Category: Cyber Security CII sector

Cyber Security CII sector

NSA, CISA: How Cyber Actors Compromise OT/ICS and How to Defend Against It

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) published a Cybersecurity Advisory that highlights the steps malicious actors have commonly followed to compromise operational technology (OT)/industrial control system (ICS) assets and provides recommendations on how to defend against them.

“Control System Defense: Know the Opponent” notes the increasing threats to OT and ICS assets that operate, control, and monitor day-to-day critical infrastructure and industrial processes. OT/ICS designs are publicly available, as are a wealth of tools to exploit IT and OT systems.

Cyber actors, including advanced persistent threat (APT) groups, have targeted OT/ICS systems in recent years to achieve political gains, economic advantages, and possibly to execute destructive effects. Recently, they’ve developed tools for scanning, compromising, and controlling targeted OT devices.

“Owners and operators of these systems need to fully understand the threats coming from state-sponsored actors and cybercriminals to best defend against them,” said Michael Dransfield, NSA Control Systems Defense Expert. “We’re exposing the malicious actors’ playbook so that we can harden our systems and prevent their next attempt.”

This joint Cybersecurity Advisory builds on previous NSA and CISA guidance to stop malicious ICS activity and reduce OT exposure. Noting that traditional approaches to securing OT/ICS do not adequately address threats to these systems, NSA and CISA examine the tactics, techniques, and procedures cyber actors employ so that owners and operators can prioritize hardening actions for OT/ICS.

Defenders should employ the mitigations listed in this advisory to limit unauthorized access, lock down tools and data flows, and deny malicious actors from achieving their desired effects.

Leave a comment , , ,

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT) activity observed on a Defense Industrial Base (DIB) Sector organization’s enterprise network. ATP actors used the open-source toolkit, Impacket, to gain a foothold within the environment and data exfiltration tool, CovalentStealer, to steal the victim’s sensitive data.

Joint Cybersecurity Advisory AA22-277A provides the APT actors tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs). CISA, FBI, and NSA recommend DIB sector and other critical infrastructure organizations implement the mitigations in this CSA to ensure they are managing and reducing the impact of APT cyber threats to their networks.

Leave a comment ,

UNOCT launches five new thematic guides on Protecting Vulnerable Targets Against Terrorist Attacks

Agency News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

The United Nations Office of Counter-Terrorism (UNOCT) hosted a high-level virtual event to launch five new specialized guides (modules) dedicated to the protection of particularly vulnerable targets against terrorist attacks, on 6 September 2022. “Vulnerable targets” refers to public places (e.g. tourist venues, urban centers, religious sites) or critical infrastructure (e.g. public transportation systems, energy sector) which are easily accessible and relatively unprotected, and therefore vulnerable to terrorist attacks.

The online launch event was opened by the Under-Secretary-General of the United Nations Office of Counter-Terrorism (UNOCT), Mr. Vladimir Voronkov, along with the Permanent Representative of Qatar to the United Nations, H.E. Ambassador Alya Ahmed Saif Al-Thani; Acting Executive Director of the United Nations Counter-Terrorism Committee Executive Directorate (CTED), Mr. Weixiong Chen; Director of the United Nations Interregional Crime and Justice Institute (UNICRI) Ms. Antonia Marie De Meo; and Chief of Cabinet of the Under-Secretary-General of the United Nations Alliance of Civilizations (UNAOC), Ms. Nihal Saad.

The participants included decision-makers, practitioners and experts on vulnerable targets protection from Member States, international and regional organizations, the private sector, civil society and academia, including members of the United Nations Global Expert Network to Protect Vulnerable Targets against Terrorist Attacks.

The high-level opening was streamed live via UN WebTV. It will be followed by an expert session, during which Member States will share experiences, good practices and tools related to the themes of the five modules:

1. The protection of “soft" targets;
2. The protection of touristic sites;
3. The protection of religious sites and places of worship;
4. The protection of urban centres; and
5. Threats posed by unmanned aircraft systems (UAS) to vulnerable targets.

The 5 modules are published in Arabic, English, French and Russian and are presented by the United Nations Global Programme on Countering Terrorist Threats Against Vulnerable Targets, which is led by UNOCT and jointly implemented with CTED, UNICRI and UNAOC.

The new guides present the knowledge and resources and lessons learned identified during the three Expert Group Meetings held by UNOCT with partners CTED, UNAOC and UNICRI in 2021. They also complement the 2018 United Nations Compendium of Good Practices on the Protection of Critical Infrastructure (CIP) against Terrorist AttacksPDF by focusing on public places/"soft" targets as distinct types of sites worthy of a dedicated security approach. The guides feature specific case studies, good practices and recommended tools from around the world to support both the public and private sectors to further strengthen the safety and security of their public places, keeping them open and accessible and promoting shared responsibility.

Leave a comment , , , ,

CISA Releases New Insight on Preparing Critical Infrastructure for the Transition to Post-Quantum Cryptography

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) released a new CISA Insight, Preparing Critical Infrastructure for Post-Quantum Cryptography, which provides critical infrastructure and government network owners and operators an overview of the potential impacts from quantum computing to National Critical Functions (NCFs) and the recommended actions they should take now to begin preparing for the transition.

While quantum computing promises greater computing speed and power, it also poses new risks to critical infrastructure systems across the 55 NCFs. This CISA Insight incorporates findings from an assessment conducted on quantum vulnerabilities to the NCFs to understand the urgent vulnerabilities and NCFs that are most important to address first and the three NCF areas to prioritize for public-private engagement and collaboration.

“While post-quantum computing is expected to produce significant benefits, we must take action now to manage potential risks, including the ability to break public key encryption that U.S. networks rely on to secure sensitive information,” said Mona Harrington, acting Assistant Director National Risk Management Center, CISA. “Critical infrastructure and government leaders must be proactive and begin preparing for the transition to post-quantum cryptography now.”

In March 2021, Secretary of Homeland Security Alejandro N. Mayorkas outlined his vision for cybersecurity resilience and identified the transition to post-quantum encryption as a priority.

To ensure a smooth and efficient transition, CISA encourages all critical infrastructure owners to follow the Post-Quantum Cryptography Roadmap along with the guidance in this CISA Insight. The roadmap includes actionable steps organizations should take, such as conducting an inventory of their current cryptographic technologies, creating acquisition policies regarding post-quantum cryptography, and educating their organization’s workforce about the upcoming transition.

Leave a comment , ,

Police Committee Initiates Process to Consider the Critical Infrastructure Protection Act Regulations

Cyber Security CII sector, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector, Water sector

The Portfolio Committee on Police in South Africa has resolved to allow the Civilian Secretariat for Police Service (CSPS) to table part of the regulations of the Critical Infrastructure Protection Act (CIPA) 2019, which deals directly with the functions of the Critical Infrastructure Council to enable the council to start performing its functions immediately. The committee today met the Ministry of Police and representatives of the CSPS.

The committee has urged the CSPS to move with speed to table the regulations to ensure that Parliament completes the process of considering them. “We have raised a concern that the committee undertook an extensive process of interviews for the council in 2021 and to date, the Council has not been able to move and implement their mandate. This is the reason we will move with speed to consider the regulations and ensure the effectiveness of the Council,” said Ms Tina Joemat-Pettersson, the Chairperson of the committee.

Meanwhile, the committee deliberated on various issues affecting policing, including crime statistics, morale within the South African Police Service (SAPS), the increase in illegal mining, and challenges with gender-based violence. As a result, the committee agreed on the need for a two-day session, where the Minister of Police together with the National Commissioner and senior leadership of the SAPS outline strategies to remedy these concerns. The session’s intentions are to work together to find solutions to the crime challenge facing the country in order to create a safe environment that fosters socio-economic development.

Leave a comment ,

Australian Government Invites Feedback on Critical Technologies

Cyber Security CII sector, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Space Sector, Telecomms sector, Transport sector

The Australian Federal Government will begin consulting businesses, researchers and the community at large to identify critical technologies of national importance.

The List of Critical Technologies in the National Interest will clarify technologies the government considers to be vital to present and future demands.

The 2022 List of Critical Technologies in the National Interest will build on the 2021 List, which featured 63 technologies across seven categories including:

- Advanced materials and manufacturing
- AI, computing and communications
- Biotechnology, gene technology and vaccines
- Energy and environment
- Quantum; Sensing, timing and navigation
- Transportation, robotics and space

The consultation will run until Friday 30 September.

Federal Minister for Industry and Science, Ed Husic, said it is vital for Australia’s continued and future prosperity that emerging and critical technologies are promoted and protected.

“We know the development of critical technologies present enormous potential opportunities as well as risks for Australians,” Mr Husic said.

“It is vital we understand and send a clear signal about what technologies we should be focusing on and where our strengths lie – and that is exactly what this consultation is all about.”

The Federal Government has promised to invest $1 billion into critical technologies through its National Reconstruction Fund and will aim to reach 1.2 million tech industry jobs by 2030.

“This work is also part of our goal to reach 1.2 million tech jobs by 2030, as well as securing our supply chains and promoting Australia as a secure destination of excellence for investment, development and adoption of critical technologies,” Mr Husic said.

“The Government is also investing $1 billion in critical technologies as part of the National Reconstruction Fund, to build our strategic capability and power the economic growth we need to create jobs.”

Leave a comment ,

Australia releases Critical Infrastructure Protection Act 2022

Agency News, Cyber Security CII sector

The Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) came into effect on 2 April 2022.

The SLACIP Act amends the Security of Critical Infrastructure Act 2018 (SOCI Act) to introduce the following key measures

- A new obligation for responsible entities to create and maintain a critical infrastructure risk management program, and
- A new framework for enhanced cyber security obligations required for operators of systems of national significance (Australia’s most important critical infrastructure assets – SoNS)

The reforms in the SLACIP Act seek to make risk management, preparedness, prevention and resilience, business as usual for the owners and operators of critical infrastructure assets and to improve information exchange between industry and government to build a more comprehensive understanding of threats. These reforms will give Australians reassurance that our essential services are resilient and protected.

The Department recognises that engagement and education will be crucial to the success of these reforms and is committed to working with entities to ensure these reforms are understood and can be practically implemented.

 

Leave a comment

US to Strengthen Public and Private Sector Cybersecurity

Agency News, Cyber Security CII sector

Package Includes His Bipartisan Bills to Protect Critical Infrastructure and Federal Networks, and Ensure Government Can Safely Adopt Cloud Technology

U.S. Senator Gary Peters (MI), Chairman of the Senate Homeland Security and Governmental Affairs Committee, introduced a landmark legislative package that would significantly enhance our nation’s ability to combat ongoing cybersecurity threats against our critical infrastructure and the federal government – particularly in the face of potential cyber-attacks sponsored by the Russian government in retaliation for U.S. support in Ukraine. The legislation combines language from three bills Peters authored and advanced out of his committee – the Cyber Incident Reporting Act, the Federal Information Security Modernization Act of 2021, and the Federal Secure Cloud Improvement and Jobs Act. The combined bill, known as the Strengthening American Cybersecurity Act, would require critical infrastructure owners and operators and civilian federal agencies to report to the Cybersecurity and Infrastructure Security Agency (CISA) if they experience a substantial cyber-attack. It would also require critical infrastructure owners and operators to report ransomware payments to CISA, modernize the government’s cybersecurity posture, and authorize the Federal Risk and Authorization Management Program (FedRAMP) to ensure federal agencies can quickly and securely adopt cloud-based technologies that improve government operations and efficiency.

“Cyber-attacks against federal networks and critical infrastructure companies – including oil pipelines, meatpacking centers, and wastewater treatment plants – have disrupted lives and livelihoods across the country. That is why, for months, I have been leading efforts to fight back against cybercriminals and foreign adversaries who launch these incessant attacks,” said Senator Peters. “It is clear that, as our nation continues to counter cyber threats and support Ukraine, we need to pass this legislation to provide additional tools to address possible cyber-attacks from adversaries, including the Russian government. This landmark, bipartisan legislative package will provide our lead cybersecurity agency, CISA, with the information and tools needed to warn of potential cybersecurity threats to critical infrastructure, prepare for widespread impacts, coordinate the government’s efforts, and help victims respond to and recover from online breaches. Our efforts will significantly bolster and modernize federal cybersecurity as new, serious software vulnerabilities continue to be discovered, such as the one in log4j. This combined bill will also ensure that agencies can procure cloud-based technology quickly, while ensuring these systems, and the information they store, are secure.”

Last year, hackers breached the network of a major oil pipeline forcing the company to shut down over 5,500 miles of pipeline – leading to increased prices and gas shortages for communities across the East Coast. Last summer, the world’s largest beef supplier was hit by a cyber-attack, prompting shutdowns at company plants and threatening meat supplies all across the nation. As these kinds of attacks continue to rise, Peters’ legislation would help ensure critical infrastructure entities such as banks, electric grids, water networks, and transportation systems are able to quickly recover and provide essential services to the American people in the event of network breaches.

The Strengthening American Cybersecurity Act would require critical infrastructure owners and operators to report to CISA within 72 hours if they are experiencing a substantial cyber-attack, and within 24 hours if they make a ransomware payment. Additionally, the package would update current federal government cybersecurity laws to improve coordination between federal agencies, require the government to take a risk-based approach to cybersecurity, as well as require all civilian agencies to report all cyber-attacks to CISA, and update the threshold for agencies to report cyber incidents to Congress. It also provides additional authorities to CISA to ensure they are the lead federal agency in charge of responding to cybersecurity incidents on federal civilian networks. Finally, the package would authorize FedRAMP for five years to ensure federal agencies are able to quickly and securely adopt cloud-based technologies that improve government efficiency and save taxpayer dollars.

Leave a comment ,

CISA, FBI and Treasury Release Advisory on North Korean State-Sponsored Cyber Actors Use of Maui Ransomware

Agency News, Cyber Security CII sector

Healthcare and Other Sectors Provided with Proactive Steps to Detect and Reduce Risk

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of the Treasury (Treasury) today released a joint Cybersecurity Advisory (CSA) that provides information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector organizations.

The CSA titled, “North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector,” provides technical details and indicators of compromise (IOC) observed during multiple FBI incident response activities over a period of more than a year and obtained from industry analysis of Maui samples. North Korean state-sponsored actors were observed using Maui ransomware to encrypt HPH servers responsible for providing healthcare services. In some cases, the malicious activity disrupted the services provided by the victim for prolonged periods.

“As the nation’s cyber defense agency, our team works tirelessly in collaboration with partners to publish timely information that can help organizations prevent and build resilience against all cyber threats,” said CISA's Executive Assistant Director for Cybersecurity, Eric Goldstein. “Today’s advisory comes out of our strong partnership with the FBI and Treasury. This malicious activity by North Korean state-sponsored cyber actors against the healthcare and public health sector poses a significant risk to organizations of all sizes.”

"The FBI, along with our federal partners, remains vigilant in the fight against North Korea's malicious cyber threats to our healthcare sector," said FBI Cyber Division Assistant Director Bryan Vorndran. "We are committed to sharing information and mitigation tactics with our private sector partners to assist them in shoring up their defenses and protecting their systems."

“Ransomware victimizes people and businesses, large and small, across America. Treasury has worked closely with CISA and FBI to counter ransomware and protect financial sector critical infrastructure,” said Rahul Prabhakar, Treasury Deputy Assistant Secretary for Cybersecurity and Critical Infrastructure Protection. “This joint advisory on Maui ransomware provides guidance that organizations of all sizes across the country can use to help defend themselves. We will continue to work closely with our partners to push out actionable information on ransomware and other malicious activity as quickly as possible to help individuals and businesses guard against ever-evolving cyber threats.”

The HPH Sector, as well as other critical infrastructure organizations, are urged to review this joint CSA and apply the recommended mitigations to reduce the likelihood of compromise from ransomware operations. The FBI, CISA, and Treasury assess that North Korean state-sponsored actors are likely to continue targeting HPH Sector organizations, because of the assumption that these organizations are willing to pay ransoms to avoid disruption of the critical life and health services they provide. For more information on state-sponsored North Korean malicious cyber activity, see CISA’s North Korea Cyber Threat Overview and Advisories webpage.

The FBI, CISA, and Treasury strongly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanctions risks. In September 2021, Treasury issued an advisory highlighting the sanctions risk associated with ransomware payments and providing steps that can be taken by companies to mitigate the risk of being a victim of ransomware.

Leave a comment , , ,

CISA Releases Second Version of Guidance for Secure Migration to the Cloud

Agency News, Cyber Security CII sector

The Cybersecurity and Infrastructure Security Agency (CISA) published the second version of “Cloud Security Technical Reference Architecture (TRA)” today, which strengthens guidance to fulfill a key mandate under President Biden’s Executive Order (EO) 14028 - "Improving the Nation's Cybersecurity." The Cloud Services TRA is designed to guide agencies’ secure migration to the cloud by defining and clarifying considerations for shared services, cloud migration, and cloud security posture management.

As the Federal Government, along with organizations across sectors, continues to migrate to the cloud, it is paramount that agencies implement measures to protect it. The Cloud Security TRA, co-authored by CISA, the United States Digital Service (USDS), and the Federal Risk and Authorization Management Program (FedRAMP), provides foundational guidance for organization to use public cloud more security and improve the ability of the federal government to identify, detect, protect, respond, and recover from cyber incidents.

“As the nation’s cyber defense agency, CISA works collaboratively with our interagency partners to implement improvements that make our federal civilian agencies more resilient to cyber threats,” said Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA. “The updated Cloud Security TRA is a key step forward for each agency’s transition to the cloud environment. CISA and our partners will continue to provide expert, coherent, and timely guidance to help agencies modernize their networks with sound cybersecurity and resilience to protect against evolving cyber adversaries. While the TRA was developed for federal agencies, all organizations using or migrating to cloud environments should review this document and adopt the practices therein as applicable to most effectively manage organizational risk.”

In consultation with the Office of Management and Budget, the three agencies adjudicated more than 300 public comments received in September 2021. This feedback helped to further strengthen the Cloud Security TRA and fully address a host of considerations for secure cloud migration. A summary of the feedback received, as well as a Response to Comments (RTC), is available in the Response to Comments for Cloud Security Technical Reference Architecture.

Leave a comment , , ,
1 13 14 15 16 17 33