A high-profile hack by terrorist group ISIS has reinforced the importance of new high-level cybersecurity initiatives that have won support from retail and banking leaders as US president Obama prepares to deliver his annual State of the Union address next week.
Previews of some of the content of the speech are circulating online, with Obama said to be highlighting a series of events focused on online safety, infrastructure security, and improved broadband access. Related legislative proposals and executive actions will be incorporated into the speech, a regular watershed event that the US president uses to set his legislative agenda for the upcoming year.
Obama's focus could not have been better timed, coinciding with a hack – attributed to supporters of the restive Islamic State militant group – that took over the United States Central Command's Twitter and YouTube accounts and issued a warning that the group is “coming” after American soldiers.
Posted images referenced the 'CyberCaliphate' and included a picture of a soldier with a black-and-white bandana over his head, while others purported to contain the addresses and phone numbers of American soldiers.
Based in Florida, the US Central Command has 113,000 followers on Twitter and has been managing the ongoing airstrikes on ISIS in Iraq and Syria. US Defense Department officials are on record saying that the country's military is looking into the hack.
The hack reinforces the growing importance of cybersecurity initiatives as part of government policy, and in the context of the ISIS hack business leaders will no doubt be even more interested in the details of Obama's January 20 speech.
US peak retail body the Retail Industry Leaders Association (RILA) welcomed Obama's renewed focus on cybersecurity, with president Sandy Kennedy saying in a statement that the organisation “applaud[s] the President's focus on cyber and data security” and that it “encourage[s] all policymakers to recognize the importance of prioritizing the collaboration and flexibility needed to promote retail innovation.”
Retail security remains a significant issue in the US after a year in which retail giants like Target and Home Depot were pummelled by hackers. In response, more than 50 US retailers joined together to address cybersecurity issues with the formation of the Retail Cyber Intelligence Sharing Center (R-CISC) to improve collaboration across the industry.
The industry also held a series of roundtables throughout 2014, with more than 250 senior executives soliciting expert testimony and outlining an 8-step Merchant Financial Cyber Partnership that will guide the industry response to cybersecurity threats.
Banks, however, have responded with less aplomb to the most obvious security change: the introduction of chip-and-PIN cards that became mandatory in Australia last year and are already widely used across Europe and elsewhere.
US credit-card companies will issue chip-based cards but will allow them to be used with signatures as per the existing system – avoiding the use of PINs for fear of confusing consumers.
Despite this issue, the American Bankers Association (ABA) also issued a statement in response to Obama's heightened focus on cybersecurity.
“Our industry shares the president's commitment to protecting the security and privacy of Americans' personal information, and we appreciate the White House's engagement on this critical issue,” the statement says.
“We fully support legislation that will help facilitate increased cyber intelligence information sharing between the private and public sectors in a manner that protects consumer privacy and allows information sharing on serious threats to our critical infrastructures.”
The comments come on the heels of the continuing controversy around the hacking of Sony Pictures, which the FBI has attributed to North Korean hackers retaliating for the impending release of the parody movie The Interview. Yet with ISIS now joining the fray and threatening even more serious reprisals, all eyes will be on Obama's policy announcement – and its potential to guide a unified response to the increasing cyber threat the world will clearly face in 2015.
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Upcoming IT Security Events
Feb 3rd, Feb 4th, Feb 6th 2015
Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective.
March 3rd, March 5th, March 9th 2015
Join CSO for the day@#csoperspectives and hear from @kimzetter @frankheidt
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)