CISA Releases New Tool to Help Organizations Guard Against Insider Threats

The Cybersecurity and Infrastructure Security Agency (CISA) has released an Insider Risk Mitigation Self-Assessment Tool, which assists public and private sector organizations in assessing their vulnerability to an insider threat. By answering a series of questions, users receive feedback they can use to gauge their risk posture. The tool will also help users further understand the nature of insider threats and take steps to create their own prevention and mitigation programs.

“While security efforts often focus on external threats, often the biggest threat can be found inside the organization,” said CISA Executive Assistant Director for Infrastructure Security David Mussington. “CISA urges all our partners, especially small and medium businesses who may have limited resources, to use this new tool to develop a plan to guard against insider threats. Taking some small steps today can make a big difference in preventing or mitigating the consequences of an insider threat in the future.”

Insider threats can pose serious risk to any organization because of the institutional knowledge and trust placed in the hands of the perpetrator. Insider threats can come from current or former employees, contractors, or others with inside knowledge, and the consequences can include compromised sensitive information, damaged organizational reputation, lost revenue, stolen intellectual property, reduced market share, and even physical harm to people. CISA has a number of tools, training, and information on an array of threats public and private sector organizations face, including insider threats.

Broadband Commission calls for people-centred solutions to achieve universal connectivity

More than a year and a half into the COVID-19 pandemic, amid relentless global demand for broadband services, the Broadband Commission for Sustainable Development has reaffirmed its call for digital cooperation, innovation with information and communication technologies (ICTs), and collaborative approaches to secure universal connectivity and access to digital skills.

The Commission's State of Broadband Report 2021​, released during the meeting, outlines the impact of pandemic policies and calls for a concerted, people-centred push to close the world's persistent divide. In the world's least developed countries (LDCs), no more than a quarter of the population is online.

"Digital cooperation needs to go beyond access to broadband," said H.E. President Paul Kagame of Rwanda, Co-Chair of the Commission. “We also need to close the gap in the adoption and use of affordable devices and services, in accessible content, and in digital literacy."

More than 50 Commissioners and special guests, representing government leaders, heads of international organizations and private sector companies, civil society and academia, affirmed that people-centred solutions must be at the heart of building a sustainable path towards universal broadband.

Commission co-Chair Carlos Slim, Founder of Carlos Slim Foundation and Grupo Carso, added: “To achieve our universal connectivity goal, we need to work together. We need to build a digital future that is inclusive, affordable, safe, sustainable, meaningful and people centred. We need to support infrastructure and to deal with affordability and relevant content to ensure usage. For that to happen, it requires concerted efforts."

Connectivity for sustainable development
The Annual Fall Meeting, held in a virtual format, underscored the need to accelerate digital connectivity to fulfil the United Nations Agenda for 2030, centred on 17 Sustainable Development Goals.

“The absence of digital skills remains the largest barrier to Internet use," noted Audrey Azoulay, Director-General of the United Nations Educational, Scientific and Cultural Organization (UNESCO) and co-Vice Chair of the Commission. “Digital education must therefore be as much about gaining skills as about developing the ability to think critically in order to master the technical aspects and be able to distinguish between truth and falsehood."

“UNESCO's Media and Information Literacy curriculum, launched in Belgrade, Serbia, in April, provided a key tool to boost skills," she added.

A newly released Commission report on distance and hybrid learning cites the need to foster digital skills along with expanding broadband infrastructure.

[Source: ITU]

TSA checkpoint at Capital Region International Airport gets new credential authentication technology unit

A credential authentication technology (CAT) unit has been installed and is in use at the Transportation Security Administration checkpoint at Capital Region International Airport (LAN).

“The new credential authentication technology unit enhances our detection capabilities for identifying fraudulent ID documents and improves the passenger’s experience by increasing efficiency during the checkpoint experience,” said Michigan TSA Federal Security Director Steve Lorincz. “The CAT unit also reduces touchpoints at the checkpoint, which benefits both officers and travelers during this pandemic.”

Passengers will approach the travel document checking station at the checkpoint and listen to the instructions of the TSA officer, who will insert the personal identification into the scanner for authentication.

Passengers will not have to hand over their boarding pass (electronic or paper), thus reducing a touchpoint. Instead, they should have their boarding pass ready in the event that the TSA officer requests visual inspection. The CAT unit will verify that the traveler is prescreened to travel out of the airport for a flight that day; however, a boarding pass may be requested for travelers under the age of 18 and/or those without IDs or with damaged IDs.

“We are pleased that TSA is taking steps to enhance the technology to ensure the safety and security of our travelers here at the Capital Region International Airport (LAN),” said Nicole Noll-Williams, president and CEO of the Capital Region Airport Authority.

Even with TSA’s use of CAT, travelers still need to check-in with their airline in advance and bring their boarding pass to their gate agent to show the airline representative before boarding their flight.

This technology will enhance detection capabilities for identifying fraudulent documents at the security checkpoint. CAT units authenticate several thousand types of IDs including passports, military common access cards, retired military ID cards, Department of Homeland Security Trusted Traveler ID cards, uniformed services ID cards, permanent resident cards, U.S. visas, and driver’s licenses and photo IDs issued by state motor vehicle departments.

CAPSI, ISIO and SASA aim to curb collateral damage biological threat and tailing threats

CAPSI [Central Association of Private Security Industry], ISIO [International Security Industry Organization] and SASA [Security Association of South Africa] are on mission to curb the collateral damage of the active mutating biological threat and tailing threats.

The health community has sent the protocols for infection testing (chemically and electronically), the social movement of people and hygiene. It is in-fact the private security industry that implements the protocols on the ground by investing in the equipment, manages the flow and behaviour of social movement besides ensuring that people sanitize before entering sites.

However, the private security industry does much more, because there is crime related to the pandemic and the economic meltdown that is resulting from such, definitely causing more havoc to the mix.

The private security industry, being frontliners, do experience aggressive and violent incidents that leads to life impacting and deadly outcomes. The medical fraternity do nurse infected people and therefore use appropriate protocols, but the security practitioners on the ground have no idea who is infectious, and a massive risk to the public at large.

The alliance is working together on a goal directed plan of action that is designed, by capacity building specific stake holders that will drive the methodology world-wide. In the understanding that the entire world needs to be inoculated at the same time, with the same potency of vaccine, dictates that the entire security force that numbers in the millions must work together at the same time, using the same security protocols for biological threat security.

Based on intensive research and application, the respective security industries will be promoting security protocols for biological threat security. These protocols are geared towards procedure of using the technology, equipment besides layering the workforce on the ground by skillsets.

The Chairman of CAPSI, Mr Kunwar Vikram Singh states “ This collaboration between CAPSI, ISIO and SASA to protect humanity from biological weapons in the form of deadly viruses will prove a most serious life saving initiative which governments and corporate must endorse and apply immediately. CAPSI has already discussed this dangerous aspect with the Indian Ministry of Home Affairs and also signed a MoU with Rashtriya Raksha University (National Security University), to commence Bio Security education. This trustworthy HIM tool with security protocols for biological threat security is required to secure and limit the level of collateral damage’’.

The Chairman of SASA, Mr Franz Verhufen, states that it is of critical importance that the private security industry “leads from the front”, thereby protecting the national economy and the entire populations of their respective countries, which can only succeed if they, as a whole, work together in the campaign to reinforce the national governments in their respective countries, to curb and eliminate this deadly threat.

SASA and its members, who collectively employ in excess of 100,000 registered security officers, believe that, with effective technology and using security protocols for biological threat security, they can definitely make a significant contribution in this battle against the pandemic.

Juan Kirsten, Director General of ISIO firmly says ‘’the Private Security Industry is larger than any navy, military unit, or policing agency, collectively using the same protocols, and therefore must be utilised to its full potential by being goal directed and working in concert because it is already doing the job on the ground.’’

The philosophy and methodology is outlined in the tools that can be found on https://www.human-investigation-management.com/cbts-certified-for-biological-threat-security which is endorsed by CAPSI, ISIO and SASA.

Risky business or a leap of faith? A risk based approach to optimise cybersecurity certification

The European Union Agency for Cybersecurity (ENISA) has launched a cybersecurity assessment methodology for cybersecurity certification of sectoral multistakeholder ICT systems.

The Methodology for a Sectoral Cybersecurity Assessment - (SCSA Methodology) was developed to enable the preparation of EU cybersecurity certification schemes for sectoral ICT infrastructures and ecosystems. SCSA aims at market acceptance of cybersecurity certification deployments and supports the requirements of market stakeholders and the EU Cybersecurity Act (CSA). In particular, SCSA endorses the identification of security and certification requirements based on risks associated with the “intended use” of the specific ICT products, services and processes.

The SCSA Methodology makes available to the ENISA stakeholders a comprehensive ICT security assessment instrument that includes all aspects pertinent to sectoral ICT systems and provides thorough content for the implementation of ICT security and cybersecurity certification.

While SCSA draws from widely accepted standards, in particular ISO/IEC 27000-series and ISO/IEC 15408-series, the proposed enhancements tackle multi-stakeholder systems and the specific security and assurance level requirements concerning ICT products, processes and cybersecurity certification schemes.

This is achieved by introducing the following features and capabilities:

- Business processes, roles of sectoral stakeholders and business objectives are documented at ecosystem level, overarching the ICT subsystems of the individual stakeholders. Stakeholders are invited to actively contribute to the identification and rating of ICT security risks that could affect their business objectives.
- A dedicated method associates the stakeholders’ ratings of risks with the security and assurance level requirements to dedicated ICT subsystems, components or processes of the sectoral ICT system.
- SCSA specifies a consistent approach to implement security and assurance levels across all parts of the sectoral ICT system and provides all information required by the sectoral cybersecurity certification schemes.

Benefits of the SCSA Methodology for stakeholders

The sectoral cybersecurity security assessment provides a comprehensive approach of the multi-faceted aspects presented by complex multi-stakeholder ICT systems and it features the following benefits:

- The security of a sectoral system requires synchronisation across all participating stakeholders. SCSA introduces comparability of security and assurance levels between different stakeholders’ systems and system components. SCSA enables building open multi-stakeholder ecosystems even among competitors to the benefit of suppliers and customers.
- The risk-based approach supports transparency and a sound balance between the cost for security and certification and the benefit of mitigating ICT-security-related business risks for each concerned stakeholder.
- Security measures can focus on the critical components, optimising the security architecture of the sectoral system, hence minimising cost of security.
- SCSA generates accurate and consistent information on security and certification level requirements for all relevant ICT subsystems, components or processes. On this basis, suppliers can match their products to their customers’ requirements.
- SCSA supports the integration of existing risk management tools and information security management systems (ISMS).
- Due to a consistent definition of assurance levels, the re-use of certificates from other cybersecurity certification schemes is supported.

UNDRR ROAMC: How disaster preparedness makes the difference when disaster hits

When COVID began to infiltrate the Caribbean, the World Food Programme (WFP) quickly contacted governments to find how to best help funnel cash to people left struggling to feed their families as jobs began to melt away.

For Dominica, helping rapidly digitalize the country's largely paper-based data collection and payment systems was the speediest and most effective solution, says Regis Chapman, head of office for WFP in Barbados.

Within weeks, WFP helped Dominica implement systems to more efficiently collect and analyze the data needed to determine who was eligible for payments to help ride out the pandemic.

By printing scannable QR codes on payment envelopes and asking people to sign digitally to confirm receipt, Dominica quickly created a visualization dashboard to show where and when funds were distributed.

“We're now looking at developing an information management system to better manage data on all their social protection programs, not just the public assistance program," says Chapman.

“The socio-economic aspect of COVID has been devastating. The lowest income groups are the people who are most affected and we’ve seen huge spikes in food insecurity.”

WFP’s shock responsive social protection program is one of the many in the Caribbean supported by the European Commission Humanitarian Aid Office (ECHO) which has provided $183 million in aid to the region - excluding Haiti - since 1994.

Through its DIPECHO disaster preparedness program, $50 million of those funds have targeted disaster risk reduction and community resilience programs.

Now as middle-income Caribbean countries compete with other parts of the world for increasingly tight donor funding, it is more important than ever to show how projects support communities and protect lives and livelihoods, say experts.

BLUEPRINTS

Presenting evidence of successful schemes also helps create templates that can be used in other parts of the world, says Saskia Carusi, external relations officer for the United Nations Office for Disaster Risk Reduction, Regional Office for the Americas and the Caribbean (UNDRR).

“It’s important to show how successful projects are from an accountability point of view," says Panama-based Carusi.

"But for ECHO, it’s important to show evidence that projects save lives and make a difference, and that there are still needs in the region."

The best evidence should be a combination of quantitative data showing how losses are reduced by disaster risk reduction projects, alongside qualitative examples of how schemes work on the ground, says Carusi.

Evidence should also examine whether localized, pilot projects can be rolled out in neighboring communities or even scaled up to a national level, she says.

With EU funding, UNDRR has created the dipecholac.net platform where organizations can highlight their Caribbean projects and show how they relate to the Sendai Framework for Disaster Risk Reduction 2015-2030.

It now wants organizations to upload videos, documents and infographics to the site that show how Caribbean projects have been adapted to make a difference during the pandemic and other emergencies.

For the International Federation of Red Cross and Red Crescent Societies (IFRC), the pandemic has underscored the importance of preparing Caribbean communities to deal with multiple hazards, says Marisa Clarke-Marshall, IFRC coordinator, partnerships and planning.

During the crisis, Community Disaster Response Teams (CDRTs) trained by the Red Cross with ECHO funding to deal with hazards such as hurricanes, have rapidly adapted to help communities cope with COVID, she says.

Trained primarily to conduct initial damage assessments, give first aid and coordinate immediate response, CDRTs have helped identify those most in need in their communities, and deliver cash vouchers and hygiene kits.

The CDRT project has attracted attention from major donors keen to set up similar teams elsewhere, while an ECHO-funded tool to assess risk and vulnerabilities is now used globally, she says.

HIGH-LEVEL IMPACT

Events such as November’s UNDRR co-organized VII Regional Platform for Disaster Risk Reduction in the Americas and the Caribbean provide an opportunity for both governments, multilaterals and non-profits to show which projects best helped tackle COVID while continuing to ramp up preparedness.

For UNDRR, its projects to boost Caribbean business resilience reaped dividends during the pandemic as companies adapted their continuity plans that were primarily designed to tackle climate-related crises, says Carusi.

Its EU-funded project to increase preparedness and disaster risk reduction through the Caribbean Safe Schools Initiative is now generating interest from other countries in Latin America, says Carusi.

"UNDRR’s work on policy and advocacy in the long run has a higher impact," says Carusi.

For WFP, EU funding is supporting its work with the Caribbean Disaster Emergency Agency (CDEMA) to pre-position generators, prefabricated units and other gear to help countries better prepare, save lives and reduce losses.

"A lot of what we're looking at is how do we help government systems to become more resilient," says Chapman.

"One of the region's prime ministers recently said, everybody says the Caribbean is so resilient, it's that we have to be. You have to stand up when you're knocked down and start all over again because what other choice do you have."

[Source: UNDRR]

CISA and FBI observe the increased use of Conti ransomware

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have observed the increased use of Conti ransomware in more than 400 attacks on U.S. and international organizations. (See FBI Flash: Conti Ransomware Attacks Impact Healthcare and First Responder Networks.) In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment.

To secure systems against Conti ransomware, CISA, FBI, and the National Security Agency (NSA) recommend implementing the mitigation measures described in this Advisory, which include requiring multi-factor authentication (MFA), implementing network segmentation, and keeping operating systems and software up to date.

Technical Details

While Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, there is variation in its structure that differentiates it from a typical affiliate model. It is likely that Conti developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds used by affiliate cyber actors and receives a share of the proceeds from a successful attack.

Conti actors often gain initial access to networks through:

- Spearphishing campaigns using tailored emails that contain malicious attachments or malicious links;
- Malicious Word attachments often contain embedded scripts that can be used to download or drop other malware—such as TrickBot and IcedID, and/or Cobalt Strike—to assist with lateral movement and later stages of the attack life cycle with the eventual goal of deploying Conti ransomware.
- Stolen or weak Remote Desktop Protocol (RDP) credentials
- Phone calls;
- Fake software promoted via search engine optimization;
- Common vulnerabilities in external assets.

In the execution phase, actors run a getuid payload before using a more aggressive payload to reduce the risk of triggering antivirus engines. CISA and FBI have observed Conti actors using Router Scan, a penetration testing tool, to maliciously scan for and brute force routers, cameras, and network-attached storage devices with web interfaces. Additionally, actors use Kerberos attacks to attempt to get the Admin hash to conduct brute force attacks.

Conti actors are known to exploit legitimate remote monitoring and management software and remote desktop software as backdoors to maintain persistence on victim networks. The actors use tools already available on the victim network—and, as needed, add additional tools, such as Windows Sysinternals and Mimikatz—to obtain users’ hashes and clear-text credentials, which enable the actors to escalate privileges within a domain and perform other post-exploitation and lateral movement tasks. In some cases, the actors also use TrickBot malware to carry out post-exploitation tasks.

According to a recently leaked threat actor “playbook,” Conti actors also exploit vulnerabilities in unpatched assets, such as the following, to escalate privileges and move laterally across a victim’s network.

UK and US cyber security leaders meet to discuss shared threats and opportunities

National Cyber Security Centre CEO and Director of the US Cybersecurity and Infrastructure Security Agency met in London.

Top cyber security officials from the UK and US affirmed their commitment to tackling ransomware in their first official face-to-face engagement.

Lindy Cameron, CEO of the National Cyber Security Centre – a part of GCHQ – met with Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency to discuss their organisations’ priorities, including combatting ransomware.

During their bi-lateral meeting in London they reflected on the impact of ransomware attacks this year and the need for industry collaboration to complement government’s operational efforts against ransomware.

NCSC Chief Executive Lindy Cameron said:

“It was a pleasure to host Director Easterly for our first in-person bi-lateral meeting to discuss the critical issues in cyber security today.

“Ransomware is a serious and growing security threat that cuts across borders, and it is important for us to maintain a continuing dialogue with our closest ally to tackle it.”

The issue of gender diversity was also on the agenda, with both agreeing that more needed to be done to remove barriers to entry into the profession for women and girls.

They discussed the NCSC’s CyberFirst Girls Competition, which aims to get more girls interested in cyber through fun but challenging team events for teenagers, and CISA’s ongoing commitment to expanding opportunities for young women and girls to pursue careers in cyber security and technology and closing the gender gap that exists in these fields.

The two leaders also discussed government collaboration with industry, including the NCSC’s Industry 100 scheme and CISA’s Joint Cyber Defense Collaborative.

The Industry 100 scheme has integrated public and private sector talent in the UK to pool their knowledge to tackle key cyber security issues. The Joint Cyber Defense Collaborative has similarly bought American public and private sector entities together to unify crisis action planning and defend against threats to U.S. critical infrastructure.

Electricity Grid Resilience

The nation’s grid delivers electricity that is essential for modern life. However, the grid faces risks from events that can damage electrical infrastructure (such as power lines) and communications systems, resulting in power outages. These outages can threaten the nation’s economic and national security.

They can also disproportionately affect low-income groups, in part because such groups have fewer resources to invest in backup generators and other measures to minimize the impact of outages.Even though most of the electricity grid is owned and operated by private industry, the federal government plays a key role in enhancing grid resilience.
• The Department of Homeland Security (DHS) is responsible for coordinating the overall federal effort to promote the security and resilience of the nation’s critical infrastructure sectors.
• The Department of Energy (DOE) leads federal efforts to support electricity grid resilience, including research and technology development by national laboratories.
• The Federal Energy Regulatory Commission (FERC) reviews and approves standards developed by the North American Electric Reliability Corporation, the federally designated U.S. electric reliability organization.

Key Issues
The electricity grid faces multiple risks that can cause widespread power outages.
Risks:
- Extreme weather and climate change
- Cyber- and physical attacks
- Electromagnetic events

In addition to the risks described in the prior page, the electric utility industry faces complex challenges and transformations, including:
• aging infrastructure;
• adoption of new technologies, such as information and communication systems
to improve the grid’s efficiency; and
• a changing mix of power generation. The traditional model of large, centralized power generators is evolving as retiring generators are replaced with variable wind and solar generators, smaller and more flexible natural gas generators, and nontraditional resources. Such resources include demand-response activities which encourage consumers to reduce their demand for electricity when the cost to generate electricity are high, and various technologies (e.g., solar panels) that generate electricity at or near where it will be used—known as “distributed generation.”

Key Opportunities
Agencies have implemented several of GAO’s recommendations for improving electricity grid resilience. For example, in March 2016, we recommended that DHS designate roles and responsibilities within the department for addressing electromagnetic risks, which DHS did in 2017. However, as of September 2021, agencies had not yet implemented a number of GAO recommendations that represent key opportunities to mitigate risks in the following areas:

- Extreme weather and climate change - Prioritize efforts and target resources effectively. Enhance grid resilience efforts. Better manage climate-related risks
- Cyberattacks - Assess all cybersecurity risks. Address risks to distribution systems Consider changes to current standards. Evaluate potential risks of a coordinated attack

Panama City, FL Strengthens Critical Infrastructure for Future Disasters

FEMA has approved grants of more than $4.7 million for two hazard mitigation projects for the city of Panama City to reduce its risk of critical facility failure during future disasters. Funding from FEMA’s Hazard Mitigation Grant Program (HMGP) was approved in response to a proposal by the city after Hurricane Michael in 2018.

Millville Wastewater Treatment Plant: $2,653,956 for the purchase and installation of twin permanent generators to support the critical operations of the plant. They will be connected to the main electrical transfer system by a switchgear and an underground duct bank, which provide a protected pathway for electrical transmission and allow the city to provide continued service to the community during future power outages.

Sanitary Sewer Lift Stations: $2,052,265 for Phase One in a proposed project to provide flood protection and improvements to 13 sanitary sewer lift stations within the city, including surveying, engineering, design, plan preparation, permitting and the bidding for Phase Two approval. If approved, the project proposes different mitigation actions depending on the needs and assessment of each of the 13 sites to include relocation, elevation or strengthening against storm surge and wave-action hazards.

The HMGP provides funding to help communities eliminate or reduce disaster-related damage. Following a major disaster, a percentage of a state’s total federal recovery grants is calculated to help develop more resilient communities. Florida has an Enhanced Hazard Mitigation Plan that allows more funding to be available for post-disaster resilience projects. States with the enhanced plan receive HMGP funds based on 20% of their total estimated eligible federal disaster assistance.

1 2 3 31