Category: Agency News

Iceland prepares for next-generation cybersecurity

Agency News, Cyber Security CII sector, Industry News
A booming data-centre industry and plans to improve connectivity are amplifying Iceland’s role in the global digital ecosystem.
Experts estimate that Iceland loses nearly USD 72 million (ISK 10 billion) to cybercrime each year – equivalent to roughly 0.3 per cent of the north Atlantic island nation’s gross domestic product.
Bringing together the wide range of institutions and experts that regulate, implement, and maintain cybersecurity systems can be a daunting task.
The GCI measures each country’s level of development and engagement in terms of five dimensions of cybersecurity: legal measures, technical measures, organizational measures, capacity development, and cooperation. The result is aggregated into an overall score and ranked among others worldwide.
In fast-moving fields like cybersecurity important steps related to documentation, coordination, and deliberation are easily neglected. To address this challenge, the Cyber Security Council used the GCI framework to review and revise national cybersecurity priorities, considering the framework in the context of Iceland’s priorities.
At the 2020 ITU Global CyberDrill online events, a series of sessions promoting hands-on exercises for national Computer Incident Response Teams (CIRTs), discussions on current cybersecurity issues and information sharing sessions, Iceland’s Cyber Security Council worked with practitioners from across the island to document the island’s readiness to withstand cyberattacks. Identifying best practices from around the world, the local experts discussed ways to improve their own ecosystem.
Efforts like this helped Iceland boost its GCI performance from 87th to 77th in the global rankings between 2017 and 2018 – and the results of this continued commitment will be revealed in the forthcoming 2020 edition of the Global Cybersecurity Index.
Room to improve
Iceland’s mapping of its cybersecurity progress demonstrates the GCI’s versatility. While such tools are mainly promoted to build capacity in developing countries, similar kinds of engagement can also benefit the most developed.
Technical measures, such as its frameworks for implementing cybersecurity standards, are similarly ripe for improvement. These actions would complement the country’s existing Computer Emergency Response Team (CERT-IS) and the Icelandic National Cybersecurity Strategy.
[Source: ITU]
Leave a comment , ,

NCSC CEO warns that ransomware is key cyber threat

Agency News, Cyber Security CII sector, Industry News
The chief of the UK’s National Cyber Security Centre said ransomware was the key threat facing the UK and urged the public and business to take it seriously.
Speaking virtually to an audience at the Royal United Services Institute (RUSI) Annual Security Lecture, Lindy Cameron warned of the “cumulative effect” of failing to properly deal with the rising threat.
She also revealed the threat faced by think tanks, noting that it is “almost certain” that the primary cyber threat they face is from nation state espionage groups, and it is highly likely that they seek to gain strategic insights into government policy and commercially sensitive information.
The CEO of the NCSC – which is a part of GCHQ – also warned that for the vast majority of UK citizens and organisations, the primary key threat is not state actors but cyber criminals.
She highlighted the importance of building organisational cyber resilience which, in combination with government capabilities and law enforcement action, is the most effective way to counter threats in cyberspace.
Lindy Cameron said:
“For most UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals, and in particular the threat of ransomware.
“While government is uniquely able to disrupt and deter our adversaries, it is network defenders in industry, and the steps that all organisations and citizens are taking that are protecting the UK from attacks, day in, day out.
“The protection they provide is crucial to the digital transformation of the economy, and every organisation, large and small, has a role to play.”
On the recent rise in ransomware attacks, Lindy Cameron noted that the ecosystem is evolving through the Ransomware as a Service (RaaS) model, whereby ransomware variants and commodity listings are available off the shelf for a one-off payment or a share of the profits.
As the RaaS model has become increasingly successful, with criminal groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the down time while their services are offline, the market for ransomware has become increasingly “professional”.
Elsewhere, Lindy Cameron also set out the context of the Integrated Review and forthcoming cyber strategy, highlighting the need to better integrate our security, economic, technical, and diplomatic capabilities in support of shared national objectives.
She outlined how our allies and adversaries alike are betting on cyber, and that the UK needs to continue setting the pace.
Leave a comment , , , ,

eu-LISA to Extend its Portfolio with a New Large-Scale IT System

Agency News, Cyber Security CII sector, Industry News
The Council of the EU approved a general approach on the regulation on cross-border judicial tool e-CODEX, which foresees handing over its operational management to eu-LISA, in order to provide a sustainable, long-term legal framework for the system.
e-CODEX – which aims to improve the efficiency of cross-border communication between European judicial authorities and facilitate access to justice for citizens and businesses – has been developed by a consortium of Member States, who are in charge of its management until 2024.
The draft regulation introduces provisions protecting the independence of the judiciary and details the governance and management structure to be implemented within eu-LISA.
The decision was taken during the Justice and Home Affairs Council meeting taking place 7-8 June 2021. "The COVID-19 pandemic has put the spotlight on the need to, among others, speed up the digitalisation and interoperability of our justice systems. Providing our judicial authorities with a sustainable, secure system to communicate in cross-border procedures is an important step in this direction", said Francisca Van Dunem, Portuguese Minister of Justice, during the segment dedicated to discussing e-CODEX.
As part of eu-LISA's growing role in the justice domain, the Agency is set to take over operational management of the system as of 1 July 2023.
e-CODEX – which stands for "e-Justice Communication via Online Data Exchange" – offers a digital, decentralised infrastructure for secure communication between national systems, facilitating its users (judicial authorities, legal practitioners and citizens) to send and receive documents, legal forms and evidence. The reasoning behind e-CODEX is that access to justice should not be discouraged by the complex variety of the different legal systems across EU Member States.
The transfer of the system to eu-LISA is not an end in itself, as very soon e-CODEX will be ready for further expansion and will require the introduction of new security and interoperability features. As with all new technology, the implementation must occur hand in hand with the respect of fundamental rights, data protection and privacy regulations. eu-LISA will be responsible, among others, for technical development, maintenance, bug fixing, updates and support, as well as development of new features in order to respond to emerging requirements.
Leave a comment , ,

Critical Infrastructure Protection and Resilience North America announce Preliminary Conference Programme for October

Agency News, Association News, Industry News

Download your Preliminary Conference Program guide today at www.ciprna-expo.com/PSG

As the recent Ransomware attacks on Colonial Pipeline, JBS, Dassault Falcon Jet Corp, CNA Financial, and others has demonstrated, as well as the on-going threats from natural hazards/disasters, terrorist attacks and man-made disasters, it is becoming increasingly important for policies and procedures to be implemented to protect our critical infrastructure for a more secure nation.

It gives us great pleasure to invite you to join us at Critical Infrastructure Protection and Resilience North America in New Orleans, Louisiana, for what will be 3 days of exciting and informative discussions on securing North America’s critical infrastructure.

With a leading line up of international expert speakers, sharing their knowledge, expertise and experiences, we know you will find this a most rewarding and enjoyable event and look forward to seeing you in New Orleans, for the next in-person meeting on October 19th-21st, 2021, where we will ensure a safe and Covid compliant environment for discussing how to secure North America's critical infrastructure.

Download your Preliminary Conference Program guide today at www.ciprna-expo.com/PSG and discover more on this premier conference program, expert speakers and showcase exhibiting companies.

Register today and save $$$ on your conference delegate pass with the early bird.
You can register online today at www.ciprna-expo.com/onlinereg

#criticalinfrastructureprotection #resilience #cybersecurity #disasterprevention #riskmanagement #businesscontinuity #government #emergencymanagement #security #infrastructure

Leave a comment , , ,

TSA Could Better Monitor Its Efforts to Reduce Infectious Disease Spread at Checkpoints

Agency News, Industry News, Transport sector
Within TSA, approximately 46,000 TSOs stationed across the nation's commercial airports perform screening and other activities that often require close interaction with passengers. As a result, both passengers and TSOs may be at an increased risk of infection during pandemics such as COVID-19.
The CARES Act included a provision for GAO to conduct monitoring and oversight of the federal government's response to the COVID-19 pandemic. This report identifies 1) what steps TSA has taken to reduce the spread of COVID-19 at passenger screening checkpoints; and 2) how TSA is monitoring TSOs' implementation of amended safety and screening procedures, among other objectives.
GAO analyzed TSA data on TSOs' use of paid leave, reviewed documentation on policies and procedures, and interviewed TSA officials at headquarters and eight U.S. airports. We selected these airports to reflect diversity in the number of COVID-19 cases among TSOs, airport size, and geographic region. In addition, for six of these airports, GAO reviewed closed circuit television footage to observe how TSOs were implementing COVID-19 procedural changes.
To reduce the spread of COVID-19 at passenger checkpoints, Transportation Security Administration (TSA) officials issued amended safety measures to require that Transportation Security Officers (TSOs) use surgical masks and face shields, change gloves after pat-downs, and physically distance themselves from coworkers and passengers as practicable. TSA also adjusted some screening procedures, such as asking passengers to remove more items from carry-on baggage to reduce the potential for alarms that require bag searches. In addition, TSA modified the use of certain checkpoint screening technologies, and granted TSOs additional paid leave. In January 2021, TSA began an employee vaccination program, and is in the process of vaccinating TSA employees, including TSOs.
TSA's monitoring and analysis of its measures to reduce the spread of COVID-19 is limited. For example, supervisors' operational checklists do not specifically include the revised COVID-19 procedures, and the data that TSO monitors collect (e.g., on whether TSOs are properly wearing masks or changing gloves) reflect implementation at a point in time rather than throughout a shift. Conducting more complete monitoring would help TSA ensure that its TSOs are properly implementing COVID-19 procedures. In addition, TSA field leadership analyzes available monitoring data for different subsets of airports to understand how COVID-19 procedures are being implemented. However, TSA headquarters officials said they had no plans at the time of our review to analyze this data across all airports nationwide to identify common implementation problems, such as incorrectly wearing face shields and challenges with maintaining physical distance. Analyzing monitoring data across all airports would help TSA identify and address any system-wide deficiencies in implementing COVID-19 procedures, so that it may better protect its workforce and the traveling public.
Leave a comment ,

CISA Publish Rising Ransomware Threat to Operational Technology Assets Fact Sheet

Agency News, Cyber Security CII sector
CISA has published Rising Ransomware Threat to Operational Technology Assets, a fact sheet for critical infrastructure owners and operators detailing the rising threat of ransomware to operational technology (OT) assets and control systems. The document includes several recommended actions and resources that critical infrastructure entities should implement to reduce the risk of this threat.
The guidance:
- Provides steps to prepare for, mitigate against, and respond to attacks;
- Details how the dependencies between an entity’s IT and OT systems can provide a path for attackers; and
- explains how to reduce the risk of severe business degradation if affected by ransomware
Given the importance of critical infrastructure to national security and America’s way of life, CISA published this fact sheet to help organizations build effective resilience.
Leave a comment , , ,

Italy announced the creation of the national cybersecurity agency

Agency News, Cyber Security CII sector, Industry News
The Italian government has announced the creation of a new agency focused on cybersecurity. Prime Minister Mario Draghi provided its strong commitment to the creation of the agency that is tasked to protect the country and its critical national infrastructure from cyber threats.
The creation of the agency follows warnings by Prime Minister Mario Draghi that Europe needed to protect itself from Russian "interference". The announcements comes after a slew of ransomware attacks in recent months, with recent high profile examples including Colonial Pipeline and JBS.
It will need to "protect national interests and the resilience of services and essential functions of the State from cyber threats," a government statement said. Speaking in Brussels, following a European Union summit, Draghi said urgent action was needed.
"We need to strengthen ourselves a lot, especially in terms of cybersecurity, all of us, at national level and at EU level... because the level of [Russian] interference both with spies and with manipulation of the web has become truly alarming," he said.
The new Italian cybersecurity agency will develop and implement cyber strategies to prevent, monitor, detect and mitigate cyber attacks, and increase the level of cyber security of the country’ infrastructures.
Leave a comment , , ,

ACSC’s Critical Infrastructure Uplift Program (CI-UP) will help to protect Australia’s essential services from cyber threats

Agency News, Cyber Security CII sector, Industry News
The ACSC is calling for ACSC Partners to help pilot the Critical Infrastructure Uplift Program (CI-UP). CI-UP will help protect Australia’s essential services from cyber threats by raising the security levels of critical infrastructure organisations. CI-UP is part of the Australian Signals Directorate’s Cyber Enhanced Situational Awareness and Response (CESAR) package and compliments the Australian Government’s ongoing work to protect critical infrastructure security through proposed amendments to the Security of Critical Infrastructure Act 2018.
CI-UP will build knowledge and expertise for critical infrastructure providers to strengthen their cyber defences. CI-UP has been designed to:
- evaluate critical infrastructure cyber security maturity;
- deliver prioritised vulnerability and risk mitigation recommendations; and
- assist partners to implement the recommended risk mitigation strategies.
Critical infrastructure entities that are ACSC Partners can register their interest via the CI-UP form. Following the pilot, all organisations in the critical infrastructure and systems of national significance sectors, as defined in the Security of Critical Infrastructure Act 2018, can register to participate. If you are not currently an ACSC Partners, and wish to participate in the CI-UP, you will first need to register to become an ACSC Partner through the ACSC Partner Hub.
Leave a comment , ,

NCSC's Early Warning service

Agency News, Cyber Security CII sector, Industry News
Early Warning helps organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.
Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.
Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names you provide, correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal.
Organisations will receive the following high level types of alerts:
- Incident Notifications – This is activity that suggests an active compromise of your system.
For example: A host on your network has most likely been infected with a strain of malware.
- Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
For example: A client on your network has been detected scanning the internet.
- Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
For example: You have a vulnerable application, or you have an exposed Elasticsearch service.
Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls, and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert your organisation about potential attacks on your network.
Full details at www.ncsc.gov.uk/information/early-warning-service
Leave a comment , , ,

Ransomware: What board members should know and what they should be asking their technical experts

Agency News, Cyber Security CII sector, Industry News
Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards.
The impact of a ransomware attack on an organisation can be devastating. So what should board members be doing to ensure that their organisation is prepared for such a ransomware attack, and in the best possible place to respond quickly ?
This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and suggests relevant questions that board members might want to ask their technical experts to help drive greater cyber resilience against these types of attack.
Why should board members concern themselves with ransomware?
Cyber security is a board-level responsibility, and board members should be specifically asking about ransomware as these attacks are becoming both more frequent[1] and more sophisticated.
Ransomware attacks can be massively disruptive to organisations, with victims requiring a significant amount of recovery time to re-enable critical services. These events can also be high profile in nature, with wide public and media interest.
What do board members need to know about ransomware?
Board members don’t need to be able to distinguish their Trickbots and their Ryuks, but knowing the basics of how ransomware works will mean they can have constructive conversations with their technical experts on the subject.
So what do you need to know about ransomware?
- Ransomware is a type of malware that prevents you from accessing your computer (or the data stored on it). Typically, the data is encrypted (so that you can’t use it), but it may also be stolen, or released online.
- Most ransomware we see now is ‘enterprise-wide’. This means it’s not just one user or one machine that is affected but often the whole network. Once they’ve accessed your systems, attackers typically take some time moving around, working out where critical data is saved and how backups are made and stored. Armed with this knowledge the attacker can encrypt the entire network at the most critical moment.
- The attacker will then usually make contact with the victim using an untraceable email address (or an anonymous web page), and demand payment to unlock your computer and/or access your data. Payment is invariably demanded in a cryptocurrency such as Bitcoin and may involve negotiation with the humans behind the ransomware (who have spent time in your organisation’s networks assessing how much you might be willing or able to pay).
- However, even if you do pay the ransom, there is no guarantee that you will get access to your computer, or your files.
- We have also seen cyber criminals threaten to release sensitive data stolen from the network during the attack if the ransom is not paid.
- The government strongly advises against paying ransoms to criminals, including when targeted by ransomware. There are practical reasons for this (see question 4) and also concern that paying ransoms likely encourages cyber criminals to continue such attacks.
Full details at https://www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware
Leave a comment , , ,
1 22 23 24 25 26 37