regulation at the D.C. Circuit. When they attempted the same thing with regard to the 2015 decision of the Federal Communications Commission (FCC), a three-judge panel ruled the FCC’s favor. The industry then appealed the panel’s decision to the entire D.C. Circuit and lost again. The industry then appealed that loss to the Supreme Court. The Supreme Court voted 4-3 (with Chief Justice Roberts and Justice Kavanaugh abstaining) to deny a writ of certiorari for the appeal. As a result, the lower court’s decision upholding the 2015 Open Internet Rule stands.

Read More


Pentagon Cyber Official warns U.S. Companies against ‘Hacking Back’

The article by Jacqueline Thomsen was published in The Hill, 13th November 2018

A top cyber official at the Defense Department on Tuesday urged companies to refrain from “hacking back” when they are the victim of a cyberattack, saying it could negatively affect the already unclear rules of engagement in cyberspace. B. Edwin Wilson, the deputy assistant secretary of defense for cyber policy, said at a Foundation for Defense of Democracies event that “industry, private citizens should have the ability to defend themselves.” But he cautioned that there is a “unique nature in cyberspace in regards to offensive activity,” such as a company using cyber methods to retaliate against hackers who target their networks.

Read More


Agencies Will Soon Have a Cyber Hygiene Score—And Will Know Where They Rank

The article by Aaron Boyd was published in NextGov, 28th November 2018

Soon, federal agencies will have a clear idea of how they are doing on basic cybersecurity and be able to compare their posture to other agencies across the government. The Homeland Security Department’s Continuous Diagnostics and Mitigation program, or CDM, is providing agencies with a sophisticated suite of cybersecurity tools. As those tools are put in place, the associated sensors are sending data to a centralized dashboard, giving Homeland Security and agencies a holistic view of cybersecurity throughout the federal enterprise. Now, Homeland Security is using that data to compile cyber scores using an algorithm called AWARE, which stands for Agency-Wide Adaptive Risk Enumeration.

Read More


An Outcome-Based Analysis of U.S. Cyber Strategy of Persistence & Defense Forward

The article by Max Smeets and Herb Lin was published on the Lawfare blog, 28thNovember 2018

The new U.S. Cyber Command (USCYBERCOM) vision and the Department of Defense Cyber Strategy embody a fundamental reorientation in strategic thinking. With the publication of these documents, as well as 2017 National Security Strategy and the 2018 National Defense Strategy, there is a general conception among experts that the U.S. has, for the first time, articulated a strategy that truly appreciates the unique “symptoms” of cyberspace. Yet most cyber experts have also argued that the ‘medicine’ prescribed by the Defense Department  and USCYBERCOM should be further scrutinized.

Read More


After a Hiatus, China Accelerates Cyberspying Efforts to Obtain U.S. Technology

The article by David E. Sanger and Steven Lee Myers was published in The New York Times, 29th November 2018

Three years ago, President Barack Obama struck a deal with China that few thought was possible: President Xi Jinping agreed to end his nation’s yearslong practice of breaking into the computer systems of American companies, military contractors and government agencies to obtain designs, technology and corporate secrets, usually on behalf of China’s state-owned firms. The pact was celebrated by the Obama administration as one of the first arms-control agreements for cyberspace — and for 18 months or so, the number of Chinese attacks plummeted. But the victory was fleeting.

Read More


U.S. – Russia Relations

Unpacking The Competing Russian and U.S. Cyberspace Resolutions at the United Nations

The article by Alex Grigsby was published in the Council on Foreign Relations blog, 29thOctober 2018

It’s October and the United Nations General Assembly and subsidiary committees have started their work in earnest. As expected, Russia tabled a draft resolution seeking the General Assembly’s endorsement of an “international code of conduct for international information security,” and a resumption of the UN Group of Governmental Experts (GGE) process next year. Somewhat less expected, however, is that the United States tabled a competing resolution, setting up a clash between Russia, China, and their largely autocratic friends on one side, and the United States, the European Union, Canada, Japan, and Australia on the other.

Read More


Cyber Command’s Moves on Russia Send Message; No Sign of Countermoves, Yet

The article by Charlie Mitchell was published in Inside Cybersecurity, 30th October 2018

A U.S. cyber operation aimed at disrupting Russian plans to interfere in the midterm elections may involve more of a “message” to bad actors than actual offensive strikes, according to a former senior official, but even that would mark a significant new step in cybersecurity policy.

Read More


The Pentagon Has Prepared a Cyberattack Against Russia

The article by Zachary Fryer-Biggs (Center for Public Integrity) was published in The Daily Beast, 2nd November 2018

The U.S. intelligence community and the Pentagon have quietly agreed on the outlines of an offensive cyberattack that the United States would unleash if Russia electronically interferes with the 2018 midterm election on Nov. 6, according to current and former senior U.S. officials who are familiar with the plan.

In preparation for its potential use, U.S. military hackers have been given the go-ahead to gain access to Russian cybersystems that they feel is needed to let the plan unfold quickly, the officials said.

Read More


The New Cold War Is a Lot More Dangerous Than the Old

The article by Michael Klare was published in Foreign Policy In Focus, 1st November 2018

“Now we have a new Cold War,” commented Russia expert Peter Felgenhauer in Moscow after President Trump recently announced plans to withdraw from the Intermediate-Range Nuclear Forces (INF) Treaty. The Trump administration is “launching a new Cold War,” said historian Walter Russell Mead in the Wall Street Journal, following a series of anti-Chinese measures approved by the president in October. And many others are already chiming in.

Recent steps by leaders in Washington, Moscow, and Beijing may seem to lend credence to such a “new Cold War” narrative, but in this case history is no guide. Almost two decades into the twenty-first century, what we face is not some mildly updated replica of last century’s Cold War, but a new and potentially even more dangerous global predicament.

Read More


The UN Doubles Its Workload on Cyber Norms, And Not Everyone Is Pleased

The article by Alex Grigsby was published on the Council on Foreign Relations website, 15th November 2018

The United Nations is set to double its workload as it relates to the international security dimensions of cyberspace over the next few years. Last week, the General Assembly’s first committee adopted two separate (and some would say competing) resolutions on the actions of states in cyberspace. One resolution, sponsored by Russia, creates an open-ended working group of the General Assembly to study the existing norms contained in the previous UN GGE reports, identify new norms, and study the possibility of “establishing regular institutional dialogue … under the auspices of the United Nations.” The other resolution, sponsored by the United States, creates a new Group of Governmental Experts (GGE) to study how international law applies to state action in cyberspace and identify ways to promote compliance with existing cyber norms.

Read More


Delay, Deny and Deflect: How Facebook’s Leaders Fought Through Crisis

The article by Sheera Frenkel et al was published in The New York Times, 14thNovember 2018

Inside Facebook’s Menlo Park, Calif., headquarters, top executives gathered in the glass-walled conference room of its founder, Mark Zuckerberg. It was September 2017, more than a year after Facebook engineers discovered suspicious Russia-linked activity on its site, an early warning of the Kremlin campaign to disrupt the 2016 American election. Congressional and federal investigators were closing in on evidence that would implicate the company. But it wasn’t the looming disaster at Facebook that angered Ms. Sandberg. It was the social network’s security chief, Alex Stamos, who had informed company board members the day before that Facebook had yet to contain the Russian infestation.

Read More



The Digital Maginot Line

The article by Renee DiResta was published on Ribbonfarm, 28th November 2018

There is a war happening. We are immersed in an evolving, ongoing conflict: an Information World War in which state actors, terrorists, and ideological extremists leverage the social infrastructure underpinning everyday life to sow discord and erode shared reality. The conflict is still being processed as a series of individual skirmishes – a collection of disparate, localized, truth-in-narrative problems – but these battles are connected.

Read More


From Cyber to Military Mobility: EU Members Endorse new Defense Objectives

The article by Martin Banks was published in DefenseNews, 21st November 2018

The European Union has unveiled a new batch of projects under its fledgling Permanent Structured Cooperation (PESCO) defense pact. There will be 17 new projects in addition to the initial 17 agreed almost a year ago. The new activities cover areas such as training, capability development and operational readiness on land, at sea and in the air, as well as cyber-defense. The Cyber Threats and Incident Response Information Sharing Platform, one of the 17 new projects formally announced on Monday, will develop more active cyber-defense measures, potentially moving from traditional firewalls to more active measures. The EU also recently adopted an updated version of the EU cyber defense policy framework.

Read More


Inside the British Army’s Secret Information Warfare Machine

The article by Carl Miller was published in Wired, 14th November 2018

A barbed-wire fence stretched off far to either side. A Union flag twisted in a gust of wind, and soldiers strode in and out of a squat guard’s hut in the middle of the road. Through the hut, and under a row of floodlights, I walked towards a long line of drab, low-rise brick buildings. It was the summer of 2017, and on this military base nestled among the hills of Berkshire, I was visiting a part of the British Army unlike any other. They call it the 77th Brigade. They are the troops fighting Britain’s information wars.

Read More


Dutch Ministry of Defense Cyber Strategy 2018

The article by MrKoot was published on his blog, 15th November 2018

On 12 November 2018, the Dutch minister of defense released (in Dutch) the MoD’s Defense Cyber Strategy 2018. The initial strategy was released in 2012 and revised in 2015. The new strategy document (.pdf, in Dutch; mirror) is available only in Dutch. MrKoot provides an English translation of the document, describing the relevant provisions in more depth.

Read More


GCHQ and the NCSC publish the UK Equities Process

The news article was published on the GCHQwebsite, 29th November 2018

GCHQ, and the National Cyber Security Centre, have a proud history of discovering and disclosing security weaknesses in all manner of technologies. This work plays an important role in helping to secure the technology which underpins the economy and the everyday lives of millions of people in the UK and abroad. However, they do not disclose every vulnerability they find. In some cases, they judge that the UK’s national security interests are better served by ‘retaining’ knowledge of a vulnerability. The natural question is, ‘how do you decide which vulnerabilities to disclose?’ This blog introduces the Equities Process, the means by which the UK intelligence community decides how to handle the vulnerabilities it  discovers.

Read More

The UK action is consistent with the GCSC norm for countries to have Vulnerability Equities Processes (see above) & we encourage more countries to have procedurally transparent processes that favor disclosure. See the explanatory note of the Norm Package Singapore.


The EU as a Partner in Cyber Diplomacy and Defence

The Chapter, by Thomas Renard and Andre Barrinha, was first published in the European Security and Defense College Handbook on Cyber Security. It was uploaded to the Egmont Royal Institute for International Relations website, 28th November 2018

The European institutions became involved in cyber-related issues in the 1990s. However, cyberspace only came to be conceived as a security space a decade later. As late as 2003, cyber issues were not even mentioned in the European Security Strategy (ESS). That was to be progressively rectified with a number of non-binding communications from the European Commission, focusing mostly on the security of the EU’s cyberspace. The full Chapter can be accessed here.

Read More

Internet Freedom

Democracy under Threat by Chinese-Style ‘Digital Authoritarianism’

The article by Ellie Zolfagharifard was published in The Telegraph, 1st November 2018

In its mission to rewrite the rules of the internet, China has gone on a global charm offensive.
The usually secretive nation has been seducing world leaders and emerging markets with “techno-dystopian” tools that promise to suppress dissent – and its ambitious campaign against democracy is working.

Read More


Online Censorship in Saudi Arabia soared after Jamal Khashoggi’s Murder

The article by Martin Giles was published on the MIT Technology Review website, 20thNovember 2018

The number of websites being censored in Saudi Arabia doubled a couple of weeks after Washington Post journalist Jamal Khashoggi was killed in the country’s consulate in Istanbul, according to an initiative that tracks internet censorship. While the increased censorship is not surprising, the results show how skillful automated tracking has become at sniffing out repression. Roya Ensafi, who leads the Censored Planet project, says it detected the sharp increase in censorship activity when it ran an automated scan on October 16. That was the day after Saudi and Turkish officials had conducted a joint inspection of the consulate, which Khashoggi entered a couple of weeks earlier to get a marriage license.

Read More


Internet Freedom Continues to Decline Around the World, a New Report Says

The article by Casey Newton was published in The Verge, 1st November 2018

Digital authoritarianism is on the rise, according to a new report from a group that monitors internet freedoms. Freedom House, a pro-democracy think tank, said today that governments are seeking more control over users’ data while also using laws nominally intended to address “fake news” to suppress dissent. It marked the eighth consecutive year that Freedom House found a decline in online freedoms around the world. Tech Crunch also have a take on the report, looking in particular at the decline of the U.S. in the rankings.

Read More


Underlying Dimensions of Yemen’s Civil War: Control of the Internet

The article by Insikt Group was published on the Recorded Future blog, 28th November 2018

In the midst of the ongoing Yemeni civil war, local and international players are waging a secondary war through internet control and other cyber means. Recorded Future’s Insikt Group assesses that dynamics of the Yemeni civil war are manifesting themselves online through a struggle over Yemeni access, use, and control of the internet. Recorded Future identified both censorship controls and traffic attempting to subvert those controls within Yemen, as well as spyware activity. This reportintends to establish a baseline of internet activity, use, and access in Yemen.

Read More


The Snowden Legacy, Part One: What’s Changed, Really?

The article by Sean Gallagher was published in ArsTechnica, 21st November 2018

Digital privacy has come a long way since June 2013. In the five years since documents provided by Edward Snowden became the basis for a series of revelations that tore away a veil of secrecy around broad surveillance programs run by the National Security Agency, there have been shifts in both technology and policy that have changed the center of gravity for personal electronic privacy in the United States and around the world. Sadly, not all of the changes have been positive. And Snowden’s true legacy is a lot more complicated than his admirers (or his critics) will admit.

Read More

Industry News

Microsoft Says It Will Sell Pentagon Artificial Intelligence and Other Advanced Technology

The article by David E. Sanger was published in the New York Times, 26th October 2018

Microsoft said on Friday that it would sell the military and intelligence agencies whatever advanced technologies they needed “to build a strong defense,” just months after Google told the Pentagon it would refuse to provide artificial intelligence products that could build more accurate drones or compete with China for next-generation weapons.

Read More


Facebook will let French Regulators Study its Efforts to Fight Hate Speech

The article by Tony Romm and James McAuley was published in the Washington Post, 12th November 2018

Facebook will open its doors for French regulators to study its approach to combating hate speech online, marking the latest attempt by governments around the world to figure out new ways to thwart toxic, derogatory content from spreading on social media. Under a six-month arrangement announced on Monday, French investigators will monitor Facebook’s policies and tools for stopping posts and photos that attack people on the basis of race, ethnicity, religion, sexuality or gender. From there, aides to French President Emmanuel Macron hope to determine “the necessary regulatory and legislative developments” to fight online hate speech, a government official said.

Read More


Security Predictions Reports

The report by FireEye was uploaded to their website, November 2018

Facing Forward: Cyber Security in 2019 and Beyond. This annual Security Predictions report offers unique insights into what we can expect from attackers, victim organizations, security vendors and nation-states in the coming year. These insights come directly from FireEye senior leaders and experts on a variety of teams who are on the frontlines of cyber security, including FireEye Threat Intelligence, Mandiant Consulting, and FireEye Labs.

Read More


Here’s how the Private Sector wants to Fight Botnets

The article by Zaid Shoorbajee was published in Cyber Scoop, 29th November 2018

In an effort protect the internet and its denizens from coordinated, automated cyberattacks, an industry group released an “International Anti-Botnet Guide” on Thursday. The guide offers best practices to collectively secure the digital ecosystem from botnets, the large networks of computer systems that malicious cyber actors use to automate and scale destructive online activity spreading malware like distributed denial of service (DDoS) attacks. The guide was put together by the Council to Secure the Digital Economy (CSDE), a group of trade associations that represent the technology industry, including USTelecom, Information Technology Industry Council (ITI) and Consumer Technology Association (CTA).

Read More


Mass Router Hack Exposes Millions of Devices to Potent NSA Exploit

The article by Dan Goodin was published in Ars Technica, 29th November 2018

More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday. The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports.

Read More


Google shut out Privacy and Security Teams from Secret China Project

The article by Ryan Gallagher was published by The Intercept, 29th November 2018

The secrecy surrounding the work was unheard of at Google. It was not unusual for planned new products to be closely guarded ahead of launch. But this time was different. The objective, code-named Dragonfly, was to build a search engine for China that would censor broad categories of information about human rights, democracy, and peaceful protest. Google’s leadership considered Dragonfly so sensitive that they would often communicate only verbally about it and would not take written notes during high-level meetings to reduce the paper trail, two sources said.

Read More

On Elections

CSIS Election Cybersecurity Scorecard: The Outlook for 2018, 2020 and Beyond

The article by William A. Carter was published by the Center for Strategic and International Studies, 29th October 2018

The 2016 election was a wake-up call for the United States that our largely digitized election systems are vulnerable. The Russian government targeted US campaigns, candidates, and election systems in a series of coordinated cyber attacks and influence operations intended to undermine confidence in American democracy.

In the last two years, federal, state and local election officials have made significant efforts to secure our election infrastructure and defend our democracy. We are better prepared in 2018 to deal with the threat of foreign election interference, but there is much more to be done to ensure the integrity and resilience of our elections against cyber threats for 2020 and beyond.

Read More


Under Attack: How Election Hacking Threatens the Midterms

The article by Rob Marvin was published in PC Mag, 29th October 2018

Understanding modern election security means coming to grips with a daunting reality: especially in the United States, the infrastructure is too fragmented, outdated, and vulnerable to be completely secured. There are also far too many different types of attacks across the threat landscape to ever stop them all.

Read More


Iran’s new Facebook Trolls are using Russia’s Playbook

The article by Issie Lapowsky was published in Wired, 26th October 2018

On Friday, Facebook shut down another network of 82 accounts, pages, and groups that have been posing as US and UK citizens since 2016. The network, which Facebook says originated in Iran, has spread memes, articles, and other posts about political topics including race relations, the upcoming midterm election in the US, and the recent confirmation hearings for Supreme Court Justice Brett Kavanaugh. What distinguishes this latest group, which Facebooks says it discovered a week ago, from the Iranian propaganda network that tech giants shut down this past summer are the striking similarities between its campaign and the one the Russians mounted before the 2016 election.

Read More


Russian Disinformation on Facebook Targeted Ukraine well Before the 2016 U.S. Election

The article by Dana Priest was published in the Washington Post, 28th October 2018

In the spring of 2015, Ukrainian President Petro Poroshenko was desperate for Mark Zuckerberg’s help. His government had been urging Facebook to stop the Kremlin’s spreading of misinformation on the social network to foment distrust in his new administration and to promote support of Russia’s invasion and occupation of parts of Ukraine. In the three years since then, officials here say the company has failed to address most of their concerns about Russian online interference that predated similar interference in the 2016 U.S. presidential election.

Read More


Google to Vet Ads ahead of 2019 European Parliament Vote

The article by James Cook was published in The Telegraph, 22nd November 2018

Google will verify the identities of people placing political adverts through its services around the time of the European Parliament elections in May 2019. The search engine will verify the identity and nationality of people paying to promote candidates who hope to become members of the European Parliament next year, according to a blog post published on Thursday.

Read More


Russia’s Elite Hackers may have New Phishing Tricks

The article by Lily Hay Newman was published in Wired, 20th November 2018

A major question hanging over the United States midterm election season: Where was Russia? But while GRU hackers didn’t directly interfere, they appear to be as active as ever. New research from two threat intelligence firms indicates that two prominent Russia-linked groups have been developing some clever phishing innovations, and are working purposefully to expand their reach.

Read More