Category: Cyber Security CII sector

Cyber Security CII sector

ENISA 5G Threat Landscape Report Updated to Enhance 5G Security

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA) published an updated version of its 5G threat assessment report to address advancements in the areas of fifth generation of mobile telecommunications networks (5G) and to contribute to the implementation of the EU 5G toolbox cybersecurity risk mitigating measures.
The new ENISA Threat Landscape for 5G Networks report is a major update of the previous edition as it captures recent developments in 5G standardisation. The publication includes a vulnerability analysis, which examines the exposure of 5G components. The analysis explores how cyber threats can exploit vulnerabilities and how technical security controls can help mitigate risks.
European Union Agency for Cybersecurity Executive Director Juhan Lepassaar explained: “By providing regular threat assessments, the EU Agency for Cybersecurity materialises its support to the EU cybersecurity ecosystem.  This work is part of our continuous contribution to securing 5G, a key infrastructure for the years to come.”
The New Threat Landscape includes:
- An updated system architecture of 5G, indicating introduced novelties and assessed security considerations;
- A detailed vulnerability analysis of all relevant 5G assets, including their exposure to threats;
- A mapping of related security controls aiming at the reduction of threat surface;
- An update of the relevant threats in accordance with their exploitation potential of the assessed vulnerabilities;
- The consideration of implementation options – migration paths from 4G to 5G infrastructures;
- The development of a process map showing the contribution of operational, life cycle and security assurance processes to the overall security of 5G infrastructures;
- A new inventory of critical components.
The information produced for this report is based on publicly available content published by 5G market players (operators, vendors, and national and international organisations), standardisation groups and bodies (for example: 3rd Generation Partnership Project (3GPP); International Telecommunications Union (ITU); European Telecommunications Standardisation Institute (ETSI); International Organisation for Standardisation (ISO); the Global System for Mobile Communications (GSMA)).
One comment , ,

NIS Directive has Positive Effect, though Study Finds Gaps in Cybersecurity Investment Exist

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA) released a new report on information security spending for network and information services (NIS) under the NIS Directive, the first EU-wide legislation on cybersecurity. The NIS Investments report is based on a survey of 251 organisations of operators of essential services (OES) and digital service providers (DSP) from France, Germany, Italy, Spain and Poland. Eighty-two percent of those surveyed reported the NIS Directive had a positive effect on their information security.
The new ENISA study examining cybersecurity spending states that 82% of Operators of Essential Services and Digital Services Providers find that the NIS Directive has a positive effect. However, gaps in investment still exist. When comparing organisations from the EU to those from the United States, data shows that EU organisations allocate on average 41% less to cybersecurity than their US counterparts.
NIS Directive Implementation
The report provides input to the European Commission’s review of the NIS Directive on the 16th of December, four years after the Directive entered into force and two years after the transposition into national law.
Challenges remain after the implementation of the Directive -- the lack of clarity of the NIS Directive expectations after transposition into national law was a common issue. More than 35% of organisations surveyed believe the NIS Directive expectations are unclear. Twenty-two percent of respondents listed limited support from national authorities as one of their top challenges when implementing the Directive.
Cybersecurity Investments: EU vs. US
When comparing organisations from the EU to organisations from the United States, the study shows that EU organisations allocate on average 41% less to information security than their US counterparts.
Key findings about the NIS Directive implementation in the NIS Investment report
- The average budget for NIS Directive implementation projects is approximately €175k, with 42.7% of affected organisations allocating between €100k and €250k. Slightly less than 50% of surveyed organisations had to hire additional security matter experts.
- Surveyed organisations prioritised the following security domains: Governance, Risk & Compliance and Network Security.
- When implementing the NIS Directive, 64% of surveyed organisations procured security incident & event log collection solutions, as well as security awareness & training services.
- “Unclear expectations” (35%)  and “Limited support from the national authority” (22%) are among the top challenges faced by surveyed organisations when implementing the NIS Directive.
- 81% of the surveyed organisations have established a mechanism to report information security incidents to their national authority.
- 43% of surveyed organisations experienced information security incidents with a direct financial impact to up to €500k, while 15% experienced incidents with over half a million euro.
Leave a comment ,

CISA Issue Emergency Directive to Mitigate Compromise of Solarwinds Orion Network Management Products

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “This directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA.
Leave a comment ,

CISA Highlights Theft of FireEye Red Team Tools

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity & Infrastructure Security Agency (CISA) has advised FireEye has released a blog addressing unauthorized access to their Red Team’s tools by a highly sophisticated threat actor. Red Team tools are often used by cybersecurity organizations to evaluate the security posture of enterprise systems. Although the Cybersecurity and Infrastructure Security Agency (CISA) has not received reporting of these tools being maliciously used to date, unauthorized third-party users could abuse these tools to take control of targeted systems. The exposed tools do not contain zero-day exploits.

CISA recommends cybersecurity practitioners review FireEye’s two blog posts for more information and FireEye’s GitHub repository for detection countermeasures:

Leave a comment ,

Focus on National Cybersecurity Capabilities: New Self-Assessment Framework to Empower EU Member States

Agency News, Cyber Security CII sector, Industry News
The EU Agency for Cybersecurity issues a National Capabilities Assessment Framework (NCAF) to help EU Member States self-measure the level of maturity of their national cybersecurity capabilities.
Developed with the support of 19 EU Member States, this framework was designed following an extensive exchange of ideas and good practices. The strategic objectives of the national cybersecurity strategies served as a basis of the study.
The framework was developed as part of the mandate of ENISA, as defined in the Cybersecurity Act. It falls under the provision to support EU Member States in building capacities in the area of national cybersecurity strategies through the exchange of good practices.
The key features
The self-assessment framework is composed of 17 objectives structured around 4 clusters. Each of these clusters is associated to a key thematic area for building cybersecurity capacity. Different objectives are also associated to each cluster. Based on 5 levels of maturity, specific questions were devised for each objective.
The clusters are as follows:
(I) Cybersecurity governance and standards - This dimension considers aspects of planning to prepare the Member State against cyber-attacks as well standards to protect Member States and digital identity
(II) Capacity-building and awareness - This cluster assesses the capacity of the Member States to raise awareness on cybersecurity risks and threats and on how to tackle them. Additionally, this dimension gauges the ability of the country to continuously build cybersecurity capabilities, increase knowledge and skills in the cybersecurity domain.
(III) Legal and regulatory - This cluster measures the capacity of the Member States to put in place the necessary legal and regulatory instruments to address cybercrime and also address legal requirements such as incident reporting, privacy matters, CIIP.
(IV) Cooperation - This cluster evaluates the cooperation and information sharing between different stakeholder groups at the national and international level.
Target Audience
The report issued is intended for policymakers as well as experts and officials responsible for, or involved in the design, implementation and evaluation of a national cybersecurity strategy and/or of national cybersecurity capabilities.
Why a capability assessment framework?
Cybersecurity capabilities are the main tools used by EU Member States to achieve the objectives of their National Cybersecurity Strategies. The purpose of the framework is to help Member States build and enhance cybersecurity capabilities by assessing their level of maturity.
The framework will allow EU Member States to:
- Perform the evaluation of their national cybersecurity capabilities.
- Increase the maturity level of awareness;
- Identify areas for improvement;
- Build new cybersecurity capabilities.
Leave a comment ,

Latest issue of World Security Report has arrived

Association News, Cyber Security CII sector, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector
The Winter 2020-21 issue of World Security Report for the latest industry views and news, is now available to download.
In the Winter 20-21 issue of World Security Report:
- Priority of Protecting Digital Critical Infrastructure Will Grow in 2021, by Chuck Brooks
- A view of Facility Industrial Control System Security, by Ron Martin
- The Need for Higher Level Strategic Approaches to Cyber Security, by Bonnie Butler
- Critical Infrastructure Protection Starts at the Perimeter
- Effective Security Options for Healthcare Facilities
- African Terror Groups ‘Rebrand’ as Islamic State
- IACIPP Association News
- Industry news
Download your copy today at www.cip-association.org/WSR
Leave a comment , , , , ,

Three arrested as INTERPOL, Group-IB and the Nigeria Police Force disrupt prolific cybercrime group

Cyber Security CII sector, Industry News
Three suspects have been arrested in Lagos following a joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation. The Nigerian nationals are believed to be members of a wider organized crime group responsible for distributing malware, carrying out phishing campaigns and extensive Business Email Compromise scams.
The suspects are alleged to have developed phishing links, domains, and mass mailing campaigns in which they impersonated representatives of organizations. They then used these campaigns to disseminate 26 malware programmes, spyware and remote access tools, including AgentTesla, Loki, Azorult, Spartan and the nanocore and Remcos Remote Access Trojans. These programmes were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and syphoning funds. According to Group-IB, the prolific gang is believed to have compromised government and private sector companies in more than 150 countries since 2017.
Group-IB was also able to establish that the gang is divided into subgroups with a number of individuals still at large. While investigations are still ongoing, some 50,000 targeted victims have been identified so far.
The year-long investigation, dubbed ‘Operation Falcon, saw INTERPOL’s Cybercrime and Financial Crime units work closely with Group-IB to identify and locate threats, and ultimately, assist the Nigerian Police Force, via the INTERPOL National Central Bureau in Abuja, in taking swift action.
Group-IB’s participation in the operation came under Project Gateway, a framework which enables INTERPOL to cooperate with private partners and receive threat data directly.
Craig Jones, INTERPOL’s Cybercrime Director highlighted the outstanding cooperation between all those involved in the investigation and underlined the importance of public-private relationships in disrupting virtual crimes. “This group was running a well-established criminal business model. From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits. We look forward to seeing additional results from this operation,” he said.
Leave a comment ,

CISA releases the insider threat mitigation guide

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity & Infrastructure Security Agency (CISA) has released their Insider Threat Mitigation Guide for organizations who have individuals entrusted with access to or knowledge of their organization, who represent potential risks, which includes current or former employees or any other person who has been granted access, understanding, or privilege.
Organizations of all types and sizes are vulnerable to insider threats. The CISA Insider Threat Mitigation Guide is designed to assist individuals, organizations, and communities in improving or establishing an insider threat mitigation program. It offers a proven framework that can be tailored to any organization regardless of size. It provides an orientation to the concept of insider threat, the many expressions those threats can take, and offers an integrated approach necessary to mitigate the risk. The Guide shares best practices and key points from across the infrastructure communities.
"This Insider Threat Mitigation Guide is an evolution in the series of resources CISA makes available on insider threats. This Guide draws from the expertise of some of the most reputable experts in the field to provide comprehensive information to help federal, state, local, tribal, and territorial governments; non-governmental organizations; and the private sector establish or enhance an insider threat prevention and mitigation program."
"Moreover, this Guide accomplishes this objective in a scalable manner that considers the level of maturity and size of the organization. It also contains valuable measures for building and using effective threat management teams. Through a case study approach, this Guide details an actionable framework for an effective insider threat mitigation program: Defining the Threat, Detecting and Identifying the Threat, Assessing the Threat, and Managing the Threat." said Steve Harris, Acting Assistant Director for Infrastructure Security, Cybersecurity and Infrastructure Security Agency.
The full Guide can be downloaded at CISA.org >> 
Leave a comment , ,

Europe deploys 7Shield - cybersecurity from space?

Agency News, Cyber Security CII sector, Industry News
SHIELD – Safety and Security Standards of Space Systems, ground Segments and Satellite data assets, via prevention, detection, response and mitigation of physical and cyber threats.
The project gives an innovative boost to the protection of earth segments and satellite data resources. Protecting critical infrastructures from cyber threats. From IoT to machine learning, here are the advanced technologies integrated into the framework.
The overall concept of 7SHIELD is to provide to the European Ground Segment facilities a holistic framework enable to confront complex cyber and physical threats by covering all the macrostages of crisis management, namely pre-crisis, crisis and post-crises phases.
The Copernicus era has created a new market with the massive amounts of satellite data that the ground segments of space systems receive serve to the market and governmental bodies.
A physical/cyber-attack to their installations or communication networks, respectively, would cause debilitating impact on public safety and security of EU citizens and public authorities. A physical attack on a space ground segment makes the distribution of satellite data problematic and, on the other hand, a cyber-attack in its data storage, access and exchange affects not only the reliability of space data, but also their FAIR standards: findability, accessibility, interoperability and reusability. Current approaches do not fully exploit the recent advances in surveillance mechanisms with robotic technologies and AI.
Given the above, the Center for Security Studies (KEMEA), has successfully submitted as member of a wider consortium, 7SHIELD proposal under the topic “SU-INFRA01-2019: Prevention, detection, response and mitigation of combined physical and cyber threats to critical infrastructure in Europe” of H2020. 7SHIELD has officially started on September 2020 and will have a duration of 24 months, coordinated by ENGINEERING (Italy).
7SHIELD will be an integrated yet flexible and adaptable framework enabling the deployment of innovative services for cyber-physical protection of ground segments, such as e-fences, passive radars and laser technologies, multimedia AI technologies, that enhance their protection capabilities, while integrating or interoperating with existing protection solutions already deployed at their installations. The framework will integrate advanced technologies for data integration, processing, and analytics, machine learning and recommendation systems, data visualization and dashboards, data security and cyber threat protection. The technological solution is co-designed with first responders’ teams and contributes to policy making, standardisation and new guidelines for contingency planning and service continuity. The project will be evaluated and demonstrated in five installations of ground segments of space systems.
KEMEA will be a task leader both in identifying security requirements in relation to the technology systems in use and the integration of the 7SHIELD solution and in defining the model of the Emergency Response Plan, by following the guidelines as described in international Standards such as ISO22320:2018 Security and resilience -- Emergency management -- Guidelines for incident management. KEMEA will also have a crucial role in pilot implementation, evaluation and training and an overall contribution to the whole development of the program.
Leave a comment , ,

NCSC defends UK from more than 700 cyber attacks while supporting national pandemic response

Agency News, Cyber Security CII sector, Industry News
THE National Cyber Security Centre defended the UK from an average of 60 attacks per month during a year which saw its resources proactively focused on the coronavirus response, the organisation’s latest Annual Review revealed today.
The NCSC, which is a part of GCHQ, handled 723 incidents between 1 September 2019 and 31 August 2020, with around 200 related to coronavirus. In the previous three years since launching, they supported an average of 602 incidents annually (590 in 2017, 557 in 2018 and 658 in 2019).
The growth this year reflects ongoing NCSC efforts to proactively identify and mitigate threats, tips the organisation receives from its extensive network of partners and reports from victims themselves.
In a year heavily influenced by the pandemic, the review highlights the NCSC’s support for the healthcare sector, such as scanning more than 1 million NHS IP addresses for vulnerabilities leading to the detection of 51,000 indicators of compromise, and working with international allies to raise awareness of the threat of vaccine research targeting.
With cyber criminals looking to exploit public fear over the pandemic with coronavirus-related online scams, the NCSC and the City of London Police also launched the Suspicious Email Reporting Service, which received 2.3 million reports from the public in its first four months – resulting in thousands of malicious websites being taken down.
The NCSC also provided the technical assurances during the creation of the Virtual Parliament, as well as producing a wide range of advice for businesses and individuals switching to home working as a result of the pandemic.
A new remote working scenario was added to the NCSC’s ‘Exercise in a Box’ programme. The initiative, which allows people to test their cyber defences against realistic scenarios was used by people in 125 countries this year.
Leave a comment , ,
1 22 23 24 25 26 28