Cyber Week in Review: June 16, 2017

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Dancing in the dark. The malware that caused a power outage affecting 230,000 Ukrainians in December 2016 could be used to disrupt U.S. power grids, according to analysis by Dragos, a cybersecurity firm that specializes in the security of industrial control systems, and ESET. In response, the North American Electric Reliability Corporation reported that there has been no reported instances of malware in North America. Dragos attributed the malware, which it is calling CrashOverride, to Electrum—a group with links to the Sandworm hacking incidents in 2014 and 2015. Moreover, in order to get the resources and framework needed to test the malware, Electrum likely needed government support, which Dragos tied back to Russia. The threat of CrashOverride extends beyond power grids. The software is like a Swiss army knife—with a few modifications, it can also target several different industrial control systems such as those that power gas and water delivery systems, marking an “an evolution of tradecraft we haven’t seen before” in the words of Dragos CEO Rob M. Lee.

2. Censor all the things! Over the last three weeks, the Egyptian government has blocked access to more than fifty news websites, including Al Jazeera, and companies that offer virtual private network (VPN) services that would help Egyptian netizens circumvent the block. It's unclear why the blocking began, but according to Al-Masry Al-Youm—an Egyptian newspaper—authorities said the censorship was permitted under the country's anti-terrorism laws. The blocking in Egypt comes at the same time that Afrinic, the body that allocates IP addresses in Africa, shot down a proposal that would have prohibited it from allocating addresses to governments that block internet access. Earlier this year, Cameroon shut off internet access to its Anglophone-speaking regions for 93 days and Egyptian authorities famously cut off internet access in 2011 in an attempt to stem the Arab Spring. The controversial proposal triggered a debate about the wisdom of involving technical organizations that manage the internet's day-to-day operations in political decisions regarding access to the internet.

3. Lazarus rises in North Korea. The United States has publicly attributed the cyber threat actor known as the Lazarus Group to the North Korean government. The attribution, which came in the form of an alert released by the United States Computer Emergency Readiness Team (US-CERT), is not surprising given that many in the cybersecurity community already believed Lazarus to be North Korean. In the alert, US-CERT released a number of indicators of compromise, allowing network defenders to identify North Korean malware in their network and remove it. In additional Hermit Kingdom news, the National Security Agency attributed the WannaCry malware to North Korea with moderate confidence, according to the Washington Post. If the attribution is correct, it is unclear why North Korea resorted to ransomware to raise money. WannaCry is believed to have raised on $140,000, a paltry sum compared to millions pillaged in the recent SWIFT-related bank heists, also believed to be the work of Pyongyang.

4. Bringing NAFTA into the 21st century. The Internet Association (IA), a lobbying group representing tech's biggest names including Amazon, Google, Microsoft, Facebook, and Uber, outlined its policy priorities for the North American Free Trade Agreement (NAFTA) in a white paper released this week. In May, President Trump notified Congress of his intent to renegotiate NAFTA, and Canada and Mexico have expressed interest in modernizing the deal. IA wants a revised NAFTA to “promote free flow of information across borders and prevent forced data localization,” facilitate trade for “small internet-enabled U.S. sellers,” and include fair use copyright provisions. Tech industry groups want to continue the trend, which stated with the Obama administration, of including digital economy provisions in trade deals to protect the free flow of digital goods and services, perceived to be under threat due to the trend of data localization and other cyber sovereignty measures.