Category: Agency News

IoT Security: ENISA Publishes Guidelines on Securing the IoT Supply Chain

Agency News, Industry News
The European Union Agency for Cybersecurity (ENISA) is releasing its Guidelines for Securing the IoT – Secure Supply Chain for IoT, which covers the entire Internet of Things (IoT) supply chain – hardware, software and services – and builds on the 2019 Good Practices for Security of IoT - Secure Software Development Lifecycle publication by focusing on the actual processes of the supply chain used to develop IoT products. This report complements the Agency’s seminal study on Baseline Security Recommendations for IoT, a highly cited and referenced work that aims to serve as a reference point for IoT security.
Supply chains are currently facing a broad range of threats, from physical threats to cybersecurity threats. Organisations are becoming more dependent than ever before on third parties. As organisations cannot always control the security measures of their supply chain partners, IoT supply chains have become a weak link for cybersecurity. Today, organisations have less visibility and understanding of how the technology they acquire is developed, integrated and deployed than ever before.
In the context of the development of the Guidelines for Securing the IoT – Secure Supply Chain for IoT, the EU Agency for Cybersecurity has conducted a survey that identifies the existence of untrusted third-party components and vendors, and the vulnerability management of third-party components as the two main threats to the IoT supply chain. The publication analyses the different stages of the development process, explores the most important security considerations, identifies good practices to be taken into account at each stage, and offers readers additional resources from other initiatives, standards and guidelines.
As in most cases pre-prepared products are used to build up an IoT solution, introducing the concept of security by design and security by default is a fundamental building block to protect this emerging technology. The Agency has worked with IoT experts to create specific security guidelines for the whole lifespan of IoT devices. These guidelines to help tackle the complexity of IoT focus on bringing together the key actors in the supply chain to adopt a comprehensive approach to security, leverage existing standards and implement security by design principles.
Leave a comment , ,

UK and partners condemn GRU cyber attacks against Olympic and Paralympic Games

Agency News, Cyber Security CII sector, Industry News
The UK exposed malicious cyber activity from Russia’s GRU military intelligence service against organisations involved in the 2020 Olympic and Paralympic Games before they were postponed.
The activity involved cyber reconnaissance by the GRU targeting officials and organisations involved in the Games, which had been due to take place in Tokyo during the summer.
The incidents were the latest in a campaign of Russian malicious activity against the Olympic and Paralympic Games, with the UK also today revealing details of GRU targeting of the 2018 Winter Olympic and Paralympic Games in Pyeongchang, Republic of Korea.
The National Cyber Security Centre (NCSC), a part of GCHQ, assesses with high confidence that these attacks were carried out by the GRU’s Main Centre for Specialist Technologies (GTsST), also known as Sandworm and VoodooBear.
Details were released after the US Department of Justice announced criminal charges against Russian military intelligence officers working for the GRU’s cyber unit for conducting cyber attacks against the 2018 Winter Games and other cyber attacks.
The Foreign Secretary Dominic Raab has issued a statement making clear that the Russian government cannot act with impunity.
Paul Chichester, the NCSC’s Director of Operations, said:
“We condemn these attacks carried out by the GRU and fully support the criminal charges announced today by the US Department of Justice.
“These attacks have had very real consequences around the world – both to national economies and the everyday lives of people.
“We will continue to work with our allies to ensure that we are the hardest possible target for those that seek to cause disruption and harm in cyberspace.”
In the attacks on the 2018 Games, the GRU’s cyber unit attempted to disguise itself as North Korean and Chinese hackers when it targeted the opening ceremony. It went on to target broadcasters, a ski resort, Olympic officials and sponsors of the games.
The GRU deployed data-deletion malware against the Winter Games IT systems and targeted devices across the Republic of Korea using VPNFilter.
The NCSC assesses that the incident was intended to sabotage the running of the Winter Olympic and Paralympic Games, as the malware was designed to wipe data from and disable computers and networks. Administrators worked to isolate the malware and replace the affected computers, preventing potential disruption.
Leave a comment

EU Agency for Cybersecurity launches ISAC in a BOX Toolkit

Agency News, Cyber Security CII sector, Industry News
The EU Agency for Cybersecurity launched an ISAC in a BOX an comprehensive online toolkit to support the establishment, development and evaluation of Information Sharing and Analysis Centres (ISACs).
European legislation, such as the Cybersecurity Act and the NIS Directive (NISD), promotes the creation of European and National Information Sharing and Analysis Centres (ISACs). ISACs are private public partnerships (PPPs) between stakeholders exposed to similar cybersecurity vulnerabilities and threats and they are usually formed by private sector initiative, in particular operators of essential services of the critical sectors. ISACs collect, analyse and disseminate actionable threat information to their members and provide them with tools to mitigate risks and enhance resilience.
ENISA’s task is to support the creation and development of ISACs and advise them to strengthen their cooperation, build trust and exchange information using tools and mechanisms that are beneficial for all parties. ENISA participates and offers advice and expertise in several European initiatives regarding the development of ISACs through:
- Connecting Europe Facilities (CEF) call for ISACs as a technical advisor;
- Inter-EU ISAC platform as a facilitator;
- European Energy (EE) ISAC as a member;
- European Financial (FI) ISAC as secretariat;
- European Maritime (EM) ISAC as a member;
- European Rail (ER) ISAC as a member.
Objective and description of the toolkit
ENISA developed this comprehensive toolkit, following studies on the ISAC concept, to address the need to facilitate community building and collaboration across ISACs. The toolkit aims at providing practical guidance and the means to empower industry to create new ISACs and to further develop already existing ones.
The main success factors for ISACs are Trust and Sharing. If there is trust, information will be shared and added value will be created - ISAC in a BOX follows the same approach. It is divided in four phases and contains all activities, documents and tools needed to start, develop and evaluate an ISAC. Each phase includes the basic elements that need to be fulfilled to go to the next phase.
- Build phase: It’s all about setting the goals, participants and purpose for the ISAC; agreeing on the budget and the right cooperation mechanisms.
- Run phase: Governance is key to share information through meetings and develop trust and building capacities among the ISAC participants.
- Evaluation phase: Evaluation is an essential part of the ISAC lifecycle which helps to keep it on track, measure its impact and assess its momentum in order to bring it to the next phase.
- Develop phase: Time for action! This phase focuses on enhancing ISAC’s sophistication, its further development and outreach strategies.
Leave a comment

SAFECOM and NCSWIC Address Communications Dependencies on Non-Agency Infrastructure

Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The world of emergency communications can be astoundingly complex, especially as additional capabilities and services become necessary to successfully deploy, maintain, and protect communications systems. Many agencies rely on multiple third-party entities to provide these capabilities, including provisioning of critical system infrastructure, cybersecurity, and other services. For example, agencies readily rely on commercial vendors for subscriber units or on commercial utilities for power supply. An agency and its contracted non-agency entities alike are vulnerable to events that threaten the uptime, continuity of services, operations, or resiliency of communications. Regardless of how unpredictable these events may be, agencies can take steps to be prepared when those disruptive events occur.
Using the depth of experience among their members, SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC) have published a white paper―Public Safety Communications Dependencies on Non-Agency Infrastructure and Services—outlining several techniques to prepare throughout the communications system lifecycle for challenges associated with such dependencies, as shown in the graphic.
Given the potential for disruptive events impacting non-agency partners, public safety stakeholders—including system administrators, public administration officials and decision makers, and other communications personnel—might benefit from understanding the potential complications or obstacles they may face when depending on outside sources for infrastructure or services.
To learn more about this document and other helpful resources, visit cisa.gov/safecom/technology
Author: Ted Lawson, Cybersecurity and Infrastructure Security Agency (CISA), Joint SAFECOM and NCSWIC Technology Policy Committee Federal Lead
Leave a comment

Ransomware Activity Targeting the Healthcare and Public Health Sector

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The advisory references the joint CISA MS-ISAC Ransomware Guide that provides a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.

CISA, FBI, and HHS are sharing this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats. CISA encourages users and administrators to review CISA’s Ransomware webpage for additional information.

Leave a comment

NCSC Update Guidance on Principles for the design and build of in-house Public Key Infrastructure (PKI)

Agency News, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector
A private Public Key Infrastructure (PKI) is used to confirm the identity of users, devices and services hosted or connected to privately owned infrastructure.
This is an essential component of any system that uses a private PKI for authentication, as such it must be designed and built with great care.
This guidance provides a set of high level architectural design principles which can be used to design, scope or review a private PKI architecture.
Fur further details visit NCSC >> 
Leave a comment ,

NCSC welcomes EU cyber sanctions against Russia following attack on Germany’s Parliament

Agency News, Cyber Security CII sector, Industry News
The National Cyber Security Centre – a part of GCHQ – has welcomed EU cyber sanctions against Russia’s GRU following its cyber attack on Germany’s Parliament in 2015.
The sanctions are being brought against two Russian GRU officers and the GRU’s military intelligence unit 26165 – codenamed APT28 and Fancy Bear – who were responsible for the attacks.
The Foreign Secretary has confirmed the UK will enforce asset freezes and travel bans on those involved.
The NCSC, which supported the attribution of the attack to the GRU, welcomed the sanctions and the multinational and joint approach being taken with allies standing in solidarity against the attacks.
NCSC Director of Operations Paul Chichester said:
“We fully support these sanctions, which send a strong message that that there will be consequences for those who target us or our allies in cyberspace.
“We will continue to work closely with our allies to counter malicious cyber activity from the GRU and others who would seek to do us harm.”
Leave a comment

NCSC CNI Hub goes live

Agency News, Cyber Security CII sector, Industry News
Deborah Petterson, Deputy Director of the National Cyber Security Centre in the UK, has introduced a dedicated resource for UK Critical National Infrastructure.
Sometimes, Critical National Infrastructure (CNI) is taken for granted. The feeling seems to be that essential services, like telecoms, water, or energy 'just happen'. That's fine, but this isn't the way it works. It takes a huge effort to keep the water, electricity and information flowing.
The current pandemic has brought national infrastructure into focus.
The industry has been discussing supply chains, transport infrastructure, critical dependencies, and the unwanted attention from our adversaries, on the industries supporting our response to the COVID-19 pandemic.
The NCSC's new CNI Hub, will help support service providers in raising their resilience and defending against cyber attacks.
The new CNI Hub will provide several new features which will be of direct and immediate benefit to those involved with UK CNI:
- highlighted advice and guidance that is particularly relevant to the CNI
- events that will be of interest to CNI
- a new home for the NCSC’s Cyber Assessment Framework, which is a key tool for many UK CNI cyber security regulators
- a new way to view the NCSC’s assured products and services to support regulatory approaches
Leave a comment

North Korean Malicious Cyber Activity

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA),  the Federal Bureau of Investigation (FBI), and the U.S. Cyber Command Cyber National Mission Force (CNMF) identified tactics, techniques, and procedures (TTPs) used by North Korean advanced persistent threat (APT) group Kimsuky to gain intelligence on various topics of interest to the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
Kimsuky is engaged in ongoing cyber operations against worldwide targets to gain intelligence for North Korea, specifically on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions. CISA, FBI, and CNMF recommend individuals and organizations within commercial sector businesses increase their defenses and adopt a heightened state of awareness.
The information contained in the alerts and MARs listed below is the result of analytic efforts between the U.S. Department of Homeland Security, the U.S. Department of Defense, and the Federal Bureau of Investigation to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government. Each MAR includes malware descriptions, suggested response actions, and recommended mitigation techniques.
Users or administrators should flag activity associated with the malware and report the activity to the Cybersecurity and Infrastructure Security Agency (CISA) or the FBI Cyber Watch (CyWatch), and give the activity the highest priority for enhanced mitigation. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.
Leave a comment

NSA Secures 5G Through Partnerships

Agency News, Industry News, Telecomms sector
NSA’s Cybersecurity mission includes working to secure future technologies. As imminently emerging technology, 5G will change the way both military and National Security Systems operate, and NSA is partnering across industry and government, along with standards bodies, to support the construction of a secure network.
5G, or fifth generation network, promises to be a major upgrade from previous generations. New 5G technologies will support many new and exciting use cases. The increase in speed will enable a new generation of innovation and business to flourish.
NSA has partnered with fellow government agencies to support the security of 5G. The Enduring Security Framework (ESF) team has been working with partners at the Department of Homeland Security, the Office of the Director of National Intelligence, the National Security Council, and more. They are partnering with industry to deep dive into threats, standards, cloud, and analytics. Each of these areas will have a dedicated public-private partnership effort to examine the risks associated with their subject matter and pursue technical solutions. The cumulative goal is to jointly improve the ability of the 5G infrastructure to identify and build threat models, detect threats in networks, recover from attacks, and securely leverage the benefits of virtualization.
To secure the full scope of 5G use cases, it is critical that strong cybersecurity practices are incorporated. The recently launched Center for Cybersecurity Standards (CCSS) looks at 5G from a viewpoint of securing NSS and contributing to working groups within standards bodies to secure 5G mobile infrastructure. Through engagements with 3GPP, ATIS, IETF and IEEE, CCSS is raising the bar for security in the 5G ecosystem and making sure secure options exist for use on NSS. As subject matter experts, NSA leverages our legacy in secure cryptography and network security to ensure 5G standards will protect NSS data by working with the carriers to ensure that they are requiring optional security settings.
The impact of 5G technologies will be felt well beyond NSS to include numerous IoT devices transforming our personal and professional lives. These devices are smarter and will use 5G to provide new edge computing capabilities, greatly impacting many parts of our society, including manufacturing (through its impact on robotics and Smart Warehouses), transportation (such as smart cars and the smart infrastructure they rely on), and healthcare (through impacts on tele-health and even remote surgery).
The full evolution to 5G will take time – time to develop the supporting standards, produce the technology, and upgrade the infrastructure across the U.S. and around the world to support the full extent of this technology. Since customers will be using 5G, strengthening U.S. infrastructure is vital to maintaining a military and economic edge.
Leave a comment
1 38 39 40 41 42 44