Defending the Core: Proceedings of the 9th International Conference on Cyber Conflict, 2017, NATO Cooperative Cyber Defence Centre of Excellence

From NATO’s Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) website:

After many rounds of peer review, 14 articles were accepted for this proceedings book, which formed the ‘backbone’ of the conference’s sessions and workshops. CyCon’s interdisciplinary nature is reflected in this collection of articles, which can be broadly categorised into three sections: strategy, law and technology.

The publication starts with a focus on strategic cyber security issues, as Martin Libicki provides his perspective on how states can establish effective international norms to limit cyber espionage. This is followed by Max Smeets, who analyses the possible benefits and risks of organisational integration of national offensive cyber capabilities. When discussing the challenges stemming from NATO’s decision to recognise cyberspace as an operational domain, Brad Bigelow highlights the importance of mission assurance and advocates for a clear role for the NATO Command Structure. The strategy section ends with Kenneth Geers, who emphasises the importance and often underestimated value of traffic analysis in cyberspace.

Articles devoted to legal issues start with Ido Sivan-Sevilla’s study of the dynamics of United States federal law with regard to the privacy and security debate. Privacy is also addressed by Eliza Watt, who writes about the role of international human rights law in the protection of online privacy, focusing on the extraterritorial application of human rights treaties. Jeffrey Biller’s contribution then looks at a topical issue in international humanitarian law: the misuse of protected indicators in cyberspace. International humanitarian law is also represented by the following article by Tassilo V. P. Singer, who examines the possible extension of the period of direct participation in hostilities due to autonomous cyber weapons. Emerging international law is discussed in the last two legal articles. Kubo Mačák provides his view of how general international law is influenced by the development of the cyber law of war; and finally, Peter Z. Stockburger observes that there may be arising a new lex specialis governing state responsibility for third party cyber incidents: a ‘control and capabilities’ test.

The third section of the book covers technical cyber security matters. Focussing on the defence of core infrastructure, Robert Koch and Teo Kühn begin by introducing their concept of building an effective intrusion detection system, based on voltage levels and current drain, to protect unsecure industrial control systems. Continuing with the subject of defending cyber-physical systems, Martin Strohmeier et al. propose the establishment of a separate verification layer for sensitive wireless data, powered by crowdsourced sensors connected to the Internet. Fabio Pierazzi et al. then tackle the detection of advanced cyber attacks as they introduce a novel online approach for identifying intrusions, providing an alternative to existing frameworks. Last but not least, Riccardo Longo et al. look at the resilience of certification authorities in a scenario of a large-scale cyber attack and propose a solution by analysing the security of a blockchain-based Public Key Infrastructure protocol.

The full document can be downloaded from NATO CCD COE at this link.

9th International Conference on Cyber Conflict. Proceedings 2017
Share:

Tags: ,

Ransomware: Beware the Users, and Other Things As well…

Ransomware, Hacks, and Cybersecurity Issues: As long as there are users there will be issues

Various media outlets have reported a dramatic rise in ransomware attacks and the NY Times reported that the most recent attacks impacted over 200,000 machines running the Windows operating systems (OS), across 150 countries.  The NYTimes article posits that hospitals, academic institutions, and technology companies were targeted during this cyberattack.  The article goes on to state that it is likely that exercising caution while online may have prevented the malware from infiltrating and infecting the networks from the outset.  While the malware has been identified as the “WannaCry” variant, it seems a security update was made available by Microsoft nearly two months ago, according to the article.  Thus, here we see a double-whammy: 1) administrators were not timely in rolling out updates; and 2) users clicked on or opened e-mails which facilitated the spread (this second point is contentious as some security vendors dispute whether or not the payload was delivered using a typical phishing scheme).


What Now?

Ultimately these things typically seem to come down to the user.  While IT professionals can implement policies and procedures to ensure that patches and security updates are applied regularly, it is the user, who can make or break nearly any policy or procedure.  Until artificial intelligence takes over and heuristics rule the day, we will continue to see successful (and yet rudimentary) attacks.  That may help going forward but it doesn’t help in the here and now, however the following may.  There are procedures companies and individuals can implement to limit the damage that ransomware can inflict and hopefully avoid paying a ransom for the return of their un-encrypted data.

One would think that the concept of security updates and remaining current with patches would be a no-brainer; however, clearly that is not the case.  Therefore, step zero if you will is to stay on top of this and ensure that all of your computing devices are using the latest supported versions with the latest patches and security updates applied.   For a standard user, you should then practice good cyber hygiene, do not click on or open e-mails from unknown senders and do not click links in e-mails unless they are from a trusted source and do not exhibit any of the tell-tale signs (e.,g misspellings, poor grammar usage, link that goes to an unknown domain, etc.).  It is equally important that you maintain backups of your data that are in traditional backup format and ideally streamed to the backup device so that the backups themselves stay beyond the reach of ransomware.  However, as I found in my previous career, a backup is only as good as the restore and all too often restores are not fully (if at all) tested and this creates a terrible scenario.  Ideally you would have a full-scale disaster recovery (DR) plan, however these are largely beyond the expertise of the typical user and even some businesses.  Without a DR plan both created and tested, companies will continue to find themselves victims of ransomware and to mitigate risk they will often decide to pay rather than test their restore capabilities for the very first time.

The Short Version:

Know thy sender: if you aren’t certain it is from a trusted source, delete it rather than opening.  Same goes for links — type the address to the domain yourself rather than clicking a link you aren’t sure of.

Updates and Patches: turn on automatic updates, download and install the latest security updates, and check manually on a regular basis to ensure those “automatic” features are working.

Backup: if it is worth saving, it is worth backing up.  Don’t forget that with the technological advances of handheld devices you should ensure that those are backed up as well.

Restore: test your restores, make sure you can restore a file, a folder, and an entire device.  Sometimes a bare-metal restore is the only option to make sure you can bring your data back online with an entirely new device.

 

 

Share:

Tags: , ,

New GAO report: Internet of Things Status and implications of an increasingly connected world

Internet of Things Status and implications of an increasingly connected world

Source link.

Share:

Tags: , ,

Very initial thoughts on today’s White House cybersecurity order

  • For full text, see our post.
  • Once again, the NIST Framework is key.
  • Each Agency has 90 days to provide a risk management report to the Secretary of Homeland Security and the Director of the OMB.
  • DHS, OMB, Commerce, General Services and the White House staff then have 60 days to submit to the President a plan to protect the “executive branch enterprise.”  Is that coordination or an ability to designate who is in charge?
  • For any national security system, the SecDEF and DNI replace DHS and OMB.
  • An even larger group has 180 days to provide a report on protecting critical infrastructure.
    • That group includes Secretary of DHS, Secretary of Defense, the Attorney General, the DNI, the Director of the FBI, “the heads of appropriate sector-specific agencies, … and all other appropriate agency heads.”
  • The order calls for “market transparency of cybersecurity risk management practices by critical infrastructure entities,” presumably so people can vote with their feet.  But, much critical infrastructure is either regulated monopolies or in the public sector.  So, consumer choice is minimal and demand will not be elastic based upon transparency of poor cybersecurity practices.  So, this may simply amount to public shaming as the enforcement mechanism.
  • A different large group of public agencies is to promote resilience against botnets and the like.
  • Energy, DHS, and ODNI have 90 days to report on securing the electric grid.
  • For the nation in general, “it is the policy of the executive branch to promote an open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft.”  Note that one side of the balance is only “disruption, fraud, and theft.”  There is no mention there of preventing terrorist communications or contraband such as child pornography.”
  • A report on deterring adversaries is required within 90 days.
  • A section entitled “International Cooperation” also calls for reports but gives no indication of whether the Administration still supports multi-stakeholderism or will shift to multi-literalism.
  • For better or worse, the order does not address investigative abilities and criminal enforcement.
  • The order takes a defense posture and does not promote, yet, offensive cybersecurity.
Share:

Tags: ,

Actual Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

For Immediate Release

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

EXECUTIVE ORDER

– – – – – – –

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

By the authority vested in me as President by the Constitution and the laws of the United States of America, and to protect American innovation and values, it is hereby ordered as follows:

Section 1.  Cybersecurity of Federal Networks.

(a)  Policy.  The executive branch operates its information technology (IT) on behalf of the American people.  Its IT and data should be secured responsibly using all United States Government capabilities.  The President will hold heads of executive departments and agencies (agency heads) accountable for managing cybersecurity risk to their enterprises.  In addition, because risk management decisions made by agency heads can affect the risk to the executive branch as a whole, and to national security, it is also the policy of the United States to manage cybersecurity risk as an executive branch enterprise.

(b)  Findings.

(i)    Cybersecurity risk management comprises the full range of activities undertaken to protect IT and data from unauthorized access and other cyber threats, to maintain awareness of cyber threats, to detect anomalies and incidents adversely affecting IT and data, and to mitigate the impact of, respond to, and recover from incidents.  Information sharing facilitates and supports all of these activities.

(ii)   The executive branch has for too long accepted antiquated and difficult–to-defend IT.

(iii)  Effective risk management involves more than just protecting IT and data currently in place.  It also requires planning so that maintenance, improvements, and modernization occur in a coordinated way and with appropriate regularity.

(iv)   Known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies (agencies).  Known vulnerabilities include using operating systems or hardware beyond the vendor’s support lifecycle, declining to implement a vendor’s security patch, or failing to execute security-specific configuration guidance.

(v)    Effective risk management requires agency heads to lead integrated teams of senior executives with expertise in IT, security, budgeting, acquisition, law, privacy, and human resources.

(c)  Risk Management.

(i)    Agency heads will be held accountable by the President for implementing risk management measures commensurate with the risk and magnitude of the harm that would result from unauthorized access, use, disclosure, disruption, modification, or destruction of IT and data.  They will also be held accountable by the President for ensuring that cybersecurity risk management processes are aligned with strategic, operational, and budgetary planning processes, in accordance with chapter 35, subchapter II of title 44, United States Code.

(ii)   Effective immediately, each agency head shall use The Framework for Improving Critical Infrastructure Cybersecurity (the Framework) developed by the National Institute of Standards and Technology, or any successor document, to manage the agency’s cybersecurity risk.  Each agency head shall provide a risk management report to the Secretary of Homeland Security and the Director of the Office of Management and Budget (OMB) within 90 days of the date of this order.  The risk management report shall:

(A)  document the risk mitigation and acceptance choices made by each agency head as of the date of this order, including:

(1)  the strategic, operational, and budgetary considerations that informed those choices; and

(2)  any accepted risk, including from unmitigated vulnerabilities; and

(B)  describe the agency’s action plan to implement the Framework.

(iii)  The Secretary of Homeland Security and the Director of OMB, consistent with chapter 35, subchapter II of title 44, United States Code, shall jointly assess each agency’s risk management report to determine whether the risk mitigation and acceptance choices set forth in the reports are appropriate and sufficient to manage the cybersecurity risk to the executive branch enterprise in the aggregate (the determination).

(iv)   The Director of OMB, in coordination with the Secretary of Homeland Security, with appropriate support from the Secretary of Commerce and the Administrator of General Services, and within 60 days of receipt of the agency risk management reports outlined in subsection (c)(ii) of this section, shall submit to the President, through the Assistant to the President for Homeland Security and Counterterrorism, the following:

(A)  the determination; and

(B)  a plan to:

(1)  adequately protect the executive branch enterprise, should the determination identify insufficiencies;

(2)  address immediate unmet budgetary needs necessary to manage risk to the executive branch enterprise;

(3)  establish a regular process for reassessing and, if appropriate, reissuing the determination, and addressing future, recurring unmet budgetary needs necessary to manage risk to the executive branch enterprise;

(4)  clarify, reconcile, and reissue, as necessary and to the extent permitted by law, all policies, standards, and guidelines issued by any agency in furtherance of chapter 35, subchapter II of title 44, United States Code, and, as necessary and to the extent permitted by law, issue policies, standards, and guidelines in furtherance of this order; and

(5)  align these policies, standards, and guidelines with the Framework.

(v)    The agency risk management reports described in subsection (c)(ii) of this section and the determination and plan described in subsections (c)(iii) and (iv) of this section may be classified in full or in part, as appropriate.

(vi)   Effective immediately, it is the policy of the executive branch to build and maintain a modern, secure, and more resilient executive branch IT architecture.

(A)  Agency heads shall show preference in their procurement for shared IT services, to the extent permitted by law, including email, cloud, and cybersecurity services.

(B)  The Director of the American Technology Council shall coordinate a report to the President from the Secretary of Homeland Security, the Director of OMB, and the Administrator of General Services, in consultation with the Secretary of Commerce, as appropriate, regarding modernization of Federal IT.  The report shall:

(1)  be completed within 90 days of the date of this order; and

(2)  describe the legal, policy, and budgetary considerations relevant to — as well as the technical feasibility and cost effectiveness, including timelines and milestones, of — transitioning all agencies, or a subset of agencies, to:

(aa)  one or more consolidated network architectures; and

(bb)  shared IT services, including email, cloud, and cybersecurity services.

(C)  The report described in subsection (c)(vi)(B) of this section shall assess the effects of transitioning all agencies, or a subset of agencies, to shared IT services with respect to cybersecurity, including by making recommendations to ensure consistency with section 227 of the Homeland Security Act (6 U.S.C. 148) and compliance with policies and practices issued in accordance with section 3553 of title 44, United States Code.  All agency heads shall supply such information concerning their current IT architectures and plans as is necessary to complete this report on time.

(vii)  For any National Security System, as defined in section 3552(b)(6) of title 44, United States Code, the Secretary of Defense and the Director of National Intelligence, rather than the Secretary of Homeland Security and the Director of OMB, shall implement this order to the maximum extent feasible and appropriate.  The Secretary of Defense and the Director of National Intelligence shall provide a report to the Assistant to the President for National Security Affairs and the Assistant to the President for Homeland Security and Counterterrorism describing their implementation of subsection (c) of this section within 150 days of the date of this order.  The report described in this subsection shall include a justification for any deviation from the requirements of subsection (c), and may be classified in full or in part, as appropriate.

Sec. 2.  Cybersecurity of Critical Infrastructure.

(a)  Policy.  It is the policy of the executive branch to use its authorities and capabilities to support the cybersecurity risk management efforts of the owners and operators of the Nation’s critical infrastructure (as defined in section 5195c(e) of title 42, United States Code) (critical infrastructure entities), as appropriate.

(b)  Support to Critical Infrastructure at Greatest Risk.  The Secretary of Homeland Security, in coordination with the Secretary of Defense, the Attorney General, the Director of National Intelligence, the Director of the Federal Bureau of Investigation, the heads of appropriate sector-specific agencies, as defined in Presidential Policy Directive 21 of February 12, 2013 (Critical Infrastructure Security and Resilience) (sector-specific agencies), and all other appropriate agency heads, as identified by the Secretary of Homeland Security, shall:

(i)    identify authorities and capabilities that agencies could employ to support the cybersecurity efforts of critical infrastructure entities identified pursuant to section 9 of Executive Order 13636 of February 12, 2013 (Improving Critical Infrastructure Cybersecurity), to be at greatest risk of attacks that could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security (section 9 entities);

(ii)   engage section 9 entities and solicit input as appropriate to evaluate whether and how the authorities and capabilities identified pursuant to subsection (b)(i) of this section might be employed to support cybersecurity risk management efforts and any obstacles to doing so;

(iii)  provide a report to the President, which may be classified in full or in part, as appropriate, through the Assistant to the President for Homeland Security and Counterterrorism, within 180 days of the date of this order, that includes the following:

(A)  the authorities and capabilities identified pursuant to subsection (b)(i) of this section;

(B)  the results of the engagement and determination required pursuant to subsection (b)(ii) of this section; and

(C)  findings and recommendations for better supporting the cybersecurity risk management efforts of section 9 entities; and

(iv)   provide an updated report to the President on an annual basis thereafter.

(c)  Supporting Transparency in the Marketplace.  The Secretary of Homeland Security, in coordination with the Secretary of Commerce, shall provide a report to the President, through the Assistant to the President for Homeland Security and Counterterrorism, that examines the sufficiency of existing Federal policies and practices to promote appropriate market transparency of cybersecurity risk management practices by critical infrastructure entities, with a focus on publicly traded critical infrastructure entities, within 90 days of the date of this order.

(d)  Resilience Against Botnets and Other Automated, Distributed Threats.  The Secretary of Commerce and the Secretary of Homeland Security shall jointly lead an open and transparent process to identify and promote action by appropriate stakeholders to improve the resilience of the internet and communications ecosystem and to encourage collaboration with the goal of dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets).  The Secretary of Commerce and the Secretary of Homeland Security shall consult with the Secretary of Defense, the Attorney General, the Director of the Federal Bureau of Investigation, the heads of sector-specific agencies, the Chairs of the Federal Communications Commission and Federal Trade Commission, other interested agency heads, and appropriate stakeholders in carrying out this subsection.  Within 240 days of the date of this order, the Secretary of Commerce and the Secretary of Homeland Security shall make publicly available a preliminary report on this effort.  Within 1 year of the date of this order, the Secretaries shall submit a final version of this report to the President.

(e)  Assessment of Electricity Disruption Incident Response Capabilities.  The Secretary of Energy and the Secretary of Homeland Security, in consultation with the Director of National Intelligence, with State, local, tribal, and territorial governments, and with others as appropriate, shall jointly assess:

(i)    the potential scope and duration of a prolonged power outage associated with a significant cyber incident, as defined in Presidential Policy Directive 41 of July 26, 2016 (United States Cyber Incident Coordination), against the United States electric subsector;

(ii)   the readiness of the United States to manage the consequences of such an incident; and

(iii)  any gaps or shortcomings in assets or capabilities required to mitigate the consequences of such an incident.

The assessment shall be provided to the President, through the Assistant to the President for Homeland Security and Counterterrorism, within 90 days of the date of this order, and may be classified in full or in part, as appropriate.

(f)  Department of Defense Warfighting Capabilities and Industrial Base.  Within 90 days of the date of this order, the Secretary of Defense, the Secretary of Homeland Security, and the Director of the Federal Bureau of Investigation, in coordination with the Director of National Intelligence, shall provide a report to the President, through the Assistant to the President for National Security Affairs and the Assistant to the President for Homeland Security and Counterterrorism, on cybersecurity risks facing the defense industrial base, including its supply chain, and United States military platforms, systems, networks, and capabilities, and recommendations for mitigating these risks.  The report may be classified in full or in part, as appropriate.

Sec. 3.  Cybersecurity for the Nation.

(a)  Policy.  To ensure that the internet remains valuable for future generations, it is the policy of the executive branch to promote an open, interoperable, reliable, and secure internet that fosters efficiency, innovation, communication, and economic prosperity, while respecting privacy and guarding against disruption, fraud, and theft.  Further, the United States seeks to support the growth and sustainment of a workforce that is skilled in cybersecurity and related fields as the foundation for achieving our objectives in cyberspace.

(b)  Deterrence and Protection.  Within 90 days of the date of this order, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Attorney General, the Secretary of Commerce, the Secretary of Homeland Security, and the United States Trade Representative, in coordination with the Director of National Intelligence, shall jointly submit a report to the President, through the Assistant to the President for National Security Affairs and the Assistant to the President for Homeland Security and Counterterrorism, on the Nation’s strategic options for deterring adversaries and better protecting the American people from cyber threats.

(c)  International Cooperation.  As a highly connected nation, the United States is especially dependent on a globally secure and resilient internet and must work with allies and other partners toward maintaining the policy set forth in this section.  Within 45 days of the date of this order, the Secretary of State, the Secretary of the Treasury, the Secretary of Defense, the Secretary of Commerce, and the Secretary of Homeland Security, in coordination with the Attorney General and the Director of the Federal Bureau of Investigation, shall submit reports to the President on their international cybersecurity priorities, including those concerning investigation, attribution, cyber threat information sharing, response, capacity building, and cooperation.  Within 90 days of the submission of the reports, and in coordination with the agency heads listed in this subsection, and any other agency heads as appropriate, the Secretary of State shall provide a report to the President, through the Assistant to the President for Homeland Security and Counterterrorism, documenting an engagement strategy for international cooperation in cybersecurity.

(d)  Workforce Development.  In order to ensure that the United States maintains a long-term cybersecurity advantage:

(i)    The Secretary of Commerce and the Secretary of Homeland Security, in consultation with the Secretary of Defense, the Secretary of Labor, the Secretary of Education, the Director of the Office of Personnel Management, and other agencies identified jointly by the Secretary of Commerce and the Secretary of Homeland Security, shall:

(A)  jointly assess the scope and sufficiency of efforts to educate and train the American cybersecurity workforce of the future, including cybersecurity-related education curricula, training, and apprenticeship programs, from primary through higher education; and

(B)  within 120 days of the date of this order, provide a report to the President, through the Assistant to the President for Homeland Security and Counterterrorism, with findings and recommendations regarding how to support the growth and sustainment of the Nation’s cybersecurity workforce in both the public and private sectors.

(ii)   The Director of National Intelligence, in consultation with the heads of other agencies identified by the Director of National Intelligence, shall:

(A)  review the workforce development efforts of potential foreign cyber peers in order to help identify foreign workforce development practices likely to affect long-term United States cybersecurity competitiveness; and

(B)  within 60 days of the date of this order, provide a report to the President through the Assistant to the President for Homeland Security and Counterterrorism on the findings of the review carried out pursuant to subsection (d)(ii)(A) of this section.

(iii)  The Secretary of Defense, in coordination with the Secretary of Commerce, the Secretary of Homeland Security, and the Director of National Intelligence, shall:

(A)  assess the scope and sufficiency of United States efforts to ensure that the United States maintains or increases its advantage in national-security-related cyber capabilities; and

(B)  within 150 days of the date of this order, provide a report to the President, through the Assistant to the President for Homeland Security and Counterterrorism, with findings and recommendations on the assessment carried out pursuant to subsection (d)(iii)(A) of this section.

(iv)   The reports described in this subsection may be classified in full or in part, as appropriate.

Sec. 4.  Definitions.  For the purposes of this order:

(a)  The term “appropriate stakeholders” means any non-executive-branch person or entity that elects to participate in an open and transparent process established by the Secretary of Commerce and the Secretary of Homeland Security under section 2(d) of this order.

(b)  The term “information technology” (IT) has the meaning given to that term in section 11101(6) of title 40, United States Code, and further includes hardware and software systems of agencies that monitor and control physical equipment and processes.

(c)  The term “IT architecture” refers to the integration and implementation of IT within an agency.

(d)  The term “network architecture” refers to the elements of IT architecture that enable or facilitate communications between two or more IT assets.

Sec. 5.  General Provisions.

(a)  Nothing in this order shall be construed to impair or otherwise affect:

(i)   the authority granted by law to an executive department or agency, or the head thereof; or

(ii)  the functions of the Director of OMB relating to budgetary, administrative, or legislative proposals.

(b)  This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c)  All actions taken pursuant to this order shall be consistent with requirements and authorities to protect intelligence and law enforcement sources and methods.  Nothing in this order shall be construed to supersede measures established under authority of law to protect the security and integrity of specific activities and associations that are in direct support of intelligence or law enforcement operations.

(d)  This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.

DONALD J. TRUMP

THE WHITE HOUSE,
May 11, 2017

Share:

Tags:

Cyber Round Up: Cyber Extortion Surges — Victims Continue to Pay; Chinese Hackers shift focus to Asia; Russia may be hacking the French Election

  • Cyber Extortion Demands Surge as Victims Keep Paying: Symantec (USNews.com):  Alastair Sharp reports that hackers continue to use ransomware to extort increasingly hefty fees from their victims.  According to the article the average ransom has increased more than threefold from $294 to $1,077, as cyber extortionists continue to explore the ceiling.  The article states that in the U.S., over 60% of victims pay the ransom demands thus with such good returns, the attackers continue to raise their prices.  This trend, it seems, is a rather disturbing one.  The full text of the article is here.

 

  • Chinese Hackers shift focus to Asia after U.S. Accord (Financial Times): In this article, Jeevan Vasagar and Leo Lewis state that a Chinese hacker group, Conference Crew, shifted from U.S. targets to targets across Asia following the 2015 agreement between President Obama and Xi Jinping.  The article indicates that targets include countries such as: India, Indonesia, the Philippines, Vietnam, Macau, and Hong Kong.  The full text of the article is here.

 

  • A Cybersecurity Group Thinks Russia is Trying to hack the French Election (Vox):  Zeeshan Aleem reports that Trend Micro has asserted that a Russian intelligence unit targeted Emmanuel Macron’s campaign and further that Trend Micro believes this is the same group that targeted the DNC.  The article states that Trend Micro found similarities in the range of IP addresses used in the French and US hacks, as well as in the malware itself. Furthermore, the French government cybersecurity arm, ANSSI, confirmed that Macron did suffer cyberattacks, according to the report.  However, ANSSI, did reportedly state that this attacks could have been perpetrated by a group mimicking the Russian group’s modus operandi thus making it appear as though the Russians were behind the attack, according to the report.  The full text of the article is here.
Share:

Tags: , ,

CRS Report Released: Cybersecurity: Critical Infrastructure Authoritative Reports and Resources

CRS Report 4/21/2017

Cybersecurity: Critical Infrastructure Authoritative Reports and Resources

Share:

Tags:

Cyber Round Up: Australia’s Cyber Strategy; Trump’s Strategy is Late; Bose is Spying on Listeners, Lawsuit Says

  • Australia’s bold plan for cybersecurity growth (ZDNet):  Australia is taking big steps to bolster its cyber security framework.  According to an article last week, Australia is going to triple its cyber budget from AU$2 billion to AU$6 billion. The Australian Cyber Security Growth Network (ACSGN) announced their Cyber Security Sector Competitiveness Plan (SCP), which is their plan for implementing the budget expansion.   The full report is 98 pages, and can be read below. The article also discussed changes in board members and some hardware devices that Australia has recently produced.  The full article can be found here.

  • Trump’s cybersecurity plan is officially late (CNET):  President Trump has failed to keep up with his promised cyber security timeline, a report said last week.  The article said that Trump promised a cyber plan within 90 days of his taking office, and that deadline was Thursday.  One source quoted in the article stressed cyber’s important role in security and economics and said that the Administration needs to develop a plan.  While White House officials say a team has been assembled, it does not appear that a plan is coming anytime soon, the author suggested.  The full article can be found here.
  • Bose headphones spy on listeners: lawsuit (Reuters):  A lawsuit filed in federal court in Chicago last week sought an injunction against Bose to stop their “wholesale disregard” for customers’ privacy rights.  An article discussed the lawsuit filed by Kyle Zak, who was shocked when he found out that Bose was retaining his information to sell to third parties.  The complaint alleges that a person’s choices in the music they listen to provides “an incredible amount of insight” into their private lives.  While Zak is seeking millions of dollars in damages, he and his attorney say this is a problem the public should be very concerned about. The full article can be read here.
Share:

Tags:

Cyber Round Up: Russia’s ‘Electronic Bomb’; FOIA and Government Encryption; Cyber Policy and Geography

  • Russia claims in can wipe out US Navy with single ‘electronic bomb’ (Fox News):  While most attention surrounding Russia’s cyber capabilities over the last year has focused on meddling in the 2016 election, a report earlier said their capabilities are much greater.   The article says that the report comes from a state controlled media source in Russia but alleges that their signal jamming could cripple the U.S. Navy in one fell swoop.  The report claims that Russians have accomplished this once many years ago in the Black Sea.  The article notes that this information was released shortly after President Trump sent more ships to the Korean Peninsula. The full article can be read here.
  • Suing to See the Feds’ Encrypted Messages? Good Luck (Wired):  The increased privacy protections that encrypted messaging offers the average American may cut the other way, a recent article suggests.  The conservative group Judicial Watch, the article says, is suing the EPA under the Freedom of Information Act to compel the agency to hand over employee messages sent via encrypted messaging app Signal.  The problem with the encryption, the author explains, is that deleting the messages from the two endpoints may leave no trace of the messages at all.  The article discusses this specific case and the greater implications that government agencies and employees using encrypted messaging has for transparency. The full piece can be found here.
  • Feds face big obstacle in cyber efforts: Geography (The Hill):  Geography frequently presents itself as a cyber challenge in the form of transcending legal jurisdictions.  It also has other implications, a recent article says, including logistical challenges as the nation’s biggest and best tech experts do not live in Washington, D.C.  Instead, they are located in California, Texas, and Massachusetts, and are not interested in moving to Washington, D.C to work for the government.  The article suggests that one potential solution to the nation’s many cyber challenges is to meet these experts on their own turf in order to gain the benefit of their services.  The full article can be found here.

Share:

Tags:

Cyber Round Up: U.S. May Have Thwarted N. Korean Missile Launch; Moving Beyond ‘Patch and Pray’; Army Reserves Focusing on Cyber Skills

  • North Korea’s unsuccessful missile launch ‘may have been thwarted by US cyber attack’ (Telegraph):  North Korea’s latest failed missile launch may have had some help from the United States, a recent article says. The report quotes a former British official as stating that there is “strong belief” that the United States interfered through cyber methods to cripple the test launch. The article discusses recent tensions with North Korea in depth, but notes that President Obama called for increased cyber capabilities to defend against missiles in 2014. The full article can be read here.

  • Moving Beyond ‘Patch and Pray’ Cybersecurity (WND):  One U.S. military agency may be paving the way for a fundamental shift in cyber security policy. A recent article says that the Defense Advanced Researchs Projects Agency (DARPA), which heads U.S. efforts to develop the most cutting edge technologies and weapons, has begun a new program. The old method involved simply hoping that we found our own vulnerabilities before our adversaries did and then eliminating those weaknesses.  These weaknesses are a result entirely due to software.  The new program focuses on eliminating vulnerabilities at the hardware level. The full report and description of the new program can be found here.
  • Army Taps Reservists With Cyber Skills to Fight IS Militants (Fortune):  It is no secret that the Islamic State has had great success to due to its online presence. According to a recent report, the U.S. Army is responding in kind and is relying on reservists with cyber expertise.  The article cites a conversation with one Major who remained nameless and his daily contribution to disrupting the Islamic State’s mission through cyber means.  The article explains that the Army needs more civilians with digital forensics, math crypto-analysis, and coding skills.  The full piece can be read here.

Share:

Tags:

Next Page »

Authors

Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Christopher w. FolkChristopher W. Folk

is a second year student at SU College of Law. Christopher is a non-traditional student, returning to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering and in addition to being a full-time student, Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Ryan D. White

Ryan D. WhiteRyan is currently a second year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic.Full biography

Anna Maria Castillo

is a third year law student at Syracuse College of Law. She is also pursuing a Master of Arts in International Relations at Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She currently serves as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington. Full biography

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography

Categories