Category: Cyber Security CII sector

Cyber Security CII sector

Guidelines for Cybersecurity in Hospitals: New Online tool

Agency News, Cyber Security CII sector
The new tool helps healthcare organisations identify best practices in order to meet cybersecurity needs when procuring products or services.
To facilitate the use of the Procurement Guidelines for Cybersecurity in Hospitals published in 2020, ENISA releases an online tool today to support the healthcare sector in identifying procurement good practices to meet cybersecurity objectives when procuring products or services.
In addition, the Agency also publishes a concise version of the procurement guidelines dedicated to the sector in each of the 24 EU official languages.
Cybersecurity in Healthcare: why does it matter?
The COVID-19 pandemic demonstrated the value of eHealth services such as telemedicine and remote patient care.
Since it has become increasingly digital and interconnected, the healthcare sector needs to consider cybersecurity as an enabler and as a key factor for ensuring the resilience and availability of key healthcare services.
Cybersecurity needs to be envisaged throughout the procurement lifecycle. IT departments should be involved in procurement activities as the cybersecurity implications in the procurement of any product or service should be well understood and consistently addressed by healthcare organisations.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, declared: “Securing eHealth today means ensuring the resilience of the EU’s life support system, the healthcare sector. ENISA is committed to shape the ICT environment needed to prevent cybersecurity incidents and attacks on our healthcare sector.”
Procurement Guidelines and online tool: What for?
The online tool was developed as a complement to the procurement guidelines for cybersecurity in hospitals. Its purpose is:
- To help healthcare organisations to quickly identify the guidelines that are most relevant to their procurement context such as assets procured or related threats;
- To promote the importance of a good procurement process to ensure appropriate security measures.
To facilitate the dissemination of good practices across all healthcare organisations across the EU, a concise version of the procurement guidelines is now made available in the 22 official EU languages and the full version is available in english and spanish languages.
The report on procurement guidelines has already generated a significant interest in the healthcare cybersecurity community.
Stakeholders in the sector, including members of the eHealth Security Experts Group suggested the idea of an interactive format of the guidelines making it possible to customise searches and help decision making through informed procurement.
The guidelines were translated in order to allow health organisations across Member States to directly access the content in their own language.
Who is it meant for?
- Procurement officers of healthcare organisations;
- Healthcare professionals with technical positions or in charge of IT systems and equipment;
- Chief level executives such as CIO, CISO, CTO;
- The EU citizens involved in or seeking to develop knowledge and awareness on such processes.
Leave a comment , ,

Building Trust in the Digital Era: ENISA boosts the uptake of the eIDAS regulation

Agency News, Cyber Security CII sector, Health & Social Care, Industry News
The European Union Agency for Cybersecurity issues technical guidance and recommendations on Electronic Identification and Trust Services helping Member States to implement the eIDAS regulation.
The European Union Agency for Cybersecurity (ENISA) completed a package of five reports in order to boost the implementation of the eIDAS regulation and promote the uptake of Electronic Identification and Trust Services. This work falls under the scope of the EU Cybersecurity strategy for the Digital Decade.
ENISA has been in the forefront of the developments on eIDAS since 2013 and with the Cybersecurity Act, established in 2019, the Agency has an extended mandate to support and assist the European Commission and the Member States in the area of electronic identification.
In this challenging period, the “EU digital ID scheme for online transactions across Europe” initiative will drive the revision of the eIDAS and will promote digital identities for all Europeans. ENISA in order to support the Commission has undertaken activities to explore the security considerations for trust service providers and remote identity proofing.
Four of the reports on trust services form an update of ENISA’s guidelines for qualified trust service providers. They represent a voluntary toolset designed to help those trust service providers comply with eIDAS. Specifically, they include:
- technical guidance on the security framework for Qualified Trust Service Providers (QTSP) and for the non-Qualified ones;
- security recommendations for Qualified Trust Service Providers based on Standards;
- guidelines on Conformity Assessment of Trust Service Providers.
A fifth report includes an analysis of the methods used to carry out identity proofing remotely and exploring security considerations. Remote identification allows customers to have their identification information collected and validated without the need for physical presence to the premises of the operator. This has become crucial during the COVID-19 pandemic as it allows access to cross-border online services offered by Member States.
Technical Guidelines on Trust Services
ENISA issued the reports in order to update existing recommendations and guidelines issued in 2017 for qualified trust services. The purpose of these reports is therefore to focus on the requirements set by the eIDAS regulation and the emergence of new standards and new TSP services.
The new guidelines are presented in four different reports according to the following topics:
- trust service providers (qualified or not) looking for guidance on how to meet the requirements of the eIDAS Regulation;
- service providers seeking to clarify whether they qualify as a trust service provider according to the provisions under the eIDAS regulation;
- relying parties seeking to evaluate to what extent their trust service provider complies with the eIDAS requirements.
As a result, the set of recommendations include:
- Security Framework for Qualified Trust Service Providers and for Non-Qualified Trust Service Providers. These guidelines consider the greater potential variety encountered in non-qualified trust service providers;
- Security Recommendations for Qualified Trust Service Providers based on Standards, and Guidelines on Conformity Assessment of Trust Service Providers.
These guidelines have been consulted with and validated by experts in the eIDAS field from various sectors.
Leave a comment , , ,

The Bahamas strengthens its cybersecurity capacity

Agency News, Cyber Security CII sector, Industry News
The Bahamas has launched a project with ITU to set up a national Computer Incident Response Team (CIRT) to help protect the small island country’s critical digital infrastructure and data.
The National Cybersecurity Project, started in January and officially launched in February at national level, aims to help assess current Bahamian capabilities in this rapidly evolving field, as well as develop its National Cybersecurity Strategy.
The national CIRT will also support the government in building national cybersecurity expertise, closing human resource gaps, and supporting the elaboration of a cybersecurity framework and policies. Bahamian officials must do all they can “to put mechanisms in place to protect the government’s systems and citizens’ data from exposure to [cyber] attacks,” said the State Minister for Finance, Kwasi Thompson.
Digitizing hundreds of government services
The government’s recent decision to digitize more than 200 public administration services over the next five years has heightened the country’s need for a well-equipped cybersecurity team that can identify, defend, manage, and respond to cyber threats, Thompson added.
“The creation of this National Cybersecurity Strategy will help with review and further implementation of cyber legislation for the protection of citizens and clients,” he said.
Rapid growth in online business transactions – among both government entities and the private sector – makes cybersecurity enhancements paramount. The Bahamas, like other small island developing states in the Caribbean, needs to provide a safe online environment that minimizes any risks associated with online service provision.
The project will also support the development of related national cybersecurity platforms, including a national public key infrastructure (PKI), e-government services (including national identity services), and an access management framework.
ITU’s Telecommunication Development Bureau Director, Doreen Bogdan-Martin, highlighted the project’s region-wide significance. Projects like this one on the Bahamas will strengthen the Caribbean “cybersecurity supply chain” and reinforce international cooperation to combat cyber threats, she said, thanking the Bahamian government for seeking ITU support and expertise.
Building skills and updating tools
Key project objectives include a National CIRT Readiness Assessment, a Cybersecurity Capacity Maturity Model (CMM), a National Cybersecurity Strategy and Action Plan, and all necessary capacity building and service upgrades to activate the national CIRT, said Bruno Ramos, ITU Regional Director for the Americas.
The project is set for full implementation by the end of 2022, with interim steps including six months of ITU support help the CIRT reach maturity.
The national CIRT’s skills and tools will need constant updating, Ramos added. “It is vital to equip the response team with new technologies, deploy additional services, provide technical training, and coordinate and collaborate with other international organizations.”
Leave a comment , , ,

When & How to Report Security Incidents - ENISA releases new guidelines

Agency News, Cyber Security CII sector, Industry News, Telecomms sector
The European Union Agency for Cybersecurity (ENISA) releases new guidelines to facilitate the reporting of security incidents by national telecom security authorities.
The guidelines published help national telecom security authorities in the reporting of significant incidents to ENISA and the European Commission under the European Electronic Communications Code (EECC).
These new guidelines replace the previous ones issued by ENISA on incident reporting under Article 13a of the EU Telecoms Framework Directive. This revised version takes into account the scope and the provisions of the EECC and provides non-binding technical guidance to national authorities supervising security in the electronic communications sector.
The following three types of incident reporting are provided for under article 40 of the EECC:
1. National incident reporting from providers to national security authorities;
2. Ad-hoc incident reporting between national security authorities and ENISA;
3. Annual summary reporting from national security authorities to the European Commission and ENISA.
The new guidelines focus firstly on the ad-hoc incident reporting between the security authorities and ENISA and secondly on the annual summary reporting. More specifically, the document includes information on how and when security authorities can report security incidents to ENISA, to the European Commission and to other security authorities.
The information provided considers the services and incidents within the scope of the EECC - incidents affecting confidentiality, availability, integrity and authenticity of networks and services.  The thresholds needed for the annual reporting are also defined.  These thresholds are both of a quantitative and of a qualitative nature.
The quantitative elements considered include the number of users affected and the duration of the incident. Qualitative information was also used, such as the geographical coverage of the incident and the impact on the economy, on society and on users.
The new guidelines also include an incident report template and draw the distinction between national and annual reporting.
This report was drafted by ENISA in close cooperation with the ECASEC expert group of national telecom security authorities.
Leave a comment , , , ,

ENISA provide statement on Microsoft Exchange vulnerabilities

Agency News, Cyber Security CII sector, Industry News
The EU Agency for Cybersecurity (ENISA) has provided a statement with an assessment and advice on Microsoft Exchange vulnerabilities.
Microsoft released security updates for Microsoft (MS) Exchange server suite. Active exploitation has been observed on-premises running MS Exchange installations.
MS Exchange vulnerabilities once exploited may lead to network compromise, data exfiltration and ransomware attacks. Across the EU, an increasing number of MS Exchange installations have also been found to be the target of malicious attacks.
ENISA published a situation report which provides an assessment as well as advice and mitigation measures. It reports that threat has been assessed as severe and considers these types of attacks probable and of high risk.
The Agency calls on organisations using affected Microsoft Exchange versions to patch the flaws immediately and thoroughly investigate for potential signs of compromise.
At EU level, the EU CSIRTs Network and EU Cyber Crises Liaison Organisation Network (CyCLONe) are monitoring the situation and collecting information at both the technical and operational levels.
Microsoft is updating advisories and guidance while additional technical information and advice are provided by CERT-EU technical advisory.
Leave a comment , , ,

IACIPP and Capitol Sign Agreement to Advance Worldwide Critical Infrastructure Awareness and Knowledge

Association News, Cyber Security CII sector, Telecomms sector, Transport sector, University/Research/Academia sector, Water sector
Capitol Technology University and the International Association of Critical Infrastructure Protection Professionals (IACIPP) signed a Memorandum of Understanding (MOU) to develop a partnership that will extend efforts to improve the training and education of Critical Infrastructure Students and professionals. Both parties recognize a high demand for worldwide cooperation to increase the effectiveness of research, education, and activities in the critical infrastructure field of study. This MOU will facilitate the development of joint seminars, conferences, and training courses.
“As an Association we aim to deliver discussion and innovation— on many of the serious infrastructure, protection, management, and security challenges—facing both industry and governments. The ever changing and evolving nature of threats, whether natural through climate change or man-made through terrorism activities, either physical or cyber, means there is a continual need to review and update policies, practices, training, and technologies to meet these growing and changing demands,” said John Donlon QPM, Chairman IACIPP. “This partnership with Capitol Technology University enables both parties to develop and enhance objectives through education and training.”
A nation’s critical infrastructure provides the essential services that underpin a society. Proactive and coordinated efforts are necessary to strengthen and maintain secure, functioning, and resilient critical infrastructure— including assets, networks, and systems—that are vital to public confidence and a nation’s safety, prosperity, and well-being.
Critical infrastructure must be secure and able to withstand and rapidly recover from all hazards. Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery.
The International Association of Critical Infrastructure Protection Professionals (IACIPP) is an international association of practitioners and professionals involved in the security, resilience and safety of critical infrastructure, both physical and information infrastructure.
The IACIPP is open to critical infrastructure operators and government agencies, including site managers, security officers, government agency officials, policy makers, research & academia. The Association also aims to share ideas, information, experiences, technology and best practices to enhance these objectives.
Capitol Technology University, located in Laurel, Maryland, is an independent institution that has focused on STEM education since 1927. Capitol Tech, the national winner of the 2020 SC Media Award for Best Cybersecurity Higher Education Program, offers hands-on courses taught by industry experts that lead to undergraduate and graduate degrees in emerging fields such as Mechatronics Engineering and Artificial Intelligence.
Leave a comment , , ,

CISA Publish Ransomware Guidance and Resources

Agency News, Cyber Security CII sector, Industry News
Ransomware is an ever-evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. Ransomware actors often target and threaten to sell or leak exfiltrated data or authentication information if the ransom is not paid. In recent years, ransomware incidents have become increasingly prevalent among the Nation’s state, local, tribal, and territorial (SLTT) government entities and critical infrastructure organizations.
Malicious actors continue to adjust and evolve their ransomware tactics over time, and CISA analysts remain vigilant in maintaining awareness of ransomware attacks and associated tactics, techniques, and procedures across the country and around the world: See CISA's Awareness Briefings on Combating Ransomware, Joint Ransomware Statement, and CISA Insights – Ransomware Outbreak.
Looking to learn more about this growing cyber threat? The NEW Ransomware Guide is a great place to start. The Guide, released in September 2020, represents a joint effort between CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The joint Ransomware Guide includes industry best practices and a response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.
In January 2021, CISA unveiled the Reduce the Risk of Ransomware Campaign to raise awareness and instigate actions to combat this ongoing and evolving threat. The campaign is a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate ransomware risk.
Leave a comment , , , ,

New Major Interventions to Block Encrypted Communications of Criminal Networks

Agency News, Cyber Security CII sector, Industry News
Judicial and law enforcement authorities in Belgium, France and the Netherlands have in close cooperation enabled major interventions to block the further use of encrypted communications by large-scale organised crime groups (OCGs), with the support of Europol and Eurojust. The continuous monitoring of the illegal Sky ECC communication service tool by investigators in the three countries involved has provided invaluable insights into hundreds of millions of messages exchanged between criminals. This has resulted in the collection of crucial information on over a hundred of planned large-scale criminal operations, preventing potential life threatening situations and possible victims.
During an action day, a large number of arrests were made, as well as numerous house searches and seizures in Belgium and the Netherlands.  The operation is an essential part of the continuous effort of judiciary and law enforcement in the EU and third countries to disrupt the illegal use of encrypted communications, as was already displayed last year following the successful de-encryption of the EncroChat communication platform.
As of mid-February, authorities have been able to monitor the information flow of approximately 70 000 users of Sky ECC. Many users of EncroChat changed over to the popular Sky ECC platform, after EncroChat was unveiled in 2020.
By successfully unlocking the encryption of Sky ECC, the information acquired will provide insights into criminal  activities in various EU Member States and beyond and will assist in expanding investigations and solving serious and cross-border organised crime for the coming months, possibly years.
Law enforcement in all three countries has been on a continuous stand by during the last month to be able to provide rapid reactions to possible dangerous criminal activities when required. The newly acquired information will now be analysed further
Investigations into the tool started in Belgium, after mobile phones seized during searches showed the use of Sky ECC  by suspects. Worldwide, approximately 170 000 individuals use the tool, which has its own infrastructure and applications and is operated from the United States and Canada, using computer servers based in  Europe. On a global scale, around three million messages are being exchanged each day via Sky ECC. Over 20 percent of the users are based in Belgium and the Netherlands.
Europol has and will continue to provide the authorities of Belgium, Netherlands and other affected countries with tactical, technical and financial support and will be dealing with this important flow of information on criminal activities in order to prevent threats to life and major crimes.
Eurojust has provided advice and support regarding cross-border judicial cooperation and organised 12 coordination meetings to enable this collaboration. The Agency will continue to provide this support and stands ready for further advice and cross-border operational financial support to all Member States and countries involved, to ensure an adequate cross-border judicial cooperation.
Leave a comment , , , ,

CISA Announce Transfer of .gov Top-Level Dommain from US General Services Administration

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA) announced it will begin overseeing the .gov top-level domain (TLD) in April 2021. CISA is working closely with the U.S. General Services Administration, who currently oversees the TLD, to ensure a seamless transition of daily operations for .gov customers.
“Using .gov and increasing trust that government communications are authentic will improve our collective cybersecurity,” said Eric Goldstein, Executive Assistant Director for CISA’s Cybersecurity Division. “People see a .gov website or email address and know they are interacting with an official, U.S.-based government organization. Using .gov also provides security benefits, like two-factor authentication on the .gov registrar and notifications of DNS changes to administrators, over other TLDs. We’ll endeavor to make the TLD more secure for the American public and harder for malicious actors to impersonate.”
.gov is one of the six original TLDs in the internet’s domain name system (DNS). The TLD is actively used by each branch of the federal government, every state in the nation, hundreds of counties and cities, and many tribes and territories as they serve the public on the internet. The DOTGOV Act of 2020 shifted responsibility for managing .gov to CISA as the nation’s civilian cybersecurity agency.
Because the TLD is central to the availability and integrity of thousands of online services relied upon by millions of users, .gov is critical infrastructure for governments throughout the country and all aspects of its administration have cybersecurity significance. Under the actions required by the Act, CISA will work to increase security and decrease complexity for our government partners.
Leave a comment , ,

Police arrest 11 suspects of 'Anonymous Malaysia' hacker group

Cyber Security CII sector, Industry News
Eleven men, believed to be part of the "Anonymous Malaysia" hacker group, have been detained following six raids conducted by Malaysian police in Pahang, Johor, Perak and the Klang Valley. The group was believed to be responsible for cyber attacks on websites belonging to the government and the private sector.
Deputy Inspector-General of Police Acryl Sani Abdullah Sani said the suspects, aged between 22 and 40, were detained following the group's recent threat to hack the government's computer system.
Among those arrested by the Commercial Crime Investigation Department of Malaysian police headquarters, he said, was the administrator of the Anonymous Malaysia Facebook page.
"We will investigate further and ascertain if there are other members of the group," he told reporters after visiting a Covid-19 police roadblock set up at a Selangor toll plaza.
Datuk Seri Acryl Sani said the group was believed to be responsible for cyber attacks on websites belonging to the government and the private sector.
"We are not ruling out the possibility of 17 websites having been hacked," he added.
It was learnt that the suspects were also responsible for hacking the systems belonging to the Johor and Sabah state governments as well as Malaysia's International Trade and Industry Ministry.
Leave a comment , , , ,
1 18 19 20 21 22 28