Cyber Europe 2016: Safeguarding Europe’s Digital Market through cyber security

The European ICT Industry is one of the most advanced in the world. Making the EU’s single market fit for the digital age could contribute €415 billion per year to our economy and create hundreds of thousands of new jobs[1]. The pervasiveness of high-speed connectivity and the richness and quality of online services in the European Union are among the best globally. Such advantages have considerably increased the dependability of European citizens on ICT services. These two elements, quality of services and customer base, make this industry particularly appealing to global business. What if this important piece of the global economy becomes a target? Computer security attacks are increasingly used to perform industrial reconnaissance, lead disinformation campaigns, manipulate stock markets, leak sensitive information, tamper with customer data, sabotage critical infrastructures. In Cyber Europe 2016, Member State cybersecurity authorities and cybersecurity experts from the public and private sectors, are called to react to a series of unprecedented, coordinated cyber-attacks.


According to ENISA – the European Union Agency for Network and Information Security – Cyber Europe 2016 (CE2016) was an opportunity for cyber-security professionals to analyse complex, innovative and realistic scenarios.

“For the first time, a full scenario was developed with actors, media coverage, simulated companies and social media, bringing in the public affairs dimension associated with cyber crises, so as to increase realism to a level never seen before in cyber-security exercises,” ENISA said.

For the past two days, representatives from more than 300 organisations including national cyber-security agencies, ministries, EU institutions and commercial IT service providers collaborated on addressing a simulated crisis that has been brewing for the past six months.

The CE2016 scenario “paints a very dark scenario” and was inspired by threats to critical national infrastructure (CNI), the internet of things (IoT) and cloud computing, using threat vectors as diverse as drones, innovative exfiltration methods, mobile malware and ransomware.

The motto of the exercise is “Stronger Together” and the key to success is cooperation at all levels to stymie transnational threats, according to ENISA. The exercise centred on political and economic policies as they relate to cyber-security, with a special focus on the Network and Information Security (NIS) directive which was recently passed by the EU Parliament.

The key findings are

  1. Cyber Europe exercises, as well as any cooperation activity at European level during real cyber crises, build upon existing relations between Member States. ENISA and the Member States will continue to invest in trust building activities to maintain and further develop existing trust.

  2. ENISA and the Member States should further develop the operational procedures which drive the cooperation activities during a cyber crisis, taking into account existing and future cooperation frameworks, to bring these procedures to a maturity level similar to those found in other sectors such as civil protection and aviation.

  3. ENISA and the Member States will seek further integration with national and regional activities.

  4. ENISA will address future Cyber Europe activities as a programme containing both trainings as well as small and large scale exercises, in order to provide a better experience and achieve greater impact.

  5. Lastly, ENISA will further develop the Cyber Exercise Platform to offer a richer experience to both players and planners, as well as to support the organisation of national and regional exercises, fostering the development of a cyber exercise community.


Secure your seat for Upskill University lecture with Rasool Irfan

Tune in on Friday, October 21 at 1:00 p.m. ET to a live Upskill U lecture with Rasool Kareem Irfan, Head of Telecom & Infrastructure Security Practice at Tata Communications Transformation Services Ltd (TCTS) , Security: Evolving the Data Center. As service providers become reliant on new virtualized network architectures, virtualization, fabrics and clouds, data centers have taken center stage as key elements in network transformation and are more important than ever before


This course looks at how data center security can evolve alongside network transformation and meet stringent security compliance’s and audits.

More on Upskill U Upskill U courses tackle the industry’s thorniest issues and show you new ways to address common problems and devise new techniques for increasing ROI. Courses are divided into modules covering a range of topics, including Virtualization, IoT, Cloud, Analytics, Video, Open Source, Data Center Transformation and more. Check out our full course schedule here. All courses are archived and available on-demand immediately following the live lectures!

Cybersecurity Ventures predicts cybercrime will cost the world in excess of $6 trillion annually by 2021.

  • Cybersecurity Ventures predicts global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion annually by 2021, which includes damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
  • Global spending on cybersecurity products and services for defending against cybercrime is projected to exceed$1 trillion cumulatively over the next five years, from 2017 to 2021, according to the Cybersecurity Market Report, which is published quarterly by Cybersecurity Ventures.
  • The U.S. has declared a national emergency to deal with the cyber threat, while others claim the world is engaged in a global cyberwar.
  • Cyber threats have evolved from targeting and harming computers, networks, and smartphones — to people, cars, railways, planes, power grids and anything with a heartbeat or an electronic pulse.
  • The world’s cyber attack surface will grow an order of magnitude larger between now and 2021.
  • Black-Hat hackers are motivated by money, espionage, notoriety, and malicious intent… and they are faster, more daring, and more experienced than White-Hats who are constrained by boundaries and rules.
  • There is no effective law enforcement for financial cybercrime today.
  • Enterprise IT infrastructures and databases — the treasure troves for cyber pirates — are facing more hostile and complex cyber-attacks. Corporations are increasingly turning to third party data breach and incident response firms, and Managed Security Service Providers (MSSPs), for help with cyber-defense.
  • Nearly half of all cyber-attacks are committed against small businesses.
  • Businesses and governments are fighting back with security awareness training for employees — which is expected to become a fundamental cyber-defense strategy by 2021

NIST Seeks Comments on Cybersecurity Reports

SEATTLE—The US National Institute of Standards and Technology (NIST) has recently issued two draft reports on cybersecurity issues of interest to industrial IoT users, and is seeking industry comment before making their final revisions. One report describes the proposed manufacturing profile for NIST’s Cybersecurity Framework. The other addresses cryptography standards and practices for resource-constrained processors.

Recognizing that the national and economic security of the United States depends on the reliable functioning of critical infrastructure, NIST created in 2014 a voluntary Cybersecurity Framework, which is a compendium of industry standards and best practices to help organizations manage cybersecurity risks. Created through collaboration between government and the private sector, the Framework helps guide cybersecurity activities and encourages organizations to consider cybersecurity risks as part of their risk management processes. Profiles, a key element of the Framework, help an organization align its cybersecurity activities with its business requirements, risk tolerances, and resources. A profile is intended both to help identify opportunities for improving cybersecurity as well as providing a touchstone to compare against in order to prioritize process improvement activities.

While organizations are encouraged to develop their own custom profiles, NIST-issued profiles can serve as a roadmap for that effort in specific industry sectors. The recently-released draftManufacturing Profile focuses on the desired cybersecurity outcomes for manufacturing systems and provides an approach for achieving those outcomes. It defines specific cybersecurity activities and outcomes for the protection of the manufacturing system, its components, facility, and environment.

The report, issued in early September, is not yet finalized. NIST seeks additional input from the manufacturing industry on the draft profile to help refine it further before publication. Control engineers, system administrators, line- and senior-level managers, and researchers are all encouraged to review the document and return comments to (Subject: “Draft CSF Manufacturing Profile”). The deadline for receiving comments is November 4, 2016.

The second cybersecurity report, DRAFT NISTIR 8114 — Report on Lightweight Cryptography, outlines NIST’s effort to develop a strategy for the standardization of lightweight cryptographic primitives such as block ciphers, hash functions, and message authentication codes. Such primitives can help developers achieve a better balance between security, performance, and resource requirements in specific resource-constrained environments than the more general-purpose conventional cryptographic standards.

The draft report first defines the kinds of target devices the lightweight cryptography standards aim to serve, and describes the performance metrics for evaluating alternatives. It then describes the types of primitives available, lists the NIST-approved implementation of these primitives, and summarizes the existing industry standards for lightweight cryptography. Following this overview of lightweight cryptography, the report discusses how NIST seeks to arrive at its standard.

Rather than using the kind of competitive proposal and evaluation method it employed in setting the AES block cipher and SHA-3 hash function standards, NIST has adopted an open call for proposals to standardize algorithms. In addition, NIST is seeking information to help it define application profiles. It will then use these profiles as the basis of its call for proposals, which will request proposals that offer good solutions for the specified profiles.

To help develop these profiles, NIST asks lightweight cryptography stakeholders a series of questions in the draft report. Questions include:

  • What is the application?
  • Are any cryptographic algorithms currently used by the application?
  • If so, which algorithms and what motivated the choice for them?

A total of 18, multi-part questions are listed in the draft report to support the identification and categorization of profiles that NIST will develop. Stakeholders need to provide their answers before October 1, 2016 to ensure consideration. NIST will then hold a Lightweight Cryptography Workshop on October 17-18, 2016 to discuss the profiles as well as compare tools and methods.

Source –


President Barack Obama on 19th Feb 2016 sought a surge in funding to counter cyber security threats, as his top intelligence official warned Congress that computer attacks were among the most imminent security challenges facing the United States.

In his fiscal 2017 budget proposal, Obama asked for $19 billion for cyber security across the U.S. government, an increase of $5 billion over this year

Cyber threats are “among the most urgent dangers to America’s economic and national security,” Obama said in a Wall Street Journal

The request for a cash infusion is the latest signal that the White House intends to make cyber security a priority in the last year of Obama’s presidency.

It follows a series of high-profile hacks against the government and companies like Sony Pictures and Target that were largely met with legislative inaction and administrative uncertainty on how best to address evolving cyber threats.

Those difficulties played out publicly last year when the Office of Personnel Management announced it had fallen victim to a hack that lifted sensitive information on roughly 22 million individuals from its databases.

The White House issued an executive order setting up a presidential commission on cyber security, which would make recommendations for strengthening defenses over the next decade. A new position of federal chief information security officer also would be established.

A government watchdog report last month concluded the government’s cyber defense system, known as Einstein, is ineffective at combating hackers.

Obama also signed another executive order creating a permanent Federal Privacy Council, which aims to connect privacy officials across the government to develop comprehensive guidelines for how personal data is collected and stored.

The president’s budget proposal also called for $62 million to expand efforts to attract and retain qualified cyber professionals working for the government.


Telecommunications Sector Security Reforms: Raising the bar too high?

When it comes to cyber-crime and national security, the Government understandably needs to take a robust approach to dealing with threats. The Telecommunications Sector Security Reforms or the Telecommunications and Other Legislation Amendment Bill 2015 (the Bill) is the latest in a series of new and proposed legislation directed at cyber-crime and national security, including the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth), Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 (Cth),  the Copyright (Online Infringement) Amendment Act 2015 (Cth) and the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015.

What does the Bill propose?

The Bill proposes to amend the Telecommunications Act 1997 (Cth), Telecommunications (Interception and Access) Act 1979(Cth), and other legislation to include:

  • new security obligations on carriers and carriage service providers to take ‘all reasonable steps’ to protect their networks and facilities from unauthorised access and interference, including demonstrating ‘competent supervision’ and ‘effective control’;
  • new obligations on nominated carriers and carriage service providers to notify the Government of proposed changes to their networks and services that could compromise these security obligations (e.g. new services, off-shoring network equipment and outsourcing arrangements);
  • new powers for the Government to request information from carriers and carriage service providers and issue directions to manage security risks; and
  • civil enforcement to address carrier and carriage service provider non-compliance, including Federal Court proceedings for pecuniary penalties, injunctions and enforceable undertakings.

Taken in the context of other existing and proposed cyber-crime and national security legislation, the Bill arguably means that, in order to avoid sanctions, carriers and carriage service providers now need to: implement network security measures under multiple legislative instruments and regimes; implement capabilities to record and retain metadata relating to network traffic; implement network emergency and intercept capabilities (extending to the content of communications); provide the Government with network information, access and control under multiple legislative instruments and regimes; notify the Government and the public of serious data breaches; and implement capabilities to identify offenders and disable access to online locations using their networks.  All while providing carriage services to the public that remain competitive in terms of technology, performance and price.

How has the Bill been received?

An exposure draft of the Bill was first introduced in June 2015 and then revised in November 2015 following initial industry consultation and feedback. In the context of an already highly regulated industry, it is no surprise that the Bill has been met with strong opposition.  The key issues raised by industry stakeholders were that:

  • industry already has a collaborative working relationship with Government and there is no evidence to suggest the existing legislative regime is deficient;
  • it is unclear how the proposed reforms will deliver the stated aim of identifying and mitigating risks to national cyber-security arising from the build and operation of telecommunications networks;
  • outsourcing and off-shoring are integral parts of 21st century business operations and Government restrictions or control over these arrangements will significantly impact costs and innovation;
  • Government involvement in technology development and roll out will halt network innovation in Australia and result in Australia being left behind;
  • Government acknowledges implementing the reforms will be costly, however, there is no clear cost recovery or funding model; and
  • the costs of complying with these reforms will deter investment in new technology and result in increased consumer prices.

What is the rest of the world doing?

The USA, Canada and UK appear to have taken a different and more collaborative approach – working together with industry to combat cyber-crime and national security threats. In the USA the Cybersecurity Enhancement Act 2014 supports the development of voluntary, industry-led cyber-standards and best practices for critical infrastructure and only imposes regulations as a last resort. Similarly, in Canada the Canadian Security Telecommunications Advisory Committee developed the Canadian Telecommunications Service Providers’ (TSP) Security Best Practices, which are voluntary standards for self-evaluating existing network security policies. In the UK, the government committed to the National Cyber Security Strategy in 2011 which again focuses on facilitating information sharing between industry stakeholders to identify and deal with cyber-crime and national security threats. This industry-led approach not only leverages the front-line expertise of carriers and carriage service providers, but is arguably more flexible and adaptive to technological progress and market forces.

What’s next?

The Cyber and Information Security Policy Branch of the Attorney-General’s Department accepted submissions relating to the Bill until 18 January 2016. It remains to be seen whether the final Bill will accommodate industry feedback and follow the more collaborative approach taken by other key jurisdictions.

This article was originally published in

Algorithm & Analytics driving digital economy

Algorithm and Analytics – What you should know?

In today’s digital economy business – many should have noticed that most of the billion dollar companies have made platforms that allow the B2B and B2C segments to perform their need using ‘algorithms’ and ‘analytics’. It also has variety of terms that are interconnected such as ‘IoT’, ‘Big Data’, M2M’ and so on.

While I started exploring its importance in digital economy – Its too late for me; haven’t said that its worth sharing here for all of you (who doesn’t aware of). Here are few insights on how the legacy business model of respective industry segment has been distrubted by ‘Algorithm & Analytics’

  • The Chinese government has contracted China Electronics Technology Group to develop technology, similar to that used (big data surveillance) in the sci-fi thriller “Minority Report,” that can predict acts of terrorism before they occur based on large amounts surveillance data. Click here to read more
  • Amazon’s recommendation engine and Google’s PageRank as a couple of the many examples of the spectrum of transformative business models — and competitive differentiation — that algorithms have made possible. CIOs need to take note of a future where algorithmic business goes autonomous. Click here to read more
  • Scaling your business in an Algorithmic economy – Traditional industries have been using algorithms for decades. The difference now has been in the huge quantum of unstructured data continuously generated by the H2M and M2M interconnections that need a machine learning algorithm. Click here to read more
  • StreetScore is an algorithm that assigns a score to a street view based on how safe it looks to a human — but using a computer that algorithms to quantify urban perception can help us study crime patterns, gentrification and other phenomena of interest for urban economists, urban planners and architects.Click here to read more
  • The power of advanced audit analytics – Leading academics in accounting, for example, have argued that audits should be a continuous rather than annual process. Analytics, artificial intelligence, and direct linkages to transaction systems will allow audit processes to uncover anomalies in real time, all the time. Click here to read more
  • Banking industry drives algorithm analyzes, models, and predicts the stock market. The algorithm is based on Artificial Intelligence (AI) and Machine Learning (ML), and incorporates elements of Artificial Neural Networks and Genetic Algorithms. Ref 1, Ref 2
  • Programs that helps Hollywood studios to identify, enhance and deliver on-screen success, and guides investors in the creation of winning film investments –  with the selection and development of scripts by identifying likely successes and probable ‘Turkeys‘. Ref 3
  • Traditional solutions, which continue to fall short in detecting and stopping threats, can be enhanced with big data analytics.
  • Big data analytics + security technologies = stronger cyber defense posture‘.Ref 4, Ref 5
  • Telcos will need advanced data analytics to offer increased automation, predictive features, and creative use of AI and machine-learning techniques. They need to employ data analytics to create behavioral models to fully enable the services and provide customer control features. Ref 6, Ref 7, Ref 8
  • The truth about ‘Smart Cities’ is that there is only going to be one way that they can become truly ‘smart’: through data and analytics. Algorithms are also a fundamental tool for transforming big data, first into useful analytics and eventually into action. Smart cities will rely heavily on data and the algorithms. Ref 9, Ref 10, Ref 11
  • Chronic Illness Prediction and Prevention, Scoring the Quality and Efficiency of Care, On-Demand Peer Costs Comparison, Preventing Adverse Drug Reactions, Understanding the Prescribing Habits of Physicians
  • Improving Manufacturing Processes, Custom Product Design ,Better Quality Assurance, Managing Supply Chain Risk


[The End] Thanks for reading..

Should you think of leaving a comment below that helps to correct, improve and enhance my upcoming posts; please feel free to do so


%d bloggers like this: