Polish Prime Minister Mateusz Morawiecki on January 16 called for a collective Western response to cyber threats while urging allies to increase spending on cybersecurity.

“I call on you today and encourage your leaders and governments to spend more money on cyber warfare, as we do, on cyber soldiers to protect our Internet frontier,” Morawiecki said on the opening day of a two-day conference jointly hosted by PKO Bank Polski and the Atlantic Council in Warsaw, Poland.

“Our enemies will not wait,” Morawiecki said, adding, “They are arming up as we speak. Only a collective response will keep he threat at bay, and only a decisive one.”

The conference, “A New Initiative for Poland: A Future Global Leader in Securing the 4th Industrial Revolution,” seeks to deepen US-Polish ties by developing cybersecurity as a key pillar in the relationship.

British ‘Code of Practice for Consumer IoT Security’ draws on Atlantic Council report

Consumer Internet of Things (IoT) products are notoriously insecure. In October 2016, the Mirai botnet amassed a massive botnet army of IoT-connected devices, eventually used in a distributed denial of service (DDoS) attack that overwhelmed the capabilities of some of the largest Internet providers in the world and took down the Internet across the US East Coast. Mirai’s authors began building their tool as teenagers, amassing an IoT zombie horde using techniques known (and easily preventable) for decades. Unfortunately, the norm for IoT devices is lax security—simple, hardcoded (unchangeable) passwords, and operating systems that can’t be patched or updated with security protection.
French President Emmanuel Macron on November 12 launched the “Paris Call for Trust and Security in Cyberspace”—the first state-supported initiative that brings together a set of principles that both the public and the non-governmental sector can implement and endorse to increase trust and stability in cyberspace.

Macron introduced the Paris Call at the Internet Governance Forum in Paris. The event was part of Paris Digital Week, which has brought together thinkers, innovators, decision-makers and investors for a discussion on current and future digital issues from November 11 to November 14.

In his speech, Macron called on all actors to work together toward building trust and security in cyberspace. Many states, as well as private companies and civil society organizations, have already thrown their support behind the declaration on developing common principles for securing cyberspace. The Atlantic Council’s Cyber Statecraft Initiative is proud to be one of the early supporters of the Call.
Critical infrastructure—from the electric grid to public transportation—is under assault as cyber attackers gain a foothold in the United States.

When the US Department of Homeland Security (DHS) released its cybersecurity strategy in May, it laid out seven goals to help the government better defend the United States and its infrastructure against the constant onslaught of sophisticated cyber threats.
Despite US Congressional efforts to modernize and secure election system infrastructure across the country, beginning in 2002 with the Help America Vote Act (HAVA) and emergence of the Election Assistance Commission (EAC), Russian government hackers have gained access to systems that represent America’s most cherished institution – the democratic vote. Within a campaign of disinformation, fake social media accounts, and state-run media narratives, Russia continues to target the US electoral process, according to US intelligence officials during a press conference at the beginning of August. These stark warnings come just after the Justice Department’s indictment of twelve officers of Russia’s military intelligence apparatus, the Glavnoe Razvedyvatelnoe Upravlenie (GRU), who hacked the Democratic National Committee (DNC), the Democratic Congressional Campaign Committee (DCCC), and election voter registration databases beginning in April of 2016.

How can lawmakers better secure the US election system as the 2018 midterms loom? Though progress has been made in election funding and assistance to states, the keys to election security are mandatory cybersecurity standards for election system vendors and for state and local election sites, in tandem with adequate state funding.

How do you respond to a cyberattack on a European airport, manipulation of UK aviation financial markets, and two emerging botnets? Team CDT had the winning response.

Our approach included confirming attribution for the attacks, collating intelligence research, employing law enforcement in digital control towers, and utilizing an apolitical spokesperson from the National Cyber Security Center (NCSC) to disseminate information about the evolving scenario.
The United States should strengthen cooperation with its allies and partners while recognizing that cybersecurity is inextricably linked to tackling shared threats, according to recommendations made in two recent State Department reports.

The reports, published by the State Department on May 31, come in response to US President Donald J. Trump’s May 2017 Executive Order 13800 on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”
After testifying to lawmakers in the US House of Representatives and the Senate for more than ten hours on April 10 and 11, Facebook Chief Executive Officer Mark Zuckerberg appears to have weathered the worst of storm over news that consulting firm Cambridge Analytica harvested data of 87 million Facebook users.

Here are some issues that came up in Zuckerberg’s testimony—and some that did not.
When asked about her country’s establishment of overseas “data embassies” to back up its data, Estonian President Kersti Kaljulaid replied: “There’s nothing about the technology that’s interesting.” In a country known for making policy leaps and bounds in the digital realm, progress can easily be mistaken for technical know-how. However, important as technological innovation is, it is not the whole story.
In the coming week, Congress will turn its attention to someone who has until now managed to fly under its radar—Mark Zuckerberg, founder and chief executive officer of Facebook. On April 10, Zuckerberg will appear as the sole witness before a joint hearing of two Senate committees—the Judiciary Committee and the Commerce, Science, and Transportation Committee. On April 11, he will then go on to testify (again as sole witness) before the House Energy and Commerce Committee.

Both hearings will focus on transparency, privacy, and Facebook’s use and protection of consumer data. In his statement, Sen. Charles E. Grassley (R-IA), chairman of the Senate Judiciary Committee, underscored that “users deserve to know how their information is shared and secured.” Sen. John Thune (R-SD), chairman of the Senate Commerce Committee, highlighted the existence of “significant concern about Facebook’s role in our democracy, bad actors using the platform, and user privacy.”