from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: July 17, 2015

Germany Cyber Net Politics Cybersecurity Regulation
Germany Cyber Net Politics Cybersecurity Regulation

July 17, 2015

Germany Cyber Net Politics Cybersecurity Regulation
Germany Cyber Net Politics Cybersecurity Regulation
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

  • The German parliament has approved new legislation this week mandating that over 2,000 critical infrastructure operators implement new cybersecurity initiatives in the next two years. Failure to do so could result in fines of up to €100,000. Under the law, companies will be required to abide by basic cybersecurity standards and report suspect cyber incidents to the Federal Office for Information Security (BSI), the domestic agency responsible for defending German government networks. The law also requires telecommunications firms to notify customers when their connections have been abused or compromised. Germany’s regulatory approach contrasts significantly to that in the United States, where where adoption of the NIST cybersecurity framework is entirely voluntary. The law will also allow Germany to comply with the draft Network and Information Security Directive, an EU-wide attempt to create common cybersecurity standards across EU Member States.
  • The FBI, in coordination with other law enforcement agencies, took down Darkode, a cybercrime forum that was a marketplace for malware, botnets, banking data, and other hacking tools since 2007. Over seventy people were arrested around the world, including in Germany, Denmark, India, Israel, and Sweden. In a statement, U.S. Attorney David Hickton dubbed Darkode “a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.” While the FBI is right to congratulate itself, taking down cybercrime forums is the equivalent of a never-ending game of whack-a-mole. After the FBI famously took down the Silk Road late last year, a replacement was up roughly a month later. As always, the great Brian Krebs provides the ins-and-outs of Darkode.
  • There’s been considerable debate as to whether “right to be forgotten” laws will be abused by celebrities or politicians to wipe their misdeeds off of Google. According to a leak of Google data obtained by the Guardian, it turns out that most people asking to be forgotten are private citizens. The data reveal that only five percent of the right to be forgotten requests were from public figures. Google, however, has not confirmed the numbers nor has it provided details on the requests it has received.
  • The Hacking Team leak just keeps on giving. Thanks to the trove of new data, security researchers discovered that the Italian surveillance company was sitting on three Flash zero-day vulnerabilities. As a result, many computer security experts renewed their calls for the “death” of Flash. Alex Stamos, Facebook’s Chief Information Security Officer, called on Adobe to “announce the end-of-life date for Flash." Others piled on, urging users to remove Adobe’s Flash Player plugin. Although Adobe has been working arduously to patch up holes, John Biggs at TechCrunch encapsulated a commonly-shared sentiment by remarking, “Seriously: just disable Flash. It’s not worth the risk.”