NSA Releases Guidance on Securing Unified Communications and Voice and Video over IP Systems

NSA released a Cybersecurity Technical Report that provides best practices and mitigations for securing Unified Communications (UC) and Voice and Video over IP (VVoIP) call-processing systems. The comprehensive report, “Deploying Secure Unified Communications/Voice and Video over IP Systems,” also describes potential risks to UC/VVoIP systems that aren’t properly secured.
To complement the larger report, NSA published an abridged Cybersecurity Information Sheet to capture key takeways and introduce the steps organizations should take when securing their UC/VVoIP systems.
UC and VVoIP are workplace call-processing systems that provide a variety of collaboration tools as well as the flexibility to communicate using voice, video conferencing and instant messaging. The access to advanced call-processing features and centralization of management have made UC and VVoIP popular in enterprise environments, including National Security System, Department of Defense and Defense Industrial Base networks.
The IP infrastructure that enables UC/VVoIP systems also presents risks that were less prevalent in the prior generation of call centers. If UC/VVoIP systems are not properly secured, they are susceptible to the same malicious activity targeting existing IP systems through spyware, viruses, software vulnerabilities or other malicious means. Malicious actors could penetrate the IP networks to eavesdrop on conversations, impersonate users, commit toll fraud and perpetrate denial of service attacks. High-definition room audio and video could also be covertly collected.
To securely deploy UC/VVOIP systems, NSA provides best practices to use when preparing networks, establishing network perimeters, using enterprise session controllers and adding endpoints to deploy a UC/VVOIP system.
Methods to minimize the risk to UC/VVOIP systems include segmenting the networks to limit access to a common set of devices, ensuring timely patching, authentication and encryption of all signaling and media traffic, and verifying the security of devices before adding them to a network.

Microsoft update on brute force and password spraying activity

The NCSC has issued advice to organisations following an update from Microsoft on malicious cyber campaigns.
Microsoft has revealed that it had identified new activity from an Advanced Persistent Threat (APT) known as NOBELIUM targeting organisations globally.
The Microsoft Threat Intelligence Center says that this activity was mostly unsuccessful.
The NCSC has observed an increase in activity as part of malicious email and password spraying campaigns against a limited number of UK organisations. We are supporting those affected and would urge all organisations to familiarise themselves with our guidance on mitigating phishing attacks, including how to block phishing emails and how to implement two-factor/multi-factor authentication:
- Phishing attacks: defending your organisation
- Multi-factor authentication for online services
- Identity and access management (part of the 10 steps to cyber security collection)
- Home working: preparing your organisation and staff
The following blog posts from Microsoft provide further details, including IoCs, detection and mitigation advice:
- New Nobelium activity – Microsoft Security Response Center
- Investigating and Mitigating Malicious Drivers – Microsoft Security Response Center
- Nobelium Resource Center – updated March 4, 2021 – Microsoft Security Response Center

NSA Funds Development, Release of D3FEND

D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE.  NSA funded MITRE’s research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base. The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE’s ATT&CK, a knowledge base of cyber adversary behavior.
D3FEND establishes terminology of computer network defensive techniques and illuminates previously-unspecified relationships between defensive and offensive methods. This framework illustrates the complex interplay between computer network architectures, threats, and cyber countermeasures.
MITRE released D3FEND as a complement to its existing ATT&CK framework, a free, globally-accessible knowledge base of cyber adversary tactics and techniques based on real-world observations. Industry and government use ATT&CK as a foundation to develop specific cyber threat models and methodologies.
Complementary to the threat-based ATT&CK model, D3FEND provides a model of ways to counter common offensive techniques, enumerating how defensive techniques impact an actor’s ability to succeed. By framing computer network defender complexity of countermeasure functions and techniques as granularly as ATT&CK frames computer network attacker techniques, D3FEND enables cybersecurity professionals to tailor defenses against specific cyber threats, thereby reducing a system’s potential attack surface. As a result, D3FEND will drive more effective design, deployment, and defense of networked systems writ large.
Frameworks such as ATT&CK and D3FEND provide mission-agnostic tools for industry and government to conduct analyses and communicate findings. Whether categorizing adversary behavior or detailing how defensive capabilities mitigate threats, frameworks provide common descriptions that empower information sharing and operational collaboration for an ever-evolving cyber landscape.

WMO Executive Council endorses unified data policy

In a milestone decision, the World Meteorological Organization’s Executive Council has endorsed a unified policy on the international exchange of Earth system data to help its Members meet the explosive growth in demand for weather, climate and water services as the world grapples with the dual challenges of climate change and the increasing frequency of extreme weather events.
The draft data policy resolution, which must be adopted by the full 193-Member World Meteorological Congress extraordinary session scheduled for October 2021, paves the way for a sweeping update of policies on the free and unrestricted exchange of data that have been the bedrock of WMO since it was established more than 70 years ago.
The WMO Unified Policy for the International Exchange of Earth System Data is based on WMO’s strategic integrated Earth system approach to all monitoring and prediction of weather, climate, water and related environmental phenomena, and it will serve as the foundation of a wider push to strengthen the global observing networks and help overcome regional disparities.
“In order to meet the demand for services and forecasts, it is paramount to improve the exchange of weather, climate, water and ocean data. Severe gaps in data and weather observations, especially in Africa and island states, have a major negative impact on the accuracy of early warnings both locally and globally,” said WMO Secretary-General Prof. Petteri Taalas.
“A revision of WMO’s data policy will leverage benefits for the whole of society and will allow our global community to work better together to deliver services that protect life, livelihoods and property,” said Prof. Taalas.
“It is a very, very important step to have such a unified data policy for WMO,” said WMO President Gerhard Adrian. “We have many decisions on data policy, and now we have a united approach where all these parts are collected.”
“This is a great milestone, and a historical moment,” said Michel Jean, President of WMO’s Infrastructure Commission, which had developed the data policy resolution approved.
Numerical Weather Prediction
Delivery of weather and climate services depends on routine international exchange of weather and climate data, 24/7, 365 days per year, often within minutes of real time.
Observations are ingested into numerical prediction models, and the output from these models is used as a basis for weather and climate services. A primary aim with the establishment of WMO in 1951 was to create a coordination mechanism for the acquisition and international exchange of such data.
WMO’s current data policies are laid out in three separate Congress resolutions - Resolution 40 (Congress-XII, 1995, covering weather) and two subsequent resolutions (Resolution 25 (Cg-XIII) and Resolution 60 (Cg-17)) covering water and climate.
The new WMO Unified Data Policy resolution, in comparison, covers seven domains and disciplines - covering all WMO-relevant Earth system data - in a single policy statement, and it thus extends beyond the traditional areas of weather, climate and water data to incorporate also the areas of atmospheric composition, oceans, cryosphere and space weather.
Increasing the volume of observations that are shared internationally for use in global and regional Numerical Weather Prediction (NWP) models will help significantly improve the quality of these data products. The policy will also provide developing countries with better access to these key data products. The resulting improvement in forecasts and other services will be felt everywhere on the globe, but it will be especially pronounced in areas where the current observational data coverage is poor, including in many developing countries.
In addition, the data policy resolution expands from addressing just national meteorological and hydrological services to endorsing relevant data exchange among all partners, including agencies beyond meteorological and hydrological services, the rapidly growing private sector and academia.

Climate Risk and Early Warning Systems mobilizes more funding

The Climate Risk and Early Warning Systems (CREWS) Initiative is mobilizing an additional US$ 28 million to deliver early warning systems in Least Developed Countries (LDCs) and small island developing States (SIDs) to protect lives and livelihoods from the impacts of severe weather.
Countries and regions that have early warning systems as a priority in their climate change nationally determined contribution and adaptation plans are identified as priorities for future funding decisions based on their high level of eligibility, ownership and readiness.
The decision to provide financing of US$ 28 million was made possible thanks to new contributions this year to the CREWS Trust Fund by member countries and a recent announcement by the European Commission, Directorate-General for International Partnerships of a Euro 10 million commitment to the CREWS Initiative.
A further encouraging decision for least developed countries, is the proposed establishment of a new financing window to address critical, time-bound climate-relevant early warning services. The proposed CREWS Strategic Support Window will address emerging needs and deliver a flexible array of fully funded technical and knowledge services by experts and advanced national meteorological and hydrological agencies. This proposed new service will be available to countries by the end of the year.
The above decisions support the roll-out of the CREWS Operational Plan 2021-2025 which provides the template for scaling up support to LDC and SIDS for early warnings that are impact-based and people-centered. The Operational Plan set a blueprint for a stronger participation of the private sector in country operations. The CREWS Operational Plan was formally approved during the meeting.
Countries that contribute to the CREWS Initiative are Australia, Finland, France, Germany, Luxembourg, the Netherlands, Switzerland and the United Kingdom.

GAO Cybersecurity Report and Recommendations for HHS

The Government Accountability Office (GAO) wants HHS to improve cybersecurity efforts by strengthening collaboration within the department and with the broader healthcare sector.
Health care organizations' IT systems are critical to the nation's well-being. Cyberattacks on them could, for example, put patient privacy at risk or disrupt essential telehealth services. (The nation's cybersecurity is on our High Risk List.)
The Department of Health and Human Services coordinates with health care organizations and others to support cybersecurity efforts. Its policies and procedures clearly describe roles and responsibilities, which is good for collaboration.
GAO is making seven recommendations to HHS to improve its collaboration and coordination within the department and the sector:
1. The HHS secretary should have the CIO overseeing the coordination and sharing of cybersecurity information between the Health Sector Cybersecurity Coordination Center and Healthcare Threat Operations Center.
2. The HHS secretary should order the CIO to monitor, evaluate and report on the progress and performance of the HHS Chief Information Security Officer Council, Continuous Monitoring and Risk Scoring Working Group, and Cloud Security Working Group.
3. HHS should direct the assistant secretary for preparedness and response to monitor, evaluate and report on the progress and performance of the Government Coordinating Council's Cybersecurity Working Group and HHS Cybersecurity Working Group.
4. HHS should have the CIO regularly monitor and update written agreements that describe how the HHS Chief Information Security Officer Council, Continuous Monitoring and Risk Scoring Working Group, and Cloud Security Working Group will collaborate and ensure that officials review and approve the updated agreements.
5. HHS should direct the assistant secretary for preparedness and response to ensure that authorizing officials review and approve the charter describing how the HHS Cybersecurity Working Group will manage collaboration.
6. HHS should have the assistant secretary for preparedness and response do the following: finalize written agreements that include a description of how the Government Coordinating Council's Cybersecurity Working Group will work together; identify the working group's roles and responsibilities; monitor and update the written agreements on a regular basis; and ensure that authorizing officials leading the working group approve the final agreements.
7. HHS should tell the assistant secretary for preparedness and response to update the charter for the Joint Healthcare and Public Health Cybersecurity Working Group for the current fiscal year and ensure that authorizing officials overseeing the group review and approve the updated charter.

IAEA and FAO Help Burkina Faso and Algeria to Enhance Food Safety & Security

The IAEA and the Food and Agriculture Organization of the United Nations (FAO) cooperate in supporting food safety and food quality programmes around the world to address food hazards, food fraud and advise countries on food irradiation. Among the beneficiaries of this programme have been Burkina Faso and Algeria. To celebrate World Food Safety Day, we are drawing attention to the importance of nuclear techniques in monitoring food safety. “Safe food today for a healthy tomorrow” – this year’s theme – recognizes how safe food contributes to a healthy life, economy, planet and future.
Enhanced food safety capabilities in Burkina Faso
Tiny but oil- and vitamin-rich sesame seeds have become a staple of Burkina Faso’s economy – creating jobs and generating income. After cotton, the edible seeds that grow in pods have become the West African country’s second most exported agricultural product. This sprouting success in the last decade has been sustained with the help of Burkina Faso’s National Public Health Laboratory (LNSP), supported by the IAEA and FAO, through their Joint Cenre on Nuclear Techniques in Food and Agriculture.
Enhancing food safety analytical capabilities in Algeria
Laboratories in Algeria have received the support to enhance their analytical capabilities for the detection of chemical hazards, including antimicrobial and pesticide residues in a range of food, from poultry and eggs to dates and honey. Algeria was the world’s sixth leading exporter of dates, worth approximately US $129 million in 2020.
Through the IAEA’s technical cooperation programme and in partnership with FAO, staff of the Algerian National Institute for Agronomic Research (INRAA) and the National Institute of Veterinary Medicine (INMV) have been trained in methods of analysis and supported with the required analytical equipment. These institutions are now equipped to contribute towards consumer protection and the trade of agricultural products.

AIAA and the Space Information Sharing and Analysis Center (Space ISAC) Enter Cooperative Agreement

The American Institute of Aeronautics and Astronautics (AIAA) and the Space Information Sharing and Analysis Center (Space ISAC) have entered into a Memorandum of Agreement (MOU) enabling the two organizations to collaborate on aerospace and space cybersecurity endeavors. The two organizations will cooperate to build the knowledge foundations of space cybersecurity. The Space ISAC brings cybersecurity situational awareness and operational excellence and AIAA offers its long history of convening and promoting aerospace expertise, knowledge, and leadership.
“AIAA is committed to bringing cyber protection to the heart of the aerospace industry. It is becoming more and more essential to address cybersecurity on an ongoing basis in the mainstream of our core processes – from the design and development of new space systems, to manufacturing and production, to operations,” said Dan Dumbacher, executive director of AIAA. “We look forward to our continued work with the Space ISAC, to use its frontline role in the cyber defense of aerospace to foster open dialogue and cooperation around this topic.”
The Space ISAC facilitates collaboration across the global space industry to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the sector with respect to this information. Space ISAC is the only all-threats security information source for the public and private space sector. It will be the most comprehensive, single point source for data, facts and analysis on space security and threats to space assets. Space ISAC will also provide analysis and resources to support response, mitigation, and resilience initiatives.
Erin Miller, Space ISAC Executive Director, commented, “Space ISAC and AIAA coming together in partnership is a wonderful complement. Our initial collaboration efforts began in 2020 on the first ever ISAC-led tabletop exercise for the space sector. We are formalizing our partnership now and anticipate the impact will be seen through efforts in workforce development, education, space sector cybersecurity awareness, and more.”
The two organizations have already begun collaborating. In 2020, the Space ISAC staged a cybersecurity tabletop exercise for space industry executives at AIAA’s ASCEND event, a global gathering of 3,000 aerospace professionals and others who are focused on accelerating our off-world future faster. Both organizations also value the importance of infusing the  global space industry with content to educate industry professionals and students and will identify opportunities to leverage AIAA’s extensive educator outreach programs.
“Digital technology has made aerospace safer, smarter, and more connected than ever. We must now establish cybersecurity as a priority on par with safety. We look forward to working with the Space ISAC to expand cybersecurity awareness throughout the aerospace community and supply chain,” Dumbacher concluded.
Through the MOU, the Space ISAC and AIAA intend to cooperate on learning opportunities and explore other areas of mutual concern.

ENISA Report: New Light Shed on Capabilities in Energy & Healthcare

A new report released by the EU Agency for Cybersecurity (ENISA) showcases the product vulnerability management landscape, unveiling challenges faced by sectoral CSIRTs and PSIRTs.
Europeans can count on more than 500 Computer Incident Response Teams (CSIRTs) and on the CSIRTs network to respond to cybersecurity incidents and attacks.
In addition to CSIRTs, Product Security Incident Response Teams (PSIRTs) have emerged more recently. Their role is to manage the vulnerabilities of a company’s products and services.
PSIRTs have been mostly developed in a heterogeneous way. For instance, while some of them are well developed and independent from the main Incident Response (IR) team of the host company, others belong to their Security Operations Centre (SOC) or are just part of the development team.
Why a report on CSIRTs and PSIRTs capabilities?
The Directive on Security of Network and Information Systems (NISD) adopted in 2016 provides legal measures to boost the level of cybersecurity in the EU. Both CSIRTs and PSIRTs are essential players in the global Incident Response (IR) ecosystem.
The study published today - PSIRT Expertise and Capabilities Development - provides recommendations on the role of PSIRTs in the IR setup of the Member States according to the NISD, specifically in the energy and health sectors.
ENISA had already explored in details the IR setup across all sectors of the NISD in a study published in 2019: “EU Member States incident response development status report”.
Sectoral PSIRTs as energy or healthcare ones may benefit from an aligned approach in terms of processes and collaboration to ensure legal compliance in relation to their business partners, clients and possibly Operators of Essential Services or other actors subject to EU cybersecurity regulation.

International Code Council resources help prepare for safety and recovery as Atlantic hurricane season begins

The International Code Council is committed to helping communities stay safe in the midst of hurricanes and tropical cyclones as June marks the beginning of the 2021 Atlantic hurricane season and preparing for natural disaster safety and recovery is a top priority.
All levels of government and the private sector must work together to ensure communities are safe and resilient from devastating natural disasters. Throughout hurricane season, the International Code Council is dedicated to helping communities stay safe in their homes, workplaces and neighborhoods.
The Code Council and its members are ready to help through the Disaster Response Alliance. Local and state jurisdictions in the U.S. as well as federal agencies may also contact the Disaster Response Alliance for help to reach skilled professionals who volunteer to assist jurisdictions that request aid with building damage assessment, building inspections and other code-related functions in disaster areas. Code Council members also assist devastated communities with post-disaster building plans reviews, inspections and permit operations through the Emergency Management Assistance Compact (EMAC).
“The momentum and awareness we’ve raised during Building Safety Month about the importance of disaster mitigation and building code adoption continues as we enter this year’s hurricane season,” said Code Council CEO Dominic Sims, CBO. “Code officials play an integral role in preparing communities for natural disasters and in navigating recovery after a devastating event. The Code Council and its members are ready to help protect our communities.”
The Code Council, the Federal Emergency Management Agency (FEMA), and state and local officials will host a webinar on the implementation of FEMA’s new disaster recovery policy for code enforcement and administration. This new policy offers building officials and communities an effective way to access many of the resources needed to effectively administer and enforce building codes and floodplain management ordinances for up to 180 days following a major disaster declaration. Register for this free webinar to learn about more about this important new policy, including what activities are eligible and how to apply for reimbursement.
Resources to help prepare for hurricane season:
- Seasonal Hurricane Predictions
- FEMA: Hurricane Safety
- Building Safety Month Week 4: Disaster Preparedness
- Visit the Code Council’s Hurricane Safety & Recovery page to access more useful links and resources to help prepare for hurricane season.
1 30 31 32 33 34 53