Tag: cybersecurity

IACIPP Concerned at Increasing Ransomware Attacks Against Critical Infrastructure

Association News, Cyber Security CII sector, Power/Energy/Oil & Gas sector
The International Association of CIP Professionals (IACIPP) is concerned about the increasing threat and ransomware attacks against critical infrastructure and in particular the energy sector.
As has been demonstrated by the recent ransomware attack on Colonial Pipeline in North America, and the impact this has had across other infrastructure services, and the wider economic impact on, for example, the price of petrol and oil, such attacks should be a concern to us all.
"The attack on the Colonial Pipeline Industrial Control System was not a total surprise. For years, our pipeline infrastructure and other critical infrastructures have experienced an ever-increasing level of probes and attacks.  The ICS owners and operators must be vigilant and assure their systems are continuously monitored and armed with the latest cyber protection tools." Commented Dr. Ron Martin, CPP,  Professor of Practice: Critical Infrastructure, Industrial Control System Security, and Access and Identity Management at Capitol Technology University.
Although the FBI and other federal and private cybersecurity entities are working to mitigate the effects of the attack on Colonial Pipeline, there needs to be the wider discussion and collaboration across industry sectors to prepare for future attacks to mitigate future economic impact such attacks cause.
“Our critical infrastructure sectors are the modern day battlefield and cyber space is the great equalizer. Hacker groups can essentially attack with little individual attribution and virtually no consequence. With over 85% of all infrastructure owned and operated by the private sector, significant investment and attention must be placed on hardening key critical systems. I anticipate more attacks like this happening in the future. A key lesson here is that while technology and automation is good, we must also have the ability to efficiently operate manually as well. Attacks will happen, but how quick can you recover and restore critical services?” commented Brian Harrell, Strategic Adviser to IACIPP and Former Assistant Secretary for Infrastructure Protection.
CISA and the Federal Bureau of Investigation (FBI) have recently released a Joint Cybersecurity Advisory (CSA) on a ransomware-as-a-service (RaaS) variant—referred to as DarkSide—recently used in a ransomware attack against Colonial Pipeline.
Chuck Brooks, President of Brooks Consulting International and cyber expert, commented, “Protecting critical infrastructure needs to be a shared responsibility of both the public and private sectors. The energy sector become a preferred target of sophisticated hackers often in collusion with nation state actors. The cost of breach as evidenced in the Colonial pipeline ransomware attack can be disruptive to commerce and impact many industry verticals. “
“Critical infrastructure needs to be fortified from cyberattacks and physical attacks in a joint government/industry collaboration. Resources need to be invested in emerging automation technologies and training. IT and OT systems need to be monitored at the sensor level for anomalies. Sensitive operations need to be segmented and air gapped. Back up of data is an imperative and resiliency a requirement for all critical infrastructure operations. It may take new laws and regulations, but it needs to be done.” Concluded Mr Brooks.
The cyberattack against Colonial Pipeline that was discovered on May 7 underscores the growing impact of cyberthreats on industrial sectors. While the investigation is ongoing and important lessons from this attack will be extracted in the next few weeks, the fact that Colonial Pipeline had to pro-actively take their OT systems offline after starting to learn about which IT systems were impacted by the ransomware is significant.
John Donlon QPM the Chairman of IACIPP stated - ‘This type of attack comes as no real surprise. It is consistent with recent trends and what is really quite concerning is the fact that the scale and impact of such events continue to escalate. We have seen recent Government activity across the Western world seeking to put in place support to Infrastructure Owners and Operators but the speed of new attack methodologies, either through nation-state actors or criminal groups, means it is not always easy to keep ahead of the curve. Unfortunately, I believe we will continue to see even greater escalation in the power of attacks being executed and therefore the breadth and depth of collaboration between governments and the private sector has to develop at pace’.
This will also be subject to a case study panel discussion at Critical Infrastructure Protection and Resilience North America (www.ciprna-expo.com) in New Orleans LA on 19th - 21st of October 2021.
Leave a comment , , , ,

NSA releases Cybersecurity Advisory on Ensuring Security of Operational Technology

Agency News, Cyber Security CII sector, Industry News
The National Security Agency (NSA) released the Cybersecurity Advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology” today, for National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) operational technology (OT) owners and operators. The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.
Each IT-OT connection increases the potential attack surface. To prevent dangerous results from OT exploitation, OT operators and IT system administrators should ensure only the most imperative IT-OT connections are allowed, and that these are hardened to the greatest extent possible. An example of this type of threat includes recent adversarial exploitation of IT management software and its supply chain in the SolarWinds compromise with publicly documented impacts to OT, including U.S. critical infrastructure.
This guidance provides a pragmatic evaluation methodology to assess how to best improve OT and control system cybersecurity for mission success, to include understanding necessary resources for secure systems:
- First, NSA encourages NSS, DoD, and DIB system owners, operators, and administrators to evaluate the value against risk and costs for enterprise IT to OT connectivity. While the safest OT system is one that is not connected to an IT network, mission critical connectivity may be required at times. Review the connections and disconnect those that are not truly needed to reduce the risk to OT systems and functions.
- Next, NSA recommends taking steps to improve cybersecurity for OT networks when IT-OT connectivity is mission critical, as appropriate to their unique needs. For IT-OT connections deemed necessary, steps should be taken to mitigate risks of IT-OT exploitation pathways. These mitigations include fully managing all IT-OT connections, limiting access, actively monitoring and logging all access attempts, and cryptographically protecting remote access vectors.
Operational technology includes hardware and software that drives the operations of a given infrastructure environment, from an engine control unit in a modern vehicle to nationwide train transportation networks.
Every IT-OT connection creates an additional vector for potential OT exploitation that could impact and compromise mission and/or production. Performing a comprehensive risk analysis for all IT-OT interconnections and only allowing mission critical interconnections when they are properly protected will create an improved cybersecurity posture. By employing an appropriate risk analysis strategy, leadership and system owners and operators can make informed decisions to better manage OT networks while reducing the threats from and impact of exploitation and destructive cyber effects.
Leave a comment , , ,

Exploring Research Directions in Cybersecurity

Agency News, Cyber Security CII sector, Industry News
ENISA, the European Union Agency for Cybersecurity, has identified key research directions and innovation topics in cybersecurity to support the efforts of the EU towards a Digital Strategic Autonomy.
Resilience, technological sovereignty and leadership are essential for the EU and as such, they are addressed by the new EU Cybersecurity Strategy. In an effort to support this cybersecurity strategy, the European Union Agency for Cybersecurity releases today a report intended to look into digital strategic autonomy in the EU and suggests future research directions.
What is Digital Strategic Autonomy?
Digital strategic autonomy can be defined as the ability of Europe to source products and services designed to meet the EU’s specific needs and values, while avoiding being subject to the influence of the outside world. In the digital world, such needs may encompass hardware, software or algorithms, manufactured as products and/or services, which should comply with the EU values, and thus preserve a fair digital ecosystem while respecting privacy and digital rights.
To ensure the sourcing of such products and/or services complies with the EU’s needs and values, the EU has the option to self-produce them autonomously, or in the case where products and services are acquired from third countries, to certify them and validate their compliance.
However, in cases where there is a high dependence on sourcing, the EU should still be capable of operating its digital infrastructures without giving rise to any possible detrimental influence. Hence, Europe needs to maintain the capability to produce its critical products and services independently.
In short, digital strategic autonomy means the capacity for the EU to remain autonomous in specific areas of society where digital technologies are used.
Why such a move?
The new challenges brought about by the digitalisation of our environment raise questions on our capacity to retain ownership and control of our personal data, of our technological assets and of our political stand. Such are the main dimensions to be considered under the idea of digital strategic autonomy.
Furthermore, the COVID-19 pandemic highlighted the importance of cybersecurity and the need for the EU to continue to invest in research & development in the digital sector. Within this context, ENISA’s report sets and prioritises the key research and innovation directions in cybersecurity.
Key Research Directions: which are they?
The report identifies the following seven key research areas:
- Data security;
- Trustworthy software platforms;
- Cyber threat management and response;
- Trustworthy hardware platforms;
- Cryptography;
- User-centric security practices and tools;
- Digital communication security.
For each of these areas, the report introduces the current state-of-play in the EU, includes an assessment of current and expected issues. The analyses included serve the purpose of issuing recommendations on cybersecurity related research topics. Such recommendations intend to highlight the bases needed to bolster the EU’s digital autonomy.
Leave a comment , ,

FS-ISAC Leads Financial Sector in World's Largest International Live-Fire Cyber Exercise

Cyber Security CII sector, Industry News
FS-ISAC, the only global cyber intelligence sharing community solely focused on financial services, announced its leadership role in devising the financial sector’s scenario during this year’s NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) Exercise Locked Shields.
Locked Shields simulated a series of realistic and sophisticated cyber attack scenarios using cutting-edge technologies, complex networks, and diverse attack methods to test the countries’ ability to protect vital services and critical infrastructure.
This year the exercise strategic track scenario included a large-scale disruption across multiple aspects of the financial services sector. To do this, FS-ISAC convened a Scenario Expert Planning Group comprised of its members including the Bank for International Settlements (BIS) Cyber Resilience Coordination Centre (CRCC), Mastercard, NatWest Group, and SWITCH-CERT among others.
“Given the cross-border nature of today’s cyber threats, exercises like Locked Shields are critical tools in preparing the global financial services industry to better defend against increasingly sophisticated threat actors,” said Teresa Walsh, Global Head of Intelligence of FS-ISAC. “To strengthen the financial sector’s resiliency, FS-ISAC has facilitated cyber exercises for more than ten years. This is a natural extension of our role in helping protect the global financial system.”
A key focus of the exercise strategic track is the cyber dependencies of the financial services industry and how they relate to government and critical infrastructure. The exercise will also examine and account for the new realities brought about by the pandemic, such as the greater security vulnerabilities caused by accelerated digitization and remote work.
“Large-scale exercises like Locked Shields provide both the public and private sectors an opportunity to pressure test response capabilities across borders,” said Ron Green, Chief Security Officer, Mastercard. “Moving with speed and purpose are crucial during an actual incident and everyone involved will gain from the enhanced collaboration and information sharing.”
“Locked Shields continually strives to address the most pressing needs of our nations by emulating current challenges faced by leaders in the cyber domain. Partnerships, such as with FS ISAC, allows us to present current real-world challenges to national leadership. The exercise tests the ability of nations to address a massive cyber attack from internal government cooperation to what mechanisms can be used for coordination and information sharing with the private sector and international partners,” said Colonel Jaak Tarien, Director of the CCDCOE, a NATO-affiliated cyber defence hub that has organized this Exercise every year since 2010.
Leave a comment , , ,

Security updates released for Microsoft Exchange Servers

Agency News, Cyber Security CII sector, Industry News
The National Cyber Security Centre (NCSC) is encouraging organisations to install critical updates following a number of vulnerabilities being addressed in Microsoft Exchange.
As part of Microsoft's scheduled April update cycle, a number of critical severity vulnerabilities were addressed in Microsoft Exchange. We have no information to suggest that these vulnerabilities are being used in active exploitation. However, given the recent focus on Exchange, we recommend the installation of updates as soon as practicable, as attackers may seek to build exploit capability which could be used against systems before the updates are applied.
The vulnerabilities affect Microsoft Exchange Server. The affected versions are:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
Organisations running an out-of-support version of Microsoft Exchange should update to a supported version without delay.
Exchange Online customers are already protected.
Recommendation
The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to install the latest security updates immediately. The April 2021 security update fixes a number of security vulnerabilities and more information can be found on Microsoft's website.
Leave a comment , , ,

Guidelines for Cybersecurity in Hospitals: New Online tool

Agency News, Cyber Security CII sector
The new tool helps healthcare organisations identify best practices in order to meet cybersecurity needs when procuring products or services.
To facilitate the use of the Procurement Guidelines for Cybersecurity in Hospitals published in 2020, ENISA releases an online tool today to support the healthcare sector in identifying procurement good practices to meet cybersecurity objectives when procuring products or services.
In addition, the Agency also publishes a concise version of the procurement guidelines dedicated to the sector in each of the 24 EU official languages.
Cybersecurity in Healthcare: why does it matter?
The COVID-19 pandemic demonstrated the value of eHealth services such as telemedicine and remote patient care.
Since it has become increasingly digital and interconnected, the healthcare sector needs to consider cybersecurity as an enabler and as a key factor for ensuring the resilience and availability of key healthcare services.
Cybersecurity needs to be envisaged throughout the procurement lifecycle. IT departments should be involved in procurement activities as the cybersecurity implications in the procurement of any product or service should be well understood and consistently addressed by healthcare organisations.
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar, declared: “Securing eHealth today means ensuring the resilience of the EU’s life support system, the healthcare sector. ENISA is committed to shape the ICT environment needed to prevent cybersecurity incidents and attacks on our healthcare sector.”
Procurement Guidelines and online tool: What for?
The online tool was developed as a complement to the procurement guidelines for cybersecurity in hospitals. Its purpose is:
- To help healthcare organisations to quickly identify the guidelines that are most relevant to their procurement context such as assets procured or related threats;
- To promote the importance of a good procurement process to ensure appropriate security measures.
To facilitate the dissemination of good practices across all healthcare organisations across the EU, a concise version of the procurement guidelines is now made available in the 22 official EU languages and the full version is available in english and spanish languages.
The report on procurement guidelines has already generated a significant interest in the healthcare cybersecurity community.
Stakeholders in the sector, including members of the eHealth Security Experts Group suggested the idea of an interactive format of the guidelines making it possible to customise searches and help decision making through informed procurement.
The guidelines were translated in order to allow health organisations across Member States to directly access the content in their own language.
Who is it meant for?
- Procurement officers of healthcare organisations;
- Healthcare professionals with technical positions or in charge of IT systems and equipment;
- Chief level executives such as CIO, CISO, CTO;
- The EU citizens involved in or seeking to develop knowledge and awareness on such processes.
Leave a comment , ,

Building Trust in the Digital Era: ENISA boosts the uptake of the eIDAS regulation

Agency News, Cyber Security CII sector, Health & Social Care, Industry News
The European Union Agency for Cybersecurity issues technical guidance and recommendations on Electronic Identification and Trust Services helping Member States to implement the eIDAS regulation.
The European Union Agency for Cybersecurity (ENISA) completed a package of five reports in order to boost the implementation of the eIDAS regulation and promote the uptake of Electronic Identification and Trust Services. This work falls under the scope of the EU Cybersecurity strategy for the Digital Decade.
ENISA has been in the forefront of the developments on eIDAS since 2013 and with the Cybersecurity Act, established in 2019, the Agency has an extended mandate to support and assist the European Commission and the Member States in the area of electronic identification.
In this challenging period, the “EU digital ID scheme for online transactions across Europe” initiative will drive the revision of the eIDAS and will promote digital identities for all Europeans. ENISA in order to support the Commission has undertaken activities to explore the security considerations for trust service providers and remote identity proofing.
Four of the reports on trust services form an update of ENISA’s guidelines for qualified trust service providers. They represent a voluntary toolset designed to help those trust service providers comply with eIDAS. Specifically, they include:
- technical guidance on the security framework for Qualified Trust Service Providers (QTSP) and for the non-Qualified ones;
- security recommendations for Qualified Trust Service Providers based on Standards;
- guidelines on Conformity Assessment of Trust Service Providers.
A fifth report includes an analysis of the methods used to carry out identity proofing remotely and exploring security considerations. Remote identification allows customers to have their identification information collected and validated without the need for physical presence to the premises of the operator. This has become crucial during the COVID-19 pandemic as it allows access to cross-border online services offered by Member States.
Technical Guidelines on Trust Services
ENISA issued the reports in order to update existing recommendations and guidelines issued in 2017 for qualified trust services. The purpose of these reports is therefore to focus on the requirements set by the eIDAS regulation and the emergence of new standards and new TSP services.
The new guidelines are presented in four different reports according to the following topics:
- trust service providers (qualified or not) looking for guidance on how to meet the requirements of the eIDAS Regulation;
- service providers seeking to clarify whether they qualify as a trust service provider according to the provisions under the eIDAS regulation;
- relying parties seeking to evaluate to what extent their trust service provider complies with the eIDAS requirements.
As a result, the set of recommendations include:
- Security Framework for Qualified Trust Service Providers and for Non-Qualified Trust Service Providers. These guidelines consider the greater potential variety encountered in non-qualified trust service providers;
- Security Recommendations for Qualified Trust Service Providers based on Standards, and Guidelines on Conformity Assessment of Trust Service Providers.
These guidelines have been consulted with and validated by experts in the eIDAS field from various sectors.
Leave a comment , , ,

The Bahamas strengthens its cybersecurity capacity

Agency News, Cyber Security CII sector, Industry News
The Bahamas has launched a project with ITU to set up a national Computer Incident Response Team (CIRT) to help protect the small island country’s critical digital infrastructure and data.
The National Cybersecurity Project, started in January and officially launched in February at national level, aims to help assess current Bahamian capabilities in this rapidly evolving field, as well as develop its National Cybersecurity Strategy.
The national CIRT will also support the government in building national cybersecurity expertise, closing human resource gaps, and supporting the elaboration of a cybersecurity framework and policies. Bahamian officials must do all they can “to put mechanisms in place to protect the government’s systems and citizens’ data from exposure to [cyber] attacks,” said the State Minister for Finance, Kwasi Thompson.
Digitizing hundreds of government services
The government’s recent decision to digitize more than 200 public administration services over the next five years has heightened the country’s need for a well-equipped cybersecurity team that can identify, defend, manage, and respond to cyber threats, Thompson added.
“The creation of this National Cybersecurity Strategy will help with review and further implementation of cyber legislation for the protection of citizens and clients,” he said.
Rapid growth in online business transactions – among both government entities and the private sector – makes cybersecurity enhancements paramount. The Bahamas, like other small island developing states in the Caribbean, needs to provide a safe online environment that minimizes any risks associated with online service provision.
The project will also support the development of related national cybersecurity platforms, including a national public key infrastructure (PKI), e-government services (including national identity services), and an access management framework.
ITU’s Telecommunication Development Bureau Director, Doreen Bogdan-Martin, highlighted the project’s region-wide significance. Projects like this one on the Bahamas will strengthen the Caribbean “cybersecurity supply chain” and reinforce international cooperation to combat cyber threats, she said, thanking the Bahamian government for seeking ITU support and expertise.
Building skills and updating tools
Key project objectives include a National CIRT Readiness Assessment, a Cybersecurity Capacity Maturity Model (CMM), a National Cybersecurity Strategy and Action Plan, and all necessary capacity building and service upgrades to activate the national CIRT, said Bruno Ramos, ITU Regional Director for the Americas.
The project is set for full implementation by the end of 2022, with interim steps including six months of ITU support help the CIRT reach maturity.
The national CIRT’s skills and tools will need constant updating, Ramos added. “It is vital to equip the response team with new technologies, deploy additional services, provide technical training, and coordinate and collaborate with other international organizations.”
Leave a comment , , ,

When & How to Report Security Incidents - ENISA releases new guidelines

Agency News, Cyber Security CII sector, Industry News, Telecomms sector
The European Union Agency for Cybersecurity (ENISA) releases new guidelines to facilitate the reporting of security incidents by national telecom security authorities.
The guidelines published help national telecom security authorities in the reporting of significant incidents to ENISA and the European Commission under the European Electronic Communications Code (EECC).
These new guidelines replace the previous ones issued by ENISA on incident reporting under Article 13a of the EU Telecoms Framework Directive. This revised version takes into account the scope and the provisions of the EECC and provides non-binding technical guidance to national authorities supervising security in the electronic communications sector.
The following three types of incident reporting are provided for under article 40 of the EECC:
1. National incident reporting from providers to national security authorities;
2. Ad-hoc incident reporting between national security authorities and ENISA;
3. Annual summary reporting from national security authorities to the European Commission and ENISA.
The new guidelines focus firstly on the ad-hoc incident reporting between the security authorities and ENISA and secondly on the annual summary reporting. More specifically, the document includes information on how and when security authorities can report security incidents to ENISA, to the European Commission and to other security authorities.
The information provided considers the services and incidents within the scope of the EECC - incidents affecting confidentiality, availability, integrity and authenticity of networks and services.  The thresholds needed for the annual reporting are also defined.  These thresholds are both of a quantitative and of a qualitative nature.
The quantitative elements considered include the number of users affected and the duration of the incident. Qualitative information was also used, such as the geographical coverage of the incident and the impact on the economy, on society and on users.
The new guidelines also include an incident report template and draw the distinction between national and annual reporting.
This report was drafted by ENISA in close cooperation with the ECASEC expert group of national telecom security authorities.
Leave a comment , , , ,

ENISA provide statement on Microsoft Exchange vulnerabilities

Agency News, Cyber Security CII sector, Industry News
The EU Agency for Cybersecurity (ENISA) has provided a statement with an assessment and advice on Microsoft Exchange vulnerabilities.
Microsoft released security updates for Microsoft (MS) Exchange server suite. Active exploitation has been observed on-premises running MS Exchange installations.
MS Exchange vulnerabilities once exploited may lead to network compromise, data exfiltration and ransomware attacks. Across the EU, an increasing number of MS Exchange installations have also been found to be the target of malicious attacks.
ENISA published a situation report which provides an assessment as well as advice and mitigation measures. It reports that threat has been assessed as severe and considers these types of attacks probable and of high risk.
The Agency calls on organisations using affected Microsoft Exchange versions to patch the flaws immediately and thoroughly investigate for potential signs of compromise.
At EU level, the EU CSIRTs Network and EU Cyber Crises Liaison Organisation Network (CyCLONe) are monitoring the situation and collecting information at both the technical and operational levels.
Microsoft is updating advisories and guidance while additional technical information and advice are provided by CERT-EU technical advisory.
Leave a comment , , ,
1 11 12 13 14 15 17