Cyber Security News Update 11/16/2018

In a shocking bit of news, it seems that the Japanese cyber security minister, Yoshitaka Sakurada, has “never used a computer before” because he has “people to do that for him.” This total lack of experience seemingly extends to his knowledge of technologically advanced devices, like USB drives. When asked about whether or not USB drive use posed a security risk when used at nuclear power plants, Mr. Sakurada could only express that he was unaware of what a USB drive was. This elicited, appropriately, surprised reactions from the lawmaker who’s questions he was answering about how he could possibly claim to be qualified to be the minister of a subject he clearly had no working knowledge of. Mr. Sakurada explained that even though he had no knowledge of a computer and had never used one so far in his 68 years of life, he felt that the competence of his staff combined with his managerial experience meant that he was able to capably handle the responsibilities of his job. Whether or not that’s the case remains to be seen, and one of the major responsibilities of the cybersecurity minister is the safety of the 2020 Olympics that will be hosted in Japan.
Source: Japan’s cyber-security minister has ‘never used a computer’

President Trump has signed into law a bill that makes the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS) the primary cybersecurity agency of the DHS, and rebrands the National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Protection Agency (CIPA) instead. CIPA now stands as equals with other groups within the DHS like the Secret Service or FEMA, and CIPA officials have stated that this elevation in status will allow them to recruit better talent than what they had access to before. CIPA is working with states to protect them from outside interference, especially in regards to the safety of the elections. There are now several prominent cybersecurity agencies in the United States ranging from the NSA which has a heavy focus on digital intelligence and counter-intelligence, the CIA with it’s focus on general information gathering in ways beyond the purely electronic, the Armed Forces various units and cyber-crisis teams, the FBI’s cybersecurity groups that handle cyber-crimes committed against American businesses, and now the CIPA.
Source: Trump signs bill cementing cybersecurity agency at DHS

A report demonstrates that most cyber crime comes from a select group of highly-motivated and skilled groups, which makes sense as only the best are going to survive the cyber world. While there are large purely criminal groups that move within the cyber world, some of the largest players are state-backed actors instead who act as part of their country’s espionage arm while recieving indirect or direct support. Iran has used state-backed attackers to great success in a massive phishing scam targeted at higher-education and research facilities, particuraly in the United States. Russia’s APT-28 is aother example of a successful state run group that frequently appears in the news.
SourceMajority of Cybercrime Damage is Caused by a Few, Powerful, Covert Criminal Threat Groups: