Copy
View this email in your browser
Prague Security Studies Institute is pleased to introduce its third issue of TIDS Newsletter, 
which will provide you with the latest updates and analysis on Technology, Infrastructure,  Data & Security in the context of the Czech Republic and Central Europe with a particular focus on cyber, economic & financial security.

Second issue of TIDS Newsletter is available here.
UPDATE ON CYBER SECURITY IN THE CZECH REPUBLIC
» Military Intelligence is seeking IT experts in cybersecurity to engage in the active reserves of the Czech Armed Forces. According to a survey conducted in summer 2018, among 42 ICT companies that operate in the Czech Republic, there is a general interest in supporting this idea (information about the existence of such survey was just revealed). Representatives of the Military intelligence are to meet with select ICT company representatives in January in order to discuss the form and conditions of such cooperation.
» Since January 2020, the Cyber Forces Command of the Czech Armed Forces, officially created in July 2019, has been strengthened by a unit located in Olomouc and focusing on civilian-military cooperation and psychological operations. They currently have about 100 soldiers, set to be increased to 500 in the future. In January 2020, their first assignment will be Lithuania. According to the commander Miroslav Feix, these changes reflect the growing importance of cyber space and information capabilities in the digital domain.
Also the Czech Cyber Forces Command is looking for active reserves
, as suggested by Ludvík Cimburek, who is resposible for active reserves in the Armed Forces. 
» The Czech PM, Andrej Babiš, announced that he expects to fill the seat of recently-fired director of NÚKIB Dušan Navrátil (the Czech National Cyber and Informationa Security Agency – NCISA) by April 2020. The new director will be selected by a 7-person committee, which will include directors of other Czech security services, along with select representatives from the government and opposition parties. Reportedly among the candidates are Tomáš Ječný, former head of IT at Czech Post; Zdeněk Lokaj, academic at the Czech Technical University in Prague; and Daniel Bagge, cyber attaché to the U.S. and Canada.
» Various problems and difficulties in the field of state IT contracts should now be prevented by a team of IT experts from within the Interior Ministry that will control the systems during their development. Such changes are being implemented by Vladimír Dzurilla, the Prime Minister’s advisor for ICT and digitalization.
» The town hall at Kladno was attacked by a cryptovirus. The security system was able to prevent it from spreading from the infected computer of an employee who had opened the infected attached file in an incoming e-mail. There have been four other unsuccessful attempts to encrypt employees’ computers since that moment. An employee from the IT department does not recall this kind of cryptovirus attack in his 16-year history of working at the town hall.
» Police identified the ransomware attack that paralyzed the hospital in the central Bohemian town of Benešov and concluded that it is the same type that attacked the OKD mining company in late December. The ransomware is called Ryuk and has Russian origins. Following these findings, the national CERT team released a warning.
» Due to the ransomware attack in Benesov, Prague‘s Na Homolce hospital organized a conference, in which representatives of the Ministry of Health, NUKIB, law enforcement agencies and health care representatives met to assess cybersecurity in the Czech Republic. Although the public was excluded, some general pieces of information were leaked out: deficits in technical infrastructure (e.g. weak network segmentation, lack of software updates) and managers' malpractice (absence of comprehensive training of staff in cybersecurity hygiene and insufficient network monitoring).
» The Ministry of Health plans to initiate a wide-scale check of the cybersecurity defences of Czech hospitals as the aftermath of the cyberattack on the hospital in Benešov.
» The Ministry of Regional Development announced that during 2014-2020 the cybersecurity of critical infrastructure was funded by the subsidiary funds of the EU in the amount of roughly 58 million. The sum was distributed among 55 projects, mainly into the cybersecurity of hospitals, but also to help NUKIB with setting up detection system of cybersecurity incidents in selected public sector information systems. In the upcoming period 2021-2027 the Ministry stressed that cybersecurity should be allocated twice as much funding.

TECHNOLOGY, INFRASTRUCTURE, DATA & SECURITY IN EUROPE AND OVERSEAS

» Austria’s MFA was hit by a cyber-attack. The ministry did not rule out the possibility that the attack was carried out by a state actor, due to its severity.
» The U.S. Department of the Interior plans to halt the use of drones with technological parts from China. This would affect roughly 1,000 models. Such civilian drones are planned to be used solely in cases of emergencies, such as wildfires. It is the continuation of a process that includes warnings to civilians on the use of Chinese drones or a potential ban on Chinese-made dones from being used by the U.S. government.

» An Italian parliamentary security committee said that Huawei and ZTE should be prevented from participation in the creation of national 5G capacity. Italy’s Minister of Industry, Stefano Patuanelli, contradicted the ruling. According to Patuanelli, Italy has sufficient legislation for national security. Huawei is in contention to upgrade network infrastructure for Italy’s biggest telecom group, Telecom Italia.

» The U.S. reiterated its negative stance on possible Huawei participation in the creation of 5G networks in the UK. A dossier of technical information was given to their British counterparts by senior US officials.

» Sebastien Soriano, head of France’s telecoms regulator Arcep, announced that the auctions of 5G frequency licenses will be held in April. The allocations of frequencies are planned for June.

» Chinese socal media platform TikTok, which is banned in the U.S. from use in governmental and military phones, placed as runner-up to WhatsApp for the most downloaded application of 2019. Interestingly enough, Indian users attributed to  45% of TikTok’s downloads.

» A bipartisan bill Cybersecurity State 5 Coordinator Act of 2020 was proposed by US Senators. It aims to create a position of national cybersecurity coordinator for each state. The office would fall under the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency with the intention of improving coordination between the federal and local governments on the matter, along with increasing preparedness for various cyber attacks.

» France’s Le Monde points out Huawei's lobbying effort in the EU. Owing to the fact that every single member state makes its own decision about ruling Chinese companies out from infrastructure development, Huawei expends great effort to persuade them in its favor. The lobbying costs of the Chinese producer were estimated at € 2,8 million. 

» UN Office of the High Commissioner for Human Right (OHCHR) special rapporteurs call for an investigation into the hacking of Jeff Bezos’ phone in 2018. According to the report, Bezos’ phone was infiltrated by a corrupted video file sent to him from the private account of the Saudi Crown Prince Mohammad bin Salman via Whatsapp. It was suggested that the spyware used might have been Pegasus-3, developed by an Isreali technology firm, NSO Group.

SPOTLIGHT: UK SUGGEST IT WILL NOT BAN HUAWEI

The British government has announced that it will give Huawei a role in its national 5G rollout, subject to certain limits. Huawei will be excluded from sensitive “core” parts of the British network, and any given vendor in the rest of the network can only have up to 35% of its equipment sourced from Huawei. In spite of these restrictions, the decision has been seen as something of a victory for Huawei, as the United States had advised its allies not to work with Huawei at all, due to security concerns about the Chinese telecommunications firm and its relationship with the Chinese government. A Downing Street source suggested adhering to the US warning is impossible given prevailing UK market conditions.
However, the reluctance of the British government to alienate China on the eve of Brexit, which has forced the UK to seek to strengthen its foreign economic relations, may also have played a role in the decision. The Chinese government has been fairly explicit about tying foreign investment to a country’s willingness to work with Huawei, and the UK may fear it has too much to lose, especially in light of a recent report suggesting that Chinese investment in the UK grew significantly in 2019 despite this being a period of declining Chinese investment in Western countries in general.
US President Donald Trump reportedly asked British Prime Minister Boris Johnson to reconsider the Huawei decision during a January 25 meeting, but the January 28th announcement is being regarded as the UK’s final decision on the matter.

Twitter
Facebook
Website
Copyright © 2020 Prague Security Studies Institute, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.