Category: Agency News

Compromise of U.S. Water Treatment Facility

Agency News, Cyber Security CII sector, Industry News, Water sector
On February 5, 2021, unidentified cyber actors obtained unauthorized access to the supervisory control and data acquisition (SCADA) system at a U.S. drinking water treatment facility. The unidentified actors used the SCADA system’s software to increase the amount of sodium hydroxide, also known as lye, a caustic chemical, as part of the water treatment process. Water treatment plant personnel immediately noticed the change in dosing amounts and corrected the issue before the SCADA system’s software detected the manipulation and alarmed due to the unauthorized change. As a result, the water treatment process remained unaffected and continued to operate as normal. The cyber actors likely accessed the system by exploiting cybersecurity weaknesses, including poor password security, and an outdated operating system. Early information indicates it is possible that a desktop sharing software, such as TeamViewer, may have been used to gain unauthorized access to the system, although this cannot be confirmed at present date. Onsite response to the incident included Pinellas County Sheriff Office (PCSO), U.S. Secret Service (USSS), and the Federal Bureau of Investigation (FBI).
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), the Environmental Protection Agency (EPA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have observed cyber criminals targeting and exploiting desktop sharing software and computer networks running operating systems with end of life status to gain unauthorized access to systems. Desktop sharing software, which has multiple legitimate uses—such as enabling telework, remote technical support, and file transfers—can also be exploited through malicious actors’ use of social engineering tactics and other illicit measures. Windows 7 will become more susceptible to exploitation due to lack of security updates and the discovery of new vulnerabilities. Microsoft and other industry professionals strongly recommend upgrading computer systems to an actively supported operating system. Continuing to use any operating system within an enterprise beyond the end of life status may provide cyber criminals access into computer systems.
Click here for a PDF version of this report.
Technical Details
Desktop Sharing Software
The FBI, CISA, EPA, and MS-ISAC have observed corrupt insiders and outside cyber actors using desktop sharing software to victimize targets in a range of organizations, including those in the critical infrastructure sectors. In addition to adjusting system operations, cyber actors also use the following techniques:
- Use access granted by desktop sharing software to perform fraudulent wire transfers.
- Inject malicious code that allows the cyber actors to
 - Hide desktop sharing software windows,
 - Protect malicious files from being detected, and
 - Control desktop sharing software startup parameters to obfuscate their activity.
- Move laterally across a network to increase the scope of activity.
TeamViewer, a desktop sharing software, is a legitimate popular tool that has been exploited by cyber actors engaged in targeted social engineering attacks, as well as large scale, indiscriminate phishing campaigns. Desktop sharing software can also be used by employees with vindictive and/or larcenous motivations against employers.
Beyond its legitimate uses, when proper security measures aren’t followed, remote access tools may be used to exercise remote control over computer systems and drop files onto victim computers, making it functionally similar to Remote Access Trojans (RATs). TeamViewer’s legitimate use, however, makes anomalous activity less suspicious to end users and system administrators compared to RATs.
Windows 7 End of Life
On January 14, 2020, Microsoft ended support for the Windows 7 operating system, which includes security updates and technical support unless certain customers purchased an Extended Security Update (ESU) plan. The ESU plan is paid per-device and available for Windows 7 Professional and Enterprise versions, with an increasing price the longer a customer continues use. Microsoft will only offer the ESU plan until January 2023. Continued use of Windows 7 increases the risk of cyber actor exploitation of a computer system.
Cyber actors continue to find entry points into legacy Windows operating systems and leverage Remote Desktop Protocol (RDP) exploits. Microsoft released an emergency patch for its older operating systems, including Windows 7, after an information security researcher discovered an RDP vulnerability in May 2019. Since the end of July 2019, malicious RDP activity has increased with the development of a working commercial exploit for the vulnerability. Cyber actors often use misconfigured or improperly secured RDP access controls to conduct cyberattacks. The xDedic Marketplace, taken down by law enforcement in 2019, flourished by compromising RDP vulnerabilities around the world.
Mitigations
General Recommendations
The following cyber hygiene measures may help protect against the aforementioned scheme:
- Update to the latest version of the operating system (e.g., Windows 10).
- Use multiple-factor authentication.
- Use strong passwords to protect Remote Desktop Protocol (RDP) credentials.
- Ensure anti-virus, spam filters, and firewalls are up to date, properly configured, and secure.
- Audit network configurations and isolate computer systems that cannot be updated.
- Audit your network for systems using RDP, closing unused RDP ports, applying multiple-factor authentication wherever possible, and logging RDP login attempts.
- Audit logs for all remote connection protocols.
- Train users to identify and report attempts at social engineering.
- Identify and suspend access of users exhibiting unusual activity.
Water and Wastewater Systems Security Recommendations
The following physical security measures serve as additional protective measures:
- Install independent cyber-physical safety systems. These are systems that physically prevent dangerous conditions from occurring if the control system is compromised by a threat actor.
- Examples of cyber-physical safety system controls include:
 - Size of the chemical pump
 - Size of the chemical reservoir
 - Gearing on valves
 - Pressure switches, etc.
The benefit of these types of controls in the water sector is that smaller systems, with limited cybersecurity capability, can assess their system from a worst-case scenario. The operators can take physical steps to limit the damage. If, for example, cyber actors gain control of a sodium hydroxide pump, they will be unable to raise the pH to dangerous levels.
Remote Control Software Recommendations
For a more secured implementation of TeamViewer software:
- Do not use unattended access features, such as “Start TeamViewer with Windows” and “Grant easy access.”
- Configure TeamViewer service to “manual start,” so that the application and associated background services are stopped when not in use.
- Set random passwords to generate 10-character alphanumeric passwords.
- If using personal passwords, utilize complex rotating passwords of varying lengths. Note: TeamViewer allows users to change connection passwords for each new session. If an end user chooses this option, never save connection passwords as an option as they can be leveraged for persistence.
- When configuring access control for a host, utilize custom settings to tier the access a remote party may attempt to acquire.
- Require remote party to receive confirmation from the host to gain any access other than “view only.” Doing so will ensure that, if an unauthorized party is able to connect via TeamViewer, they will only see a locked screen and will not have keyboard control.
- Utilize the ‘Block and Allow’ list which enables a user to control which other organizational users of TeamViewer may request access to the system. This list can also be used to block users suspected of unauthorized access.
Leave a comment , , ,

Regulating for resilience: Reigniting ICT markets and economies post-COVID-19

Agency News, Cyber Security CII sector, Industry News
As the COVID-19 pandemic continues its relentless spread, governments, regulators, academics, and the global information and communication technology (ICT) community keep rethinking policy and regulatory frameworks to mitigate the effects of the crisis and chart a way out of it.
The 7th Economic Experts Roundtable convened by ITU provided a platform to generate ideas and solutions to render ICT markets an even more important contributor to social and economic resilience in the face of COVID-19.
The current crisis has brought new challenges to the ICT sector. Regulatory frameworks need to be adjusted to stimulate investment while maintaining a moderate level of competition. Markets and consumer benefits are now examined by decision-makers through the lens of financial adversity and uncertain outlooks.
Amid disruption, policy-makers and regulators need evidence-based guidance that provides a solid ground for their reforms.
A new study released at the Roundtable provides fresh insights backed by authoritative data on the evolution of ICT regulation since 2007, the ICT Regulatory Tracker, and a global dataset on ICT markets economics.
The study shows that ICT regulation has had a measurable impact on the growth of global ICT markets over the past decade.
The analysis uses econometric modelling to pinpoint the impact of the regulatory and institutional frameworks on the performance of the ICT sector and its contribution to national economies.
It provides policy-makers and regulators with evidence to advance regulatory reform and address the challenges and gaps in current regulatory frameworks for digital services and applications.
Upgrading regulatory frameworks: What matters?
The new analysis points to regulatory features that can have a multiplier effect on ICT markets and consumer benefits.
• ICT regulation is positively linked with increases in telecommunication investment. An improvement of 10 per cent in the maturity of national ICT regulatory frameworks is associated with an increase of fixed and mobile investment of over 7 per cent. For this to happen, a country needs a separate, autonomous ICT regulator with a broad mandate, promoting competition and adopting best regulatory practices in ICT licencing, service quality monitoring, and spectrum sharing.
• Tax cuts are associated with a significant boost in capital investment, as they increase available financial resources for network deployment. Reducing profit tax by half leads to an increase of fixed and mobile investment of nearly 14 per cent.
• Streamlining government administrative processes is linked to a significant increase in capital investment, highlighting the importance of minimizing time to obtain network deployment permits, handling municipal network construction requirements, and reducing red tape costs. Slashing administrative processing times by half is linked to an increase in fixed and mobile investment of 17 per cent.
A regulatory power boost for mobile
For the mobile sector, open and collaborative regulatory policies appear to have a strong positive impact on investment. In turn, more investment triggers coverage gains and lower consumer prices, boosts ICT adoption and generates growth in national economies around two years after policy adoption.
• A digital agenda is crucial to accelerating innovation and boosting investment. The introduction of a national broadband plan with a strong implementation framework and leadership increases mobile investment and network coverage by some 15 per cent.
• Converged licensing frameworks maximize the financial returns of investments as they provide a flexible policy approach adapted to technological advances. Such frameworks are associated with a 10 per cent increase in mobile investment and network coverage.
• Allowing voluntary spectrum sharing agreements, thereby helping operators to maximize the opportunities to make investments profitable, creates strong incentives for network deployment. Such collaborative regulatory regimes see an 18 per cent increase in mobile investment and network coverage, and price reduction by close to 10 per cent compared to countries where this is not allowed.
• Openness to foreign operators increases access to capital for network development and modernization and enables technology and know-how transfer. An open mobile market can stimulate capital investment with increases of 14 per cent along with network coverage.
Policy-makers are encouraged to use this report as an evidence base underpinned by a deeper understanding of the linkages between regulatory and institutional contexts and ICT market outcomes, and of which policies can lead markets, consumers, and economies out of the current crisis.
[Source: ITU]
Leave a comment , ,

GCHQ and NSA Celebrate 75 Years of Partnership

Agency News, Cyber Security CII sector, Industry News
The United Kingdom Government Communications Headquarters (GCHQ) and the United States National Security Agency (NSA) commemorate their partnership to share intelligence. These intelligence agencies have worked together for nearly a century to strengthen national security. March 5, 2021 marks the 75th anniversary of the formalized agreement to share information between the two agencies as much as possible, with minimal restrictions.
The British USA (BRUSA) Communications Intelligence (COMINT) Agreement, signed on March 5, 1946, was the original document that formalized the relationship. The agreement emerged from U.K. and U.S. specialists recognizing the beneficial results of intelligence sharing during World War II. The BRUSA Agreement was updated and expanded to become the UKUSA Agreement in 1955. This groundbreaking document created the policies and procedures for U.K. and U.S. intelligence professionals for sharing communication, translation, analysis, and code breaking information.
GCHQ and NSA personnel have worked together to address threats across all domains. The diversity of our experts provides better outcomes in analysis and innovative approaches to form solutions.
The UKUSA Agreement became the foundation for our intelligence alliances with Australia, Canada, and New Zealand. When the challenge is global, working with partners around the world is essential. This extraordinary trust and collaboration brings a strategic advantage in our nations’ safety.
The 75th anniversary of the UKUSA Agreement marks the passage of a historic and lasting relationship which enhances the resilience of our nations’ defenses and security of our future.
Leave a comment , ,

Improved Performance Planning Could Strengthen Technology Transfer

Agency News, Industry News, Power/Energy/Oil & Gas sector, Transport sector
A Department of Energy national lab developed a battery that now powers some hybrid and electric cars. But how do new energy technologies get from the lab to the market?
Transferring technologies from the DOE to private companies isn't always easy. Barriers such as the "valley of death"—a gap between the end of public funding and the start of private funding—can stop a transfer.
The Department of Energy (DOE) and its national labs have taken several steps to address potential barriers to technology transfer—the process of providing DOE technologies, knowledge, or expertise to other entities. GAO characterized these barriers as (1) gaps in funding, (2) legal and administrative barriers, and (3) lack of alignment between DOE research and industry needs. For example, the “valley of death” is a gap between the end of public funding and start of private-sector funding. DOE partly addresses this gap with its Technology Commercialization Fund, which provides grants of $100,000 to $1.5 million to DOE researchers to advance promising technologies with private-sector partners. Further, DOE's Energy I-Corps program trains researchers to commercialize new technologies and to identify industry needs and potential customers. However, DOE has not assessed how many and which types of researchers would benefit from such training. Without doing so, DOE will not have the information needed to ensure its training resources target the researchers who would benefit most.
DOE plans and tracks the performance of its technology transfer activities by setting strategic goals and objectives and annually collecting department-wide technology transfer measures, such as the number of patented inventions and licenses. However, the department does not have objective and measurable performance goals to assess progress toward the broader strategic goals and objectives it developed. For example, without a performance goal for the number of DOE researchers involved in technology transfer activities and a measure of such involvement, DOE cannot assess the extent to which it has met its objective to encourage national laboratory personnel to pursue technology transfer activities. Internal control standards for government agencies call for management to define objectives in measurable terms, either qualitative or quantitative, so that performance toward those objectives can be assessed. Moreover, DOE has not aligned the 79 existing measures that it collects with its goals and objectives, nor has it prioritized them. Some lab stakeholders said that collecting and reporting these measures is burdensome. Prior GAO work has found that having a large number of performance measures may risk creating a confusing excess of data that will obscure rather than clarify performance issues.
Leave a comment , , ,

INTERPOL report charts top cyberthreats in Southeast Asia

Agency News, Cyber Security CII sector, Industry News
An INTERPOL report has highlighted the key cybercrime trends and threats confronting the Association of Southeast Asian Nations (ASEAN) region.
INTERPOL’s ASEAN Cyberthreat Assessment 2021 report outlines how cybercrime’s upward trend is set to rise exponentially, with highly organized cybercriminals sharing resources and expertise to their advantage.
It provides strategies for tackling cyberthreats against the context of the pandemic which has seen more people going online using mostly unprotected mobile devices, creating a surge in cybercriminal activities profiting from the theft of personal information and credentials.
The report further describes the essential collaboration on intelligence sharing and expertise between law enforcement agencies and the private sector, facilitated by INTERPOL’s global network.
The INTERPOL’s ASEAN Cybercrime Operations Desk (ASEAN Desk) with the support from law enforcement agencies in the region and INTERPOL’s private sector cybersecurity partners identify the region’s top cyberthreats:
- Business E-mail Compromise campaigns continue to top the chart with businesses suffering major losses, as it is a high-return investment with low cost and risk.
- Phishing. Cybercriminals are exploiting the widespread use of global communications on information related to COVID-19 to deceive unsuspecting victims.
- Ransomware. Cybercrime targeting hospitals, medical centers and public institutions for ransomware attacks has increased rapidly as cybercriminals believe they have a higher chance of success given the medical crisis in many countries.
- E-commerce data interception poses an emerging and imminent threat to online shoppers, undermining trust in online payment systems.
- Crimeware-as-a-Service puts cybercriminal tools and services in the hands of a wider range of threat actors – even non-technical ones, to the extent that anyone can become a cybercriminal with minimal ‘investment’.
- Cyber Scams. With the increase of online transactions and more people working from home, cybercriminals have revised their online scams and phishing schemes, even impersonating government and health authorities to lure victims into providing their personal information and downloading malicious content.
- Cryptojacking continues to be on the radar of cybercriminals as the value of cryptocurrencies increases.
“Cybercrime is constantly evolving. The COVID-19 pandemic has accelerated digital transformation, which has opened new opportunities for cybercriminals,” said Craig Jones, INTERPOL’s Director of Cybercrime.
“Through this report, INTERPOL strives to support member countries in the ASEAN region to take a targeted response against ever-evolving cybercrime threats to protect their digital economies and communities,” added Mr Jones.
Under the mandate of reducing the global impact of cybercrime and protecting communities, the INTERPOL Regional Cybercrime Strategy for ASEAN sets out INTERPOL’s key priorities and principles against cybercrime in the region.
Delivered through INTERPOL’s ASEAN Desk and ASEAN Cyber Capacity Development Project, the strategy is underpinned by four pillars: enhancing cybercrime intelligence for effective responses to cybercrime; strengthening cooperation for joint operations against cybercrime; developing regional capacity and capabilities to combat cybercrime; and promoting good cyber hygiene for a safer cyberspace.
Leave a comment , , ,

DHS S&T Announces $36.5M Funding Opportunity for New Center of Excellence

Agency News, Cyber Security CII sector, Industry News
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced a $36.5 million funding opportunity for a new DHS Center of Excellence (COE), Engineering Secure Environments from Targeted Attacks (ESE).
“Partnering with universities, S&T delivers practical results by developing multidisciplinary, customer-driven solutions while training the next generation of homeland security experts,” said William Bryan, Acting Under Secretary for Science and Technology. “The challenges we face as a nation are complex. In collaboration with our academic partners, DHS is excited to launch a new COE focused on mitigating long-term threats against our nation’s surface transportation and built environments with novel engineering solutions.”
DHS plans to fund the new COE through a cooperative agreement for 10 years for a total of approximately $36.5 million.
The ESE COE will research and develop solutions to support DHS counterterrorism and violent extremism operations. The COE will help DHS continue fostering a culture of “security by design” by providing intentional and flexible architecture solutions to thwart an adaptive adversary. ESE will also advance a skilled workforce of scientists, technologists, engineers and mathematicians who focus on homeland security-related issues.
Technological advancements and their applications are increasingly complex and integrated into everyday processes. As cities grow larger and density increases across people, buildings, and infrastructure, a potential increase in the frequency or severity of targeted attacks from foreign and domestic terrorism is a legitimate concern. ESE will provide academic-led innovation that supports safer, more resilient transportation systems and communities.
DHS is soliciting proposals from multidisciplinary research and education teams, that will work closely with DHS and other subject-matter experts to develop approaches to strengthen the security of crowded spaces and transportation modalities. The teams will need various combinations of academic disciplines, including engineering, data analytics, and mathematics.
The DHS COEs work closely with DHS operating components to research, develop, and transition mission-relevant science and technology, and educate the next generation of homeland security technical experts. ESE will be required to engage with DHS operational components and fully understand the operational environment to help better identify technical and training gaps. Each DHS COE is led by a U.S. college or university and partners with other federally funded research and development centers, academic institutions, the commercial industry, and other federal, state, and local agencies.
Leave a comment , , ,

World’s most dangerous malware EMOTET disrupted through global action

Agency News, Cyber Security CII sector, Industry News
Law enforcement and judicial authorities worldwide have this week disrupted one of the most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action.
This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust. This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
EMOTET has been one of the professional and long lasting cybercrime services out there. First discovered as a banking Trojan in 2014, the malware evolved into the go-to solution for cybercriminals over the years. The EMOTET infrastructure essentially acted as a primary door opener for computer systems on a global scale. Once this unauthorised access was established, these were sold to other top level criminal groups to deploy further illicit activities such as data theft and extortion through ransomware.
Spread via Word documents
The EMOTET group managed to take email as an attack vector to a next level. Through a fully automated process, EMOTET malware was delivered to the victims’ computers via infected e-mail attachments. A variety of different lures were used to trick unsuspecting users into opening these malicious attachments. In the past, EMOTET email campaigns have also been presented as invoices, shipping notices and information about COVID-19.
All these emails contained malicious Word documents, either attached to the email itself or downloadable by clicking on a link within the email. Once a user opened one of these documents, they could be prompted to “enable macros” so that the malicious code hidden in the Word file could run and install EMOTET malware on a victim’s computer.
Attacks for hire
EMOTET was much more than just a malware. What made EMOTET so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomwares, onto a victim’s computer.
This type of attack is called a ‘loader’ operation, and EMOTET is said to be one of the biggest players in the cybercrime world as other malware operators like TrickBot and Ryuk have benefited from it.
Its unique way of infecting networks by spreading the threat laterally after gaining access to just a few devices in the network made it one of the most resilient malware in the wild.
Disruption of EMOTET’s infrastructure
The infrastructure that was used by EMOTET involved several hundreds of servers located across the world, all of these having different functionalities in order to manage the computers of the infected victims, to spread to new ones, to serve other criminal groups, and to ultimately make the network more resilient against takedown attempts.
To severely disrupt the EMOTET infrastructure, law enforcement teamed up together to create an effective operational strategy. It resulted in this week’s action where by law enforcement and judicial authorities gained control of the infrastructure and took it down from the inside. The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure. This is a unique and new approach to effectively disrupt the activities of the facilitators of cybercrime.
How to protect oneself against loaders
Many botnets like EMOTET are polymorphic in nature. This means that the malware changes its code each time it is called up. Since many antivirus programmes scan the computer for known malware codes, a code change may cause difficulties for its detection, allowing the infection to go initially undetected.
A combination of both updated cybersecurity tools (antivirus and operating systems) and cybersecurity awareness is essential to avoid falling victim to sophisticated botnets like EMOTET. Users should carefully check their email and avoid opening messages and especially attachments from unknown senders. If a message seems too good to be true, it likely is and emails that implore a sense of urgency should be avoided at all costs.
As part of the criminal investigation conducted by the Dutch National Police into EMOTET, a database containing e-mail addresses, usernames and passwords stolen by EMOTET was discovered. You can check if your e-mail address has been compromised at www.politie.nl/emocheck. As part of the global remediation strategy, in order to initiate the notification of those affected and the cleaning up of the systems, information was distributed worldwide via the network of so-called Computer Emergency Response Teams (CERTs).
The following authorities took part in this operation:
- Netherlands: National Police (Politie), National Public Prosecution Office (Landelijk Parket)
- Germany: Federal Criminal Police (Bundeskriminalamt), General Public Prosecutor's Office Frankfurt/Main (Generalstaatsanwaltschaft)
- France: National Police (Police Nationale), Judicial Court of Paris (Tribunal Judiciaire de Paris)
- Lithuania: Lithuanian Criminal Police Bureau (Lietuvos kriminalinės policijos biuras), Prosecutor’s General’s Office of Lithuania
- Canada: Royal Canadian Mounted Police
- United States: Federal Bureau of Investigation, U.S. Department of Justice, US Attorney's Office for the Middle District of North Carolina
- United Kingdom: National Crime Agency, Crown Prosecution Service
- Ukraine: National Police of Ukraine (Національна поліція України), Prosecutor General’s Office (Офіс Генерального прокурора)
Leave a comment , , , ,

ENISA release new report and training material to fight cybercrime and improve cooperation

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity releases a new report and training material to support the cooperation among CSIRTs, Law Enforcement Agencies (LEAs) and their interaction with the judiciary.
The publications are designed to help tackle the challenges of this complex multi-stakeholder cooperation. The report, the handbook and the toolset are a set of deliverables complementing each other as follows:
- The report analyses roles, duties, competences, synergies and potential interferences across Computer Security Incident Response Teams (CSIRTs) - in particular, national and governmental ones, LE and judiciary (prosecutors and judges);
- The handbook helps a trainer explain these concepts through different scenarios;
- The toolset consists of exercises meant for trainees based on the handbook’s scenarios.
The report proposes a methodology to analyse the legal and organisational framework defining the roles and duties, the required competencies of CSIRTs and LE. It also identifies synergies and the potential interferences that may occur while engaging in the activities needed to respond to incidents of criminal nature and in fighting cybercrime.
In addition, it presents a detailed analysis focusing on Czechia, France, Germany, Luxembourg, Norway, Portugal, Romania, and Sweden. The methodology proposed can be used for a more comprehensive future analysis covering additional countries as it is based on:
- desk research;
- subject matter expert interviews;
- the segregation of duties (SoD) matrix.
This SoD matrix is also available in the ENISA repositories in GitHub, as well as the documentation on the Reference Security Incident Taxonomy Working Group (RSIT).
The RSIT working group will meet today as part of the 62nd TF-CSIRT Meeting. These are two other examples of the efforts ENISA engages in to contribute to building a bridge between CSIRTs and LE communities.
Main conclusions of the 2020 report on CSIRTs and LE cooperation include:
- The communities already engage in a number of actions meant to:
  - Avoid interferences wherever possible;
  - Create effective partnerships;
  - Use their synergies to support each other.
- However, interferences may still happen in the process of incident handling and cybercrime investigations, mainly because of the difference in purpose and mandate of each of these communities, i.e. incident mitigation (CSIRTs) compared with evidence preservation and criminal prosecution (LE and the judiciary).
- Joint training activities are organised mainly in community pairs, being either CSIRT and LE or LE and the judiciary. Such activities rarely involve the three communities. The joint training activities help the wider development of the competences required to respond to cybercrime.
- Overall, the 2019 pandemic of the COVID-19 virus did not have any significant impact on cooperation and exchanges between the three communities and their ability to function. Interaction even increased in some instances. For example, daily dialogues became more frequent in order to ensure that each community was kept informed as the situation evolved.
The response to cybercrime requires the cooperation of all actors involved. In this response, CSIRTs, LE and the judiciary perform each a different role and seek different objectives. Helping CSIRTs, LE and the judiciary understand their roles, duties and competences reciprocally will allow a closer cooperation while building on synergies and hence avoid possible interferences.
ENISA has been collecting input from the communities and compiling reports to shed light on the different aspects of the cooperation. These efforts are meant to further enhance the cooperation between CSIRTs and LE and their interaction with the judiciary, In addition, the Agency has been developing training material and co-organising the annual ENISA-EC3 workshop on CSIRT-LE Cooperation. The last edition of this event took place on 16 September 2020.
This new report and training material build on the work already completed in the area over the past. It contributed to the implementation of the ENISA programming document 2020-2022. The work conducted by ENISA in this area is planned to continue in 2021.
Leave a comment , , ,

DHS Awards $1.5M to Small Business for First Responder Emergency Alerts Technology Development

Agency News, Health & Social Care, Industry News, Transport sector
As emergency communications technologies adapt to an increasingly interconnected nation, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) today announced it awarded more than $1.5 million to develop an Alerts, Warnings, and Notifications (AWN) Guidance Tool. The program planning app, which will be available through a portal at FEMA's website, is expected to provide customized resources, best practices and program templates to address the most pressing challenges of alert originators, helping public safety agencies at the federal, state, local, tribal and territorial levels disseminate emergency and life-saving information.
“From the devastating wildfires on the West Coast to the very active Atlantic/Caribbean 2020 hurricane season to the ongoing COVID-19 public health emergency, there is a growing need to push actionable information out quickly to the public in order to save lives,” said Antwane Johnson, director of FEMA’s Integrated Public Alert & Warning System (IPAWS) office.
S&T awarded $1,542,113 through its Long-Range Broad Agency Announcement (LRBAA) program to Corner Alliance, Inc., a small business consulting firm based in Washington, D.C. and Boulder, CO. The research and development of this tool is a continuation of S&T’s partnership with FEMA in creating the IPAWS Program Planning Toolkit, aimed at assisting public safety agencies in minimizing alerting delays; planning for future alerts, warnings and notifications enhancements; facilitating interoperability across different technologies; and improving information sharing among emergency management and public safety officials.
“First responders rely on information to make life saving decisions, often with very little time to spare,” noted William Bryan, DHS Senior Official Performing the Duties of the Under Secretary for Science and Technology. “This tool will help public safety agencies respond quickly and decisively during emergencies or catastrophic events, and that allows the greater homeland security enterprise to be more prepared and resilient.”
The documents in the IPAWS Program Planning Toolkit were produced based on recent innovative changes to technology and derived from the collection of successful practices and lessons learned from hundreds of data points from stakeholders, including emergency managers, public information officers, alerting originators and administrators, and alerting experts.
“FEMA and DHS S&T plan to expand the toolkit into an online, user-friendly format that will allow stakeholders to download and print pre-filled planning documents with their information,” said DHS S&T Program Manager Norman Speicher. “Through this development, our team will continue utilizing a stakeholder validation process.”
To learn more about the LRBAA program, please visit https://www.dhs.gov/science-and-technology/st-lrbaa.
Leave a comment , ,

CISA Launches Campaign to Reduce Risk of Ransomeware

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.
Ransomware is increasingly threatening both public and private networks, causing data loss, privacy concerns, and costing billions of dollars a year. These incidents can severely impact business processes and leave organizations without the data they need to operate and deliver mission-critical services. Malicious actors have adjusted their ransomware tactics over time to include pressuring victims for payment by threatening to release stolen data if they refuse to pay and publicly naming and shaming victims as secondary forms of extortion.
“CISA is committed to working with organization at all levels to protect their networks from the threat of ransomware,” said Brandon Wales, Director (Acting) of CISA. “This includes working collaboratively with our public and private sector partners to understand, develop and share timely information about the varied and disruptive ransomware threats. Anyone can be the victim of ransomware, and so everyone should take steps to protect their systems.”
In this campaign, which will have a particular focus on supporting COVID-19 response organizations and K-12 educational institutions, CISA is working to raise awareness about the importance of combating ransomware as part of an organization’s cybersecurity and data protection best practices. Over the next several months, CISA will use its social media platforms to iterate key behaviors or actions with resource links that can help technical and non-technical partners combat ransomware attacks.
CISA established a new one-stop resource at cisa.gov/ransomware. On this page, interested partners will find four categories of ransomware resources:
- Alerts and Statements: Official CISA updates to help stakeholders guard against the ever-evolving ransomware threat environment. These alerts are geared toward system administrators and other technical staff to bolster their organization’s security posture.
- Guides and Services: Tips and best practices for home users, organizations, and technical staff to guard against the growing ransomware threat.
- Fact Sheets and Infographics: Easy-to-use, straightforward information to help organizations and individuals better understand the threats from and the consequences of a ransomware attack.
- Trainings and Webinars: This information provides technical and non-technical audiences, including managers, business leaders, and technical specialists with an organizational perspective and strategic overview.
Many of the resources on this webpage were developed in collaboration with industry and interagency partners, such as:
- CISA and Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide;
- CISA, Federal Bureau of Investigation (FBI), and Department of Health and Human Services (HHS) Joint Cybersecurity Advisory on Ransomware Activity Targeting the Healthcare and Public Health Sector;
- CISA, FBI, DHS Homeland Security Investigations, and U.S. Secret Service recorded video discussion on Trends and Predictions in Ransomware from the 2020 CISA National Cybersecurity Summit.
- CISA Fact Sheet on Cyber Threats to K-12 Remote Learning Education for non-technical educational professionals with contributions from the FBI.
Leave a comment , ,
1 32 33 34 35 36 42