Articles

Articles

To pay or not pay a hacker’s ransomware demand? It comes down to cyber hygiene

Articles, Blog, News
featured image

A recent call for city leaders to stop paying ransomware demands underscores the need for municipalities to step up their cyber practices and have a good backup process in place.

Baltimore Mayor Jack Young announced last week that the U.S. Conference of Mayors (UCSM) passed a resolution calling on mayors to oppose the payment of ransomware attackers. The resolution states that “at least 170 county, city or state government systems have experienced a ransomware attack since 2013” with 22 of those occurring in 2019 so far.

One of those cities is Young’s own Baltimore, which was crippled by a Robbinhood ransomware attack on May 7, causing well more than a month’s worth of turmoil and city service outages that brought down real estate sales in the city and ultimately cost $18 million (and counting) in recovery costs and lost revenues. Baltimore applied for federal disaster funds, and the city’s IT chief publicly apologized for doing a “poor job” of communicating in the wake of the attack. Mayor Young and IT experts say it will still be months before Baltimore’s systems are fully functional.

Baltimore’s ransomware disaster could have theoretically been minimized if the city had paid the hacker’s initial ransom demand of what was then about $76,000 in bitcoin, less than 1% of the ultimate cost of the attack. At least two other cities recently hit by ransomware made their own calculations and decided to do just that.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

What is the CISA? How the new federal agency protects critical infrastructure from cyber threats

Articles, Blog, News
featured image

The U.S. Congress created The Cybersecurity and Infrastructure Security Agency to identify threats, share information and assist with incident response in defense of the nation’s critical infrastructure.

The Cybersecurity and Infrastructure Security Agency (CISA) is a new federal agency, created to protect the nation’s critical infrastructure.

It was created through the Cybersecurity and Infrastructure Security Agency Act of 2018, which was signed into law on November 16, 2018. That legislation “rebranded” the Department of Homeland Security’s (DHS’s) National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency and transferred resources and responsibilities of NPPD to the newly created agency. Prior to the passage of the bill, NPPD managed almost all of DHS’s cybersecurity-related matters.

CISA is responsible for protecting the nation’s critical infrastructure from physical and cyber threats. Its mission is to “build the national capacity to defend against cyber attacks” and to work “with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the .gov networks that support the essential operations of partner departments and agencies.”

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Telecom insiders detail hardships posed by Chinese technology ban

Articles, Blog, News
featured image

Banning Chinese Telecom vendors Huawei and ZTE creates fear, uncertainty and doubt as well as new supply chain security ideas among small telcos.

Democratic Federal Communications Commission (FCC) Commissioner Geoffrey Starks hosted a workshop on June 27 entitled “Find IT, Fix It, Fund It” to hear from “interested parties on how to address the national security threats posed by insecure equipment within our communications networks.” Although not explicitly stated in the Commission’s public notice or its press release, the issue addressed in the workshop is whether and how to remove from the nation’s communications networks technology from Chinese suppliers given the recent executive order banning American companies from using any telecommunications equipment deemed to be a security risk.

That order was squarely aimed at China’s top telecom tech providers Huawei and ZTE as well as any other Chinese tech vendor whose products appear in the nation’s communications networks. The half-day workshop featured a range of speakers including academics, small telecom providers, rival telecom tech providers and small telecom trade association representatives. Almost all spoke about the uncertainty and fear the ban has created and the stark financial and opportunity costs it will impose.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Why the Huawei ban is bad for security

Articles, Blog, News
featured image

Many believe the ban on exporting U.S. technology to Chinese company Huawei could hurt American tech vendors and do little to mitigate supply chain threats.

Last week, Google reportedly warned the Trump Administration that its current ban on exports to Huawei might actually jeopardize national security by forcing Huawei to create an insecure fork of its Android operating system, according to the Financial Times.

That ban was imposed as part of a Commerce Department effort announced in mid-May which placed the Chinese telecom and tech giant on a U.S. export blacklist, the “entity list,” for its purported efforts to spy on behalf of the Chinese government. Two other companies — the telecom giant ZTE and a memory chip maker, Fujian Jinhua Integrated Circuit — were also placed on the list and the administration is now reportedly considering adding video surveillance company HikVision to it.

Two days before Google’s reported warning was made public, the Washington Post released the results of a survey of 100 cybersecurity experts from government, academia and the private sector who mostly concluded that the ban would only end up hurting U.S. tech companies and further diminish U.S. influence over the security of new products. One of the experts, former Facebook security chief Alex Stamos, now a Hoover Fellow at Stanford University, said that the ban could cause China to “emerge as the indispensable nation in consumer technology.”

[This article appeared in CSO Online. To read the rest of the article please visit here.]

2016 election hacking in Florida: Russian emails, hidden tracks

Articles, Blog, News
featured image

The Mueller Report says the Russians planted malware on at least one Florida county system, and Florida’s governor announces that two counties were hacked in 2016. Experts believe the problem could be bigger.

Since early April when Special Counsel Robert Mueller’s redacted report on the investigation into Russian interference in the 2016 presidential election was released, a storm of confusion and controversy has raged over what happened in Florida during that election. A cryptic passage in the Mueller report outlines how Unit 74455 of Russia’s military intelligence arm GRU sent “spear-phishing emails to public officials involved in election administration and personnel involved in voting technology.”

The Mueller report states that in August 2016, the GRU targeted employees of a voting technology company that “developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network.” The voting technology vendor’s name was redacted in the report.

According to the Mueller report, an FBI investigation revealed that in November 2016 the GRU “sent spear-phishing emails to over 120 email accounts used by Florida county officials responsible for administering the 2016 U.S. election” and malware embedded in Word documents in those emails enabled the GRU to gain access to “at least one Florida county government.”

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Why local governments are a hot target for cyberattacks

Articles, Blog, News
featured image

Recent ransomware and other attacks underscore the value attackers see in the data stored in city and regional government systems. Here’s why they are vulnerable and what they can do to reduce the threat.

Despite what appears to be a recent spurt in municipal ransomware attacks, these infections are nothing new to the nation’s cities. The most high-profile municipal ransomware attack took place over a year ago in March 2018 when the city of Atlanta was crippled by SamSam ransomware. According to Wired magazine, the city of Atlanta ended up spending $2.6 million to respond to that attack, roughly 52 times the amount of the $50,000 or so in ransom demanded by the attackers.

Still, the recent spate of attacks raises the question: Are municipal ransomware infections on the rise? According to some municipal cybersecurity experts, cities have long grappling with malware and ransomware attacks at the same rate as private sector organizations, but are just now becoming more public about it.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

FEMA contractor at center of privacy violation provides services to many other agencies

Articles, Blog, News
featured image

Corporate Lodging Consultants provides lodging services to many other government agencies. Is more sensitive personal information at risk?

Late last-year, the Federal Emergency Management Agency (FEMA) was found to have exposed 2.3 million disaster survivors to identity theft and fraud by unnecessarily sending sensitive data to a government contractor administering FEMA’s emergency lodging program. The contractor, who failed to flag for FEMA the data oversharing, was found by the agency to have 11 cybersecurity vulnerabilities in its data and network facilities, seven of which won’t be remediated until 2020.

That same contractor currently supplies, and has since 2005, emergency lodging services to virtually all government agencies and sub-agencies, including the Department of Defense, the Coast Guard, the Department of Justice, the Department of Veteran’s Affairs, among others. Based on an investigation, it’s unclear if any determination has been made by the agencies that rely on the contractor for emergency lodging services whether they, too, were collecting or transmitting unnecessary sensitive data to the contractor. It’s further unclear the degree to which the identified cybersecurity vulnerabilities leave the contractor’s facilities exposed to external threats or whether the personal data of all the other agencies’ personnel are inadequately protected on the contractor’s vulnerable network.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

Congress steers clear of industrial control systems cybersecurity

Articles, Blog, News
featured image

Industry resistance to regulation, complexity of securing ICS systems are roadblocks to passage of critical infrastructure cybersecurity legislation.

Rule number one about legislation affecting the cybersecurity of industrial control systems (ICS) is that no one talks about legislation affecting the cybersecurity of ICS. At least it seems that way based on a number of attempts to get industry stakeholders to talk on the record about the prospects in the 116th Congress for any legislation that affects critical infrastructure, specifically as it relates to industrial control systems.

Although a number of cybersecurity-related bills have been introduced in the new Congress, only a handful of relatively non-controversial pieces of legislation, most reintroduced from the last Congress, deal primarily with critical infrastructure industrial control systems, a surprise given the stepped-up concerns over threats to the nation’s electric grids, gas and oil pipelines, transportation systems and dams and the rise of industrial supply chain issues that have grabbed headlines over the past few years.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

New CISA director outlines top 5 priorities for protecting U.S. critical infrastructure

Articles, Blog, News
featured image

CISA’s Christopher Krebs has a two-year plan for his new cybersecurity agency, with China, supply chain and 5G as top priorities.

Last November, the former, somewhat awkwardly named National Protection and Programs Directorate (NPPD) was elevated within the U.S. Department of Homeland Security (DHS) to become the Cybersecurity and Infrastructure Security Agency (CISA) following enactment of the Cybersecurity and Infrastructure Security Agency Act of 2018. CISA is responsible for protecting the country’s critical infrastructure from physical and cyber threats, overseeing a host of cybersecurity-related activities. This includes operating the National Cybersecurity and Communications Integration Center (NCCIC), which provides round-the-clock situational awareness, analysis, incident response and cyber defense capabilities to the federal government, state, local, tribal and territorial governments, the private sector and international partners.

CISA made its first prominent mark as an independent agency during the 35-day government shut-down when, on January 22, it issued an unexpected, and to some a startling, emergency directive ordering admins at most government agencies to protect their domains against a wave of attacks on the domain name system infrastructure (DNS). The directive was prompted by a number of DNS tampering efforts at multiple executive branch agencies. This malicious, complex and widespread campaign, dubbed DNSpionage by Cisco Talos, allowed suspected Iranian hackers to steal massive amounts of email passwords and other sensitive data from government offices and private sector entities.

Christopher Krebs serves as CISA’s first director. Krebs previously headed the NPPD as assistant secretary for infrastructure protection and joined DHS as a senior counselor to the secretary after working in the U.S. Government Affairs team as the director for cybersecurity at Microsoft.

[This article appeared in CSO Online. To read the rest of the article please visit here.]

The cybersecurity legislation agenda: 5 areas to watch

Articles, Blog, News
featured image

The 116th Congress is only a few months old, but far-reaching cybersecurity bills to protect infrastructure and the supply chain, ensure election integrity, and build a security workforce are now being considered. Here’s the list.

New digital threats that could topple business, government, military and political institutions is moving cybersecurity to the top of the congressional agenda. The newly seated 116th Congress has so far seen 30 bills introduced in the House of Representatives and seven bills introduced in the Senate that directly deal with cybersecurity issues. That does not include other pieces of legislation that have at least some provisions that deal with information and digital security.

A key problem in grappling with such a complex issue as cybersecurity in Congress — and in Washington in general — is the diffused responsibility spawned by the wide-ranging, interconnected nature of the topic. Representative Jim Langevin (D-RI), a member of the Armed Services and Homeland Security Committees, and one of the founders of the Congressional Cybersecurity Caucus, flagged this stumbling block at the 2019 State of the Net conference in January by calling for consolidation in Congress over cybersecurity.

Noting that around 80 groups within the legislative branch claim some jurisdiction over cybersecurity matters, Langevin said, “We as a Congress are going to have to move with greater agility to respond to the cybersecurity threats we face going forward, and we can’t do it under the current construct.” Langevin wants the House Homeland Security issue to take the lead on all matters related to cybersecurity.

[This article appeared in CSO Online. To read the rest of the article please visit here.]