Category: Agency News

GAO Wants Time Frames to Complete DHS Efforts on Critical Infrastructure Security

Agency News, Cyber Security CII sector, Industry News, Organisation Types, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

Protecting critical infrastructure—like water supplies, electricity grids, and food production—is a national priority. Events like natural disasters or cyberattacks can disrupt services that Americans need for daily life.

Many federal agencies are tasked with protecting the nation's critical infrastructure and look to the Cybersecurity and Infrastructure Security Agency for leadership on how to do it.

A 2021 law expanded these agencies' responsibilities and added some new ones. CISA is working on guidance and more to help agencies implement these responsibilities. We recommended that CISA set timelines for completing this work.

GAO found that the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 expanded and added responsibilities for sector risk management agencies. These agencies engage with their public and private sector partners to promote security and resilience within their designated critical infrastructure sectors. Some officials from these agencies described new activities to address the responsibilities set forth in the act, and many reported having already conducted related activities. For example, the act added risk assessment and emergency preparedness as responsibilities not previously included in a key directive for sector risk management agencies. New activities officials described to address these responsibilities included developing a risk analysis capability and updating emergency preparedness products.

The Department of Homeland Security's (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has identified and undertaken efforts to help sector risk management agencies implement their statutory responsibilities. For example, CISA officials stated they are updating key guidance documents, including the 2013 National Infrastructure Protection Plan and templates for revising sector-specific guidance documents. CISA officials also described efforts underway to improve coordination with sector partners, such as reconvening a leadership council. Sector risk management agency officials for a majority of critical infrastructure sectors reported that additional guidance and improved coordination from CISA would help them implement their statutory responsibilities. However, CISA has not developed milestones and timelines to complete its efforts. Establishing milestones and timelines would help ensure CISA does so in a timely manner.

Why GAO Did This Study

Critical infrastructure provides essential functions––such as supplying water, generating energy, and producing food––that underpin American society. Disruption or destruction of the nation's critical infrastructure could have debilitating effects. CISA is the national coordinator for infrastructure protection.

The William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 includes a provision for GAO to report on the effectiveness of sector risk management agencies in carrying out responsibilities set forth in the act. This report addresses (1) how the act changed agencies' responsibilities, and the actions agencies have reported taking to address them; and (2) the extent to which CISA has identified and undertaken efforts to help agencies implement their responsibilities set forth in the act.

GAO analyzed the act and relevant policy directives, collected written responses from all 16 sectors using a standardized information collection tool, reviewed other DHS documents, and interviewed CISA officials.

Recommendations

The Director of CISA should establish milestones and timelines to complete its efforts to help sector risk management agencies carry out their responsibilities. DHS concurred with the recommendation. Additionally, GAO has made over 80 recommendations which, when fully implemented, could help agencies address their statutory responsibilities.

Recommendations for Executive Action
Agency Affected
Cybersecurity and Infrastructure Security Agency

Recommendation
The Director of CISA should establish milestones and timelines for its efforts to provide guidance and improve coordination and information sharing that would help SRMAs implement their FY21 NDAA responsibilities, and ensure the milestones and timelines are updated through completion. (Recommendation 1)

Actions to satisfy the intent of the recommendation have not been taken or are being planned.

Leave a comment , , , ,

Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory (CSA), Ransomware Attacks on Critical Infrastructure Fund Democratic People’s Republic of Korea (DPRK) Espionage Activities, to warn network defenders of malicious activity targeting U.S. and South Korean Healthcare and Public Health (HPH) Sector organizations as well as other critical infrastructure sectors.

In addition to other tactics, these malicious cyber actors have been exploiting vulnerabilities, such as Log4Shell CVE-2021-44228, SMA100 Apache CVE-2021-20038, and/or TerraMaster OS CVE-2022-24990, to gain access and escalate privileges on victim’s networks. After initial access, DPRK actors use staged payloads with customized malware to perform malicious movements, use various ransomware tools and demand ransom in cryptocurrency.

This advisory is a supplement to a July 2022 joint advisory on North Korean state-sponsored cyber actors using Maui ransomware to target HPH sector.

All organizations are encouraged to review the CSA for complete details on this threat and recommended mitigations, which also includes specific mitigations that HPH organizations should implement. This advisory is available on stopransomware.gov, the USG one-stop resource for advisories on the ransomware threat and available no-cost resources.

Leave a comment , , , , ,

Cybersecurity High-Risk Series: Challenges in Protecting Cyber Critical Infrastructure

Agency News, Cyber Security CII sector, Industry News

Federal systems are vulnerable to cyberattacks. High Risk report identified 10 critical actions for addressing federal cybersecurity challenges.

In this report, the third in a series of four, GAO covers the action related to protecting cyber critical infrastructure—specifically, strengthening the federal role in cybersecurity for critical infrastructure. For example, the Department of Energy needs to address cybersecurity risks to the U.S. power grid.

The GAO made 106 public recommendations in this area since 2010. Nearly 57% of those recommendations had not been implemented as of December 2022.

Strengthen the Federal Role in Protecting Cyber Critical Infrastructure

The U.S. grid’s distribution systems—which carry electricity from transmission systems to consumers and are regulated primarily by states—are increasingly at risk from cyberattacks. Distribution systems are growing more vulnerable, in part because of industrial control systems’ increasing connectivity. As a result, threat actors can use multiple techniques to access those systems and potentially disrupt operations.

Examples of Techniques for Gaining Initial Access to Industrial Control Systems

GAO reported in March 2021 that DOE, as the lead federal agency for the energy sector, developed plans to help combat these threats and implement the national cybersecurity strategy for the grid. However, DOE’s plans do not address distribution systems’ vulnerabilities related to supply chains. By not having plans that address the improvement to grid distribution systems’ cybersecurity, DOE’s plans will likely be of limited use in prioritizing federal support to states and industry.

➢ GAO recommended that, in developing plans to implement the national cybersecurity strategy for the grid, DOE coordinate with DHS, states, and industry to more fully address risks to the grid’s distribution systems from cyberattacks.

The communications sector is an integral component of the U.S. economy and faces serious physical, cyber-related, and human threats that could affect the operations of local, regional, and national level networks, according to CISA and sector stakeholders. In addition to managing federal coordination during incidents impacting the communications sector, CISA shares information with sector stakeholders to enhance their cybersecurity and improve interoperability, situational awareness, and preparedness for responding to and managing incidents.

Examples of Potential Security Threats to the Communications Sector

In November 2021, we reported that CISA had not assessed the effectiveness of its programs and services supporting the security and resilience of the communications sector. By completing such an assessment, CISA would be better positioned to determine which programs and services are most useful or relevant in supporting the sector’s security and resilience. We also reported that CISA had not updated its 2015 Communications Sector-Specific Plan. Developing and issuing a revised plan would help CISA to address emerging threats and risks to the communications sector.

➢ GAO recommended that CISA assess the effectiveness of its programs and services to support the communications sector and, in coordination with public and private communications sector stakeholders, produce a revised Communications Sector-Specific Plan.

Ransomware is a form of malicious software that threat actors use in a multistage attack to encrypt files on a device and render data and systems unusable. These threat actors then demand ransom payments in exchange for restoring access to the locked data and systems.

Four Stages of a Common Ransomware Attack

In September 2022, we reported that CISA, FBI, and Secret Service provide assistance in preventing and responding to ransomware attacks on tribal, state, local, and territorial government organizations. However, the agencies could improve their efforts by fully addressing six of seven key practices for interagency collaboration in their ransomware assistance to state, local, tribal, and territorial governments. For instance, existing interagency collaboration on ransomware assistance to tribal, state, local, and territorial governments was informal and lacked detailed procedures.

➢ GAO recommendeds that DHS and the Department of Justice address identified challenges and incorporate key collaboration practices in delivering services to state, local, tribal, and territorial governments.

GAO have made 106 recommendations in public reports since 2010 with respect to protecting cyber critical infrastructure. Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them. For more information on this report, visit https://www.gao.gov/cybersecurity.

Leave a comment , , , ,

IRC warns damaged infrastructure is hampering critical aid supply to catastrophic disaster as it launches emergency response

Agency News, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

As the full scale of the disaster in Syria and Turkey following the 7.8 magnitude earthquake becomes apparent, the International Rescue Committee (IRC) is warning of catastrophic humanitarian needs in both countries. Unfettered humanitarian access to those affected is now absolutely critical. As humanitarian needs soar during freezing temperatures, in both Turkey and Syria, the IRC is launching an integrated response to affected populations in both countries.

Tanya Evans, Syria Country Director for IRC said:

“The scale of the disaster is catastrophic. We are still in the first 36 hours of one of the largest earthquakes to hit the region this century. Multiple earthquakes and aftershocks yesterday and today have damaged roads, border crossings, and critical infrastructure, severely hampering aid efforts.

“IRC’s main priority is finding safe spaces for our staff to operate from in Gaziantep and across northwest Syria. Many buildings have been severely damaged in the earthquake, including at least one of our field offices in northwest Syria. It is almost impossible to know the full extent of the disaster right now but everything we are hearing from our teams suggests it is truly devastating.

“Electricity across the affected area remains intermittent. In Turkey we have seen improvements since the earthquake but in northern Syria there are still so many areas off the grid. This also includes mobile and internet outages making the response and coordination even more difficult. It is not just electricity and phone lines affected. Gas supplies, for which many rely on to heat their homes, have also been severely impacted meaning that even if people are able to return to their homes they will have to endure freezing temperatures.

“With the response in its infancy the need for humanitarian aid is stark. Roads and infrastructure, like bridges, have been damaged meaning it will likely prove challenging to get supplies to those who need it most. Even before the earthquake, humanitarian access was constrained in northwest Syria, with most aid coming in via one crossing point with Turkey. In this time of increased need it is critical that the levels of aid crossing also increase at pace too.”

The IRC’s response to the earthquake will be in both Turkey and northern Syria, and will include the provision of immediate cash, basic items such as household kits, dignity kits for women and girls and hygiene supplies. Through partners, the IRC will support essential health services in earthquake-affected areas, and set up safe spaces for women and children affected by the crisis.

In light of the catastrophic humanitarian needs emerging, the IRC is calling on the international community to urgently increase critical funding to both Syria and Turkey to ensure that those affected by this emergency get the lifesaving support they need before it is too late.

[image: DENIZ TEKIN/EPA-EFE/Shutterstock]

Leave a comment , , , ,

Cybersecurity High-Risk Series: Challenges in Securing Federal Systems and Information

Agency News, Cyber Security CII sector, Industry News

Federal systems are vulnerable to cyberattacks. Our High Risk report identified 10 critical actions for addressing federal cybersecurity challenges.

In this report, the second in a series of four, we cover the 3 actions related to Securing Federal Systems and Information:

- Improve implementation of government-wide cybersecurity initiatives
- Address weaknesses in federal agency information security programs
- Enhance the federal response to cyber incidents to better protect federal systems and information

GAO has made about 712 recommendations in public reports since 2010 with respect to securing federal systems and information. Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them. For more information on this report, visit https://www.gao.gov/cybersecurity.

Improve Implementation of Government-Wide Cybersecurity Initiatives

Federal law assigned five key cybersecurity responsibilities to the Cybersecurity and Infrastructure Security Agency (CISA), including securing federal information and systems, and coordinating federal efforts to secure and protect against critical infrastructure risk. To implement these responsibilities, CISA undertook an organizational transformation initiative aimed at unifying the agency, improving mission effectiveness, and enhancing the workplace experience. In March 2021, we reported that CISA had only completed 37 of 94 planned implementation tasks. Critical transformation tasks such as finalizing the mission-essential functions of CISA’s divisions and defining incident management roles and responsibilities across the agency had not yet been completed.

- We recommended that CISA establish expected completion dates, plans for developing performance measures, and an overall deadline for the completion of the transformation initiative, as well as develop a strategy for comprehensive workforce planning.

Address Weaknesses in Federal Agency Information Security Programs

To protect federal information and systems, the Federal Information Security Modernization Act of 2014 (FISMA) requires federal agencies to develop, document, and implement information security programs. Congress included a provision in FISMA for GAO to periodically report on agencies’ implementation of the act. In March 2022, we reported on the information security programs of 23 federal civilian agencies, including annually required program reviews to be conducted by agency inspectors general (IG). Among other things, we noted that IGs determined that 16 (or 70 percent) of the 23 agencies had ineffective programs for fiscal year 2020.

We found that OMB’s guidance to IGs on conducting agency evaluations was not always clear, leading to inconsistent application and reporting by IGs. Further, we reported that the binary effective/not effective scale resulted in imprecise ratings that did not clearly distinguish among the differing levels of agencies’ performance. By clarifying its guidance and enhancing its rating scale, OMB could help ensure more a more consistent approach and nuanced picture of agencies’ cybersecurity programs.

- GAO recommended that OMB, in consultation with others, clarify its guidance to IGs and create a more precise overall rating scale.

Enhance the Federal Response to Cyber Incidents

DOD and our nation's defense industrial base (DIB) are dependent on information systems to carry out their operations. These systems continue to be the target of cyberattacks, as demonstrated by over 12,000 cyber incidents DOD has experienced since 2015.

In November 2022, we reported DOD has taken steps to combat these attacks and the number of cyber incidents had declined in recent years. However, we found that the department (1) had not fully implemented its processes for managing cyber incidents, (2) did not have complete data on cyber incidents that staff report, and (3) did not document whether it notifies individuals whose personal data is compromised in a cyber incident.

In addition, according to officials, DOD has not yet decided whether DIB cyber incidents detected by cybersecurity service providers should be shared with all relevant stakeholders. Until DOD examines whether this information should be shared with all relevant parties, opportunities could be lost to identify system threats and improve system weaknesses.

- GAO recommended the Department of Defense improve the sharing of DIB-related cyber incident information and document when affected individuals are notified of a PII breach of their data.

Leave a comment , , ,

NSA, CISA, and MS-ISAC Release Guidance for Securing Remote Monitoring and Management Software

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released the “Protecting Against Malicious Use of Remote Monitoring and Management Software” Cybersecurity Advisory (CSA) today to help network defenders protect against the malicious use of legitimate remote monitoring and management (RMM) software.

RMM software is commonly used by managed service providers (MSPs) and help desks to provide security and/or technical support. The software is intended to enable network management, endpoint monitoring, and remote interaction with hosts for IT-support functions. Malicious use of RMM software allows cybercriminals and advanced persistent threat (APT) actors to bypass anti-virus/anti-malware defenses.

In October, CISA identified a widespread cyber campaign in which cybercriminal actors leveraged RMM software to gain command and control of devices and accounts. Malicious cyber actors could leverage these same techniques to target National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) networks and use legitimate RMM software on both work and home devices and accounts. Other RMM software solutions could be abused to similar effect.

CISA, NSA, and MS-ISAC encourage network defenders to apply mitigations such as the following:

- Audit installed remote access tools to identify RMM software.
- Implement application controls to prevent execution of unauthorized RMM software.
- Use only authorized RMM software on your network over approved remote access solutions, such as VPN or VDI.
- Block both inbound and outbound connections on common RMM ports and protocols.

Read full report at www.media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF

Leave a comment , , , ,

Bitzlato: senior management arrested

Agency News, Cyber Security CII sector, Industry News

An operation led by French and US authorities, and strongly supported by Europol, has targeted the crypto exchange platform Bitzlato. The globally operating Hong Kong-registered cryptocurrency exchange is suspected of facilitating the laundering of large amounts of criminal proceeds and converting them into roubles. Law enforcement authorities took down the digital infrastructure of the service, based in France, and interrogated leading members of the platform’s management. The operation also involved law enforcement and judicial authorities from Belgium, Cyprus, Portugal, Spain and the Netherlands.

Targeting crucial crime facilitators such as crypto exchanges is becoming a key priority in the battle against cybercrime. Bitzlato allowed the rapid conversion of various crypto-assets such as bitcoin, ethereum, litecoin, bitcoin cash, dash, dogecoin and USDT into Russian roubles. It is estimated that the crypto exchange platform has received a total of assets worth EUR 2.1 billion (BTC 119 000).

While the conversions of crypto-assets into fiat currencies is not illegal, investigations into the cybercriminal operators indicated that large volumes of criminal assets were going through the platform. The analysis indicated that about 46 % of the assets exchanged through Bitzlato, worth roughly EUR 1 billion, had links to criminal activities.

Cryptanalysis uncovered that the majority of suspicious transactions are linked to entities sanctioned by the Office of Foreign Assets Control (OFAC), with others linked to cyber scams, money laundering, ransomware and child abuse material. For example, investigations showed that 1.5 million BTC transactions have been made directly between Bitzlato users and the Hydramarket, taken down in April 2022.

This exchange platform, available both in Russian and English language, rented dedicated servers from a hosting company in France. The coordinated action of the judicial and law enforcement authorities from the different involved countries led to the takedown of the platform, seizures of present financial assets, and further technical analysis.

Cryptoanalysis and international coordination to uncover links

During the first phases of the investigative activities, Europol facilitated the information exchange, provided analytical support linking available data to various criminal cases within and outside the EU, and supported the investigation through the analysis of millions of cryptocurrency transactions.

On the action day, Europol deployed 13 of its experts on the spot (10 in France, 1 in Cyprus, 1 in Spain and 1 in Portugal) and supported the deployment of national investigators in other countries taking part in the operational activities. Europol supported the law enforcement authorities involved with coordination related to cryptocurrency analysis, cross checking of operational information against Europol’s databases, and operational analysis. At this moment, already over 3 500 bitcoin addresses and over a 1 000 Bitzlato user details showed links with various criminal cases reported in Europol’s systems. Analysis of this data and other related cases is expected to trigger further investigative activities.

Leave a comment , , , , ,

IOM joins Making Cities Resilient 2030 as supporting entity

Agency News, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector

The International Organization for Migration’s (IOM) Regional Office for the Middle East and North Africa (MENA) has joined the MCR2030 initiative as a supporting entity. MCR2030 is UNDRR’s flagship program, building on the achievement of the Making Cities Resilient Campaign that began in 2010. It welcomes cities, local governments, and all parties who wish to support cities along the resilience roadmap.

The IOM Regional Office for the MENA region has developed the Urban Diagnostic Toolkit to map gaps in migrants’ integration in urban settings, aimed at increasing urban resilience of migrants, refugees, displaced persons, host societies and local governments by strengthening migrants’ social cohesion in the spatial, institutional, economic, climate and resilience city systems.

Increasingly, IOM and UNDRR collaborate across a range of workstreams from high level policy engagement related to the Sendai Framework for DRR’s Midterm Review process, the Global Platform for DRR and Regional DRR Platforms, and more recently on the Early Warning for All Initiative, COP27 and the Center of Excellence for Disaster and Climate Resilience, which IOM recently joined as a member of the Steering Committee. Partnership also extends to technical cooperation on the implementation of the annual workplan of the Senior Leadership Group for DRR for Resilience inclusive of work to mainstream DRR into humanitarian action. IOM is also supporting UNDRR’s leadership on the development and roll out of Risk Information Exchange and the creation of a second-generation disaster loss accounting platform to replace DesInventar. The latter was recently dialogued under the leadership of UNDRR-UNDP-WMO at the Bonn Technical Expert Forum meeting in late November.

This is the beginning of a new collaboration between the two UN agencies. UNDRR warmly welcomes the new MCR partner to work jointly on paving the road for increasing migrants’ resilience in urban contexts.

MRC2030 is a unique cross-stakeholder initiative for improving local resilience through advocacy, sharing knowledge and experiences, establishing mutually reinforcing city-to-city learning networks, injecting technical expertise, connecting multiple layers of government, and building partnerships. Through delivering a clear roadmap to urban resilience, providing tools, access to knowledge, and monitoring and reporting tools, MCR2030 will support cities on their journey to reduce risk and build resilience.

Leave a comment , ,

Partnering to Safeguard K–12 organizations from Cybersecurity Threats

Agency News, Cyber Security CII sector, Industry News

CISA has released 'Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats'. The report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers simple steps school leaders can take to strengthen their cybersecurity efforts.

The report’s findings state that K-12 organizations need resources, simplicity and prioritization to effectively reduce their cybersecurity risk. To address these issues, CISA provides three recommendations in the report to help K-12 leaders build, operate, and maintain resilient cybersecurity programs:

- Invest in the most impactful security measures and build toward a mature cybersecurity plan.
- Recognize and actively address resource constraints.
- Focus on collaboration and information-sharing.

Along with the report, we are providing an online toolkit which aligns resources and materials to each of CISA’s three recommendations along with guidance on how stakeholders can implement each recommendation based on their current needs. To read the full report and to access the toolkit, visit Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats.

Leave a comment , ,

DHS S&T Develops Portable Outdoor Gunshot Detection Technology for Law Enforcement

Agency News, Industry News, Power/Energy/Oil & Gas sector, Transport sector

A new portable Gunshot Detection System can provide critical information about outdoor shooting incidents almost instantaneously to first responders. The system, called SDS Outdoor, was developed in collaboration between the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) and Shooter Detection Systems (SDS) of Rowley, MA.

“Many U.S. gunshot detection technologies are not easily deployed in the field or at temporary locations,” said Dr. Dimitri Kusnezov, DHS Under Secretary for Science and Technology. “This new system can be moved by one or two officers without the need for technicians to transport and set up. This mobile capability will help responders approach gun violence incidents with greater awareness, reducing response times and increasing responder safety.”

The portable system is an enhancement to the current commercial, off-the-shelf Guardian Indoor Active Shooter Detection System. SDS Outdoor uses two factors—the sound and flash of the gunshot—to detect and validate each gunshot, drastically reducing false positives. Most other systems rely principally on sound, which can have higher false positive rates. Moreover, SDS Outdoor can be deployed for temporary events in locations where infrastructure support is not available, such as open-field concerts or pop-up rallies.

Delivery of this mobile system comes after almost two years of development. Prototype testing started in January 2022, and SDS provided a real-time demonstration to a user advisory group in May. It was then tested by S&T’s National Urban Security Technology Laboratory and the First Responder Technology Program team in an Operational Field Assessment at Fort Dix, New Jersey, in November. Feedback from participating law enforcement agencies who participated in the evaluations helped make the system more effective in detecting and alerting responders to gunshots.

“We’ve now transitioned the system to SDS to commercialize the technology and make it available to law enforcement agencies and first responders nationwide,” said Anthony Caracciolo, S&T First Responder Technology program manager. “The new system fills a gap identified by the First Responder Resource Group by extending gunshot detection capabilities to locations that do not support fixed deployments.”

SDS Outdoor also complements other S&T-developed detection and tracking technologies, such as MappedIn Response and Detection of Presence of Life through Walls, giving first responders a more holistic view of what they are dealing with so they can coordinate their responses accordingly.

Leave a comment , ,
1 12 13 14 15 16 44