Articles

New FBI strategy seeks to disrupt threat actors, help…

lead centered=”no”
The FBI sharpens its focus on collaboration among US and foreign government agencies and the private sector. It will acting as a central hub to deal with cybersecurity threats.
/lead

Last week, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint announcement about the potential threat that foreign-backed online journals pose in spreading misinformation ahead of the crucial 2020 US presidential election. This alert, intended to raise public awareness based on government intelligence, reflects a new strategic direction by the FBI to work with partners across the federal landscape to better protect the American public and its allies from cyber threats.

“It’s a complex threat environment where our greatest concerns involve foreign actors using global infrastructure to compromise US networks,” Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division said during a conference at Auburn University’s McCrary Institute organized to debut the Bureau’s new strategy.

Ugoretz said that among the many factors the FBI must now juggle in dealing with cyber threats are:

  • The increased attack surfaces stemming from widespread work-at-home arrangements due to the COVID-19 crisis
    Attackers’ growing willingness to exploit the increased vulnerabilities the wider attack surface make possible
    The increase in availability of tools that threat actors use to launch attacks
    Growth in the number of both criminal and nation-state threat actors.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Jack Young on Unsplash

 

Articles

CIOs say security must adapt to permanent work-from-home

lead centered=”no”
Both private- and public-sector CIOs see many more employees permanently working remotely, and say security needs to adapt to new threats and how they communicate.
/lead

The entire US economy and government were forced to shut down in-person facilities and operations almost overnight in March as COVID quarantines began. The new conditions forced organizations to quickly find ways to secure tens of millions of new, vulnerable endpoints created by at-home workers. Now, six months later, technology leaders are taking stock of what happened and considering how a post-COVID landscape might look.

COVID has resulted in a lot of forward-looking changes, Jim Weaver, CIO of Washington State, said at the second day of the annual Cybersecurity Summit hosted by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). “COVID has been our chief innovation officer. Now as a state we’re pivoting to change our service methodologies while in the middle of a pandemic and economic downturn.” Washington was the first state with a positive COVID case on January 14.

“Governor Inslee has been a big proponent for remote work for a lot of reasons and so we did have a culture and mindset in place already enabled to support it,” Weaver said. Washington had to jump from an average of 3,000 to 4,000 remote concurrent connections to 65,000 to 70,000 almost overnight. “That went pretty flawlessly, I’m pleased to say.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Charles Deluvio on Unsplash

 

Articles

Ransomware attacks growing in number, severity: Why experts believe…

lead centered=”no”
Law enforcement and federal experts discuss recent ransomware trends and challenges of fighting the attacks.
/lead

Ransomware has become the most chronic and common threat to digital networks. At a time when 41% of all cybersecurity insurance claims flow from ransomware attacks, it’s no surprise that ransomware is top of mind for leading security experts, government officials and law enforcement leaders.

“I think ransomware is going to get worse and I hate to say it, but it’s almost the perfect crime,” Mark Weatherford, chief strategy officer and board member of the non-profit National Cyber Security Center, told attendees at the third annual Hack the Capitol event. “It’s easy to pull off and it’s almost impossible to get caught.”

While major ransomware events grab all the headlines, Weatherford worries about the smaller victims of ransomware attackers. “Small- and medium-sized businesses simply don’t have the resources or the technical acumen to understand the threat environment that they live in,” he said.

Sometimes it can seem like a ransomware attack is inevitable. “A lot of my friends in companies that I talk to on a regular basis literally are waiting for that shoe to drop when they are the victim of a big ransomware event,” Weatherford said.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Michael Geiger on Unsplash

Articles

Election security status: Some progress on ballot integrity, but…

lead centered=”no”
With the election less than two months away, government and election officials say voting itself is more secure, but Russian disinformation remains largely unaddressed.
/lead

The presidential election in 2016 was a wake-up call that the security of the country’s election infrastructure can never again be considered a sure thing. During the last presidential campaign, Russia hacked into the Democratic National Committee’s network and stole emails from Clinton campaign officials while also breaking into at least two county voting systems in Florida. Those digital security attacks took place alongside destructive disinformation campaigns that ran on vulnerable and unprepared social media networks.

At this year’s Billington Cybersecurity Summit, 55 days before the next presidential election, experts weighed in on the progress, or lack thereof, that the US has made in securing America’s elections since 2016.

Chris Krebs, head of the Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA), told attendees that three-and-a-half years after he joined the agency it has “turned the corner in a really meaningful way” on cybersecurity. “We’re working in all 50 states on a regular basis to share information, to secure their systems, to ensure that they have all the resources they need to be prepared, whether it’s a COVID environment or non-COVID environment.”

Matthew Masterson, senior cybersecurity advisor at CISA, says his group is hard at work on supporting the more than 8,800 officials who run the country’s elections. Many of the voting jurisdictions are small but many election offices represent the largest IT operations in their counties in terms of total number of assets.

This article appeared in CSO Online. To read the rest of the article please visit here.

Photo by Kari Sullivan on Unsplash

Articles

How enterprises can benefit from Cybersecurity Awareness Month

lead centered=”no”
Organizations are working with the US Department of Homeland Security to enhance their own security awareness training and promote it in their communities.
/lead

An annual initiative launched 16 years ago by the Department of Homeland Security, National Cybersecurity Awareness Month (NCSAM) takes place every October. DHS’s main motivation in mounting a month of cybersecurity-related activities is to make consumers more aware of how to protect themselves online. This year’s awareness month theme is “Own IT. Secure IT. Protect IT.” with a focus on privacy, the internet of things (IoT) and e-commerce security.

DHS’s 2019 efforts include a consumer toolkit that features advice in 13 areas, from social media bots to home devices such as smart locks. The goal of the annual rite is to get organizations to promote DHS’s message about how to not click on phishing emails and the best methods to ensure secure passwords and other cybersecurity hygiene habits that ordinary users can deploy to make themselves safer. Last year, according to DHS, over 400 local events across the country focused on good cybersecurity habits.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Justice Department takes another run at encryption backdoors with…

lead centered=”no”
Law enforcement officials and experts on the distribution of child pornography gathered on Friday to make the emotional, if not technological, case that tech companies should open up their encryption schemes to police investigating crimes.
/lead

Following in the footsteps of former FBI Director James Comey and other top law enforcement officials, Attorney General William Barr is taking a swing at the growing prevalence of encryption across the digital landscape, with a particular renewed focus on the rising number of communications apps that are offering end-to-end encryption. On Thursday, the Justice Department published an open letter to Facebook CEO Mark Zuckerberg asking the social media giant not to proceed with its end-to-end encryption for its messaging services without providing law enforcement court-authorized access to the content of communications.

The letter, signed by the Attorney General, United Kingdom Home Secretary Priti Patel, Australia’s Minister for Home Affairs Peter Dutton, and Acting Homeland Security Secretary Kevin McAleenan, came on the same day the U.S. and UK governments entered into the world’s first ever CLOUD Act Agreement. The agreement, according to the Justice Department, “will allow American and British law enforcement agencies, with appropriate authorization, to demand electronic data regarding serious crime.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

CISA’s Krebs seeks more measured approach to election security…

lead centered=”no”
The Cybersecurity and Infrastructure Security Agency director says overhyped concern is a problem, while election officials say they reap the benefits of improved communications.
/lead

Given the too-late realization that Russia interfered in the 2016 presidential election through massive disinformation campaigns and — as the Mueller report most recently documented with a few new twists — actual efforts to hack into state elections systems, it’s no surprise that election security under the rubric of “Protect 2020” was a key theme running throughout the Cybersecurity and Infrastructure Security Agency’s (CISA) second annual Cybersecurity Summit.

Even so, CISA Director Christopher Krebs kicked off the summit by cautioning against the fearful language and overwrought concerns currently surrounding the topic of election security. “We’ve got to be more straightforward, more measured, more reasonable in how we talk about things. Election security is a great example. Are there true, absolute, fundamental risks in the infrastructure? Yes, but we have to take the hysteria out of the conversation because ultimately what we do is we drive broader voter confidence down,” he said.

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

Senator Warner seeks “grand alliance” to protect against surveillance…

lead centered=”no”
The senator believes Chinese companies will be required to aid surveillance of the US, especially as 5G networks roll out.
/lead

When it comes to technology policy, Senator Mark Warner (D-VA), Vice Chairman of the Senate Intelligence committee, is clearly concerned about the power China holds, particularly when it comes to trusting China’s leading tech suppliers and the prospect of a China-dominated build-out of global 5G networks. “My beef is with the presidency, the Communist party. It is not with the Chinese people. I have no interest in trying to go back to some cold war bifurcated world, us against China,” the former telecom entrepreneur said during a panel discussion at the Cybersecurity and Infrastructure Security Agency’s (CISA) second annual Cybersecurity Summit this week.

“I would argue that the Chinese people don’t want this regime as well. Look at what is happening in the streets of Hong Kong,” he said. “The kind of surveillance state that China is using in terms of their tech companies would make George Orwell’s 1984 look simple.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

What is the CISA? How the new federal agency…

lead centered=”no”
The U.S. Congress created The Cybersecurity and Infrastructure Security Agency to identify threats, share information and assist with incident response in defense of the nation’s critical infrastructure.
/lead

The Cybersecurity and Infrastructure Security Agency (CISA) is a new federal agency, created to protect the nation’s critical infrastructure.

It was created through the Cybersecurity and Infrastructure Security Agency Act of 2018, which was signed into law on November 16, 2018. That legislation “rebranded” the Department of Homeland Security’s (DHS’s) National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency and transferred resources and responsibilities of NPPD to the newly created agency. Prior to the passage of the bill, NPPD managed almost all of DHS’s cybersecurity-related matters.

CISA is responsible for protecting the nation’s critical infrastructure from physical and cyber threats. Its mission is to “build the national capacity to defend against cyber attacks” and to work “with the federal government to provide cybersecurity tools, incident response services and assessment capabilities to safeguard the .gov networks that support the essential operations of partner departments and agencies.”

This article appeared in CSO Online. To read the rest of the article please visit here.

Articles

New CISA director outlines top 5 priorities for protecting…

lead centered=”no”
CISA’s Christopher Krebs has a two-year plan for his new cybersecurity agency, with China, supply chain and 5G as top priorities.
/lead

Last November, the former, somewhat awkwardly named National Protection and Programs Directorate (NPPD) was elevated within the U.S. Department of Homeland Security (DHS) to become the Cybersecurity and Infrastructure Security Agency (CISA) following enactment of the Cybersecurity and Infrastructure Security Agency Act of 2018. CISA is responsible for protecting the country’s critical infrastructure from physical and cyber threats, overseeing a host of cybersecurity-related activities. This includes operating the National Cybersecurity and Communications Integration Center (NCCIC), which provides round-the-clock situational awareness, analysis, incident response and cyber defense capabilities to the federal government, state, local, tribal and territorial governments, the private sector and international partners.

CISA made its first prominent mark as an independent agency during the 35-day government shut-down when, on January 22, it issued an unexpected, and to some a startling, emergency directive ordering admins at most government agencies to protect their domains against a wave of attacks on the domain name system infrastructure (DNS). The directive was prompted by a number of DNS tampering efforts at multiple executive branch agencies. This malicious, complex and widespread campaign, dubbed DNSpionage by Cisco Talos, allowed suspected Iranian hackers to steal massive amounts of email passwords and other sensitive data from government offices and private sector entities.

Christopher Krebs serves as CISA’s first director. Krebs previously headed the NPPD as assistant secretary for infrastructure protection and joined DHS as a senior counselor to the secretary after working in the U.S. Government Affairs team as the director for cybersecurity at Microsoft.

This article appeared in CSO Online. To read the rest of the article please visit here.