03/11/2015 Par Jules Darmanin – LeFigaro.fr

Zerodium, une start-up de sécurité informatique, récompense une équipe de hackers qui est parvenue à casser à distance les protections du smartphone Apple. Cette faille pourra être revendue à des fins d'espionnage.

C'est une somme record. Zerodium, start-up spécialisée dans la sécurité informatique, avait promis un million de dollars à ceux ou celles qui parviendraient à casser les protections («jailbreak») d'un appareil sous iOS 9.1, la dernière version du système d'exploitation mobile d'Apple. Le logiciel qui équipe les iPhone et iPad est réputé difficile à pirater. Il n'a pas résisté à une équipe de hackers qui est parvenue, grâce à une ou plusieurs failles informatiques, à développer une technique de piratage d'iOS 9.1 et se partagera donc le pactole promis.

Suite de l’article

WASHINGTON, Oct. 14 By Ryan Maass   (UPI)

Officials from NATO and the Czech Republic signed a Memorandum of Understanding aiming to improve cooperation and assistance on cyberdefense. The document was signed by NATO Assistant Secretary General Ambassador Sorin Ducaru, and Czech Director of National Security Dušan Navrátil. The document is a follow up to the Enhanced NATO Policy on Cyber Defense in 2014. The Czech Republic is the first NATO ally to sign the memorandum.

Read more

Prague - 22 June, 2015 European Defence Agency
 

From 16 to 18 June 2015, the European Defence Agency (EDA) together with the Czech National Security Authority (NBU) organised an exercise for Comprehensive and Strategic Decision Making on Cyber Security and Defence in Prague. The exercise was opened with keynote speeches from the Director of the NBU, Mr Dušan Navrátil and the Estonian Ambassador to the Czech Republic, H.E. Mr. Sten Schwede. The Estonian Ambassador to NATO, H.E. Mr. Lauri Lepik, visited the exercise on 17 June.

The exercise execution was supported by the Estonian based European Cyber Security Initiative (ECSI), a Non-Governmental Organisation aiming at improving cyber security across Europe, as well as representatives from the Estonian and Portuguese governments, the EU Military Staff and CERT-EU.

The tabletop exercise aimed at training senior decision makers from the public and private sectors to comprehensively deal with complex cyber attack scenarios. The methodological concept of the exercise, that refers back to an Estonian initiative, was initially piloted with the Portuguese government in May 2014. The exercise in Prague served as a first proof-of-concept. In total 57 representatives from the Czech government, the Czech private sector and observers from Austria, Estonia, Slovakia, ENISA and CCD COE participated. 

Participants expressed their appreciation of the exercise in general. In particular they valued the realistic scenario and concept as well as the pragmatism in transferring a complex issue into a coherent training concept. They also agreed that the exercise addressed an existing gap in the training and exercise landscape. 

A second proof-of-concept exercise will be organised with the Austrian government in September 2015 in Vienna

More Information:

• Website Czech National Security Agency
• Cyber defence capability programme overview

01 avril 2015 Romandie.com (AFP)

Washington - Le président américain Barack Obama a autorisé mercredi des sanctions contre les pirates informatiques américains comme étrangers, autorisant le gouvernement à bloquer les avoirs des personnes impliquées dans des cyber-attaques aux Etats-Unis.

Les cyber-menaces représentent l'un des plus graves problèmes économiques et de sécurité nationale pour les Etats-Unis, et mon administration mène une vaste stratégie pour les régler, a indiqué le président en publiant le décret.

Ce décret permet au Trésor américain de geler ou bloquer les avoirs des personnes impliquées dans des attaques sur des réseaux informatiques américains essentiels, comme des systèmes bancaires ou liés au réseau électrique, ou le vol de données sur des cartes de crédit.

Les intrusions et attaques informatiques -- originaires pour beaucoup de l'étranger -- visent nos entreprises, volent des secrets industriels, et coûtent des emplois américains. Les pirates iraniens visent les banques américaines, a écrit Barack Obama dans un message publié sur un blog et transmis par la Maison Blanche.

La cyber-attaque nord-coréenne contre Sony Pictures a détruit des données et désactivé des milliers d'ordinateurs. Dans des failles (de sécurité) récentes qui ont fait les gros titres, plus de 100 millions d'Américains ont eu des données personnelles compromises, y compris des informations sur leurs cartes de crédit ou médicales, ajoute-t-il.

Barack Obama dit vouloir utiliser l'autorité attachée à ma fonction et à cette administration, y compris l'engagement diplomatique, les outils de politique commerciale et les méthodes policières, afin de contrer la menace représentée par des cyber-acteurs malveillants.

16.032015 by ENISA

ENISA’s Executive Director, Udo Helmbrecht, gave a speech today Monday 16^th March 2015, at the SEDE (Security and Defence) subcommittee meeting in Brussels, in an exchange of views on cyber security and defence.

Topics discussed involved:

• Assessing  efficiently the threat landscape  and understanding the cyber dynamics as an important tool towards an active and agile security management
• The  critical role of CERTs – the  EU’s Computer Emergency Response Teams – for developing ‘baseline capabilities’ and      providing an EU wide network responding to cyber incidents and threats
• The  development of pan-European cyber exercises and cooperation among Member States
• The  protection of Critical Information Infrastructure (CIIP) and the development of a common approach to incident reporting in Europe, bringing together National Regulatory and Data Protection Authorities
• The development of National Cyber Security Strategies (NCSS) in the Member States
• The need for an EU legislation supporting privacy, by requiring systems’ developers and service providers to build in data protection measures from the design phase on (‘security by design’)
• The need for trusted core NIS technologies and services (an innovative business model for EU companies producing cyber security services and products) for the EU to become the single market of choice for governments and industry

Challenges for the future illustrate that there are different aspects to cyber security and cyber-attacks. Firm action will be required, as a significant evolution in top threats is expected. To enable to address this, cooperation among Member States, EU Institutions, and other relevant bodies is a top priority. Furthermore, it is necessary to establish European prevention, detection and response capabilities and implement early warning systems.

Udo Helmbrecht said: “The protection of information, information systems and infrastructure from those threats associated with the use of ICT systems in a globally connected environment is inevitably linked with effective security policies, and robust and resilient cyber defence capabilities, within a common EU policy. There are different aspects to cyber security and cyber-attacks. But all current security approaches tend to make use of the same technology, making it difficult to judge who is attacking what and why. Within this context, it should be examined what cyber security can offer at another level, contributing and protecting the EU citizens. Cyber security is the EU’s ‘digital frontier’”.

Within this context, ENISA provided an overview of its active contribution at an EU level. The meeting was broadcast live and is available via the European Parliament multimedia library.

Speech by Udo Helmbrecht at the SEDE Committee

Udo Helmbrecht gave an Interview on the subject and is available online via the Europarl TV link.

Background:

“The EU Cyber Security Strategy was presented by the Commission and the HR/VP in 2013. It covers the internal market, justice and home affairs and foreign policy angles of cyberspace. In 2014 the Council adopted the EU Cyber Defence Policy Framework, focusing on CSDP, civil/military cooperation, training and international cooperation” source: SEDE

About ENISA: The European Union Agency for Network and Information Security (ENISA) is a centre of expertise for cyber security in Europe. ENISA supports the EU and the Member States in enhancing and strengthening their capability and preparedness to prevent, detect and respond to network and information security problems and incidents.

NEW YORK, March 3 By Richard Tomkins   (UPI)

An advanced network intrusion detection system is being provided to NORAD-U.S. North American Command by Imprimis Inc and root9B Technologies.

The advanced network intrusion detection system focuses on automated analysis, detection and response to national-level threats and is being modified to achieve advanced baselining and packet inspection and will integrate Imprimis' Cyber Threat Activity Matrix database for tailored threat intelligence information.

"The IDS will provide network intrusion detection utilizing advanced packet analysis to baseline ICS network traffic and immediately identify anomalies," Imprimis said.

"The system will provide real-time response to anomalies on ICS that represent cyber threats. The objective of this project is to develop a tool that applies an innovative methodology to map ICS-specific threats and their tactics, techniques and procedures to observable network behavior and design."

The contract award under the Department of Defense Rapid Innovation Fund Program is worth $1.7 million and was sponsored by NORAD-NORTHCOM, or U.S. North American Command.

"The goal of this project is to provide immediate identification of both anticipated and unique threats," said root9B Chief Executive Officer Eric Hipkins. "root9B will develop a network analysis platform unique in its ability to monitor traffic and identify threats based on advanced algorithms and smart packet inspection."

11 February 2015 by ISS

Recent years have seen an important shift in how security is prioritised, with an emphasis on threats in cyberspace. Last year, the Sony Corporation hack drew attention worldwide, challenging perceptions of state governance and security in cyberspace.

The estimated financial cost of cybercrime worldwide exceeds US$445 billion annually. For individuals, the loss of private and sensitive information is particularly concerning, and a recent poll in the United States (US) shows that Americans fear breaches in cyber security more than any other ‘traditional’ crimes.

Africa has not been immune to increased cybercrime either, with countries such as Nigeria, Kenya and South Africa fast becoming hubs of cybercrime activity.

Read more

LONDON – Jan. 27, 2015 – Northrop Grumman

Northrop Grumman Corporation is among the companies that have been awarded a contract by the government of the United Kingdom to provide a range of cyber security solutions.

Under this competitively awarded, seven-year framework contract, Northrop Grumman will provide engineering and development services in support of data security and information assurance.

"As a long-standing partner with the U.K. government, we are proud to have been selected to support the security of their digital domain and the protection of its citizens," said Kathy Warden, corporate vice president and president, Northrop Grumman Information Systems. "With more than 30 years of cyber security expertise that has been developed and deployed around the world, we look forward to continuing our work with some of the brightest industry and academic minds to deliver world class operational performance, scaled to the mission, and to increase our U.K.-based workforce that will support cyber innovators of the future."

"We have a well-established and growing presence in the U.K. and this strategically important contract award reflects the strong customer relationships that we have established here over the years," said Andrew Tyler, chief executive for Europe, Northrop Grumman. "We are committed to strengthening this partnership and to bringing our advanced cyber technologies and deep understanding of today's global security threats to this programme."

Northrop Grumman continues to invest in U.K.-based cyber security capabilities with new facilities in England, where it has set up an Advanced Cyber Technology Centre of Excellence, a global collaboration initiative to advance high-end solutions to our customers' most challenging cyber problems.

Northrop Grumman is also investing in the development of the next generation of cyber specialists. The company entered into a partnership with Cyber Security Challenge U.K. under which it has launched the youth-based cyber defence competition CyberCenturion in the U.K. aimed at building tomorrow's cyber workforce. Northrop Grumman is also mentoring a diverse set of small and medium enterprise partners and investing in research and development with select U.K. university partners.

Northrop Grumman is a leading provider of full-spectrum cyber solutions to the United States government and to allied nations around the world. The company builds cyber into every system, platform, and product that it produces in order to enhance mission assurance and resiliency, while investing both in innovative technology and cyber talent of the future. For more about Northrop Grumman in cyber, go to www.northropgrumman.com/cyber.

Northrop Grumman is a leading global security company providing innovative systems, products and solutions in unmanned systems, cyber, C4ISR, and logistics and modernisation to government and commercial customers worldwide. Please visit www.northropgrumman.com for more information.

14 nov. 2014 Thales Group

13 October 2014 By Jessica Woodall – Pacific Sentinel

 

Cybersecurity can help Australia take its existing engagement with Vietnam to the next level.

Historically, Vietnam’s relationship with China has been complex. Stretching from 111 BC and early Chinese cultural domination of Vietnam, to the 1979 border conflict and more recent disputes over competing claims in the South China Sea, the relationship’s had its challenges.

Earlier this year hostility flared when the Chinese government deployed an oil rig within Vietnam’s Economic Exclusion Zone. That led to public protests and targeted violence towards Chinese nationals in 22 of Vietnam’s 63 provinces.

Tip-toeing around the edges of that tension are several countries—including the U.S., Japan, Russia and India—seeking to step up their engagement with Hanoi. All seek a stronger relationship with a partner in a geographically important location and a warmer friendship with ASEAN’s main players—and some probably hope to counter China’s expanding sphere of influence.

Tangible engagement has, for the most part, centred on arms and natural-resource sales. Vietnam took delivery of the second of six Kilo-class submarines from Russia in March. And India’s said to be close to concluding a deal to sell BrahMos supersonic cruise missiles to the Vietnamese, further boosting their defense capabilities. Earlier this month, the U.S. also partially lifted its 30-year-old embargo on sales of lethal arms to Vietnam, which will facilitate the sale of weapons for maritime purposes for the first time.

Australia should also seek to expand its engagement with Vietnam: it’s too politically and geographically important to ignore. But we need to be careful not to ruffle Beijing’s feathers while doing so. So we must be subtle in our cooperation with Hanoi, proceeding with a softly-softly approach.

Non-traditional security issues such as cybersecurity provide an opportunity to take our existing engagement, which primarily revolves around transnational crime, to the next level. 

Read the full story at The Diplomat

06 octobre 2014 - Jean Kaminsky

L’entité cyber sécurité, créée il y a 3 ans, a connu 3 dénomination consécutives, EADS, Cassidian et depuis quelques mois Airbus Defence and Space. Et elle a dû « digérer » le rachat de  deux PME, Netasq il y a 18 mois et Arkoon il y a 1 an, qui ont maintenant  fusionné opérationnellement, sous la direction de François Lavaste, en attendant leur prochaine fusion juridique. Elles commercialisent désormais une gamme commune sous la marque Stormshied.

Suite de l’article

20/03/2014 Thales Group