Apr 19 2023

How to Prepare Infrastructure for a War and Enable a Company’s Security

Category: Cyber War,Information WarfareDISC @ 11:29 am

Mykola Srebniuk, Head Of Information Security, MacPaw
Vira Tkachenko, CTO, MacPaw

MacPaw has been operating in Kyiv since the start of a full-scale war in Ukraine. This session will outline how the organization prepare its infrastructure for the Russian invasion, how plans were implemented, and the company’s security and Business continuity were ensured. This session will be helpful for businesses in various cases of natural and cyber disasters, from hurricanes and typhoons to cyberattacks.

Cyber Wars gives you the dramatic inside stories of some of the world’s biggest cyber attacks. These are the game-changing hacks that make organisations around the world tremble and leaders stop and consider just how safe they really are. Charles Arthur provides a gripping account of why each hack happened, what techniques were used, what the consequences were and how they could have been prevented. 

Cyber attacks are some of the most frightening threats currently facing business leaders, and this book provides a deep insight into understanding how they work and how hackers think as well as giving invaluable advice on staying vigilant and avoiding the security mistakes and oversights that can lead to downfall. No organization is safe, but by understanding the context within which we now live and what the hacks of the future might look like, you can minimize the threat.  

Cyber Wars: Hacks That Shocked the Business World

Russia’s digital warriors adapt to support the war effort in Ukraine, Google threat researchers say

InfoSec Threats | InfoSec books | InfoSec tools | InfoSec services

Tags: Cyber War, Prepare Infrastructure for a War


Sep 14 2022

Cyber espionage campaign targets Asian countries since 2021

Category: Cyber Espionage,Information WarfareDISC @ 9:00 am

A cyber espionage group targets governments and state-owned organizations in multiple Asian countries since early 2021.

Threat actors are targeting government and state-owned organizations in multiple Asian countries as parts of a cyber espionage campaign that remained under the radar since early 2021.

“A distinct group of espionage attackers who were formerly associated with the ShadowPad remote access Trojan (RAT) has adopted a new, diverse toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries.” reads an analysis published by Symantec Threat Hunter team, part of Broadcom Software. “The attacks, which have been underway since at least early 2021, appear to have intelligence gathering as their main goal.”

The attackers employed a broad range of legitimate tools to deliver malware in attacks aimed at government institutions related to finance, aerospace, and defense, as well as state-owned media, IT, and telecom firms.

The attackers used Dynamic-link library (DLL) side-loading to deliver the malicious code. The technique sees threat actors placing a malicious DLL in a directory where a legitimate DLL is expected to be found. Then the attacker runs a legitimate application that loads and executes the malicious payload.

The attackers target old and outdated versions of security solutions, graphics software, and web browsers that lack of mitigations for DLL side-loading attacks.

“Once a malicious DLL is loaded by the attackers, malicious code is executed, which in turn loads a .dat file. This file contains arbitrary shellcode that is used to execute a variety of payloads and associated commands in memory. In some cases, the arbitrary shellcode is encrypted.” continues the report.

The attackers also leverage these legitimate software packages to deploy additional tools (credential dumping tools, network scanning tools such as NBTScan, TCPing, FastReverseProxy, and FScan, and the Ladon penetration testing framework), which are used to perform lateral movement.

Once the attackers have established backdoor access they use Mimikatz and ProcDump to harvest credentials and obtain deeper access to the target network. In some instances, threat actors also dump credentials via the registry.

Experts also observed attackers using PsExec to run old versions of legitimate software to load off-the-shelf RATS.

The cyberspies also use a number of living-off-the-land tools such as Ntdsutil to mount snapshots of Active Directory servers in order to gain access to Active Directory databases and log files and the Dnscmd command line tool to enumerate network zone information. 

Experts also shared details about an attack against a government-owned organization in the education sector in Asia. The intrusion lasted from April to July 2022, during which the adversary accessed machines hosting databases and emails, before accessing the domain controller.

The attackers also use of an 11-year-old version of Bitdefender Crash Handler (“javac.exe”) to run a Mimikatz and the Golang penetration testing framework LadonGo.

The experts did not attribute the cyber espionage campaign to a specific threat actor, however, they noticed the use of the ShadowPad backdoor which is commonly used by China-linked APT groups.

“The use of legitimate applications to facilitate DLL side-loading appears to be a growing trend among espionage actors operating in the region. Although a well-known technique, it must be yielding some success for attackers given its current popularity. Organizations are encouraged to thoroughly audit software running on their networks and monitor for the presence of outliers, such as old, outdated software or packages that are not officially used by the organization.” concludes the report that includes Indicators of Compromise (IoCs).

Cyber Warfare in 2022: Attack Techniques and Espionage Tactics of Cyber Crime Groups and Nationstates

Tags: cyber espionage group


Mar 26 2022

FCC adds Kaspersky to Covered List due to unacceptable risks to national security

Category: Antivirus,Information Security,Information WarfareDISC @ 9:53 pm

The Federal Communications Commission (FCC) added Kaspersky to its Covered List because it poses unacceptable risks to U.S. national security.

The Federal Communications Commission (FCC) added multiple Kaspersky products and services to its Covered List saying that they pose unacceptable risks to U.S. national security.

“The Federal Communications Commission’s Public Safety and Homeland Security Bureau today added equipment and services from three entities – AO Kaspersky Lab, China Telecom (Americas) Corp, and China Mobile International USA Inc. – to its list of communications equipment and services that have been deemed a threat to national security, consistent with requirements in the Secure and Trusted Communications Networks Act of 2019.” reads the FCC’s press release.

The Covered List, published by Public Safety and Homeland Security Bureau published, included products and services that could pose an unacceptable risk to the national security of the United States or the security and safety of United States persons.

The US commission also added Chinese state-owned mobile service providers China Mobile International USA and China Telecom Americas to the list. Below is the list of Covered Equipment or Services added on March 25, 2022:

  • Information security products, solutions, and services supplied, directly or indirectly, by AO Kaspersky Lab or any of its predecessors, successors, parents, subsidiaries, or affiliates.
  • International telecommunications services provided by China Mobile International USA Inc. subject to section 214 of the Communications Act of 1934.
  • Telecommunications services provided by China Telecom (Americas) Corp. subject to section 214 of the Communications Act of 1934.

FCC banned Kaspersky security solutions and services supplied by Kaspersky or any linked companies.

“The FCC’s decision to add these three entities to our Covered List is welcome news. The FCC plays a critical role in securing our nation’s communications networks, and keeping our Covered List up to date is an important tool we have at our disposal to do just that. In particular, I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold necessary to add these entities to our list. Their addition, as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state backed entities seeking to engage in espionage and otherwise harm America’s interests.” said FCC Commissioner Brendan Carr. “I applaud Chairwoman Rosenworcel for working closely with our partners in the Executive Branch on these updates. As we continue our work to secure America’s communications networks, I am confident that we will have more entities to add to our Covered List.”

In Mid March, the German Federal Office for Information Security agency, aka BSI, recommended consumers uninstall Kaspersky anti-virus software. The Agency warns the cybersecurity firm could be implicated in hacking attacks during the ongoing Russian invasion of Ukraine.

According to §7 BSI law, the BSI warns against the use of Kaspersky Antivirus and recommends replacing it asap with defense solutions from other vendors.

Tags: FCC, kaspersky, National security


Feb 20 2022

Ukraine: how cyber-attacks became so important to the conflict

Category: Information Warfare,SpywareDISC @ 4:28 pm

https://theconversation.com/ukraine-how-cyber-attacks-became-so-important-to-the-conflict-177266

For the past few weeks, Russia has been deploying military forces into strategic positions on Ukraine’s borders. However, there is another, virtual dimension to the escalating conflict: cyber-attacks on Ukrainian government and business websites and services.

Although it is impossible to confirm the Russian state is behind these attacks, commentators have suggested that similar tactics form part of a type of hybrid warfare that Russia has been fine tuning for the past couple of decades.

Cyber-espionage and information warfare have become an intrinsic part of recent conflicts and happen on a regular basis between conflicting powers. However, governments do not usually publicly claim responsibility for this type of activity, since this could put them in a position of declaring war against the targeted country and provoking counterattacks and sanctions from the international community. Therefore, evidence that Russia is definitely behind these attacks is hard to establish.

Cyber-attacks are often attributed to hacker groups with nationalist motivations, who justify their political agendas without explicitly verifying any state backing.

In January, there was a spate of attacks by Belarusian hackers believed to be supporting Russia. They launched a series of malware attacks against Ukrainian computer systems with many government and other websites being defaced with provocative and intimidating messages.

In mid February, there was another round of cyber-attacks, this time targeting the Ukrainian army website, ministerial websites and some of the major banks, including PrivatBank, preventing online payments and use of banking apps.

These latest attacks were mainly distributed denial of service (DDOS) attacks, where a huge number of small packets of information are sent to websites and servers from multiple sources. This information overload causes the servers and computer systems targeted to slow down or collapse because of the swarm of information requests.

Russian involvement in those cyber-attacks is suspected, but is hard to confirm. The attacks follow the pattern of similar tactics with alleged Russian backing over the past two decades in Ukraine, Estonia and Georgia, including attacks on communications infrastructures and power grids.

The US president and EU officials are now discussing increasing cyberspace defences against such attacks or imposing sanctions, if required.

Despite all of this, Ukrainian officials have refrained from explicitly mentioning the Russian state as being behind these attacks.

A searing look inside the rise of cyberwarfare as the primary way nations now compete with and sabotage one another – The Perfect Weapon

Tags: cyberwarfare, The Perfect Weapon


Jan 08 2022

One Book Reveals the Future of the Chinese-American Conflict

In great-power competition, force is the coin of the realm. The Great Nightfall: Why We Must Win the New Cold War explains how. 

Ambassador Middendorf delivers a seminal book for understanding military competition in an era of great-power competition. No one who is serious about the future security, prosperity and freedom of America should neglect this essential read.

Ambassador Bill Middendorf makes one unambiguous argument in his new book, The Great Nightfall: Why We Must Win the New Cold War. America won’t survive and thrive in an era of great-power competition without a strong, dominant military. There is one reason for that. China.  

The Great Nightfall lays out the threat posed by the Chinese Communist Party. It also makes a compelling argument for the kind of military the U.S. needs to match the dangers posed by Beijing. 

Middendorf has given a full lifetime of service to the nation, from his days at sea during World War II to diplomatic assignments and government posts. Among the latter, a turn as Secretary of the Navy. He was instrumental in designing the naval forces that completely outmatched the Soviets during the Cold War. Today, he remains America’s maritime Henry Kissinger, the nation’s preeminent thinker on naval modernization. 

In The Great Nightfall, Middendorf deconstructs great-power competition. Regardless of how many internet trolls, little green men, bank accounts and businesses a state controls, it’s not enough to make the state a great power. That requires real military power. 

Without the capacity to physically defend national interests, big states are fat banks waiting to be robbed. In contrast, nations that can defend themselves have a foundation on which to build sustainable diplomatic, economic and political policies. “The Cold War ended,” Middendorf argues in The Great Nightfall, “because we were the strongest military force in the world, backed by a unified NATO and strong allies in the Pacific.”  

In short, in great-power competition, force is the coin of the realm. The problem with contemporary competition, Middendorf notes, is that “[t]imes have changed.” China is on a path to challenge the United States for number one.  

One of the attributes the great-power competition shares with the Cold War is that our adversaries would prefer to “win without fighting.” In other words, they want to achieve victory without the debilitating costs and risks of direct military conflict. These opponents are predisposed to adopt indirect approaches to whittle-away at the strength and solidarity of the free world. That said, military competition plays an important role in their calculus, particularly for China. Chinese strategy envisions ultimately demonstrating sufficient military dominance that Beijing can intimidate other nations and bend them to its will. 

In some ways, the new era of great-power competition resembles a new type of arms race. And, as was the case during the Cold War, there are concerns that the competition could turn into armed confrontation. Indeed, The Great Nightfall maps out several scenarios—from North Korea to the South China Seas—where great powers could actually come to blows. 

The Great Nightfall, however, is fundamentally a book about how the United States can establish conventional and strategic deterrence in the modern world. “This book is not a call for war,” writes the author. “The best way to prepare for war is to be prepared to win it. We need to stop underfunding the military, especially in areas of research, non-conventional war, space, cyberwar, and artificial intelligence. War is changing, and we need to change with it. We cannot expect success fighting tomorrow’s conflicts with yesterday’s weapons.”  

Middendorf’s blueprint for protecting America in the twenty-first century stands out in two ways. First, he provides a detailed assessment of how to protect the U.S. capacity to build and sustain a modern military. Here, he addresses issues from research and development, to establishing secure, “clean” supply chains, to ship-building. Second, he delivers a comprehensive overview of future U.S. naval needs.

It is not just his naval service and stint as Secretary of the Navy that lead the ambassador to focus on seapower. Fundamentally, China’s potential as a global threat is rooted in its ability to project maritime power. And naval power, in the modern sense, is multidimensional, linking the ability to sail the seas with undersea warfare, air, space, and cyber operations. 

The outstanding contribution of The Great Nightfall is its extraordinarily deep evaluation of all aspects of naval power, covering the nature of the Chinese threats and the appropriate countermeasures. In the end, Middendorf delivers a seminal book for understanding military competition in an era of great-power competition. No one who is serious about the future security, prosperity and freedom of America should neglect this essential read.  

Tags: Chinese-American Conflict, New Cold War, The Great Nightfall


Jan 25 2021

New campaign targeting security researchers

Category: Information Security,Information WarfareDISC @ 6:10 pm

Over the past several months, the Threat Analysis Group has identified an ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations. The actors behind this campaign, which we attribute to a government-backed entity based in North Korea, have employed a number of means to target researchers which we will outline below. We hope this post will remind those in the security research community that they are targets to government-backed attackers and should remain vigilant when engaging with individuals they have not previously interacted with.

In order to build credibility and connect with security researchers, the actors established a research blog and multiple Twitter profiles to interact with potential targets. They’ve used these Twitter profiles for posting links to their blog, posting videos of their claimed exploits and for amplifying and retweeting posts from other accounts that they control.

Their blog contains write-ups and analysis of vulnerabilities that have been publicly disclosed, including “guest” posts from unwitting legitimate security researchers, likely in an attempt to build additional credibility with other security researchers.

A screenshot from the actors' blog of an analysis done by the actor about a publicly disclosed vulnerability.
Example of an analysis done by the actor about a publicly disclosed vulnerability.

While we are unable to verify the authenticity or the working status of all of the exploits that they have posted videos of, in at least one case, the actors have faked the success of their claimed working exploit. On Jan 14, 2021, the actors shared via Twitter a YouTube video they uploaded that proclaimed to exploit CVE-2021-1647, a recently patched Windows Defender vulnerability. In the video, they purported to show a successful working exploit that spawns a cmd.exe shell, but a careful review of the video shows the exploit is fake. Multiple comments on YouTube identified that the video was faked and that there was not a working exploit demonstrated. After these comments were made, the actors used a second Twitter account (that they control) to retweet the original post and claim that it was “not a fake video.”

Source: New campaign targeting security researchers


Dec 13 2020

Suspected Russian hackers spied on U.S. Treasury emails

Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.

Three of the people familiar with the investigation said Russia is currently believed to be behind the attack.

Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.

Source: Suspected Russian hackers spied on U.S. Treasury emails – sources


    Active Exploitation of SolarWinds Software

    Emergency directive: Global governments issue alert after FireEye hack is linked to SolarWinds supply chain attack

    SolarWinds Security Advisory

    Massive suspected Russian hack is 21st century warfare

    The government has known about the vulnerabilities that allowed the SolarWinds attack since the birth of the internet—and chose not to fix them.

    WATCH: Trump refuses to acknowledge that Russia meddled in US elections



RUSSIAN GOVERNMENT HACKING GROUP ‘APT29’ BEHIND CYBER HACK ON US GOVERNMENT
httpv://www.youtube.com/watch?v=FM66FgFk6Ls



U.S. Agencies Hit in Brazen Cyber-Attack by Suspected Russian Hackers
httpv://www.youtube.com/watch?v=vlVGnu7i0tY



#Sandworm: A New Era of #Cyberwar and the Hunt for the #Kremlin’s Most #Dangerous #Hackers Paperback




Tags: APT29, cyber hacking, FireEye, Greenburg, Russian cyber attack, Russian espionage, Russian hackers, Sandworm, U.S. Treasury


Jul 23 2011

Latest In U.S. Drone Technology

Category: Information WarfareDISC @ 7:20 pm

http://www.youtube.com/watch?v=2ediTghuXrQ





Jun 08 2010

U.S cybersecurity policies update

Category: Information Warfare,Security Risk AssessmentDISC @ 12:47 am

Breakdown of political party representation in...
Image via Wikipedia

By Greg Masters

The U.S. House of Representatives has passed a defense bill that contains an amendment aimed at regulating the information security responsibilities and practices of federal agencies.

The amendment, sponsored by Rep. Jim Langevin, D-R.I., and Rep. Diane Watson, D-Calif., updates the Federal Information Security Management Act (FISMA) and establishes a National Office for Cyberspace in the Executive Office of the President.

The amendment was attached to the National Defense Authorization Act for Fiscal Year 2011, which passed the House Friday by a 229-186 vote.

“The passage of this amendment comes after a great deal of work to raise awareness about the cybervulnerabilities that exist throughout our federal government,” Langevin, co-chair of the House Cybersecurity Caucus, said in a news release. “These provisions will establish strong, centralized oversight to protect our nation’s critical information infrastructure and update our comprehensive policy for operating in cyberspace.”

The measure integrates a number of policy recommendations made by the Obama administration’s 60-day Cyberspace Policy Review, the CSIS Commission on Cybersecurity for the 44th Presidency and the U.S. Government Accountability Office (GAO), which has offered suggestions for remedying security vulnerabilities across federal agencies.

The amendment establishes the National Office for Cyberspace (NOC) within the Executive Office of the President.

A director, appointed by the president and confirmed by the Senate, would be charged with coordinating and overseeing the security of agency information systems and infrastructure. In addition, a CTO would be hired.

Also, a Federal Cybersecurity Practice Board within the NOC would be charged with overseeing the implementation of NIST-approved standards and guidelines, in addition to defining policies that agencies must adhere to in order to comply with FISMA requirements.

Further, agencies would be required to undertake automated and continuous monitoring of their systems to ensure compliance and to identify potential risks to assets. An annual independent audit of information security programs to determine their overall effectiveness and compliance with FISMA requirements would also be required.

The amendment also calls for developing policies to be used in the purchasing of technology products and services.

A version of the bill currently making its way through the Senate does not contain the Watson-Langevin amendment, but it could be altered before it is voted on by the upper chamber. Adjustments between the two versions of the bill could be made in conference before it is presented for President Obama’s signature. The Senate version passed the Armed Services Committee

The amendment combines two previous bills: Watson’s Federal Information Security Amendments Act and Langevin’s Executive Cyberspace Authorities Act.




Tags: Diane Watson, Federal government of the United States, Federal Information Security Management Act of 2002, FISMA, Information Security, Security, Senate, United States


Jun 01 2010

The Smart Grid needs to get smart about security

Category: Information Security,Information WarfareDISC @ 6:17 pm

A terminus of the Nelson River HVDC system, no...
Image via Wikipedia

by Larry Karisny
While following the Connectivity Show in Santa Clara California, I thought I should follow-up on the at Greentech Media’s annual Smart Grid conference in Palm Springs last week. I wanted to focus this article on Smart Grid security so I thought I should find some clear explanation of where we are now and then add my thoughts on where we need to be in smart grid security. To get an indication of where we are I couldn’t pass up this simultaneously humorous and cautionary anecdote opening panel discussion from Smart Grid security guru, Massoud Amin of University of Minnesota, drawn from his most recent whitepaper:

Now with all due respect to the power companies, why should they even know how to spell IP? Their history in communications was to build stand alone power facilities and substations connected with point to point microwave communication links (many times upgraded to their own dark fiber point to points). With this kind of money and private network capabilities, why would you ever worry about security? You lived on your own island with your own power and communications grid and every thing was just fine. Then came the smart grid. By definition, the smart grid requires a two-way digital technology to control appliances at consumers’ homes to save energy, reduce cost and increase reliability and transparency. A big change for power companies and admittedly a whole new learning curve with many power companies like PG&E setting up their own test labs begin learning this who knew an complex smart grid system (See: Inside PGE’s Smart Grid Lab Chris Knudsen, director of the technology innovation center at PG&E, shows us what they’re tinkering with).

It didn’t take long for problem to occur. Again, you need to understand that even smart meters were just dusted off 20 year old designs that were lying around waiting for someone to push the power companies into the 21 century. These designs were never meant to securely send a store data real time. It wasn’t long before serious security issues were found and were reported by respected security form like InGuardian and IOactive. And we are not talking about someone hacking you PC. When it comes to the power grid, the costs of remote hack attacks are potentially more dramatic. “The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco . So now with little knowledge of the Internet and security the power companies have billions of dollars of grant in hand with one big problem. The grants mandate an iron clad security platform.

To add to the smart grid security problems some people think the power grid is the main target in the new battle in cyber wars.

Richard Clarke, the former anti-terrorism czar, has now turned his attention to a new national security threat, putting an attack of the power grid on the front lines. In a recent NewsWeek article Clarke was quoted as saying, “I think the average American would understand it if they suddenly had no electricity.

The U.S. government, [National Security Administration], and military have tried to access the power grid’s control systems from the public Internet. They’ve been able to do it every time they have tried. They have even tried to issue commands to see if they could get generators to explode. That’s the famous Aurora experiment in Idaho. Well, it worked. And we know there are other real cases, like the power grid taken out in Brazil as part of a blackmail scheme. So the government knows it can be done, the government admits it can be done, the government intends to do it to other countries. Even the Chinese military has talked publicly about how they would attack the U.S. power grid in a war and cause cascading failures.”

So what can we do to secure the grid now while upgrading it to smart grid capabilities?

Ed Smith, CEO of WirelessWall has one word, “Attack.” Having a military background he understands that you begin an attack by crippling an enemy’s communication and critical infrastructure. His civilian background has a long history of Situational Crisis Management, using Rapid Response Teams to facilitate the successful conclusion to crisis situations. Armed with security that exceeds the DoD 8100.2 (DoD Directive on wireless security) and FIPS 140-2 End-to-End Security that was developed for the U.S. Navy to provide secure, mobile shipboard networks, Smith knows he has an immediately implementable data security solution that is simply not being recognized.

“People in the civilian sector are not upgrading their security for business reasons, basically to save money, not for security reasons. That can be tolerated if you are protecting data that involves a loss of money, but it is inexcusable when the lack of protection of data involves the loss of life. Let there be no doubt that an attack on critical infrastructure is an act of war and it is absolutely appropriate to use an available military solution to protect civilian lives.”

“We can’t afford not to put good enough security in our power grids. My company has offered our platform of higher security to VISA and others in the financial industry and made it clear that the retail industry POS terminals Data Security Standard (PCI DSS) has already been hacked, but nothing will be changed unless there are more attacks that cause greater losses. The PCI DSS standard will have to be raised, and ultimately will, but the Smart Power Grid protection has to be implemented now.”

“If you are a Smart Grid Integrator offering a solution, someone that has been breached, or better yet, don’t want to be breached, you have to be proactive. Where are the power companies? What are they waiting for? PG&E, Duke Power, Florida Power and Light, Progress Energy, Sacramento Municipal Utility District (SMUD), we are right here in Silicon Valley California, WirelessWall can even be installed remotely and proven in a matter of hours so there is really no excuse for not putting this in their labs and testing it. After about 10 years of real-life military testing and the only wireless protection allowed by the DoE to secure nuclear sensors for the last 6 years, there is not a lab test that can come close to disputing the protection capabilities of WirelessWall. It is a time and situation proven solution and our Rapid Response Team approach is designed to install protection immediately”.

Like the old David and Goliath story, the power companies need to start embracing smaller company expertise and leverage their learning curve. Like the security story of WirelessWall, the expertise of how to build these wireless network platforms resides in the companies that have had their products tested in real world municipal, public safety and military environments. Companies like Tropos Networks, Trillium (SkyPilot), Mesh Dynamics, Strix Systems and Proxim, just to name of few, they were the trail blazers that learned along the way and can now bringing tested wireless network expertise to the smart grid. With secure wireless solutions out there, power companies need to leverage the expertise of these wireless pioneers that have been there, done that and are ready to support a secure a wireless smart grid network with their tested solutions.

SP AusNet selects GE for world’s first 4G communications smart grid solution, delivering revolutionary security and reliability benefits.(CONTRACTS): An article from: Home Networks




Tags: Business, Electrical grid, Federal government of the United States, Sacramento Municipal Utility District, San Francisco, Security, Smart Grid, United States


May 06 2009

Rise of cybercrime and management responsibility

Category: Information Security,Information WarfareDISC @ 5:08 pm

ITIL Security Management
Image via Wikipedia
According to SF Chronicle article by Deborah Gage (May 8, 2009, c2) consumer reports magazine’s annual “State of the Net” survey finds that cybercrimes has held steady since 2004, with one out of five consumers becoming victims in last two years at a cost to economy of $8 billion. Consumer report can be found on at www.consumerreports.org

Uncertain economic time brings new threats and scams and most of the security experts agree that there’s a possibility of increase in cybercrime for this year. Survey also found that around 1.7 million people were victims of identity theft and 1.2 million had replaced their computers because of infected software.

First why all the signs are showing uptick in cybercrimes and second what are we going to do about it.

Management should start considering security as total cost of ownership instead of wasting time on what is ROI of information security. If there is a security breach, somebody in the management should be held accountable not an IT or security personnel. Management will keep demonstrating lax attitude toward data protection and security in general unless there are serious consequences like spending time in jail for lack of security controls (basic due diligence) and not taking appropriate actions for the risks that posed a significant threat to the organization.

PCI, HIPAA and SOX compliance are a good start in a right direction for management to take information security into consideration, but these compliance initiatives don’t address the security of a whole organization. They address security risks of a business unit in an organization. If management is really serious about security then ISO 27002 code of practice is one of the option which should be considered to address the security of the whole organization and ultimately organization should achieve ISO 27001 certification which will build a comprehensive information security management system to manage ongoing risks.

[TABLE=2]

Reblog this post [with Zemanta]




Tags: Information Security, International Organization for Standardization, isms, iso 27001, iso 27002, Operating system, Policy, Security


Mar 12 2009

Cybersecurity and congressional hearing

Category: Information WarfareDISC @ 2:02 am

United States Central Command
Cybersecurity experts were at congress floor this week to discuss security strategy and threats to federal government infrastructure for not having an appropriate strategy and funding.

“Where are we today in cyber security? From one perspective, we are in remarkably bad shape. In the last year, we have seen the networks of the two Presidential campaigns, secure networks at the U.S. Central Command and computer networks in Congress and other Federal agencies penetrated by outsiders.” Dr. Jim Lewis, Center for Strategic and International Studies

“But in our rush to network everything, few stopped to consider the security ramifications of this new world we were creating. And so we find ourselves in an extremely dangerous situation today – too many vulnerabilities exist on too many critical networks which are exposed to too many skilled attackers who can inflict too many damages to our systems. Unfortunately, to this day, too few people are even aware of these dangers, and fewer still are doing anything about it.” Rep. Yvette Clarke, D-N.Y., who chairs the subcommittee

Amit Yoran said that research and development must be bolstered, standards for securing systems must be reformed, and a legal analysis of the governance, authority and privacy requirements is needed. cybersecurity focuses on monitoring adversaries, determining their methods and techniques, tracking their activities to a point of origin, and determination of compromise scope, intent and objective.

Copies of written testimony from 3/10 proceedings are available on the Committee on Homeland Security site.

Detection of cyber attacks and emergency response plan is a paramount to be successful against cybersecurity attacks. I think federal government needs a new proactive paradigm for cybersecurity, which inspect the packet (deep packet inspection) to distinguish malicious packet from normal packet. This way malicious packet can be dealt appropriately at perimeter before it create a havoc at inside network or at end user desktop.


httpv://www.youtube.com/watch?v=5rDEw3uSK54

Reblog this post [with Zemanta]




Tags: Amit Yoran, Barack Obama, Center for Strategic and International Studies, Computer security, Congress, Federal government of the United States, Security, United States


Jan 14 2009

Cyber warfare and possibility of cybergeddon

Category: Information WarfareDISC @ 1:56 am

 

Background and Risks Associated with Various SCADA Systems | Envista  Forensics

Cyber warfare poses a serious threat to critical infrastructure of a country. It has been a major challenge for DoD officials, cyber attackers have already stolen tera byte of data from their infrastructure.

 

Most of the security expert and FBI agree that cyber attacks pose biggest threat to US vital infrastructure. “Cybergeddon” our daily economy which depend on inter connected vital network infrastructure is hacked by cyber attacker.

SCADA (Supervisory Control and Data Acquisition – control power grids in all the utilities) “systems are used in industry to monitor and control plant status and provide logging facilities and are highly configurable“. SCADA system is a connection between control systems and the switches.

Cyber attackers have already led to multicity power outage outside of US. Recent attacks show that cyber attackers are getting more knowledgeable about SCADA system. In the past SCADA use to be exclusive system but now slowly getting integrated with the rest of the infrastructure and utilizing IP addressing scheme. Both introduce new threats and raise the risk of cyber attack.

Utilities are the most critical infrastructure in a sense because of other vital infrastructure dependency on power supply. Cyber attack on SCADA system has a potential of cybergeddon and should be protected as a very critical asset by both public and private sectors. Security through obscurity is not the answer for SCADA anymore.

 

In SCADA system, reasonable security can be achieved by embracing ISO 27k standard as a policy and eventually acquiring ISO 27001 (ISMS) certification. Organizations may start the certification process with limited scope (of critical processes) in the beginning, and increment the scope in each recertification attempt based on the resources available and management risk appetite. Information Security Management System (ISMS) can be a great value added process to manage ongoing monitoring, maintaining and for process improvement of SCADA. ISMS as a process in-place provides reasonable security safeguard to zero day attacks.

 

How do I prepare for a power outage?

 


 

“SCADA system has been poorly managed for decades”

Tags: Cyber-warfare, cybergeddon, Information Security Management System, Information Warfare, International Organization for Standardization, ira winkler, iso 27001, SCADA, Security


Nov 26 2008

Cyber threats and overall security assessment

Category: Information Warfare,Risk AssessmentDISC @ 3:13 am

The main screen showing star names (color-code...
Image via Wikipedia

In the past when senior management (execs) needed to understand the financial implication of cyber threats and their exposures, they turned their questionnaires toward IT for relevant answers. In other words IT risk assessment was the answer in the past to understand the financial implications of cyber threats. The IT risk assessment is not the comprehensive or overall assessment of the company to understand the total implications of cyber threats. The overall assessment will not only include IT but also other departments like HR and legal etc… Basically cyber threats are neither IT issue and nor a legal or HR issue any more, it’s simply an enterprise management issue.

In old days the firewall was used as a major defense against potential cyber threats. The new cyber threats are sophisticated enough to demand better defense. New threats (virus, adware, worms, Trojan, spyware, spam, phishing) use modern techniques to bypass defenses. The potential risks of these new threats demand an immediate attention (of CFO or higher) and approval for resource allocation to protect against cyber threats. To make a solid business case for security ROI, senior level execs need to know the overall risk they are reducing, and their highest priority.

[TABLE=12]

ANSI and ISA have jointly released a document to assist senior management to prepare for financial implications for cyber threats. Basic essence of the guide is to provide a tool to execs to understand the financial implications of potential cyber threats to their organizations.

“The 40 page guide was put together by task force of risk management execs from more than two dozen organizations. The new guide offered by ANSI and the ISA recommends that CFO ask their various team’s questions about the biggest threats to data confidentiality, integrity and availability,” to get to know the existing controls in place and any relevant mitigation plan. Risk analysis of this information can help execs to map the cyber threats risks into correct financial terms and make better resource allocation.
The senior execs who want to implement information security as a process in their organization should consider ISO 27001 (ISMS) as a best practice, which provides a reasonable on-going due diligence to protect and safeguard organization data.

Reblog this post [with Zemanta]




Tags: availability, Business, Chief financial officer, cyber threats, data confidentiality, exposure, Financial services, Human resources, Insurance, integrity, isms, ISO/IEC 27001, Management, overall assessment, risk analysis, Risk Assessment, Risk management, roi, Security


Oct 13 2008

World Bank security breach and financial crisis

Category: Information Warfare,Security BreachDISC @ 1:56 am

The World Bank controls the World’s banking system, creates plans and strategies to develop economies to protect countries from financial turmoil. This information is a treasure trove of data which can be manipulated for huge monetary or political gain.

Amongst the financial crisis, a major security breach has been reported at World Bank that might tell us a story that protecting consumers’ data during these crisis might not be the first priority for many suffering financial institutions.

World Bank Under Siege in “Unprecedented Crisis”

“It is still not known how much information was stolen. But sources inside the bank confirm that servers in the institution’s highly-restricted treasury unit were deeply penetrated with spy software last April. Invaders also had full access to the rest of the bank’s network for nearly a month in June and July.”
“In total, at least six major intrusions — two of them using the same group of IP addresses originating from China have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. ”

The World Bank’s technology and security expert states that the incident is an “unprecedented crisis.” Some security experts are saying that this might be the worst security breach to date at a global financial institution. The hackers controlled around 18 servers for more than a month and World Bank admits that sensitive data could have been stolen but they are not sure about the total impact of the breach.

Alan Calder wrote about “Data protection and financial chaos” and mentioned that “When financial markets appear to be in free fall, many organizations might think that data protection is the least of their worries. Who cares, they might wonder, about protecting personal data if tomorrow we might not exist anymore?”
I concur with Alan on this point, in the midst of this chaos, our personal data might be at great risk and we have to be vigilant and carry the load to protect our data. At the same time, this might become another reason for the financial institutions’ demise if they let their guards down now and do not make a priority to protect customers’ data.

During this turmoil, some financial institutions’ upper management doesn’t have to worry about their responsibility of securing the customers data adequately when they already know that eventually the taxpayers will be paying for their mistakes and their bonus plan will stay intact. Unprecedented crisis are sometimes the result of unprecedented greed.

Glassner “I don’t know that the captain of the Titanic got a bonus for driving the boat into iceberg. They at least had the decency to go down with the ship” [quoted in ‘Wachovia’s Golden Parachutes” story in S.F. Chronicle of 10/10/08 pg. C1].

Bill Gates “I’m quite worried about the fiscal imbalances that we’ve got and what that might mean in terms of financial crisis ahead.”

Chinese hackers: No site is safe
httpv://www.youtube.com/watch?v=ovNVhk1rVVE&feature=related


(Free Two-Day Shipping from Amazon Prime). Great books




Tags: china, consumers data, data protection, deeply penetrated, financial chaos, financial crisis, full access, hackers, inicident, monetary gain, restricted treasury, Security Breach, sensitive data, spy software, treasure trove, unprecedented crises, unprecedented greed