ICT Security-Sécurité PC et Internet

Die Europäische Union (EU) hat einen ehrgeizigen Plan: Cybersicherheit soll staatenübergreifend gestärkt werden. 

Learn more / En savoir plus / Mehr erfahren:

https://www.scoop.it/t/securite-pc-et-internet/?&tag=ENISA

ENISA’s Threat Landscape 2016 (ETL 2016) released today is the fifth consecutive yearly report summarizing the top cyber threats encountered in 2016.

On the 7th of November, young European white hat hackers will meet at Düsseldorf to measure their skills in attacking and defending computer systems.

During the 2nd European Cyber Security Challenge, participants will have to discover vulnerabilities in web applications, binaries and document files, solve crypto puzzles and hack hardware systems. However, technical skills are just one part of the whole story. As the time and resources will be limited, teamwork skills are also extremely important. The competition will end with a presentation by each team. The complete skillset which is important for working in an IT security team, is thus tested.

Die europäischen Abgeordneten haben den lange umstrittenen Richtlinienentwurf zur Netz- und Informationssicherheit verabschiedet. Damit kommen auf größere Online-Anbieter und Betreiber kritischer Infrastrukturen Auflagen zu.

In abschließender Lesung hat das EU-Parlament am Mittwoch mit großer Mehrheit für neue Vorschriften für eine bessere Sicherheit von Netzwerk- und Informationssystemen gestimmt. Die Abgeordneten bestätigten damit einen Kompromissvorschlag für eine Richtlinie zur erhöhten Cybersicherheit, auf den sich ihre Verhandlungsführer im Dezember mit Vertretern der Mitgliedsstaaten und der EU-Kommission nach langen Auseinandersetzungen verständigt hatten. Der Entwurf erweitert die Verantwortlichkeit von Betreibern kritischer Infrastrukturen und großer Online-Dienstleister.

Die betroffenen Unternehmen werden unter anderem dazu verpflichtet, den Behörden Sicherheits- und Datenschutzpannen sowie IT-Angriffe auf eigene Systeme zu melden. Sie müssen zudem eingesetzte Hard- und Software auf mögliche Lücken überprüfen und gegebenenfalls härten.

Gilt auch für eBay, Amazon und Google

Background
Hybrid threats refer to mixture of activities often combining conventional and unconventional methods that can be used in a coordinated manner by state and non-state actors while remaining below the threshold of formally declared warfare. The objective is not only to cause direct damage and exploit vulnerabilities, but also to destabilise societies and create ambiguity to hinder decision-making.

BRUSSELS (Reuters) - Some smartwatches for children sold in Europe pose security risks, including potentially allowing hackers to take control of and track a watch, the EU’s main consumer lobby said on Wednesday, following a new report by one of its members.

The affected smartwatches, which use the Global Position System (GPS) to allow parents to track their child’s location and communicate with them through their mobile phones, do not have sufficient protection, or firewalls, to stop computer hackers, the Norwegian Consumer Council said.

The council also accused some manufacturers of violating EU data protection laws by not stating clearly the risks in their terms and conditions.

“These watches should not find their way into our shops,” Monique Goyens, the director general of the European Consumer Organisation BEUC - of which the Norwegian council is a member - said in a statement.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?&tag=wearables

ENISA publishes its study on technical guidelines for the implementation of minimum security measures for Digital Service Providers (DSPs).

Full report available online

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=ENISA

The European Commission is drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.

According to a report at Euractive.com, the Commission is planning the new IoT rules as part of a new plan to overhaul the European Union’s telecommunications laws. “The Commission would encourage companies to come up with a labeling system for internet-connected devices that are approved and secure,” wrote Catherine Stupp. “The EU labelling system that rates appliances based on how much energy they consume could be a template for the cybersecurity ratings.”

In last week’s piece, “Who Makes the IoT Things Under Attack?,” I looked at which companies are responsible for IoT products being sought out by Mirai — malware that scans the Internet for devices running default usernames and passwords and then forces vulnerable devices to participate in extremely powerful attacks designed to knock Web sites offline.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/securite-pc-et-internet/?tag=Smart+Home

https://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=SHODAN+Search+Engine

http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Internet+of+Things

http://www.scoop.it/t/securite-pc-et-internet/?tag=smart-TV

http://www.scoop.it/t/securite-pc-et-internet/?tag=Internet+of+things

http://globaleducationandsocialmedia.wordpress.com/2014/01/21/why-is-it-a-must-to-have-basics-knowledge-of-cyber-security-in-a-connected-technology-world/

http://www.scoop.it/t/securite-pc-et-internet/?tag=Cars

Die EU-Kommission will sich im Kampf gegen Cyberkriminalität besser rüsten und in die Grundlagenforschung investieren. Mehr als hundert Unternehmen wollen sich an dem Programm beteiligen. Es gehe um zivile Anwendungen, heißt es.

On 17 May 2016, the Council formally adopted new rules to step up the security of network and information systems across the EU.

The network and information security (NIS) directive will increase cooperation between member states on the vital issue of cybersecurity. It lays down security obligations for operators of essential services (in critical sectors such as energy, transport, health and finance) and for digital service providers (online marketplaces, search engines and cloud services). Each EU country will also be required to designate one or more national authorities and to establish a strategy for dealing with cyber threats. 

The Netherlands presidency together with the EU Agency for Network and Information Security (ENISA) has already started preparing the implementation of the directive. A first informal meeting of the network of Computer security incident response teams (CSIRT) set up under the directive took place in The Hague on 5 April, followed by a second meeting in Riga on 10 May. 

The Council position at first reading adopted today confirmed the agreement reached with the European Parliament in December 2015. To conclude the procedure, the legal act must still be approved by the European Parliament at second reading. The directive is expected to enter into force in August 2016.