Tag: criticalinfrastructureprotection

Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and Republic of Korea’s Defense Security Agency and National Intelligence Service have released a joint Cybersecurity Advisory (CSA), Ransomware Attacks on Critical Infrastructure Fund Democratic People’s Republic of Korea (DPRK) Espionage Activities, to warn network defenders of malicious activity targeting U.S. and South Korean Healthcare and Public Health (HPH) Sector organizations as well as other critical infrastructure sectors.

In addition to other tactics, these malicious cyber actors have been exploiting vulnerabilities, such as Log4Shell CVE-2021-44228, SMA100 Apache CVE-2021-20038, and/or TerraMaster OS CVE-2022-24990, to gain access and escalate privileges on victim’s networks. After initial access, DPRK actors use staged payloads with customized malware to perform malicious movements, use various ransomware tools and demand ransom in cryptocurrency.

This advisory is a supplement to a July 2022 joint advisory on North Korean state-sponsored cyber actors using Maui ransomware to target HPH sector.

All organizations are encouraged to review the CSA for complete details on this threat and recommended mitigations, which also includes specific mitigations that HPH organizations should implement. This advisory is available on stopransomware.gov, the USG one-stop resource for advisories on the ransomware threat and available no-cost resources.

Leave a comment , , , , ,

Cybersecurity High-Risk Series: Challenges in Protecting Cyber Critical Infrastructure

Agency News, Cyber Security CII sector, Industry News

Federal systems are vulnerable to cyberattacks. High Risk report identified 10 critical actions for addressing federal cybersecurity challenges.

In this report, the third in a series of four, GAO covers the action related to protecting cyber critical infrastructure—specifically, strengthening the federal role in cybersecurity for critical infrastructure. For example, the Department of Energy needs to address cybersecurity risks to the U.S. power grid.

The GAO made 106 public recommendations in this area since 2010. Nearly 57% of those recommendations had not been implemented as of December 2022.

Strengthen the Federal Role in Protecting Cyber Critical Infrastructure

The U.S. grid’s distribution systems—which carry electricity from transmission systems to consumers and are regulated primarily by states—are increasingly at risk from cyberattacks. Distribution systems are growing more vulnerable, in part because of industrial control systems’ increasing connectivity. As a result, threat actors can use multiple techniques to access those systems and potentially disrupt operations.

Examples of Techniques for Gaining Initial Access to Industrial Control Systems

GAO reported in March 2021 that DOE, as the lead federal agency for the energy sector, developed plans to help combat these threats and implement the national cybersecurity strategy for the grid. However, DOE’s plans do not address distribution systems’ vulnerabilities related to supply chains. By not having plans that address the improvement to grid distribution systems’ cybersecurity, DOE’s plans will likely be of limited use in prioritizing federal support to states and industry.

➢ GAO recommended that, in developing plans to implement the national cybersecurity strategy for the grid, DOE coordinate with DHS, states, and industry to more fully address risks to the grid’s distribution systems from cyberattacks.

The communications sector is an integral component of the U.S. economy and faces serious physical, cyber-related, and human threats that could affect the operations of local, regional, and national level networks, according to CISA and sector stakeholders. In addition to managing federal coordination during incidents impacting the communications sector, CISA shares information with sector stakeholders to enhance their cybersecurity and improve interoperability, situational awareness, and preparedness for responding to and managing incidents.

Examples of Potential Security Threats to the Communications Sector

In November 2021, we reported that CISA had not assessed the effectiveness of its programs and services supporting the security and resilience of the communications sector. By completing such an assessment, CISA would be better positioned to determine which programs and services are most useful or relevant in supporting the sector’s security and resilience. We also reported that CISA had not updated its 2015 Communications Sector-Specific Plan. Developing and issuing a revised plan would help CISA to address emerging threats and risks to the communications sector.

➢ GAO recommended that CISA assess the effectiveness of its programs and services to support the communications sector and, in coordination with public and private communications sector stakeholders, produce a revised Communications Sector-Specific Plan.

Ransomware is a form of malicious software that threat actors use in a multistage attack to encrypt files on a device and render data and systems unusable. These threat actors then demand ransom payments in exchange for restoring access to the locked data and systems.

Four Stages of a Common Ransomware Attack

In September 2022, we reported that CISA, FBI, and Secret Service provide assistance in preventing and responding to ransomware attacks on tribal, state, local, and territorial government organizations. However, the agencies could improve their efforts by fully addressing six of seven key practices for interagency collaboration in their ransomware assistance to state, local, tribal, and territorial governments. For instance, existing interagency collaboration on ransomware assistance to tribal, state, local, and territorial governments was informal and lacked detailed procedures.

➢ GAO recommendeds that DHS and the Department of Justice address identified challenges and incorporate key collaboration practices in delivering services to state, local, tribal, and territorial governments.

GAO have made 106 recommendations in public reports since 2010 with respect to protecting cyber critical infrastructure. Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them. For more information on this report, visit https://www.gao.gov/cybersecurity.

Leave a comment , , , ,

IRC warns damaged infrastructure is hampering critical aid supply to catastrophic disaster as it launches emergency response

Agency News, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector, Transport sector

As the full scale of the disaster in Syria and Turkey following the 7.8 magnitude earthquake becomes apparent, the International Rescue Committee (IRC) is warning of catastrophic humanitarian needs in both countries. Unfettered humanitarian access to those affected is now absolutely critical. As humanitarian needs soar during freezing temperatures, in both Turkey and Syria, the IRC is launching an integrated response to affected populations in both countries.

Tanya Evans, Syria Country Director for IRC said:

“The scale of the disaster is catastrophic. We are still in the first 36 hours of one of the largest earthquakes to hit the region this century. Multiple earthquakes and aftershocks yesterday and today have damaged roads, border crossings, and critical infrastructure, severely hampering aid efforts.

“IRC’s main priority is finding safe spaces for our staff to operate from in Gaziantep and across northwest Syria. Many buildings have been severely damaged in the earthquake, including at least one of our field offices in northwest Syria. It is almost impossible to know the full extent of the disaster right now but everything we are hearing from our teams suggests it is truly devastating.

“Electricity across the affected area remains intermittent. In Turkey we have seen improvements since the earthquake but in northern Syria there are still so many areas off the grid. This also includes mobile and internet outages making the response and coordination even more difficult. It is not just electricity and phone lines affected. Gas supplies, for which many rely on to heat their homes, have also been severely impacted meaning that even if people are able to return to their homes they will have to endure freezing temperatures.

“With the response in its infancy the need for humanitarian aid is stark. Roads and infrastructure, like bridges, have been damaged meaning it will likely prove challenging to get supplies to those who need it most. Even before the earthquake, humanitarian access was constrained in northwest Syria, with most aid coming in via one crossing point with Turkey. In this time of increased need it is critical that the levels of aid crossing also increase at pace too.”

The IRC’s response to the earthquake will be in both Turkey and northern Syria, and will include the provision of immediate cash, basic items such as household kits, dignity kits for women and girls and hygiene supplies. Through partners, the IRC will support essential health services in earthquake-affected areas, and set up safe spaces for women and children affected by the crisis.

In light of the catastrophic humanitarian needs emerging, the IRC is calling on the international community to urgently increase critical funding to both Syria and Turkey to ensure that those affected by this emergency get the lifesaving support they need before it is too late.

[image: DENIZ TEKIN/EPA-EFE/Shutterstock]

Leave a comment , , , ,

Cybersecurity High-Risk Series: Challenges in Securing Federal Systems and Information

Agency News, Cyber Security CII sector, Industry News

Federal systems are vulnerable to cyberattacks. Our High Risk report identified 10 critical actions for addressing federal cybersecurity challenges.

In this report, the second in a series of four, we cover the 3 actions related to Securing Federal Systems and Information:

- Improve implementation of government-wide cybersecurity initiatives
- Address weaknesses in federal agency information security programs
- Enhance the federal response to cyber incidents to better protect federal systems and information

GAO has made about 712 recommendations in public reports since 2010 with respect to securing federal systems and information. Until these are fully implemented, federal agencies will be more limited in their ability to protect private and sensitive data entrusted to them. For more information on this report, visit https://www.gao.gov/cybersecurity.

Improve Implementation of Government-Wide Cybersecurity Initiatives

Federal law assigned five key cybersecurity responsibilities to the Cybersecurity and Infrastructure Security Agency (CISA), including securing federal information and systems, and coordinating federal efforts to secure and protect against critical infrastructure risk. To implement these responsibilities, CISA undertook an organizational transformation initiative aimed at unifying the agency, improving mission effectiveness, and enhancing the workplace experience. In March 2021, we reported that CISA had only completed 37 of 94 planned implementation tasks. Critical transformation tasks such as finalizing the mission-essential functions of CISA’s divisions and defining incident management roles and responsibilities across the agency had not yet been completed.

- We recommended that CISA establish expected completion dates, plans for developing performance measures, and an overall deadline for the completion of the transformation initiative, as well as develop a strategy for comprehensive workforce planning.

Address Weaknesses in Federal Agency Information Security Programs

To protect federal information and systems, the Federal Information Security Modernization Act of 2014 (FISMA) requires federal agencies to develop, document, and implement information security programs. Congress included a provision in FISMA for GAO to periodically report on agencies’ implementation of the act. In March 2022, we reported on the information security programs of 23 federal civilian agencies, including annually required program reviews to be conducted by agency inspectors general (IG). Among other things, we noted that IGs determined that 16 (or 70 percent) of the 23 agencies had ineffective programs for fiscal year 2020.

We found that OMB’s guidance to IGs on conducting agency evaluations was not always clear, leading to inconsistent application and reporting by IGs. Further, we reported that the binary effective/not effective scale resulted in imprecise ratings that did not clearly distinguish among the differing levels of agencies’ performance. By clarifying its guidance and enhancing its rating scale, OMB could help ensure more a more consistent approach and nuanced picture of agencies’ cybersecurity programs.

- GAO recommended that OMB, in consultation with others, clarify its guidance to IGs and create a more precise overall rating scale.

Enhance the Federal Response to Cyber Incidents

DOD and our nation's defense industrial base (DIB) are dependent on information systems to carry out their operations. These systems continue to be the target of cyberattacks, as demonstrated by over 12,000 cyber incidents DOD has experienced since 2015.

In November 2022, we reported DOD has taken steps to combat these attacks and the number of cyber incidents had declined in recent years. However, we found that the department (1) had not fully implemented its processes for managing cyber incidents, (2) did not have complete data on cyber incidents that staff report, and (3) did not document whether it notifies individuals whose personal data is compromised in a cyber incident.

In addition, according to officials, DOD has not yet decided whether DIB cyber incidents detected by cybersecurity service providers should be shared with all relevant stakeholders. Until DOD examines whether this information should be shared with all relevant parties, opportunities could be lost to identify system threats and improve system weaknesses.

- GAO recommended the Department of Defense improve the sharing of DIB-related cyber incident information and document when affected individuals are notified of a PII breach of their data.

Leave a comment , , ,

NSA, CISA, and MS-ISAC Release Guidance for Securing Remote Monitoring and Management Software

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released the “Protecting Against Malicious Use of Remote Monitoring and Management Software” Cybersecurity Advisory (CSA) today to help network defenders protect against the malicious use of legitimate remote monitoring and management (RMM) software.

RMM software is commonly used by managed service providers (MSPs) and help desks to provide security and/or technical support. The software is intended to enable network management, endpoint monitoring, and remote interaction with hosts for IT-support functions. Malicious use of RMM software allows cybercriminals and advanced persistent threat (APT) actors to bypass anti-virus/anti-malware defenses.

In October, CISA identified a widespread cyber campaign in which cybercriminal actors leveraged RMM software to gain command and control of devices and accounts. Malicious cyber actors could leverage these same techniques to target National Security Systems (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) networks and use legitimate RMM software on both work and home devices and accounts. Other RMM software solutions could be abused to similar effect.

CISA, NSA, and MS-ISAC encourage network defenders to apply mitigations such as the following:

- Audit installed remote access tools to identify RMM software.
- Implement application controls to prevent execution of unauthorized RMM software.
- Use only authorized RMM software on your network over approved remote access solutions, such as VPN or VDI.
- Block both inbound and outbound connections on common RMM ports and protocols.

Read full report at www.media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF

Leave a comment , , , ,

Bitzlato: senior management arrested

Agency News, Cyber Security CII sector, Industry News

An operation led by French and US authorities, and strongly supported by Europol, has targeted the crypto exchange platform Bitzlato. The globally operating Hong Kong-registered cryptocurrency exchange is suspected of facilitating the laundering of large amounts of criminal proceeds and converting them into roubles. Law enforcement authorities took down the digital infrastructure of the service, based in France, and interrogated leading members of the platform’s management. The operation also involved law enforcement and judicial authorities from Belgium, Cyprus, Portugal, Spain and the Netherlands.

Targeting crucial crime facilitators such as crypto exchanges is becoming a key priority in the battle against cybercrime. Bitzlato allowed the rapid conversion of various crypto-assets such as bitcoin, ethereum, litecoin, bitcoin cash, dash, dogecoin and USDT into Russian roubles. It is estimated that the crypto exchange platform has received a total of assets worth EUR 2.1 billion (BTC 119 000).

While the conversions of crypto-assets into fiat currencies is not illegal, investigations into the cybercriminal operators indicated that large volumes of criminal assets were going through the platform. The analysis indicated that about 46 % of the assets exchanged through Bitzlato, worth roughly EUR 1 billion, had links to criminal activities.

Cryptanalysis uncovered that the majority of suspicious transactions are linked to entities sanctioned by the Office of Foreign Assets Control (OFAC), with others linked to cyber scams, money laundering, ransomware and child abuse material. For example, investigations showed that 1.5 million BTC transactions have been made directly between Bitzlato users and the Hydramarket, taken down in April 2022.

This exchange platform, available both in Russian and English language, rented dedicated servers from a hosting company in France. The coordinated action of the judicial and law enforcement authorities from the different involved countries led to the takedown of the platform, seizures of present financial assets, and further technical analysis.

Cryptoanalysis and international coordination to uncover links

During the first phases of the investigative activities, Europol facilitated the information exchange, provided analytical support linking available data to various criminal cases within and outside the EU, and supported the investigation through the analysis of millions of cryptocurrency transactions.

On the action day, Europol deployed 13 of its experts on the spot (10 in France, 1 in Cyprus, 1 in Spain and 1 in Portugal) and supported the deployment of national investigators in other countries taking part in the operational activities. Europol supported the law enforcement authorities involved with coordination related to cryptocurrency analysis, cross checking of operational information against Europol’s databases, and operational analysis. At this moment, already over 3 500 bitcoin addresses and over a 1 000 Bitzlato user details showed links with various criminal cases reported in Europol’s systems. Analysis of this data and other related cases is expected to trigger further investigative activities.

Leave a comment , , , , ,

Space for Maritime Task Force Launched

Industry News, Space Sector, Transport sector

The “Space for Maritime Task Force” was recently launched by the European Space Agency (ESA) together with maritime stakeholders at the Italian Coast Guard Headquarters in Rome. The initiative acts on ESA’s vision to boost digital and green solutions, reducing emissions and enabling sustainable innovation.

In recent years, ESA Space Solutions has been cooperating with key stakeholders in the maritime sector via the Business Applications and Space Solutions (BASS) programme. These include a wide range of user communities and classes such as fisheries, coast guards, port authorities, military bodies, shipping companies, commercial operators, and international, national and European institutions. Through this cooperation, ESA has built strategic partnerships and supported several initiatives addressing domains such as maritime sustainability, ship tracking via satellite-based automatic identification systems (AIS), smart routing, autonomous vessels, water quality monitoring, the reduction of marine pollution and the green transition of ports’ eco-systems.

The Italian General Command of the Port Authority Corps - Coast Guard has, for some months, been working on a collaboration with ESA to foresee and enhance the use of space applications aimed at promoting sustainable innovation and transport in the maritime ecosystem. This collaboration has resulted in the creation of a standing committee, called the Space for Maritime Task Force (SMTF).

The Task Force aims to contribute to sustainability and maritime safety by increasing the use of innovative integrated solutions that exploit digital and space technologies, such as communications, navigation, and earth observation. This initiative will leverage active involvement of national institutions, Industry and research entities in the digital transformation of port and maritime services (e-Navigation), with a view to enhancing the sustainability of maritime transport. It will foster the innovative use of space technologies for supporting the shipping sector, for example in its transition to uncrewed shipping, as well as the implementation of a safe integration of uncrewed vessels within maritime transport provision, the monitoring of coastal areas and infrastructures, and maritime surveillance activity (in the domains of safety, security, fishing and the environment). The work will be divided into sub-topics of interest, which for the moment include "maritime sustainability", "green and smart ports" and "safety at sea and maritime security".

The results from the Task Force will be presented to international (International Maritime Organization - IMO) and European bodies, in order to contribute to the development and standardisation of requirements and innovative technologies aimed at improving maritime services. This will allow sustainable economic growth for all players involved. Rita Rinaldo, Head of the Projects & Studies Implementation Division at ESA Space Solutions commented “Collaboration with maritime stakeholders is key for ESA to support innovative solutions that exploit digital and space technologies, and to enable European space and downstream companies to contribute to sustainability and maritime safety.”

Partners in the Task Force include: the General Command of the Port Authority Corps - Coast Guard; European Space Agency (ESA); Italian Space Agency (ASI); National Inter-University Consortium for Telecommunications (CNIT); and the Directorate General for the Supervision of Port System Authorities, Maritime Transport and Inland Waterways.

Leave a comment , , ,

IOM joins Making Cities Resilient 2030 as supporting entity

Agency News, Health & Social Care, Industry News, Power/Energy/Oil & Gas sector, Telecomms sector

The International Organization for Migration’s (IOM) Regional Office for the Middle East and North Africa (MENA) has joined the MCR2030 initiative as a supporting entity. MCR2030 is UNDRR’s flagship program, building on the achievement of the Making Cities Resilient Campaign that began in 2010. It welcomes cities, local governments, and all parties who wish to support cities along the resilience roadmap.

The IOM Regional Office for the MENA region has developed the Urban Diagnostic Toolkit to map gaps in migrants’ integration in urban settings, aimed at increasing urban resilience of migrants, refugees, displaced persons, host societies and local governments by strengthening migrants’ social cohesion in the spatial, institutional, economic, climate and resilience city systems.

Increasingly, IOM and UNDRR collaborate across a range of workstreams from high level policy engagement related to the Sendai Framework for DRR’s Midterm Review process, the Global Platform for DRR and Regional DRR Platforms, and more recently on the Early Warning for All Initiative, COP27 and the Center of Excellence for Disaster and Climate Resilience, which IOM recently joined as a member of the Steering Committee. Partnership also extends to technical cooperation on the implementation of the annual workplan of the Senior Leadership Group for DRR for Resilience inclusive of work to mainstream DRR into humanitarian action. IOM is also supporting UNDRR’s leadership on the development and roll out of Risk Information Exchange and the creation of a second-generation disaster loss accounting platform to replace DesInventar. The latter was recently dialogued under the leadership of UNDRR-UNDP-WMO at the Bonn Technical Expert Forum meeting in late November.

This is the beginning of a new collaboration between the two UN agencies. UNDRR warmly welcomes the new MCR partner to work jointly on paving the road for increasing migrants’ resilience in urban contexts.

MRC2030 is a unique cross-stakeholder initiative for improving local resilience through advocacy, sharing knowledge and experiences, establishing mutually reinforcing city-to-city learning networks, injecting technical expertise, connecting multiple layers of government, and building partnerships. Through delivering a clear roadmap to urban resilience, providing tools, access to knowledge, and monitoring and reporting tools, MCR2030 will support cities on their journey to reduce risk and build resilience.

Leave a comment , ,

The impact of cybersecurity in the energy industry

Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector

Cyber resilience is a challenge for organizations globally and for the electricity industry in particular. Power systems are among the most complex and critical of all infrastructure types and act as the backbone of economic activity.

Large-scale incidents such as blackouts can have socio-economic ramifications for households, businesses and vital institutions. For example, a six-hour winter blackout in mainland France could result in damages totalling over €1.5 billion ($1.7 billion).

In 2018, the World Economic Forum Centre for Cybersecurity and the Platform for Shaping the Future of Energy, Materials and Infrastructure launched the Cyber Resilience in the Electricity Industry initiative to improve the cyber resilience of global electricity infrastructure. This initiative brought together leaders from more than 50 businesses, governments, civil society and academia to collaborate and develop a clear and coherent cybersecurity vision for protecting the power infrastructure.

Building on the first phase of the initiative, the Forum is now developing a unique exchange platform for cybersecurity leaders across the electricity industry in collaboration with Dragos, EDP, Enel, Hitachi Energy, Iberdrola, Naturgy, Ørsted, Schneider Electric, Siemens Energy, Southern and Vestas. This new platform serves as a central hub where industry experts can exchange knowledge, ideas and best practices to improve cyber resilience as a whole.

By bringing together the leading minds in cybersecurity worldwide, the initiative is fostering collaboration and innovation in this critical field, with the ultimate goal of enhancing the security and reliability of the electricity infrastructure that powers the modern world.

What are the challenges of cybersecurity in the energy industry?

The unprecedented pace of technological change driven by the Fourth Industrial Revolution means that health, transport, communication, production and distribution systems will demand rapidly increasing energy resources to support global digitalization and the advancement of interconnected devices.

Digitalization is driving growth and innovation in the electricity industry and has tremendous potential to deliver shareholder, customer and environmental value. However, new technologies and business models affecting operating assets present both opportunities and risks.

In the past, managing these risks had only meant dealing with issues such as component failure or weather damages, while today’s resilience plans must consider cybersecurity-related threats.

Our approach to strengthening cybersecurity in the energy industry

The Cyber Resilience in the Electricity Industry programme focuses on three main pillars:

- Developing scenarios and use cases that industry executives and boards can use to create a culture of cyber resilience and good governance in the electricity sector.
- Improving the implementation of cyber resilience regulations by fostering dialogue between policy-makers and businesses.
- Improving supply chain resilience by establishing standards for cybersecurity roles and responsibilities across all stakeholders involved to ensure that every entity is taking appropriate steps to protect against cyberthreats.

The initiative has published a series of reports to guide chief executives and board members in meeting the unique challenges of managing cyber risks:

- Cyber Resilience in the Electricity Ecosystem: Principles and Guidance for Boards
- Cyber Resilience in the Electricity Ecosystem: Playbook for Boards and Cybersecurity Officers
- Cyber Resilience in the Electricity Ecosystem: Securing the Value Chain

In 2021, following a request from the European Commission (EC) Energy Directorate, the initiative also developed a collection of 15 lessons learned and recommendations for improvement on the new EC Cybersecurity Directive considering the implications of supply chain attacks and other systemic risks for cybersecurity in the energy industry.

Leave a comment , , , ,

Partnering to Safeguard K–12 organizations from Cybersecurity Threats

Agency News, Cyber Security CII sector, Industry News

CISA has released 'Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats'. The report provides recommendations and resources to help K-12 schools and school districts address systemic cybersecurity risk. It also provides insight into the current threat landscape specific to the K-12 community and offers simple steps school leaders can take to strengthen their cybersecurity efforts.

The report’s findings state that K-12 organizations need resources, simplicity and prioritization to effectively reduce their cybersecurity risk. To address these issues, CISA provides three recommendations in the report to help K-12 leaders build, operate, and maintain resilient cybersecurity programs:

- Invest in the most impactful security measures and build toward a mature cybersecurity plan.
- Recognize and actively address resource constraints.
- Focus on collaboration and information-sharing.

Along with the report, we are providing an online toolkit which aligns resources and materials to each of CISA’s three recommendations along with guidance on how stakeholders can implement each recommendation based on their current needs. To read the full report and to access the toolkit, visit Protecting Our Future: Partnering to Safeguard K–12 organizations from Cybersecurity Threats.

Leave a comment , ,
1 2 3 4 5 6 30