Similar Posts
HELSINKI/STOCKHOLM – The Finnish and German governments on Monday said an investigation was under way of a severed fibre optic communications cable running on the Baltic seabed and linking the two countries, and they cited concerns about the security of critical infrastructure.
The 1,200 km (745 miles) fibre optic cable running through the Baltic Sea from Helsinki, Finland’s capital, to the German port of Rostock may have been severed by an outside force, Finnish state-controlled cyber security and telecoms network company Cinia said.
The C-Lion1 cable malfunctioned just after 0200 GMT, the company said.
The Finnish and German foreign ministries said in a joint statement that they were “deeply concerned” by the severed cable and that a thorough investigation was underway.
“Our European security is not only under threat from Russia’s war of aggression against Ukraine, but also from hybrid warfare by malicious actors,” they said. “Safeguarding our shared critical infrastructure is vital to our security and the resilience of our societies.”
The sudden outage implied that the cable was completely severed by an outside force, although a physical inspection has not yet been conducted, Cinia’s chief executive, Ari-Jussi Knaapila, told a press conference.
The damage occurred near the southern tip of Sweden’s Oland island and could typically take between five and 15 days to repair, he added.
Cinia said it was working with authorities to investigate the incident.
Swedish public service broadcaster SVT reported that Swedish authorities were also investigating damage to a communications cable running between Lithuania and Sweden, close to the one that was severed.
“It is absolutely central that it is clarified why we currently have two cables in the Baltic Sea that are not working,” Carl-Oskar Bohlin, minister of civil defence, told SVT.
The Swedish government did not immediately reply to Reuters’ request for comment.
Last year a subsea gas pipeline and several telecoms cables running along the bottom of the Baltic Sea were severely damaged in an incident raising alarm bells in the region.
Finnish police investigating the 2023 case have named a Chinese container ship believed to have dragged its anchor as a prime suspect, but have not said whether the damage was believed to be accidental or intentional.
In 2022 the Nord Stream gas pipelines linking Russia to Germany in the Baltic Sea were destroyed by explosions in a case that remains under investigation by German authorities. REUTERS
“Ofcom to Detail Action Required from Social Media Companies Over Illegal Content – December Deadline Looming for Compliance”
LONDON – Britain’s media regulator Ofcom said on Oct 17 that it would detail what action it expected social media companies to take over illegal content on their platforms in December, saying it expected swift action or they would face consequences.
Ofcom, which is responsible for implementing the government’s Online Safety Bill, said the platforms would have three months to complete their own illegal harms risk assessments after the publication of its demands.
“The time for talk is over,” Ofcom’s Chief Executive Melanie Dawes said on Oct 17. “From December, tech firms will be legally required to start taking action, meaning 2025 will be a pivotal year in creating a safer life online.”
She said the regulator had already seen positive changes, but expectations were going to be high.
“We’ll be coming down hard on those who fall short,” she said.
Ofcom said better protections had already been introduced by Meta, the owner of Instagram and Facebook, and Snapchat which have brought in changes to help prevent children being contacted by strangers.
Britain’s new online safety regime, which became law last year, requires social media companies to tackle the causes of harm, particularly for children, by making their services safer.
If companies do not comply with the new law, they could face significant fines and, in the most serious cases, their services could be blocked in Britain. REUTERS
WASHINGTON – A sophisticated breach of US telecommunications systems has extended to the presidential campaigns, raising questions about the group behind the attack and the extent of its efforts at collecting intelligence.
It was unclear what data was taken in the attack. The far-reaching operation has been linked to the Chinese government and attributed to a group experts call Salt Typhoon.
Investigators believe hackers took aim at a host of well-connected Americans, including the presidential candidates – reflecting the scope and potential severity of the hack.
Here’s what to know.
What is Salt Typhoon?
Salt Typhoon is the name Microsoft cybersecurity experts have given to a Chinese group suspected of using sophisticated techniques to hack into major systems – most recently, US telecommunication companies.
The moniker is based on Microsoft’s practice of naming hacking groups after types of weather – “typhoon” for hackers based in China, “sandstorm” for efforts by Iran and “blizzard” for operations mounted by Russia. A second term, in this case “salt,” is used to denote the type of hacking.
Experts say Salt Typhoon seems to be focused primarily on counterintelligence targets, unlike other hacking groups that may try to steal corporate data, money or other secrets.
What do US officials think Salt Typhoon has done?
National security officials have gathered evidence indicating the hackers were able to infiltrate major telecom companies, including but not limited to Verizon.
The New York Times reported on Oct 25 that among the phones targeted were devices used by former President Donald Trump and his running mate, Senator JD Vance of Ohio. The effort is believed to be part of a wide-ranging intelligence-collection effort that also took aim at Democrats, including staff members of both Vice President Kamala Harris’ campaign and Senator Chuck Schumer of New York, the majority leader.
How serious is this hacking?
National security officials are still scrambling to understand the severity of the breach, but they are greatly concerned if, as it appears, hackers linked to Chinese intelligence were able to access US cellphone and data networks. Such information can provide a wealth of useful intelligence to a foreign adversary like China.
To some degree, the breach represents a continuation of data collection on the types of targets that spies have been gathering for decades. In this instance, however, the sheer quantity and quality of the information Salt Typhoon may have gained access to could put the intrusion into its own category, and suggests that US data networks are more vulnerable than officials realised.
What did the hackers get?
At this stage, that is still unclear. One major concern among government officials is whether the group was able to observe any court-ordered investigative work, such as Foreign Intelligence Surveillance Act collection – a highly secretive part of American efforts to root out spies and terrorists.
No one has suggested yet that the hackers were able to essentially operate inside individual targets’ phones. The more immediate concern would be if they were able to see who was in contact with candidates and elected officials, and how often they spoke and for how long. That kind of information could help any intelligence agency understand who is close to senior decision-makers in the government.
People familiar with the investigation say it is not yet known if the hackers were able to gain access to that kind of information; investigators are reasonably confident that the perpetrators were focused on specific phone numbers associated with presidential campaigns, senior government leaders, their staff members and others.
Like the weather, hacking is never really over, and the Salt Typhoon breach may not be over either. It is also possible that the United States may never learn precisely what the hackers got. NYTIMES
SINGAPORE– The Cyber Security Agency (CSA) is starting a study aimed at raising the productivity and professionalism of cyber-security workers.
It may result in an outline of the competencies required of chief information security officers – known by the acronym Cisos – and their teams of security executives who are in high demand, given their key role amid surging cyber attacks.
Ms Veronica Tan, CSA’s director at safer cyberspace division, told The Straits Times: “For organisations, clarity in standards and desired skills at various roles will mean greater improvements in workforce competency and productivity.”
The study will involve industry players, training institutions and certification bodies, she added.
CSA’s plan comes as companies warm to the idea of designated cyber-security personnel, but sometimes find themselves hindered by limited budgets and a shortage of skilled talent.
Mr Nyan Yun Zaw, the first Ciso at Singapore cyber security advisory firm Athena Dynamics, said: “The industry turnover rate for Cisos is unfortunately pretty high because it is a highly challenging and stressful job.
“When the organisation faces a security incident, this is the first person everyone looks to.”
Chief information security officer, a title that arose up in the 1990s after Citibank appointed one following a cyber attack, have risen in prominence in recent years as some countries made mandatory disclosures of material cyber breaches or attacks.
There have also been high-profile cases of criminal charges taken against such officers, such as at Uber and SolarWinds.
Mr Zaw took on the job at Athena Dynamics just over a year ago when his company expanded it beyond IT infrastructure and support.
His background was a string of roles ranging from engineering, cyber security, programming, to business development and sales in the firm since its set-up in 2014.
He added to his expertise by becoming a Certified Information Systems Security Professional, a label granted by the International Information System Security Certification Consortium, also known as ISC2.
He said: “We felt that there is a need to have a dedicated Ciso since we are also part of a listed company.”
Cisos spend their time securing their companies’ assets, learning new threats and technologies, and working with cross-functional teams, he said.
He added: “Ciso is a management position, so it is important for a Ciso to be knowledgeable in various aspects of cyber ranging from governance, risk and compliance to network security architectures.”
In the 12 months leading up to September, job portal Indeed recorded 48 per cent of its postings in Singapore seeking communication skills in cyber security leaders, compared to 38 per cent specifying expertise in IT, and 16 per cent in information security.
Around the same time, the number of postings for such roles on its portal dropped 36 per cent, suggesting that firms might be filling positions through internal promotions or team restructuring, said Mr Saumitra Chand, Indeed’s career expert.
“This decline may be due to the demanding nature of leadership positions like Cisos, which require high levels of expertise and specialisation,” he said.
To help small and medium-sized enterprises (SMEs) or non-profit organisations that cannot afford designated security personnel, CSA launched its CISO-as-a-Service (CISOaaS) scheme in February 2023.
It has received about 200 applications so far.
Organisations tapping the scheme can use CSA’s panel of 19 vendors to audit their cyber health and guide them to attain CSA’s Cyber Essentials and Cyber Trust marks, with up to 70 per cent subsidies.
CSA is planning updates to the two marks to reflect new risks in cloud, operational technology and Artificial Intelligence (AI), said Ms Tan.
Digital agency Digipixel, which has used CISOaaS, said achieving both trust marks helped it gain trust from customers.
Its director, Mr Leon Tan, said: “Pooled services can sometimes lack industry-specific context, but our collaboration with CSA has been a productive exchange.”
Mr Dave Gurbani, chief executive at CyberSafe, an appointed vendor, said: “We start by conducting a cyber-security health plan, like a doctor’s check-up.”
The firm then helps its mostly SME clients work through their internal controls, configurations, policies, and training to pass the audits for CSA’s marks.
“Many SMEs still think of cyber security in terms of anti-virus tools or maybe a firewall. To put it simply, that’s like thinking you’re ready for the day just because you have your socks and shoes on,” Mr Gurbani said.
Gaps that frequently show up include outdated systems, misconfigurations from third-party vendors, and weak access controls like shared passwords and lack of Multi-Factor Authentication.
“Without guidance, these vulnerabilities can be hard to recognise and fix,” Mr Gurbani added.
Another vendor, Momentum Z, takes firms calling on the CISOaaS service through a three-pronged assessment of employees’ cyber-security basics, company’s processes and policies, and cyber-security infrastructure such as firewall, antivirus, back-up data use and endpoint security.
Chief executive Shane Chiang said he has had clients that have not changed passwords for six years, or who had been granting external vendors remote access to their network with no inkling.
He said: “’Clients are often surprised to learn the vulnerabilities in their systems, which reinforces the importance of having a Ciso to bring structure and foresight into cyber security.”
CSA’s 2023 cyber security health survey released in March noted that only one in three organisations have fully implemented at least three of CSA’s five categories of recommended measures.
More organisations need help with knowing what data they have, where the data is stored and how to secure the data, CSA’s Ms Tan said. Businesses are also weak at safeguarding their systems and networks against malicious software, as well as guarding access to data and services.
She urged more organisations to tap CSA’s tools to up their game, adding: “Unless all essential measures are adopted, organisations are still exposed to unnecessary cyber risks, especially as they accelerate digitalisation and adopt fast-evolving technologies such as AI.
“Partial adoption of measures is inadequate.”
We spend so much of our lives online but have we thought about what will happen to our digital trails and assets when we die?
It is a question that came up for husband-and-wife content creators Muhammad Alif Ramli and Liyana Syahirah Ismail Johari.
Content creators Liyana Syahirah Ismail Johari and Muhammad Alif Ramli documented their journey in seeking help to manage digital assets.
They realise, for example, if no clear instructions are left behind, not knowing the passwords or about dormant accounts on long-forgotten platforms can pose problems.
It is especially important, given Mr Alif’s medical history.
When Mr Alif was 10, he was diagnosed with rhabdomyosarcoma, a soft tissue cancer. He underwent multiple chemotherapy cycles and nine surgical operations, which the 28-year-old described as a “close-to-death experience”, before he recovered.
In the fourth episode of The Straits Times’ docuseries Let’s Talk About Death, Mr Alif and Ms Liyana, 27, seek help from experts to consolidate their digital assets.
They speak to a cyber security expert to find out how to best manage their passwords. They also talk to a lawyer who specialises in digital assets to look into protecting their social media accounts, which may generate revenue in the future.
Finally, Mr Alif and Ms Liyana also attempt to write their wills with the help of artificial intelligence tools, with the key question being: Will they be valid under syariah law?
Let’s Talk About Death is a five-episode docuseries that follows several millennials and their loved ones as they navigate end-of-life planning, and it starts honest conversations about death and dying well.
LONDON – Mirror Group Newspapers (MGN) is facing 101 phone-hacking lawsuits from public figures including actors Kate Winslet, Sean Bean and Gillian Anderson and the estate of late Australian cricketer Shane Warne, London’s High Court heard on Nov 20.
The publisher of the Daily Mirror, Sunday Mirror and Sunday People tabloids – which is owned by Reach – has been entangled in litigation for more than a decade over alleged phone hacking and other unlawful information gathering.
MGN had accepted that some unlawful information gathering took place at its newspapers in the early 2000s, before Prince Harry and three others went to trial in 2023.
Harry, the younger son of King Charles, was awarded £140,600 (around S$238,000) after London’s High Court ruled the prince had been targeted by MGN journalists – the biggest win yet in his “mission” to purge the British press.
He accepted substantial damages from MGN to settle the remainder of his lawsuit, but vowed his mission would continue and a trial of his separate case against Rupert Murdoch’s British newspaper arm is due to begin in January.
When Harry largely won his case in December 2023, Reach also claimed victory as two other claimants’ cases were rejected as having been brought too late.
The company said the ruling meant cases brought after October 2020 were “likely to be dismissed other than where exceptional circumstances apply”.
MGN is, however, currently facing a total of 101 lawsuits brought by a number of people, including Prince Harry’s ex-girlfriend Chelsy Davy, the claimants’ lawyers said at a hearing on Nov 20.
The publisher asked for a trial to be heard in late 2025 to decide whether a sample of the 101 cases were brought too late, arguing it would likely prompt a settlement of the cases.
Judge Timothy Fancourt ruled that such a trial would accelerate other cases being resolved and said it was likely to take place in November 2025. REUTERS