Recalling cybersecurity and privacy events of 2018, it’s really hard to know where to start so I thought it might be fun to start with President Trump. He’s been revamping US policy on cyber-attacks and, true to form, he’s going full-on Trump with some tough language backed by… questionable resolve and a confusing set of assets.
His new National Cyber Strategy shifts US cyber policy to the offensive, promising the administration will deliver “swift, costly and transparent consequences when malicious actors harm the United States or our partners”. The aim is to deter by threatening with a big stick or, as the policy states, “develop tailored strategies to ensure adversaries understand the consequences of their malicious cyber behavior”. Getting other nations’ law enforcement to step up is another goal of the document. Local sentiment be dammed.
The U.S. military now has free reign to go on the offense against cybercriminals without having to check in first with the State Department or the intelligence community.
Tough talk for a president whose choice of cyber advisors includes Rudy Giuliani, a man who may not truly understand how to use a stamp. And this is coming from a president who proposed building a joint cybersecurity unit with Russia to address the pesky issue of election meddling.
“It’s not the dumbest idea I have ever heard, but it’s pretty close”
~Senator Lindsey Graham”
As puzzling as all of this may be, President Trump’s duplicity is actually rivaled by the one-and-only Mark Zuckerberg. It’s been quite a year for ol’ Zucky and he’s managed to top it off with one final insult to Facebook users. More on that in a bit but first, let’s revisit the electrifying world of cryptocurrency in 2018.
Finally, the Big Cryptocurrency Crash
Bitcoin and other cryptocurrencies were bound to crash (again) and this was the year for it. No big surprise here, though. Both investors and cybersecurity experts should have plainly seen it coming.
From an investor’s perspective, volatility gave all the signs of a bubble that would soon burst. Obvious precedents include the housing and mortgage bubble of the mid-aughts and the dot-com bubble of the late 1990s.
From a cybersecurity perspective, signs of the crash were almost as equally clear. Although there’s no precedent, there’s a certain logic to it all. Follow the progression of events with South Korea’s journey to crypto regulation and what you see emerging is an indirect relationship between increased cybersecurity and decreased speculative value on the crypto markets. Follow the story:
- July 2017. The South Korean government legalizes Bitcoin trades, payments, and transfers
- August 2017. North Korea hacks into the exchanges
- September 2017. South Korea considers strengthening user authentication procedures, tightening regulation on trading, and increasing oversight on bank reporting of transactions using virtual currencies
- December 2017. South Korea considering banning cryptocurrency exchanges altogether (or at least banning crypto traders from using anonymous bank accounts)
- January 2018. Several South Korean crypto exchanges are removed from popular crypto price tracker CoinMarket, resulting in loss of USD$20 billion in market cap of Ripple, a cryptocurrency. It also caused a dip in the overall crypto market.
- December 2018. After months of hinting they would do so, South Korean government holds discussions over how to regulate the crypto industry
The market for Bitcoin and digital currencies tends to dip whenever there’s a hint of regulation. And, with clear hints of regulation coming from South Korean officials this year, the signs were there.
China followed a similar path but perhaps not for security reasons. Their late-2017 ban on ICO’s was more of an attempt to stem the trading mania and avoid social unrest but it didn’t quite stick as traders moved to international exchanges to carry on trading. Shutting down domestic exchanges was followed by banning foreign exchanges as well as cryptocurrency websites as China continued tightening the noose.
Of course, there’s an alternative to strong-arming for control and banishment of cryptocurrencies and it’s regulation. South Korea officials had originally also taken the strongarm approach, like China, vowing to ban cryptocurrency trading early in the year.
But fast-forward to December and they’re taking a milder legislative approach (if you can’t stop ‘em, regulate them).
Edging away from the totalitarian move of banning crypto, South Korea’s National Assembly and members of Congress are taking a more level-headed (and realistic) approach, conducting exploratory discussions about the future of cryptocurrencies in their country.
Here are the talking points:
- Regulatory frameworks are necessary
- Unconfirmed bank accounts are a problem
- Large commercial banks and small crypto exchanges have to find a way to work together
- Governments need to encourage a crypto-friendly ecosystem by encouraging blockchain startups
- Exchanges need help from the government to establish trust but they fear over-regulation. This fear is exacerbated by the G20 regulatory standards
- Communication is key: between governments, businesses, officials, and exchanges
Going into 2019, these six concepts make an excellent starting point for any discussion regarding cryptocurrency. Indeed, let’s hope that in the coming year, we hear more on these topics and less on ICO’s, volatility, and the wild speculation of 2017 and 2018. Let’s start using digital currencies in a proper, safe environment rather than treating them as a trading phenomenon.
And, speaking of business-government cooperation (or, in this case, lack thereof) in the cybersecurity realm, Facebook was another big newsmaker this year.
Facebook’s Many Faces of Security and Privacy
To say that Facebook showed its true colors in 2018 is an understatement. We’ve witnessed a lot of shady behavior from Mark Zuckerberg over user privacy but this time it’s downright despicable.
The latest breach came in the form of a bug that exposed users’ private photos to third-party app developers… 876 developers had unauthorized access to user photos (even the photos that Facebook users had uploaded but not yet shared). 6.8 million users were affected via approximately 1,500 different apps and it went on for two weeks.
But here’s where it becomes despicable: the two-week breach occurred last September. Facebook waited more than two months to inform users! So much for the GDPR rule of 72-hour notification. Here’s where the duplicity begins…
Facebook interprets the notification rule in a way that only Facebook could. Rather than having to report a breach within 72 hours of discovery, Facebook thinks they get as much time as they need to figure out who was affected and what they will do about the breach. And it’s at that point that the 72-hour timer begins.
In other words, they think they get as much time as they want to figure out if a breach is “reportable”. Once they’ve made that decision, the 72 hour period kicks in.
So much for the spirit of the law and so much for caring about privacy notifications.
Nice try, Zucky! We know you can access simple security audit logs to quickly find out who was affected. We also know it’s curious that after so many breaches, all of them seem to affect user data, not company data. Apparently, you know how to protect data… but only your own.
This points to how easy it’s been for Zucky to get around GDPR but maybe this time it’s time to face karma because he’s now possibly facing billions in fines. We can only hope and wait…
The Nightmares of 2018 All Wrapped Up
Finally, what’s in store for 2019? As cryptocurrency security teeters on the brink of real regulation, and before GDPR can dig in and make its mark, Facebook is leveraging to get in the mix before it’s too late.
Yes, Zucky is at it again.
Taking both of 2018’s nightmares and rolling them into one large, diabolical plan, Mark Zuckerberg is planning a Facebook cryptocurrency. And why not? An unregulated currency for Facebook users, whose data forms the world’s largest trove of hackable, unsecured personal information? What could go wrong?
In the wake of Facebook’s recent security breach, which of course comes on the heels of multiple privacy infractions and a huge problem with trust and their seeming disregard for user privacy, a Facebook cryptocurrency sounds like a nightmare. Those crypto security regulations just can’t come soon enough.
All of us join in wishing you a wonderful Holiday Season and a happy New Year.