96th Edition - December 2012

Stay connected in 2013

 .

In This Issue 

UK Foreign and Commonwealth Office (FCO) Endorses ASIS Standard for Regulation of Private Military CompaniesRegulation of Private Security Companies

  

ASIS International Delivers ASIS Asia-Pacific 2012

 

Saudi Aramco Lead Sponsor of ASIS Middle East 2013

 

ASIS Middle-East 2013 - CPP and PSP Review Courses

 

Register Now for ASIS Europe 2013!

 

ASIS 2013 - Call for Presentations

 

Chapter News: ASIS Austria Chapter

 

EU Data Protection Rules 'on Schedule' Despite Delay

 

ASIS Middle-East 2013 - Post-Conference Workshops (Organised by Euromatech)

 

European Renewable Power Grid Rocked by Cyber-Attack

  

No Sensitive Europol Information Compromised in Data Breach by External Contractor

  

Be a Sponsor or Exhibitor at ASIS Middle East 2013, ASIS Europe 2013 and ASIS Asia-Pacific 2013!

 

European Commission Supports Research on Cyber Security

 

Parliament Gives Final Nod to EU Patent

 

Supply Chain Integrity - An Overview of the ICT Supply Chain Risks and Challenges, and Vision for the Way Forward 

 

Stopping Chemicals for Home-Made Bombs

 

Investing in Security for ROI?

 

New ENISA Report With US Homeland Security - Cyber Security Awareness Raising

 

European Parliament's Security Services Condemned Over Demo

 

Proactive Detection of Security Incidents - Honeypots 

 

New Report on How to Reinforce Cooperation Between EU Computer Emergency Response Teams (CERTs) and Law Enforcement Authorities

 

Websites Selling Counterfeit Merchandise Taken Down by Authorities in Europe and the USA

 

Assessment of Law Enforcement Tools: No New Databases Needed at EU level

 

Get Engaged in ASIS Women in Security and Young Professionals Groups

  

Global Agenda

 

Professional Development

Chapter and Certification Events

Join Us on Facebook

ASIS 12th European Security Conference & Exhibition - Gothenburg, Sweden - 14-16 April 2013

Like us on Facebook


ASIS 7th Asia-Pacific Security Forum & Exhibition - Macau, China - 3-5 December 2013

Like us on Facebook


ASIS 4th Middle East Security Conference & Exhibition - Dubai, UAE - 17-19 February 2013

Like us on Facebook

Join Us on LinkedIn

Join the ASIS International Group

View our profile on LinkedIn 

 

Join the ASIS Europe Network

View our profile on LinkedIn 


Join the ASIS Asia-Pacific Network

View our profile on LinkedIn 

 

Join the ASIS Middle East Network

View our profile on LinkedIn 

Quick Links

ASIS President Eduard Emde, CPP, shares his insights on a range of membership and industry issues in his President's Perspective column. Read the latest column.

Did you like this issue?

The European Bureau of ASIS is continuously trying to propose the best content to its members.
Consequently, we invite you to contact the
editor if you want to provide some feedback/comments on the newsletter or if you want to publish an article.

Updated links and resources page on www.asisonline.eu

Take a look at our updated Links and Resources page. Feel free to contact the EMEA Bureau if you have additional items to add.

ASIS International EMEA Bureau

For any queries on ASIS European events, membership, benefits, resources, collateral or certification, do not hesitate to contact the EMEA Bureau.


287 Avenue Louise, 4th Floor, 1050 Brussels, Belgium


Tel: +32 2 645 26 74

Fax:+32 2 645 26 71 

contact@asisonline.eu 

www.asisonline.eu
www.asisonline.org 

European Links

Not yet a member?

Join ASIS2 
Ten reasons you benefit from becoming an ASIS International member:

- Unrivalled networking opportunities with more than 38,000 of your industry peers.

- Up-to-date information, including industry best practices, new technologies, and emerging trends. 

- Complimentary subscription to Security Management magazine, the leading security industry publication. 

- Opportunities to build a professional reputation and credentials.

- Tailored professional development programs to fit your specific career goals. 
- Advocacy of the security industry to the government and business communities.
- Board-certified, professional designations. 

- Members-only access to new career opportunities in security management. 

- Access to more than 300 peer-reviewed, security-related publications. 

- Discounts on program and Seminar registration, merchandise, and certification programs. 


 More Information...

New Chapters: Call for Volunteers

ASIS International is looking for volunteers to help form new chapters in Iceland, the Baltic States, Western Balkans and other European countries where no chapter presently exists.

 

For more information, please contact the

EMEA Bureau or click here to download the procedures on forming a new chapter.

Select ASIS published titles now available for purchase for

Amazon Kindle

Protection of Assets Gets a Makeover

Protection of Assets (POA), in existence since 1974, has recently undergone an extensive revision, culminating in a new eight-volume hard-bound set. POA is available as an online subscription, an eight-volume print set, as individual books, and on Kindle.

Schedule Your Professional Development Now

A comprehensive calendar is available 24/7. Register early and save! by taking advantage of early bird rates. Realise additional savings by booking your hotel room before the deadline. Plan ahead to get ahead. 

Welcome to the 96th edition of EuroDynamics! The ASIS International EMEA Bureau would like to encourage members to submit updates or articles you wish to share with the ASIS International members in Europe!

Copy deadlines have been fixed at the first Monday of every month. The deadline for the next issue is 7 January.


Please add eurodynamics@asisonline.org to your personal address book and/or safe sender list to ensure correct delivery of your monthly newsletter. 

a1UK Foreign and Commonwealth Office (FCO) Endorses ASIS Standard for Regulation of Private Military Companies

On 18 December 2012, the UK Foreign and Commonwealth Office (FCO) has issued a ministerial statement that the British Government intends to adopt the ASIS PSC1-2012 as the standard for private security companies working on land in complex and high risk environments overseas.


In a written statement on December 17, junior Foreign Office Minister Mark Simmonds said: "The Government aims to raise the global standards of private security companies (PSCs) working in complex and high risk environments overseas.  
 

To this end, we have been working closely with interested partners, including industry and civil society, to establish a voluntary, independently audited and internationally recognised regulatory system that is practicable, effective and affordable. Certification to professional standards is the next step towards effective voluntary regulation." 

 

"PSCs need to conduct their business and provide services in a manner that respects human rights and laws," says Dr. Marc Siegel, commissioner, ASIS International Global Standards Initiative and chairman of the Technical Committee. "This standard serves as a differentiator for PSCs to assure quality of services while maintaining the safety and security of their operations with respect for human rights and fundamental freedoms.  The standard, developed by over 200 Technical Committee members from 24 countries, will help PSCs provide better services while abiding by applicable laws and respecting human rights of all parties while working in complex and high risk environments overseas. It behooves any client from either the public or private sectors to follow the lead of the US and UK governments and use the PSC.1 standard in their contracting process for their use of PSCs operating on land in complex environments overseas."

 

Mike Hurst, Vice Chairman - Strategy of the ASIS UK Chapter (which will celebrate its 20th anniversary in 2013) is delighted that the HMG will be adopting the ASIS PSC 1-2012 standard for the regulation of private security companies operating overseas. "It is a credit to the hard work ASIS members, internationally and in the UK, has put into this piece of work and will help to regulate security activities in some very difficult environments."

 

PSC1 was recently submitted to the International Standards Organisation (ISO) to be considered for adoption as an international standard for private security companies working in complex environments.

 

ASIS members can download a free copy of the standard here.

 

Sources: Security News Desk, Info4Security, Infologue, Professional Security Magazine Online.

a2ASIS International Delivers ASIS Asia-Pacific 2012

ASIS International has held its 6th Asia-Pacific Security Forum & Exhibition on 3-5 December 2012 at the Grand Hyatt in Hong Kong.

 

The event gathered 243 senior security professionals from 28 countries.


The event was officially opened by Eduard Emde, CPP, President of ASIS International.

 
Eduard Emde, CPP, President of ASIS said: "I was pleased and proud to feel the professional atmosphere and see so many contacts being made and educational sessions being absorbed. With my personal drive to turn up the volume for ASIS, the whole event was truly a celebration of our activities in the Asia-Pacific region."
 

 

The conference kicked off with Dr. Richard Weixing Hu, Associate Professor at the University of Hong Kong who spoke about China and the Changing Security Environment in the Asia-Pacific.

 

 
 
Chris Smith, Head of Security & Fraud Risk, HSBC (Asia-Pacific), Hong Kong

 

On the second day, Chris Smith, Head of Security & Fraud Risk of HSBC (Asia Pacific) presented information security threats to banking.

 

 
 
Max Boon, Associate Fellow, International Centre for Counter Terrorism, Indonesia

 
The conference was closed by Max Boon, a victim of the 2009 Marriott Jakarta terrorist bomb attack and an Associate Fellow of the International Centre for Counter-Terrorism (ICCT). Mr. Boon presented the ICCT's Victims' Voices Project and explained how victims of terrorism could play a role in preventing and countering violent extremism.

 

The conference featured 22 high-level educational sessions provided by speakers that included Michael Foynes, Senior Director Global Operations of Microsoft (Singapore) on What's Next in the Cloud?; John Philippi, CPP, PSP, Global Head of Physical Security Risk of HSBC (India) on Trends in Electronic Security Systems - Moving to IP; as well as Torsten Wolf, Group Head of Crime and Fraud Prevention of Zurich Financial Services (Switzerland) - Managing the Risk of Economic Crime.

 

In addition, sessions designed especially for Chief Security Officers (CSOs) were organised by the CSO Roundtable, the ASIS forum for the most senior security professionals from the largest and most influential organizations in the world.

 

The event also featured an exhibition where sponsors, exhibitors, media and supporting organisations presented their products and services to security professionals.

 

On the occasion of the event Mario V. Manipol Jr, CPP, Secretary of the ASIS Philippines Chapter was awarded the Dan Grove Asia Pacific Regional Scholarship.

 From lef to right: Eduard Emde, CPP, President of ASIS and Mario V. Manipol Jr, CPP, Secretary of the ASIS Philippines Chapter. 

a3Saudi Aramco Lead Sponsor of ASIS Middle East 2013

Saudi Aramco, the state-owned oil company of the Kingdom of Saudi Arabia, will be the Diamond sponsor of the ASIS 4th Middle East Security Conference & Exhibition that will be held in Dubai, UAE on 17-19 February 2013.

 

This marks the fourth consecutive year of sponsorship for the company.

 

The support from Saudi Aramco for knowledge transfers, networking and brainstorming sessions is strengthened by the participation of Mr. Amin H. Nasser, Senior Vice President, Upstream, as the opening keynote speaker.

The ASIS 4th Middle East Security Conference & Exhibitionwill cover a wide range of security issues in 33 high-level educational sessions divided over 3 parallel tracks. 
 

The event will take place under the patronage of H.H. Sheikh Maktoum bin Mohammed bin Rashid Al Maktoum, Deputy Ruler of Dubai.

 

 Speakers will include:

  • Keynote speaker - Amin H. Nasser, Senior Vice President, Upstream, Saudi Aramco (Saudi Arabia)
  • Keynote Speaker - Dr. Leonard Yong, Adjunct Professor, University Tunku Abdul Rahman (Malaysia)
  • Keynote speaker - Narayanan Srinivasan, Professor of Security and Risk, Edith Cowan University (Australia) and Director Emirates-ECU Centre (UAE)

6 Reasons why you should be at ASIS Middle East:

  1. Industry leaders from important companies and organisations such as Saudi Aramco, Zurich Insurance Group, McAfee, Johnson & Johnson, TDIC, and TNO will speak about the latest developments, trends and innovations in security.
  2. Apply lessons learnt from other industries to your own sector. Original content will be shared on stage, including discussion on oil and gas security, maritime security, soft targets security, and security engineering and management.
  3. Connect with high-level security professionals from all over the Middle East and beyond.
  4. Get motivated by new ideas and information.
  5. Form new partnerships and reconnect with familiar faces in the industry.
  6. Get social and join discussions on the event on Facebook, LinkedIn and Twitter

In addition to the educational sessions delegates will get access to networking events and to the exhibition. Early bird discounts end on 14 January 2013!

  
Click here to see the Conference Programme.  

 

Fees:

 

Early Rate
 on/until
 14 Jan. 2013

Late Rate
 after
 14 Jan. 2013

Onsite Rate

ASIS Member

1,180 USD

1,295 USD

1,395 USD

Non Member

1,450 USD

1,550 USD

1,650 USD

Registration Govt Official

975 USD

1,050 USD

1,150 USD

Partner Organisations

1,225 USD

1,325 USD

1,425 USD

Single Day Member

675 USD

675 USD

800 USD

Single Day Non Member

775 USD

775 USD

900 USD

President's Reception Only

(included in full delegate rate)

115 USD

115 USD

115 USD

Exhibition Only (one day)

30 USD

30 USD

30 USD

 

Please click here to register. 

 

Like us on Facebook  View our profile on LinkedIn

a4ASIS Middle-East 2013 - CPP and PSP Review Courses

Professional certification is increasingly required in today's security industry. Employers are seeking experienced practitioners who can provide confirmation that they have mastered an essential body of knowledge.

 

Dates: 20 & 21 February 2013
Location: InterContinental Dubai Festival City
Rates: 800 USD for members / 1,000 USD for non-members

 

Both courses will be provided by certified security professionals and will offer the most insight into preparing for and successfully passing the comprehensive CPP and PSP Exams.

 

Please click here for more information on the courses and on the instructors.

To register for the CPP or PSP review course, please send an email to middleeast@asisonline.org.

 

a5Register Now for ASIS Europe 2013!

The ASIS 12th European Security Conference & Exhibition will take place on 14-16 April 2013 in Gothenburg, Sweden.

 

Register now and get access to 33 high-level educational sessions provided by industry leaders.

 

6 Reasons why you should be at ASIS Europe:

  1. Industry leaders from important companies and organisations will speak about the latest developments, trends and innovations in security.
  2. Apply lessons learnt from other industries to your own sector.
  3. Connect with high-level security professionals from all over Europe and beyond.
  4. Get motivated by new ideas and information.
  5. Form new partnerships and reconnect with familiar faces in the industry.
  6. Get social and join discussions on the event on Facebook, LinkedIn and Twitter

In addition to the educational sessions delegates will get access to networking events and to the exhibition. Early bird discounts end on 14 January 2013!

  

Click here to see the Conference Programme.  

 

Fees*: 

 

Early Rate
on/until
7 Mar. 2013

Regular Rate after 7 Mar. 2013

ASIS Member

€ 850

€ 970

Non Member

€ 1,050

€ 1,170

Single Day

515

630

Partner Organisations

895

995

Group Rate

800

900

President's Reception

(included in full delegate rate)

130

130

Exhibition Only (one day)

30

30

 

*Rates do not include Swedish VAT.

 

 Like us on Facebook  View our profile on LinkedIn 

a40ASIS 2013 - Call for Presentations

Today's smart, strategic solutions mesh together all aspects of physical and logical security. The ASIS International 59th Annual Seminar and Exhibits, 24-27 September 2013 will bring together 20,000+ professionals looking for the timely security solutions and up-to-date intelligence needed to face tough challenges, mitigate risk, and stay at the top of their game.

 

If you are a subject matter expert on a current or emerging issue of importance to the security profession, ASIS invites you to submit a proposal for a presentation.

 

Share your expertise. Build your reputation. Gain valuable recognition.Help shape the high-quality education program at ASIS 2013-submit your proposal today! Deadline: 11 February 2013

a6Chapter News: ASIS Austria Chapter

 

From left to right: Chapter Chairman Werner Preining, former Chapter Chairman Paul Reither and Hans-Roland Ludwig

 

The meeting took place at the "Theater Salon Hollmann" in Vienna. It was hosted and sponsored by OMV and attendeed by 16 delegates.

 

Attendees were welcomed by Werner Preining, ASIS Austria Chapter Chairman. It was followed by an address from Vice-Chairman Paul Reither and from Hans-Roland Ludwig, ASIS RVP, Region 28. Mr. Ludwig brought greetings from both the ASIS President Eduard Emde as well as from the SRVP Godfried Hendriks. Both regretted for not being able to come due to several other commitments.

 

Finally, Mr. Ludwig presented its congratulations to the Chapter on the occasion of its 35th Anniversary. A plaque was handed over to the Chapter Chairman which in turn forwarded it to the former Chapter Chairman Paul Reither.

 

The meeting continued with several administrative issues such as the ASIS Asia-Pacific Security Forum & Exhibition inHong Kong and theASISMiddleEast Security Conference & Exhibition inDubai.

 

Suggested and approved meetings for 2013

* 13 February 2013 (shortlybeforeDubai)

* 15 April 2013

* 20 June 2013

* 12 September 2013 (before ASIS 2013 in Chicago)

* 21 November 2013 (one-day meeting)

 

All meetings will be conducted in Vienna or the near surroundings. 

 
After these administrative issues, the event continued with a presentation from the ASIS Austria Chapter Secretary Stefan Berlin.

 

The presentation shown several highlights of ASIS 2012 in Philadelphia and gave a review of the rich historical background of the city of Philadelphia.

 

Christoph Riesenfelder gave a presentation entitled "Bring your own device (BYOD)" that has addressed security related as well as legal issues.

 

Then the presentation of our long-time member Bruno Hersche about his recent visit to the fire-fighters and EMS services of New York showed unknown facts and procedures. One of the conclusions was that the Austrian fire-fighting standards and procedures can not only stand a comparisation with the NYFD but are in several aspects more modern than its American counter-part.

 

Bernhard Maier explained how to set up pre-texted interviews and how certain information can be obtained from targets. He presented the 3 key elements of the pretext interviews: "motive", "credibility" and "sympathy". This led to a discussion on ethical issues. In most of the cases both the client as well as the investigator will rule out any deception, as using such a tool will bring the public opinion against the investigator and create sympathy for the wrong-doer.

Patrick Black talked about the historical back-ground in Yemen. It is considered as the most dangerous area OMV is working within since 2003. He gave a broad over-view of the many elements that need to be considered when working within a hostile environment that has a different culture. For the protection of all expatriates as well as the assets, a well designed and continuously monitored plan is used. OMV has established a successful local partnership with the tribes in the vicinity. Such a move requires a well balanced plan, patience and stamina. Once local leaders are convinced about the seriousness and honesty of their partners, it is essential that promises are fulfilled.

 

Bernhard Gupper came up with an excellent presentation about the Nabucco Project that involves 13 countries. The task is to import gas from the Caspian Sea to Europe. As the proposed pipe-line will cross several countries with different laws and regulations, it is a tremendous challenge to get this project from the planning to the operating phase. The main problems that will be faced during both the construction and the operation phases will be: terrorism, illegal tapping, cyber attacks and vandalism. Once the pipe-line goes into operation, it will be considered as a European Critical Infrastructure.

 

Finally, Ivo Lagler explained how a big disaster will be handled within the limits of Vienna as well as the surrounding communities. He brought examples on how a special trained municipality department will take over the incident management and manage transportation, hospital space and first aid to all affected persons. He showed the currently used documentation used during the field-triage and talked about a simplified and therefore less stressing new model which will go into trial in one of the Austrian provinces.

 

By Werner Preining, CPP

ASIS Austria Chapter Chairman

a7EU Data Protection Rules 'on Schedule' Despite Delay

Despite not having begun formal deliberations in committee, the European Parliament is on course to define its position on the EU's new data protection regime by mid-2013, according to data privacy expert Sophie In't Veld. Speaking with EU Observer, the Dutch Liberal MEP, who chairs the European Parliament Privacy Platform and is among the assembly's leading authorities on data privacy, confirmed that MEPs were "on schedule".

 

German Green MEP Jan Philip Albrecht has the difficult task of piloting the regulation - described by In't Veld as "one of the most complex pieces of legislation in my career" - through Parliament.

 

Albrecht is expected to table his draft report to the assembly's Civil Liberties Committee in January 2013, with some concern that any further delays could prevent the bills being completed by the European elections in 2014.

 

Under the Parliament's rulebook, legislation which is not approved before the end of the legislative term automatically fall. But In't Veld said Albrecht was "doing a good job" in keeping the timetable on schedule. The political groups have a "united position on most of the main issues" in the package, she added.

 

Justice Commissioner Viviane Reding tabled the proposals in January 2012. Alongside measures to increase individual control over personal data, are sanctions, including fines, for non-compliance. The Parliament has to yet to give its opinion.

 

Source: EU Observer

 

Please click here for more.

 

For more information you can also read:

a8ASIS Middle-East 2013 - Post-Conference Workshops (Organised by Euromatech)

Immediately following ASIS 2013, delegates will have the opportunity to follow in-depth post-conference workshops organised by training provider Euromatech. All courses will be taught by renowned experts in their field over the course of two full days on 20 and 21 February.

  • Emotional Intelligence 
     Tutor: Prof. Dr. Leonard Yong
  • International Ship and Port Security (ISPC) Within Oil and Gas
     Tutor: Mr. Chris Maylor
  • Crisis Management and Technological Security for Oil and Gas
     Tutor: Mr. Edward Clark
  • Security Investigation Techniques
     Tutor: Mr. Ken Corett

Price per workshop: 2,000 USD

 

Full course descriptions can be found here.

 

To register for the workshops, please send an email to middleeast@asisonline.org.

 

a9European Renewable Power Grid Rocked by Cyber-Attack

A German power utility specialising in renewable energy was hit by a serious cyber-attack that lasted five days, knocking its internet communications systems offline, in the first confirmed digital assault against a European grid operator.

 

"It was a DOS ('Denial Of Service') attack with a botnet behind it," Boris Schucht, the CEO of 50Hertz told EurActiv on the fringes of a Brussels renewables conference. "It blocked our internet domains so that in the first hours, all email and connectivity via the internet was blocked."

 

DOS attacks involve thousands of requests being sent to a server each second to clog up a system's functioning.

 

Electricity supplies were not affected in the onslaught, which was "serious but not dangerous," Schucht said. Email services were quickly repaired, although a fix to the problem was only discovered five days later.

 

Source: Euractiv

 

Please click here for more.

 

a11No Sensitive Europol Information Compromised in Data Breach by External Contractor

Further to reports in the Dutch media, it is correct that there was a minor leakage of purely mainly historical outdated technical data, due to the negligence of an external contractor. No criminal intelligence or other law enforcement information was exposed or compromised.  Moreover, contrary to those reports, sensitive data such as login information, passwords, or technical documentation from our highly secure internal network, were never compromised.

 

The contractor has extensively investigated the content of the information in question and there is no increased risk of the Europol network being hacked as a result of the security breach.

 

The exposed files include technical information of a network infrastructure used by Europol as a carrier medium only. The security of Europol information transmitted over this network relies on security measures under the exclusive control of Europol, which by no means were exposed in these files. Furthermore, the carrier network about which technical information was leaked, is not accessible from the Internet.

 

Source: EUROPOL

 

Please click here for more.

a12Be a Sponsor or Exhibitor at ASIS Middle East 2013, ASIS Europe 2013, ASIS 2013 and ASIS Asia-Pacific 2013!

 

  

 

 

 

Does your organisation's strategic plan call for growth in theMiddle East, Europe, the USA and Asia-Pacific? If so, sponsorship of the ASIS Middle East Security Forum & Exhibition, of the ASIS European Security Conference & Exhibition of the ASIS Annual Seminar & Exhibits and of the ASIS Asia-Pacific Security Forum & Exhibition offers you a great opportunity to gain exposure and to raise the visibility of your brand, products, and services among key decision makers in these regions. 


Review and select from an extensive list of sponsorship and exhibit opportunities:

Identify the one that is most in line with your marketing strategy and budget, or contact us to shape a tailored package that best suits your company's needs.

For further information on the Middle East Security Conference & Exhibition and on the European Security Conference & Exhibition, please contact: ASIS International EMEA Bureau - Tel: +32 2 645 26 74 - Fax: +32 2 645 26 71 -
europe@asisonline.org  

 

For further information on the Annual Seminar & Exhibits, please click here to contact ASIS International Headquarters.
 

For further information on the Asia-Pacific Conference & Exhibition, please contact: ASIS International Asia-Pacific Bureau - Tel: +32 2 645 26 74 - Fax: +32 2 645 26 71 -asiapacific@asisonline.org

a13European Commission Supports Research on Cyber Security

Cybercrime is a growing global problem that no company or country can tackle alone. At any given time, an estimated 150 000 viruses and other types of malicious code are circulating across the internet, infecting more than a million people every day. Anti-virus software developer McAfee counts 75 million unique pieces of malicious malware code on its databases, with botnets spewing out spam that account for a third of all the emails sent every day. Bots are one of the most sophisticated and popular types of cybercrime today. They allow hackers to take control of many computers at a time, and turn them into "zombie" computers, which operate as part of a powerful "botnet" to spread viruses, generate spam, and commit other types of online crime and fraud. The worldwide cost of cybercrime is estimated at over €750 billion annually in wasted time, lost business opportunities and the expense of fixing problems.

 

In addition to developing wider cybersecurity strategies for Europe, the European Commission takes concrete actions to tackle cyber security risks, and pools resources with national governments, industry, universities and NGOs, to develop innovative technologies to improve cybersecurity.

 

For the period 2007-2013, the European Commission has spent about €350 million in cyber security research; from 2013 to 2020, €400 million is earmarked to support key enabling & industrial technologies such as cyber security, privacy and trust technologies, and an additional €450 million is earmarked for 'Secure Societies' research which includes aspects of cybersecurity.

 

Source: European Commission - DG Connect

 

Please click here for more.

a14Parliament Gives Final Nod to EU Patent

The European Union took a step closer to an EU-wide patent on 11 December with lawmakers voting to cut the cost of protecting inventions and a top advisor to Europe's highest court rejecting a challenge to the new scheme.

 

Twenty-five of the EU's 27 Industry Ministers agreed to allow inventors to register their idea with one EU agency, signing off on a project first put forward in 1973 but which was delayed by a series of disputes, including over where to site the new patent office.

 

The European Parliament voted in favour of the plan which will see a common patent in place on 1 January 2014, if the judges in the highest EU court dismiss objections by Spain and Italy when they make a definitive ruling next year.

 

At a time when competition in new inventions is increasing, not only from Silicon Valley but also from Asia, a single patent is seen as encouraging innovation.

 

"A common European patent is key to strengthening Europe's competitiveness in a globalised world," said Swedish liberal MEP Cecilia Wikström. "We must be able to compete with the US, Japan and other developed countries when it comes to commercialising innovations," she said.

 

The current system makes the process 18 times more expensive than in the United States and 60 times more than in China, because patents have to be registered separately in individual EU countries - up to 27 times to cover the whole European Union.

 

Source: Euractiv

 

Please click here for more.

a15Supply Chain Integrity - An Overview of the ICT Supply Chain Risks and Challenges, and Vision for the Way Forward

Supply chain integrity (SCI) in the ICT industry is a topic that is receiving attention from both the public and private sectors (i.e. vendors, infrastructure owners, operators, etc.) as part of a wider review of supply chain control. Understanding supply chains is a critical factor in business success and thus to the economy of nation states, and integrity is the element of managing the supply chain that this report focuses on with a view to providing guidance to EU Member States.

 

One of the many aims of the report is to identify what SCI means in the ICT context and to propose means of giving assurance of SCI. The ICT sector is all encompassing and it would be difficult in a single report to cover all parts of it, thus the main body of the document primarily considers the telecommunications sub-sector as a model for ICT in general. The present report identifies the nature of threats related to ICT supply chain and examines the strategies that may be used to counter them. It recommends that participants in the supply chain follow a core set of good practices that can provide a common basis to assess and manage ICT supply chain risk - and to recognise that Governments must work in collaboration with private industry to build international assessment frameworks.


Source: ENISA

 

Please click here for more.

a16Stopping Chemicals for Home-Made Bombs

The European Parliament has voted on a new Regulation to restrict access to chemicals that can be used to make bombs. With 595 for, 12 against and 14 abstentions, the Parliament supported the proposal of the European Commission to ensure the same level of control over certain chemicals all over the EU.

 

Commenting on the parliamentary vote, EU Home Affairs Commissioner Cecilia Malmström said: "Today, it is simply too easy to become a bomb maker in Europe. We know that home-made explosives are frequently used by terrorists and organised crime, since dangerous chemicals are freely available for purchase. We must do more to detect lone-wolves who mastermind terror from their homes, using these common agricultural and household substances."

 

The new legislation restricts access to high concentrations of certain chemicals, both for over-the-counter purchases and via online stores. The legislation will require buyers to get a license in order to buy large quantities, and that such purchases must be reported to the authorities. Some substances, such as hydrogen peroxide, nitric acid and nitromethane - commonly used as fertilisers or swimming pool cleaners - will be banned for the general public above a certain concentration level. The concentration of others will have to be reduced.

 

"Legislation is not a silver bullet against these crimes, but common rules for dangerous chemicals is an important step in the fight against home-grown terrorism and home-made bombs", Cecilia Malmström said.

 

The vote in the European Parliament paves the way for a formal adoption by the ministerial Council so that piece of legislation can become law.

 

Source: European Commission - DG for Home Affairs

 

Please click here for more.

a17Investing in Security for ROI?

As for any organisation, Computer Emergency Response Teams (CERTs) need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organisations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention. So what is the right amount an organisation should invest in protecting information?

 

The aim of this document is to initiate a discussion among CERTs to create basic tools and best practices to calculate their Return on Security Investment (ROSI). This key notion is essential when justifying costs engagement and budgets for those entities that deal with security on a regular basis (security departments, CERTs, etc.).

 

Although the methods outlined here are straightforward, their application to the real world should take into account a general tendency to misevaluate the actual cost of an incident, a central notion of the ROSI calculation. While being controversial, the Gordon & Loeb Model is an attempt to ease the finding of the optimal level of investment to protect a given asset.

 

Due to the diversity of their nature, funding models and capabilities, calculating the return on investment of CERTs has to go beyond a single ROSI calculation. In fact, assessing the cost-effectiveness of CERTs should take into account the beneficial actions that CERTs achieve by contributing to detect, handle, recover from and deter incidents early and efficiently. And, the earlier an incident is handled, the less expensive is its mitigation. The profitability of a CERT is therefore assessed by determining the difference of incident handing costs with the help of CERT versus not having a CERT.  

Source: ENISA  

Please click here for more.
a18New ENISA Report With US Homeland Security - Cyber Security Awareness Raising

ENISA and the European Commission have worked with the US Department of Homeland Security to produce a report on "Involving Intermediaries in Cyber Security Awareness Raising''. In focus were mechanisms for cross-border cooperation, as well as for public-private collaboration and information exchange.

 

The report was one of the results of an EU-US workshop held earlier this year. The event brought together public bodies with experience in raising Network and Information Security (NIS) awareness, and private sector organisations working on Public Private Partnerships (PPPs) and other initiatives. The event's emphasis was on mechanisms for cross-border cooperation, as well as for public-private cooperation and information exchange.   

 

Key recommendations include awareness raising actions for PPPs. These are:

  • Make companies aware that awareness raising will help to create business opportunities and make money, through building a favourable, security-conscious brand image
  • Work on cyber security as a matter of cultural challenge and behavioural change.
  • Have in mind the importance of not scaring the users - encourage them to get online but get safe at the same time. Do not start technical. This is about communication. Therefore, messages have to echo with the target audiences.
  • Educate young users as good promoters of the security message - through them you can often reach their parents too.
  • Start education early - the sooner this starts, the better the Internet behaviour.
  • Consider media as a main channel, including social media networks, to get key messages out.
  • Improve measurement of the impact and success of the awareness raising (use key performance indicators, KPIs). The challenge is to go from measuring activities to measuring outcomes.
Source: ENISA  

Please click here for more.
a20European Parliament's Security Services Condemned Over Demo

Parliament's security services have been condemned for allegedly overreacting during demonstrations by farmers outside the Assembly building.


It comes after angry farmers, protesting at falling dairy prices in the EU, sprayed fresh milk at Parliament and riot police on 26 November.

Thousands of dairy farmers, accompanied by hundreds of tractors, descended on the Belgian capital for two days of demonstrations.

Disruption continued for several hours with EU officials hindered from reaching their offices by tractors blocking roads.

On 28 November, a high-ranking Parliament source told, "The police seemed to do a pretty good job at restraining themselves and keeping the farmers back. However, as ever, communication from the security services about what was happening was pretty poor."

When the protest was happening the security services tried to close off the passerelle between parliament's WIB building and the JAN building.

The reason given was the risk of a fire or missiles being thrown, but it is believed that when the UK ALDE MEP Bill Newton Dunn tried to get pass the security officials the guards had to call in a reinforcement to stop him.

Another Parliament source, who did not wish to be named, said, "The reaction of the security services was way over the top. They were stopping people who were merely trying to get to their offices."

 

Source: theparliament.com

 

Please click here for more.

a21Proactive Detection of Security Incidents - Honeypots 

An increasing number of complex attacks demand improved early warning detection capabilities for Computer Emergency Response Teams (CERTs). By having threat intelligence collected without any impact on production infrastructure, CERTs can better defend their constituencies assets. Honeypots are powerful tools that can be used to achieve this goal.

 

The document is the final report of the 'Proactive Detection of Security Incidents: Honeypots' study. The study was initiated to investigate more in-depth honeypot technologies that can be used by CERTs in general and national/governmental (n/g) CERTs in particular to proactively detect and capture network attacks directed at their constituencies. The study is a follow-up to a previous more generic study on 'Proactive Detection of Network Security Incidents', also conducted by ENISA.

 

Among the findings of that study was the fact that while honeypots are recognised by CERTs as useful tools that can be utilised to detect and study attacks, their usage in the CERT community was not as wide as could be expected, which implies that barriers exist to their deployment.

Source: ENISA

 

Please click here for more.

a22New Report on How to Reinforce Cooperation Between EU Computer Emergency Response Teams (CERTs) and Law Enforcement Authorities

 The EU Agency ENISA has launched a new Good Practice Guide on co-operation and coordination between Computer Emergency Response Teams (CERTs) and Law Enforcement Authorities (LEAs).

 

The report establishes that such cooperation is essential in the fight against cybercrime. The study focuses on identifying the current gaps and possible synergies, and provides five recommendations on how to improve cooperation.

 

Europe's society and digital economy are increasingly dependent upon cyber-space. Simultaneously, cyber-attacks on Critical Infrastructure such as energy, water and transportation systems, cyber-incidents, and cybercrime, such as botnet attacks and hacking, put the information society at risk. Moreover, most citizens - 59% - do not feel informed about cyber-crime risks.

 

 ENISA's new study finds that collaboration between CERTs and LEAs is hindered by their inherent cultural differences. CERTs are typically technical, informal and focused on addressing information system issues. LEAs, by comparison, act when they suspect that a crime has been committed. The report also identifies a number of legal and regulatory barriers. Specifically, it identified a discrepancy between a bigger awareness of national laws, compared to a smaller awareness of international legal frameworks (EU directives or the Council of Europe Cybercrime Convention). A number of operational factors were also identified as playing a role in hindering information exchange and collaboration. Experts who participated in the study recognised that information on roles and parameters for cooperation were the most important issues. These were followed by concerns over bureaucracy, different or unknown policies and procedures, lack of common standards, lack of clarity on what the other party will do with information and insufficient or inappropriate detail.


The report makes five key recommendations to overcome these barriers:

  • training,
  • improving structures to support information sharing,
  • facilitation of collaboration,
  • good practice development and
  • harmonisation and clarification of legal and regulatory aspects.

Source: ENISA

 

Please click here for more.

a23Websites Selling Counterfeit Merchandise Taken Down by Authorities in Europe and the USA

U.S. Immigration and Customs Enforcement's (ICE) Homeland Security Investigations (HSI) and the European Police Office (Europol) seized 133 domain names that were illegally selling counterfeit merchandise online to unsuspecting consumers. For the US 1 person was arrested and $175.000 seized.

 

The 133 domain names seized are part of Project Cyber Monday 3, an iteration of Operation In Our Sites (IOS). These websites duped consumers into unknowingly buying counterfeit goods as part of the holiday shopping season. The operation was coordinated by the ICE HSI-led National Intellectual Property Rights Coordination Center (IPR Center) in Washington, D.C. for the US and by Europol in Europe.

 

In addition to seizing domain names with a top-level domain (TLD) controlled by U.S. Registries, the IPR Center partnered with Europol to execute coordinated seizures of foreign-based TLDs such as .be, .eu, .dk, .fr, .ro, and .uk.  This effort is titled Project Transatlantic.

 

Source: EUROPOL

 

Please click here for more.

a25Assessment of Law Enforcement Tools: No New Databases Needed at EU level

Exchanging information is an essential tool for law enforcement authorities, both when fighting serious organised crime (such as terrorism, trafficking in human beings, drugs or firearms) and offences committed by individuals across borders (such as murders and sexual violence against children).

 

On 7 December, the European Commission adopted a Communication taking stock of how the information exchange works in the EU today, and recommending practical ways to improve it.

 

It concludes that information exchange generally works well, and no new EU-level law enforcement databases are therefore needed at this stage. However, the existing EU instruments should be better implemented, and exchange of information should be organised more consistently - in particular by creating Single Points of Contact for law enforcement agencies in all Member States.

 

The Communication emphasises the need to ensure high data quality and to respect data protection rules, and also explains how the EU will provide support, including funding and training, for Member States.

 

"Improving cross-border information exchange is not an end in itself. The purpose is to tackle crime more effectively and reduce harm to victims and to the EU economy. The measures in place generally work well, and there is no need for new law enforcement databases. But there is scope for improvement. In particular, legislation that has been agreed must be fully implemented and used more consistently, by all Member States", said Commissioner for Home Affairs Cecilia Malmström.

 

Source: European Commission - DG for Home Affairs

 

Please click here for more.

a26Get Engaged in ASIS Women in Security and Young Professionals Groups

Go online to catch-up on the latest education programmes and networking opportunities offered by the ASIS Women in Security and Young Professionals groups.

a27Global Agenda

17-19 February 2013 - ASIS 4th Middle East Security Conference & Exhibition- Dubai, UAE 

 

14-16 April 2013 - ASIS 12th European Security Conference & Exhibition - Gothenburg, Sweden

8-9 May 2013 - ASIS 23rd New York Security Conference & Expo - New York, USA

24-27 September 2013 - ASIS 59th Annual Seminar & Exhibits - Chicago, USA

 

3-5 December 2013 - ASIS 7th Asia-Pacific Security Forum & Exhibition - Macau, China

a28Professional Development

Upcoming Webinars 

 
10 January: Free - Security Project Management-Planning for Success 
             
 
Webinar Archive

 

This month highlighting: Lessons Learned: Trends in Extreme Violence in the Workplace
 
Available as streaming media and on CD| 90 minutes

Additional titles

 

e-Learning

 

This month highlighting: Online Learning Catalogue 

 

Classroom Programmes

 

Check online to view the full calendar.

a32Chapter and Certification Events
Please click here to access the European agenda.

ASIS EUROPE. ADVANCING SECURITY WORLDWIDE. © 2012
To unsubscribe please contact the editor
.