Cyber Week in Review: May 12, 2017

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

1. Ransomware infects UK health system. The United Kingdom’s healthcare sector was hit with a significant ransomware attack, affecting the operations of at least 16 National Health Service organizations. The ransomware, part of the Wanna family, encrypts data rendering it useless until a ransom is paid. It prohibited staff from accessing patient information, caused hospital administrators to divert ambulances and emergency patients, and interrupted some surgical procedures. The incident did not uniquely affect the UK health system; the malware hit telecommunications companies in Spain and Portugal and organizations in Russia, Ukraine, and Taiwan. According to the New York Times, this new version of Wanna exploits a flaw in Windows–since patched by Microsoft–that was released as part of a Shadow Brokers dump earlier this year. The original flaw was discovered by the U.S. National Security Agency, which used it to develop a tool called EternalBlue. The Shadow Brokers, who some theorize to be Russian intelligence, began publicizing NSA exploits in August 2016.

2. Do cyber operations require host-country consent? Attacking the self-declared Islamic State group online isn’t so simple, according to a report in the Washington Post. Last year, the Pentagon announced with great fanfare that it was launching “cyber bombs” against the Islamic State group to disrupt its command and control and propaganda efforts. U.S. government officials soon ran into a jurisdictional hurdle–should countries that unwittingly host Islamic State content on servers within their jurisdiction be given a heads up that U.S. Cyber Command was about to launch an operation? U.S. Cyber Command argued against notification, stating that it wasn’t legally required and could jeopardize covert operations. That drew push back from the State Department, which argued the failure to notify would erode bilateral cooperation on intelligence collection and law enforcement. In the end, fifteen countries were notified of the presence of U.S. Cyber Command operators in systems within their borders. According to officials quoted in the Post, the effect of Cyber Command’s operation was “short-lived at best.”

3. It’s here! It’s finally here! The highly-anticipated executive order on cybersecurity finally obtained the signature of U.S. President Donald Trump. The directive, which was originally slated to be signed in January, is viewed positively and as a continuation of the Obama administration’s efforts to upgrade U.S. government IT infrastructure. The order requires that heads of federal agencies be held accountable for risk management instead of IT staff (a reiteration of existing practice), that agency heads implement the 2014 cybersecurity framework developed by the National Institute of Standards and Technology in cooperation with the private sector, and that the Commerce Department and Department of Homeland Security lead a joint study on the threat of botnets.

4. Cyber threats top the Worldwide Threat Assessment 2017, again. For the fifth year in a row, cyber threats are the most pressing facing the United States, according to the intelligence community’s 2017 Worldwide Threat Assessment. The report warns that U.S. systems “will be at risk for years” due to protracted attacks by terrorists, criminals, and foreign governments, and names Russia as the top threat actor, followed by China, Iran, and North Korea.