Author: Neil Walker

ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing

Agency News, Cyber Security CII sector, Industry News, Telecomms sector

Enduring Security Framework (ESF) partners the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published an assessment of 5G network slicing. ESF, a public-private cross-sector working group led by NSA and CISA, identifies three keys for keeping this emerging technology secure: Security Consideration for Design, Deployment, and Maintenance.

“This document marks an initial stride in capturing the current, but evolving, landscape of network slicing, and serves as a catalyst for initiating meaningful conversations surrounding the potential use cases for network slicing,” said Lauren Wyble, Technical Director for Network Infrastructure Security at NSA.

5G is a fifth-generation technology standard for broadband cellular networks; it can provide increased data download and upload speeds, lower latency, and allow more devices to connect to the internet at the same time. 5G network slicing is a network architecture which allows mobile service providers to divide their network up into several independent ones in order to create specific virtual networks that cater to different clients and use cases. Today’s release builds upon threat and security considerations previously published by the ESF.

The assessment intends to provide an informed methodology and a mutual understanding with industry for “federal departments and agencies (inclusive of the DoD)” to design, deploy, operate, and maintain “secure network slicing” across private, hybrid, and public networks.

This paper introduces 5G stakeholders to the benefits associated with network slicing, assesses 5G network slicing threat vectors, presents guidance in line with industry best practices, and identifies perceived risks and management strategies that may address those risks.

Although all 5G network stakeholders can benefit from this guidance, the threat and security considerations discussed in this assessment are intended for mobile service providers, hardware manufacturers, software developers, and system integrators that design, deploy, operate, or maintain 5G networks. This document aims to foster communication among these parties, and between them and network slice customers. See the other documents in the ESF 5G series below:

- Potential Threats to 5G Network Slicing
- Potential Threat Vectors to 5G Infrastructure
- Security Guidance for 5G Cloud Infrastructures: Prevent and Detect Lateral Movement (Part I)
- Security Guidance for 5G Cloud Infrastructures: Securely Isolate Network Resources (Part II)
- Security Guidance for 5G Cloud Infrastructures: Data Protection (Part III)
- Security Guidance for 5G Cloud Infrastructures: Ensure Integrity of Cloud Infrastructure (Part IV)
- Open Radio Access Network Security Considerations

Leave a comment , ,

Launching and Implementing the National Cybersecurity Strategy

Agency News, Cyber Security CII sector, Industry News

Federal agency information systems and national critical infrastructure are vulnerable to cyberattacks.

The fiscal year 2021 national defense authorization act established the Office of the National Cyber Director (ONCD) and the Senate confirmed a National Cyber Director in June 2021 to serve as the principal advisor to the President on cybersecurity policy and strategy. In March 2023, the White House issued the National Cybersecurity Strategy, describing five pillars supporting the nation's cybersecurity:

- Defend critical infrastructure
- Disrupt and dismantle threat actors
- Shape market forces to drive security and resilience
- Invest in a resilient future
- Forge international partnerships

In April 2023, GAO reported that the goals and strategic objectives included in the document provide a good foundation for establishing a more comprehensive strategy. Specifically, the strategy fully addressed three of six desirable characteristics of a national strategy. However, it only partially addressed the remaining three. These include

- goals, subordinate objectives, activities, and performance measures;
- resources, investments, and risk management; and
- organizational roles, responsibilities, and coordination.

ONCD stated it plans to work with federal agencies to develop a plan to implement the strategy, including milestones or performance measures, and to identify budget priorities. It is critical that these details be issued expeditiously so agencies can begin planning and allocating resources to properly execute the strategy. Until the federal government issues the implementation plan and ensures its strategy documents fully address the desirable characteristics of a national strategy, the nation will lack a clear roadmap for overcoming its cyber challenges.

Additionally, the newly established National Cyber Director position has been vacant since the Director resigned in February 2023. As of July 2023, an acting official continues to carry out the duties. This vacancy leaves unfilled a key leadership role needed to coordinate federal efforts to address cybersecurity threats and challenges. Further, sustained leadership in this position is essential to ensuring strategy execution and accountability.
Why GAO Did This Study

Federal agencies and our nation's critical infrastructure—such as energy, transportation, communications, and financial services—rely on information systems to carry out fundamental operations. Because of the increasing threats to federal information systems, critical infrastructure, and the privacy of personally identifiable information, GAO has designated ensuring the nation's cybersecurity as a government-wide high risk issue. This designation emphasizes the urgency with which the federal government needs to undertake efforts to address the nation's cybersecurity challenges. Accordingly, Congress established the Office of the National Cyber Director in the White House with the authority to implement and encourage action in support of the nation's cybersecurity. One of this office's responsibilities is developing and implementing a comprehensive national strategy to address cybersecurity threats and challenges. This product summarizes recent GAO reports that assessed the federal government's efforts to establish a national cybersecurity strategy and plans for implementing it.

This Snapshot covers the status of the National Cybersecurity Strategy. The strategy's goals and strategic objectives provide a good foundation, but the Administration needs to establish specific objectives and performance measures, resource requirements, and roles and responsibilities.

It will be difficult to implement the strategy when the specific details have yet to be issued. The continued vacancy in the role of National Cyber Director is also a challenge.

Leave a comment ,

CISA and Partners Release Joint Cybersecurity Advisory on Newly Identified Truebot Malware Variants

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigations (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released a joint Cybersecurity Advisory (CSA), Increased Truebot Activity Infects U.S. and Canada Based Networks, to help organizations detect and protect against newly identified Truebot malware variants. Based on confirmation from open-source reporting and analytical findings of Truebot variants, the four organizations assess cyber threat actors leveraged the malware through phishing campaigns containing malicious redirect hyperlinks.

Additionally, newer versions of Truebot malware allow malicious actors to gain initial access by exploiting a known vulnerability with Netwrix Auditor application (CVE-2022-31199). As recently as May 2023, cyber threat actors used this common vulnerability and exposure to deliver new Truebot malware variants and to collect and exfiltrate information against organizations in the U.S. and Canada.

CISA, FBI, MS-ISAC, and the CCCS encourage all organizations to review this joint advisory and implement the recommended mitigations contained therein—including applying patches to CVE-2022-31199, to reduce the likelihood and impact of Truebot activity, as well as other ransomware related incidents.

Leave a comment , , , , , ,

CISA CyberSentry Program Launches Webpage

Agency News, Cyber Security CII sector, Industry News

Cybersecurity & Infrastructure Security Agency (CISA) has published a blog and webpage on the CyberSentry program, a CISA-managed threat detection and monitoring capability with critical infrastructure partners that operate significant networks supporting National Critical Functions (NCFs): cisa.gov/CyberSentry

The CyberSentry program enables our agency to proactively hunt for malicious cyber activity, advise on mitigation strategies, and provide critical infrastructure partners with recommendations for improving overall network and control system security. The new CyberSentry webpage includes an informational video about the program, a fact sheet and details on how to contact CISA CyberSentry program.

Critical infrastructure organizations are experiencing network intrusions at an increasing frequency. To enhance detection of threats, CISA operates CyberSentry, which is a voluntary, proactive program that leverages its capabilities and partners with a select number of critical infrastructure organizations.

CyberSentry technology supports sensing and monitoring for information technology (IT) and operational technology (OT) networks. CyberSentry has added significant value to both CISA’s national mission and to our partners’ enterprise cybersecurity efforts.

Recent successes include:

- Infected OT Equipment: CyberSentry discovered an infection on a partner’s Human Machine Interface (HMI) equipment that had not been properly patched and secured. CISA analysts quickly notified the partner about the issue and offered guidance on preventive techniques for the future.

- Unintentional Exposure: CyberSentry tools spotted cleartext authentication occurring on a partner’s network, and further investigation revealed that a misconfiguration had caused the issue. A detailed report was provided to the partner, including specific guidance on remediating the situation.

- Private Sector Coordination: During the Colonial Pipeline disruption, CISA analysts coordinated closely with its pipeline partners to share information and monitor for adversary activity.

- SolarWinds Response: CyberSentry data helped to quickly identify partners affected by the SolarWinds supply chain compromise. All impacted partners were notified, and the program worked closely and expediently with these partners to confirm remediation of the threat.

- Identification of Malicious Activity: On multiple occasions, CISA analysts identified possible malicious activity at partner sites and worked with affected partners to identify the root causes of activity.

- Malware Discovery: CyberSentry tools quickly discovered and identified malware in a partner’s IT network. Working with the partner, CISA analysts were able to locate the infected device so the partner could remove it from the network and verify that the threat was contained.

- Attacker Exfiltration Detected: CyberSentry discovered that an attacker was actively exfiltrating information. CyberSentry worked with the partner to identify information that had been exfiltrated. After conferring with CyberSentry analysts, the partner was able to isolate infected systems that same evening, eliminating the threat.

Leave a comment , , ,

ENISA Report - Good Practices for Supply Chain Cybersecurity

Agency News, Cyber Security CII sector, Industry News

Directive (EU) 2022/2555 (the NIS2 directive) 1 requires Member States to ensure that essential and important entities take appropriate and proportionate technical, operational and organisational measures to manage the risks posed to the security of network and information systems, which those entities use in the provision of their services. Supply chain cybersecurity is considered an integral part of the cybersecurity risk management measures under Article 21(2) of the NIS2 directive.

This new ENISA report provides an overview of the current supply chain cybersecurity practices followed by essential and important entities in the EU, based on the results of a 2022 ENISA study which focused on investments of cybersecurity budgets among organisations in the EU.

Among the findings the following points are observed:
• 86 % of the surveyed organisations implement information and communication technology / operational technology (ICT/OT) supply chain cybersecurity policies.
• 47 % allocate budget for ICT/OT supply chain cybersecurity.
• 76 % do not have dedicated roles and responsibilities for ICT/OT supply chain cybersecurity.
• 61 % require security certification from suppliers, 43% use security rating services and 37% demonstrate due diligence or risk assessments. Only 9 % of the surveyed organisations indicate that they do not evaluate their supply chain security risks in any way.
• 52 % have a rigid patching policy, in which only 0 to 20 % of their assets are not covered. On the other hand, 13.5 % have no visibility over the patching of 50 % or more of their information assets.
• 46 % patch critical vulnerabilities within less than 1 month, while another 46 % patch critical vulnerabilities within 6 months or less.

The report also gathers good practices on supply chain cybersecurity derived from European and international standards. It focuses primarily on the supply chains of ICT or OT. Good practices are provided and can be implemented by customers (such as organisations identified as essential and important entities under the NIS2 directive) or their respective suppliers and providers. The good practices cover five areas, namely:
• strategic corporate approach;
• supply chain risk management;
• supplier relationship management;
• vulnerability handling;
• quality of products and practices for suppliers and service providers.

Finally, the report concludes the following.
• There is confusion with respect to terminology around the ICT/OT supply chain.
• Organisations should establish a corporate-wide supply chain management system based on third party risk management (TRM) and covering risk assessment, supplier relationship management, vulnerability management and quality of products.
• Good practices should cover all various entities which play a role in the supply chain of ICT/OT products and services, from production to consumption.
• Not all sectors demonstrate the same capabilities concerning ICT/OT supply chain management.
• The interplay between the NIS2 directive and the proposal for a cyber resilience act or other legislation, sectorial or not, which provides cybersecurity requirements for products and services, should be further examined.

Leave a comment , , ,

Artificial Intelligence and Cybersecurity Research - an ENISA Research and Innovation Brief

Agency News, Cyber Security CII sector, Industry News

The aim of this study, undertaken by ENISA, is to identify needs for research on AI for cybersecurity and on securing AI, as part of ENISA’s work in fulfilling its mandate under Article 11 of the Cybersecurity Act1. This report is one of the outputs of this task. In it we present the results of the work carried out in 20212 and subsequently validated in 2022 and 2023 with stakeholders, experts and community members such as the ENISA AHWG on Artificial Intelligence3. ENISA will make its contribution through the identification of five key research needs that will be shared and discussed with stakeholders as proposals for future policy and funding initiatives at the level of the EU and Member States.

Artificial Intelligence (AI) is a typical dual-use technology, where malicious actors and innovators are constantly trying to best each other’s work. This is a common situation with technologies used to prepare strategic intelligence and support decision making in critical areas. Malicious actors are learning how to make their attacks more efficient by using this technology to find and exploit vulnerabilities in ICT systems.

While it is recognised the immense potential in AI for innovation in cybersecurity and the many requirements needed to improve its security, we also acknowledge that there is still much work to be done to fully uncover and describe these requirements. This report is only an initial assessment of where we stand and where we need to look further in these two important facets of this technology.

ENISA has prepared this studies with the aim of using them as a tool to develop advice on cybersecurity R&I and present it to stakeholders.

For full report visit www.enisa.europa.eu/publications/artificial-intelligence-and-cybersecurity-research

Leave a comment , ,

CISA and Partners Release Joint Guide to Securing Remote Access Software

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity & Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the National Security Agency (NSA), Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) released the Guide to Securing Remote Access Software. This new joint guide is the result of a collaborative effort to provide an overview of legitimate uses of remote access software, as well as common exploitations and associated tactics, techniques, and procedures (TTPs), and how to detect and defend against malicious actors abusing this software.

Remote access software provides organizations with a broad array of capabilities to maintain and improve information technology (IT), operational technology (OT), and industrial control system (ICS) services; however, malicious actors often exploit this software for easy and broad access to victim systems.

CISA encourages organizations to review this joint guide for recommendations and best practices to implement in alignment with their specific cybersecurity requirements to better detect and defend against exploitation. Additionally, please refer to the additional information below on guidance for MSPs and small- and mid-sized businesses and on malicious use of remote monitoring and management software in using remote software and implementing mitigations.

Leave a comment , , , ,

CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity & Infrastructure Security Agency (CISA) and FBI released a joint Cybersecurity Advisory (CSA) CL0P Ransomware Gang Exploits MOVEit Vulnerability in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This [joint guide] provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to help reduce the impact of CL0P ransomware.

The CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. Internet- facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases.

CISA and FBI encourage information technology (IT) network defenders to review the MOVEit Transfer Advisory and implement the recommended mitigations to reduce the risk of compromise. This joint CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

Leave a comment , , , , ,

IACIPP Speak at CyberCon Conference in Bucharest

Association News, Cyber Security CII sector

John Donlon QPM FSyI, Chairman of the International Association of Critical Infrastructure Protection Professionals (IACIPP), was a guest speaker on behalf of the National Institute for Research & Development in Informatics (ICI Bucharest) at the CyberCon Conference which took place in Romania between the 22nd and 27th May.

John was on a panel session addressing the subject of Cyber Diplomacy. The session was moderated by Carmen-Elena CÎRNU, the Scientific Director of ICI Bucharest and opened by the Director General of ICI Bucharest, Victor Vevera. In his opening address Victor referenced the Romanian position on Cyber Diplomacy from his organisations perspective and also highlighted the continuing partnership with IACIPP and the successful joint conference held in the Romanian Royal Place in 2022.

John delivered a presentation where he outlined his views on how the type and nature of the crisis being faced within our increasingly interconnected, globalised and rapidly changing world were ever evolving referencing the pandemic, the war in Ukraine and the devastating earthquakes that hit Turkey and Syria at the start of this year.

He summarised the development of IACIPP and what it seeks to achieve as a platform for likeminded individuals. The aim being to create a space to share information, connect and communicate on all matters relating to the protection and resilience of national infrastructure and information. The focus being on the part that such an association can play in facilitating communication across both the public and private sectors.

That need for connectivity was a common thread throughout the session. It was acknowledged that the worlds infrastructure and cyber position is a greater target and more vulnerable than ever and in order to address issues of concern there is a requirement to continue to develop a comprehensive approach that aligns both physical and cyber security, protection and resilience through enhanced levels of cooperation and coordination.

There was consensus across the panel and from the audience, of the continued need for greater levels of coordination, cooperation and communication across both nation states and between public and private sector entities.

It was recognised that the development of Cyber Diplomacy along with the growth in Cyber Ambassadors across the globe could go some significant way to addressing cyber problems internationally and improving the connectivity that has to be in place.

Leave a comment , , ,

CISA Warns of Hurricane/Typhoon-Related Scams

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity & Infrastructure Security Agency (CISA) urges users to remain on alert for malicious cyber activity following a natural disaster such as a hurricane or typhoon, as attackers target potential disaster victims by leveraging social engineering tactics, techniques, and procedures (TTPs). Social engineering TTPs include phishing attacks that use email or malicious websites to solicit personal information by posing as a trustworthy organization, notably as charities providing relief. Exercise caution in handling emails with hurricane/typhoon-related subject lines, attachments, or hyperlinks to avoid compromise. In addition, be wary of social media pleas, texts, or door-to-door solicitations related to severe weather events.

CISA encourages users to review the Federal Trade Commission’s Staying Alert to Disaster-related Scams and Before Giving to a Charity, and CISA’s Using Caution with Email Attachments and Tips on Avoiding Social Engineering and Phishing Attacks to avoid falling victim to malicious attacks.

Leave a comment , , , , ,
1 4 5 6 7 8 54