Category: Agency News

CISA Publish Rising Ransomware Threat to Operational Technology Assets Fact Sheet

Agency News, Cyber Security CII sector
CISA has published Rising Ransomware Threat to Operational Technology Assets, a fact sheet for critical infrastructure owners and operators detailing the rising threat of ransomware to operational technology (OT) assets and control systems. The document includes several recommended actions and resources that critical infrastructure entities should implement to reduce the risk of this threat.
The guidance:
- Provides steps to prepare for, mitigate against, and respond to attacks;
- Details how the dependencies between an entity’s IT and OT systems can provide a path for attackers; and
- explains how to reduce the risk of severe business degradation if affected by ransomware
Given the importance of critical infrastructure to national security and America’s way of life, CISA published this fact sheet to help organizations build effective resilience.
Leave a comment , , ,

Italy announced the creation of the national cybersecurity agency

Agency News, Cyber Security CII sector, Industry News
The Italian government has announced the creation of a new agency focused on cybersecurity. Prime Minister Mario Draghi provided its strong commitment to the creation of the agency that is tasked to protect the country and its critical national infrastructure from cyber threats.
The creation of the agency follows warnings by Prime Minister Mario Draghi that Europe needed to protect itself from Russian "interference". The announcements comes after a slew of ransomware attacks in recent months, with recent high profile examples including Colonial Pipeline and JBS.
It will need to "protect national interests and the resilience of services and essential functions of the State from cyber threats," a government statement said. Speaking in Brussels, following a European Union summit, Draghi said urgent action was needed.
"We need to strengthen ourselves a lot, especially in terms of cybersecurity, all of us, at national level and at EU level... because the level of [Russian] interference both with spies and with manipulation of the web has become truly alarming," he said.
The new Italian cybersecurity agency will develop and implement cyber strategies to prevent, monitor, detect and mitigate cyber attacks, and increase the level of cyber security of the country’ infrastructures.
Leave a comment , , ,

ACSC’s Critical Infrastructure Uplift Program (CI-UP) will help to protect Australia’s essential services from cyber threats

Agency News, Cyber Security CII sector, Industry News
The ACSC is calling for ACSC Partners to help pilot the Critical Infrastructure Uplift Program (CI-UP). CI-UP will help protect Australia’s essential services from cyber threats by raising the security levels of critical infrastructure organisations. CI-UP is part of the Australian Signals Directorate’s Cyber Enhanced Situational Awareness and Response (CESAR) package and compliments the Australian Government’s ongoing work to protect critical infrastructure security through proposed amendments to the Security of Critical Infrastructure Act 2018.
CI-UP will build knowledge and expertise for critical infrastructure providers to strengthen their cyber defences. CI-UP has been designed to:
- evaluate critical infrastructure cyber security maturity;
- deliver prioritised vulnerability and risk mitigation recommendations; and
- assist partners to implement the recommended risk mitigation strategies.
Critical infrastructure entities that are ACSC Partners can register their interest via the CI-UP form. Following the pilot, all organisations in the critical infrastructure and systems of national significance sectors, as defined in the Security of Critical Infrastructure Act 2018, can register to participate. If you are not currently an ACSC Partners, and wish to participate in the CI-UP, you will first need to register to become an ACSC Partner through the ACSC Partner Hub.
Leave a comment , ,

NCSC's Early Warning service

Agency News, Cyber Security CII sector, Industry News
Early Warning helps organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.
Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.
Early Warning filters millions of events that the NCSC receives every day and, using the IP and domain names you provide, correlates those which are relevant to your organisation into daily notifications for your nominated contacts via the Early Warning portal.
Organisations will receive the following high level types of alerts:
- Incident Notifications – This is activity that suggests an active compromise of your system.
For example: A host on your network has most likely been infected with a strain of malware.
- Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
For example: A client on your network has been detected scanning the internet.
- Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
For example: You have a vulnerable application, or you have an exposed Elasticsearch service.
Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls, and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert your organisation about potential attacks on your network.
Full details at www.ncsc.gov.uk/information/early-warning-service
Leave a comment , , ,

Ransomware: What board members should know and what they should be asking their technical experts

Agency News, Cyber Security CII sector, Industry News
Ransomware is the subject of this spotlight topic for board members, building on the guidance given in the Cyber Security Toolkit for Boards.
The impact of a ransomware attack on an organisation can be devastating. So what should board members be doing to ensure that their organisation is prepared for such a ransomware attack, and in the best possible place to respond quickly ?
This blog, part of the Cyber Security Toolkit for Boards, explains the basics of ransomware, and suggests relevant questions that board members might want to ask their technical experts to help drive greater cyber resilience against these types of attack.
Why should board members concern themselves with ransomware?
Cyber security is a board-level responsibility, and board members should be specifically asking about ransomware as these attacks are becoming both more frequent[1] and more sophisticated.
Ransomware attacks can be massively disruptive to organisations, with victims requiring a significant amount of recovery time to re-enable critical services. These events can also be high profile in nature, with wide public and media interest.
What do board members need to know about ransomware?
Board members don’t need to be able to distinguish their Trickbots and their Ryuks, but knowing the basics of how ransomware works will mean they can have constructive conversations with their technical experts on the subject.
So what do you need to know about ransomware?
- Ransomware is a type of malware that prevents you from accessing your computer (or the data stored on it). Typically, the data is encrypted (so that you can’t use it), but it may also be stolen, or released online.
- Most ransomware we see now is ‘enterprise-wide’. This means it’s not just one user or one machine that is affected but often the whole network. Once they’ve accessed your systems, attackers typically take some time moving around, working out where critical data is saved and how backups are made and stored. Armed with this knowledge the attacker can encrypt the entire network at the most critical moment.
- The attacker will then usually make contact with the victim using an untraceable email address (or an anonymous web page), and demand payment to unlock your computer and/or access your data. Payment is invariably demanded in a cryptocurrency such as Bitcoin and may involve negotiation with the humans behind the ransomware (who have spent time in your organisation’s networks assessing how much you might be willing or able to pay).
- However, even if you do pay the ransom, there is no guarantee that you will get access to your computer, or your files.
- We have also seen cyber criminals threaten to release sensitive data stolen from the network during the attack if the ransom is not paid.
- The government strongly advises against paying ransoms to criminals, including when targeted by ransomware. There are practical reasons for this (see question 4) and also concern that paying ransoms likely encourages cyber criminals to continue such attacks.
Full details at https://www.ncsc.gov.uk/blog-post/what-board-members-should-know-about-ransomware
Leave a comment , , ,

IAEA Tool for Self-Assessment of National Nuclear and Radiation Safety Infrastructure Now Available Online

Agency News, Industry News, Power/Energy/Oil & Gas sector

The IAEA has launched a web-based version of its self-assessment tool — eSARIS — with additional features and advanced functionalities to support Member States in assessing their nuclear and radiation safety framework, to either strengthen the national regulatory infrastructure or in preparation for an IAEA Integrated Regulatory Review Service (IRRS) mission.

“eSARIS allows multiple users across different organizations in a Member State to work together more effectively, as they can view and edit information simultaneously,” said Teodros Hailu, IAEA Radiation Safety Specialist and eSARIS technical officer. “Users can also use charts to monitor their self-assessment progress and the new tool provides the opportunity of tracking changes made to information provided.”

eSARIS is a new version of the IAEA Self-Assessment of Regulatory Infrastructure for Safety (SARIS). SARIS was originally launched in 2013 and is regularly updated in line with the development of IAEA safety requirements. eSARIS now provides users with easy and secure online access, and acts as a shared online platform for all users within a country.

The SARIS methodology, used by staff of regulatory bodies, technical services provider organizations, facilities using radiation sources and government entities, is based on a structure of questions that promotes the objective evaluation of current safety framework, processes and related activities, and enables Member States to devise a continuous improvement plan for their national safety infrastructure.

Conducting self-assessment using SARIS is a preparatory requirement for IAEA Integrated Regulatory Review Service (IRRS) missions, a peer review service of regulatory framework for Member States to strengthen and enhance the effectiveness of their regulatory infrastructure.

User-friendly features

The new eSARIS was developed in response to feedback from Member States and allows regulatory bodies to modify the scope of their self-assessment. Since it is accessed via the IAEA Nucleus system, existing Nucleus account holders will benefit from single sign-on, while eSARIS also guarantees users a high level of restricted access and security.

Isabel Villanueva Delgado, Head of the General Secretary’s Cabinet at the Spanish Nuclear Safety Council (CSN), who was involved in the development stage of the tool, said: “eSARIS systematically guides on how to implement the self-assessment plan; organize roles and responsibilities; develop an action plan for improvement in line with updated IAEA safety standards; and create a repository of information and evidence, which could prove beneficial in the short and long term.”

Richard Ndi Samba, Director of Regulation and Regulatory Control at the National Radiation Protection Agency (NRPA) in Cameroon and also involved in the development process, added that “the updated tool provides an easy interface to communicate with IAEA technical officers, which allows country counterparts to quickly identify areas of performance improvement.”

eSARIS also includes other components, such as the Integrated Review of Infrastructure for Safety (IRIS) tool, which provides for a comprehensive and targeted self-assessment in line with the IAEA Specific Safety Guide SSG-16 (Rev. 1) on the establishment of a national safety infrastructure for a nuclear power programme.

Leave a comment ,

European Parliamentarians set out to strengthen disaster resilience

Agency News, Industry News, Transport sector, Water sector

The United Nations Office for Disaster Risk Reduction (UNDRR) Regional Office for Europe and UN Special Representative of the Secretary-General for Disaster Risk Reduction, Ms. Mami Mizutori, together with Members of the European Parliament Ms. Sirpa Pietikäinen, Ms. Lídia Pereira and Ms. Monica Silvana Gonzalez, held a discussion on building greater resilience in Europe and beyond.

Members of the European Parliament play a key role in leading the change towards a resilient future in the face of growing climate impacts felt worldwide. This is important as the latest figures show that in the last 20 years both the number of recorded disasters and resulting economic losses almost doubled. The discussion highlighted the urgent need to invest in prevention to save lives and looked at how the EU is actively implementing the Sendai Framework priorities.

MEP Sirpa Pietikäinen highlighted that comparing the cost of investing in disaster risk reduction (DRR) to that of inaction is crucial to understand the importance of investing in prevention. A science-based approach should be adopted when it comes to implementing the Sustainable Development Goals and the Sendai Framework for Disaster Risk Reduction 2015-2030 (Sendai Framework).

MEP Lídia Pereira emphasised that economic growth needs to address climate adaptation and disaster resilience. Infrastructure investments in particular need to be resilient. With the $80 trillion to be invested in infrastructure globally, the investments must go through a robust screening process to ensure they are disaster resilient.

MEP Monica Silvana Gonzalez underlined that people and communities can better resist disasters if the risk of their occurrence and vulnerabilities to impacts are reduced, a point she stresses in her report on the impacts of climate change on vulnerable populations in developing countries. She further noted that a greater commitment to the Sendai Framework is necessary and that it is important to look at how EU resources can be better invested in disaster risk reduction.

MEP Dragoș Pîslaru, from his point of view as rapporteur of the EU recovery instrument to COVID 19 (Recovery and Resilient Facility), reflected that the Sendai Framework is important for recovery policies and noted that it is important to cooperate to make sure we are better prepared in the future.

Ms. Mami Mizutori, UN Special Representative of the Secretary-General for DRR, emphasized that now is the moment when we can put words into action, to build a more resilient future, so that every decision you make in forming policies and investing are risk-informed and have a “think resilience” approach. The participating Members of the European Parliament all expressed support to continue this momentum and work together towards building a more resilient future.

Leave a comment , ,

Large UK organisations offered ten steps to stay ahead of cyber threat

Agency News, Cyber Security CII sector, Industry News

Refreshed 10 Steps to Cyber Security guidance released for cyber security professionals in large and medium sized organisations.

Cyber security professionals at large and medium sized organisations have today been given access to a suite of refreshed guidance to help them stay ahead of current and emerging cyber threats.

The guidance, 10 Steps to Cyber Security, is a collection of advice from the National Cyber Security Centre – a part of GCHQ – that supports CISOs and security professionals keep their company safe by breaking down the task of protecting an organisation into ten components.

It is being unveiled during CYBERUK, a virtual gathering of thought leaders from the cyber security community and hosted by the NCSC.

The 10 Steps to Cyber Security, which were first published in 2012 and are now used by a majority of the FTSE350, have been updated to capture challenges posed by the growth of cloud services, the shift to large-scale home working, and the rise and changing nature of ransomware attacks.

Sarah Lyons, NCSC Deputy Director for Economy and Society, said:

“The cyber threat landscape is constantly evolving and that’s why it’s really important that all businesses understand their cyber risk.

“Our 10 Steps to Cyber Security has been – and continues to be - a fundamental guide for network defenders and this update demonstrates our commitment to securing the UK economy.

“Following our advice will reduce the likelihood of incidents occurring but also minimise impact when they do get through.”

The renewed ten components, all of which consider that home and mobile working is now the default for most large and medium sized organisations, cover:

- Risk management
- Engagement and training
- Asset management
- Architecture and configuration
- Identity and access management
- Vulnerability management
- Data security
- Logging and monitoring
- Incident management
- Supply chain security

The refreshed guidance, which can also be used by charities and public sector organisations, can be used in tandem with the NCSC’s Cyber Security Board Toolkit, which helps frame discussions between technical experts and the Board to ensure that online resilience is a high priority.

Leave a comment ,

British tech startups offered help to keep innovations secure

Agency News, Cyber Security CII sector, Industry News

New guidance from the NCSC and the Centre for the Protection of National Infrastructure (CPNI) to help fledgling technical companies consider key questions around security.

UK startups working on world-leading emerging technology are being offered new guidance to help secure their innovations from a range of security risks.

The guidance from the National Cyber Security Centre (NCSC) – a part of GCHQ – and the Centre for the Protection of National Infrastructure (CPNI) helps fledgling companies working in emerging technologies consider key questions around security.

Launched during the NCSC’s flagship CYBERUK event, the guidance encourages companies to take steps to strengthen their defences against criminals, competitors and hostile state actors.

UK companies working in emerging technologies are likely to be a particularly attractive target to a wide range of actors, including those backed by foreign states seeking technological advancement.

The ‘Secure Innovation’ package of guidance was developed in consultation with emerging technology companies and highlights the importance of laying strong security foundations that can evolve as startups grow, in a cost-effective and proportionate manner.

NCSC Technical Director Dr Ian Levy said:

“The UK has one of the world’s best startup ecosystems, which makes companies working in emerging technologies a target for hostile actors.

“That’s why alongside CPNI we have created bespoke guidance which aims to show these companies what good physical and cyber security looks like and how to implement it.

“Putting good security in place now is a sound investment for these companies, helping lower the risks of future disruption and enhancing their attractiveness to investors.”

The Director of CPNI said:

“UK start-ups and scaleups raised record investment in 2020, closing nearly £11billion in venture-capital funding, despite the obvious challenges. A large part of this success story is how open and engaging UK businesses have always been with their international partners. As new markets continue to emerge, so will the potential threats to companies’ intellectual property and ideas at the hands of hostile states, criminals, and competitors.

“Developed in partnership between CPNI and NCSC and aimed at companies in emerging technology, Secure Innovation provides a holistic approach to all aspects of security, ensuring that good cyber principles are not undermined by physical, and people risks which could threaten the success of a start-up if not managed well from the outset.

“Based on CPNI and NCSC’s technical expertise in protective security, this guidance provides the tools to establish simple, low cost and pragmatic security-minded behaviours from the outset, making protecting their innovation and ingenuity as easy as possible.”

The Secure Innovation guidance, aimed at founders or chief executives of emerging technology startups, explains how security can be integrated into an organisation’s culture and advocates for security focused risk management around supply chains, IT networks, information, people and physical security, cloud computing and more.

Leave a comment , ,

Darkside Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

Agency News, Cyber Security CII sector, Industry News

(Updated May 19, 2021): Click here for a STIX package of indicators of compromise (IOCs).
Note: These IOCs were shared with critical infrastructure partners and network defenders on May 10, 2021. The applications listed in the IOCs were leveraged by the threat actors during the course of a compromise. Some of these applications might appear within an organization's enterprise to support legitimate purposes; however, these applications can be used by threat actors to aid in malicious exploitation of an organization's enterprise. CISA and FBI recommend removing any application not deemed necessary for day-to-day operations.

The Cybersecurity and Information Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting a critical infrastructure (CI) entity—a pipeline company—in the United States. Malicious cyber actors deployed Darkside ransomware against the pipeline company’s information technology (IT) network. At this time, there is no indication that the
entity’s operational technology (OT) networks have been directly affected by the ransomware.

CISA and FBI urge CI asset owners and operators to adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Joint Cybersecurity Advisory, including implementing robust network segmentation between IT and OT networks; regularly testing manual controls; and ensuring that backups are implemented, regularly tested, and isolated from network connections. These mitigations will help CI owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware.

Darkside Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks

(Updated May 19, 2021): Click here for a STIX package of indicators of compromise (IOCs). Note: These IOCs were shared with critical infrastructure partners and network defenders on May 10, 2021. The applications listed in the IOCs were leveraged by the threat actors during the course of a compromise. Some of these applications might appear within an organization's enterprise to support legitimate purposes; however, these applications can be used by threat actors to aid in malicious exploitation of an organization's enterprise. CISA and FBI recommend removing any application not deemed necessary for day-to-day operations.

The Cybersecurity and Information Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are aware of a ransomware attack affecting a critical infrastructure (CI) entity—a pipeline company—in the United States. Malicious cyber actors deployed Darkside ransomware against the pipeline company’s information technology (IT) network. At this time, there is no indication that the
entity’s operational technology (OT) networks have been directly affected by the ransomware.

CISA and FBI urge CI asset owners and operators to adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Joint Cybersecurity Advisory, including implementing robust network segmentation between IT and OT networks; regularly testing manual controls; and ensuring that backups are implemented, regularly tested, and isolated from network connections. These mitigations will help CI owners and operators improve their entity's functional resilience by reducing their vulnerability to ransomware and the risk of severe business degradation if impacted by ransomware.

Mitigations
CISA and FBI urge CI owners and operators to apply the following mitigations to reduce the risk of compromise by ransomware attacks.
- Require multi-factor authentication for remote access to OT and IT networks.
- Enable strong spam filters to prevent phishing emails from reaching end users. Filter emails containing executable files from reaching end users.
- Implement a user training program and simulated attacks for spearphishing to discourage users from visiting malicious websites or opening malicious attachments and reenforce the appropriate user responses to spearphishing emails.
- Filter network traffic to prohibit ingress and egress communications with known malicious IP addresses. Prevent users from accessing malicious websites by implementing URL blocklists and/or allowlists.
- Update software, including operating systems, applications, and firmware on IT network assets, in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to determine which OT network assets and zones should participate in the patch management program.
- Limit access to resources over networks, especially by restricting RDP. After assessing risks, if RDP is deemed operationally necessary, restrict the originating sources and require multi-factor authentication.

Leave a comment , , ,
1 29 30 31 32 33 44