Search Results

June 10, 2020 Derek Harp, Founder of (CS)²AI sits down with subject matter experts Dr. Eric Cole: CEO of Secure Anchor Consulting; Rick Peters: CISO Operational Technology at Fortinet North America; Brad Raiford: Director Cyber Security KPMG; Paul Forney: Chief Security Architect at Schneider Electric; Andrew Ginter: VP Industrial Security at Waterfall; and John Cusimano: VP Industrial Security at aeSolutions; weigh in with thoughts and suggestions on how to stay safe during the current crisis.

By: Derek Harp May, 2020 The Covid-19 Treadmill The last 60 days have been quite an experience to say the least.  I find I really don’t feel I am in a position to complain when I know that so many more are experiencing real pain and permanent loss.  My heart is heavy on some days for that. As I was taking one of my daily “walk & talks” that I have done during COVID-19 (150+ miles in April!), I found myself answering the question “how are you?” with the statement “I feel like I am riding a unicycle on a treadmill”.  Once I got home, I thought of a few more elements to add to the comic but for me this image sums up some significant themes of trying to balance, work, socialize virtually, learn, exercise, homeschool and just cope!  In truth, ole Yellowshirt here appears a bit more negative than I do most days.  In fact, I and my family have worked hard to find things to celebrate and be positive about and I hope you are finding those too. It seems that with all that, cybersecurity might take a real backseat to other priorities.  But we know that must not be the case.  It is more important than ever to NOT let your guard down now. COVID-19 themed hacker tactics and techniques are being used widely.  I recently had the opportunity to talk with a few CS2AI advisors and members about this and have included a video with some of their comments in this issue. Keep safe, keep healthy, and keep vigilant, Derek

TAKE THE MAY FLASH POLL TODAY! Last month, as governments were increasingly directing their citizens to social distancing and self-isolation measures as a step towards reducing the spreading rate of the novel coronavirus, (CS)²AI conducted a flash poll to gauge our members’ perspectives on this unprecedented situation. We particularly wanted to know how the sudden rush to teleworking was affecting them and the security of the ICS/OT environments they defended. To keep things brief, we asked very few questions. Here’s what you told us: Question 1: Has your ICS/OT cyber security team been impacted by coronavirus-related events? (Pick one) It’s important to note that governmental leaders continued to issue work-from-home orders after our poll, so these numbers may reflect only a snapshot of things as they stood in the latter weeks of March 2020. The situation continues to evolve and will do so for the foreseeable future, with complexities of exceptions to orders based on differing definitions of “essential” personnel and businesses and shifting priorities. Question 2: Are you concerned about going to work during this outbreak? (Pick one) Somewhat of a ‘finger-on-the-pulse’ question, we wanted to know how our members perceived the threat to them personally if they continued their normal work routines. For the nearly one-third (32.6%) already telecommuting, the pandemic had no impact on their working situation. Of the other two-thirds (67.4%), respondents were more than twice as likely to be concerned that continued needs to be physically present at work increased their risk of exposure to the virus. Question 3: Do you believe this outbreak’s impact on the workforce increases risks to your ICS/OT systems? (Pick one) Being who and what we are, the question of how anything stands to affect the risk profile of ICS/OT systems and assets is one we ask continually. We were surprised to see less than 6 point difference between those who expect increased risk to their systems from coronavirus impacts on their workforce (52.7%) and those who believe their security measures sufficient despite staff illnesses or shifts to telework. That being the case, this data may also be affected by developing events; it is possible that the approximately two-thirds not already working remotely 100% of the time (see previous question, above) did not anticipate the ongoing rollout of work-from-home orders and its application to their workforce. With so much of the current crisis, governmental and business responses ongoing, (CS)2AI will continue to check in with our member base as things continue to develop. Stay safe out there. TAKE THE MAY FLASH POLL TODAY! https://www.surveymonkey.com/r/MayNwsltrFlshPl

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod FYSA  www.dc3.mil DC3’s mission is to deliver superior digital and multimedia (D/MM) forensic services, cyber technical training, vulnerability sharing, technical solutions development, and cyber analysis within the following DoD mission areas: cybersecurity and critical infrastructure protection, law enforcement and counterintelligence, document and media exploitation, and counterterrorism. Kristopher Johnson, Director Check out the PowerPoint Below

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod https://www.smartcitiesdive.com/news/visionaries-advancing-water-infrastructure-SUEZ/578555/ Visionaries must step forward to advance water infrastructure The current crisis has made clear that access to clean water is closely related to our ability to withstand shocks to the system. Sustainable infrastructure should be a vision we can all get behind. Editor's Note: The following is a guest post from Jon Freedman, head of global government affairs for SUEZ's Water Technologies & Solutions (WTS) business unit. The past few months have been difficult for everyone. Across the U.S., people from all walks of life are worried about their health and their financial well-being, but I’ve also talked to more and more people over the last few weeks who see past the fear and the doubt. There’s a growing feeling that this moment in history is an opportunity for significant change. As leaders look for ways to jumpstart the economy when states begin lifting stay-at-home orders, it’s time to consider investments in sustainable, resilient infrastructure that addresses the needs of communities now, and for decades to come. Getting beyond table stakes If the coming years follow the playbook of nearly every economic crisis we’ve seen in the past 80 years, we should expect governments at home and around the world to engage in major infrastructure projects to spur economic activity for long-term recovery. There are many water infrastructure projects that are shovel-ready or close to it, that could encourage immediate economic activity. Even without a stimulus, infrastructure repair in the U.S. is sorely needed. Every four years, the American Society of Civil Engineers grades the condition and safety of U.S. roads, bridges, water systems, dams, airports and railways. Since the 1980s, these critical assets have averaged a D+. At this point in time, funding these projects are table stakes. Projects should be selected not only for their ability to stimulate the economy, but for their ability to reduce pollution, restore ecosystems, or address the impacts of climate change such as water scarcity. Consider, for example, the construction of a new wastewater treatment plant in a fast-growing, water-scarce region of the country. Building an ordinary wastewater treatment plant could easily perform the first-order goal of spurring more economic activity. Some wastewater treatment plants, however, are more sustainable than others. At nearly all plants in the U.S., water is usually discharged back into local rivers, lakes or oceans after treatment. It’s used once, then sent away, a practice that is especially wasteful in water scarce areas of the U.S. One way of cementing the sustainability of water infrastructure is the encouragement of water reuse, or water recycling. Water recycling programs fully or partially treat wastewater for other uses, such as for irrigation — creating a circular, sustainable use of resources. Reuse projects have helped increase the supply of drinking water, build sustainable irrigation systems for agriculture and landscaping, and restore groundwater supplies. Recycled water can also be used for industrial purposes, such as cooling water, encouraging economic development in water scarce areas that might not have traditionally been able to support heavy industry, or even data centers. There is currently a simmering debate in Congress over the next wave of stimulus. House Speaker Nancy Pelosi has recently floated a $760 billion, five-year infrastructure package that sets aside up to $80 billion for water infrastructure, and $8 billion per year for wastewater plants — a five-fold increase over typical appropriations. At the same time, committees in both houses of Congress have begun work on the reauthorization of the Safe Drinking Water Act that will likely include funding for water infrastructure. But even without stimulus funding, Congress can take several important steps to encourage investments in sustainable infrastructure. For example, Congress could enact investment tax credits tailored to encourage sustainable water practices among industrial water users. The vast majority of companies have active environment and sustainability goals, but the cost of some major upgrades combined with generally low water costs often makes it difficult for companies to recoup their investment. Targeted tax credits, which shorten the time it takes for companies to realize value on new investments in water sustainability, could also be linked to increased energy efficiency, thereby resulting in building water sustainability and resilience while reducing greenhouse gas emissions. Turning crisis into opportunity The current health crisis will end one day. What will remain in its wake is an opportunity to learn from the situation and to build resiliency for future crises. What has this crisis taught us? We’ve learned that there are broad social benefits to making sure people have access to clean water while being asked to stay indoors. Water utilities across the country have suspended shutoffs and reconnected water service for people who had been living without. Avoiding the worst effects of the next crisis will require the development of mechanisms that protect financial and operational viability of utilities. Ensuring their resilience requires investment. A recent poll from the Value of Water Campaign, conducted as the coronavirus crisis began to unfold in the U.S., showed widespread support for increased federal investment to rebuild the nation’s water infrastructure, with 73% of respondents supporting investment to increase resilience to climate change. Water scarcity in communities across the globe is closely related to climate change, and we found in a separate poll that nearly 70% of Americans listed water scarcity as one of their top environmental concerns. For respondents in the Northwest and Northeast portions of the country, water scarcity was their top climate-related concern. The current crisis has made clear that access to clean water is closely related to our ability to withstand shocks to the system. Building sustainable infrastructure should be a vision we can all get behind. Thanks to => John Gaffigan of Fend, Inc. => for forwarding

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod ICSJWG 2020 VIRTUAL SPRING MEETING June 9 - 10, 2020 We are very pleased to announce the 2020 Virtual Spring Meeting!. Meeting Registration is now open! We are very pleased to open registration for our Virtual Meeting, from June 9th to June 10th.Please register for the meeting  https://gateway.on24.com/wcc/gateway/eliteCSRALLCamanagedaffiliate/2360375 no later than June 5, 2020. When at the registration site, users can see the entire agenda for each day, with abstracts of the presentations for each speaker. Note that registration is for the entire meeting, not just a single presentation (you do not have to register for each session you want to attend). There is no cost to attend this event. Overview We are excited about the offerings for the upcoming virtual meeting! The meeting will kick off on June 9th with an overview of the current CISA Mission by Director Christopher Krebs. The day will continue with an agenda filled with informative presentations. A Capture the Flag activity is available all-day June 9th and 10th.The CTF exposes analysts to hunting across ICS networks for malicious behavior, with puzzles appropriate for both the beginner and the experienced analyst. Challenges include artifacts generated from IT/OT host forensic data, network data (from both bro logs and pcap), and OT equipment actively being exploited by a threat actor. An Overview of CISA ICS Training will be provided on June 10th. The training series includes both a Foundational track and an Advanced track.The Foundational track provides basic ICS specific information including terms, types, architecture, cyber basics, Maturity Model review, data flow, network models, and more. The Advanced track includes assessment and evaluation processes and procedures, critical ICS risks and mitigations, analysis of captured ICS traffic to discover vulnerabilities, and more. The Technical Workshop will return on June 10th with both presentations and a demonstration. Presentation topics include the Open Source IR Toolkit, Low Level Forensics, OT/ICS Communication Protocols, Detecting Malicious Applications on Disk and in Memory (YARA and Volatility Introduction). The demonstration is on Improving Industrial Control System Security with Model-based Control Design and System Virtualization. Additional Information For additional information, please visit ourwebpage < https://www.us-cert.gov/ics/Industrial-Control-Systems-Joint-Working-Group-ICSJWG  or contact us at ICSJWG.Communications@cisa.dhs.gov Respectfully, ICSJWG Program Office, ICSJWG@cisa.dhs.gov < Caution-mailto:ICSJWG@cisa.dhs.gov >  Check out the documents below:

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod https://www.cisa.gov/publication/cybersecurity-best-practices-for-industrial-control-systems From POLITICO today: KEEPING THE LIGHTS ON —CISA and the Energy Department joined with the U.K. National Cyber Security Centre on Friday to issue security guidance for industrial control system operators. The best-practices document offers high-level advice and appears designed for executives rather than IT administrators or chief information security officers; in addition to the actual security advice, it lists the potential impacts of a cyber incident, from short-term problems such as shutdowns to long-term troubles such as lawsuits. One section lists the most common IT and operational technology flaws that CISA saw in fiscal 2019, including porous boundary protections that allowed undetected incursions; authentication failures that made it difficult to trace breaches back to specific compromised accounts; and lack of fidelity to the “principle of least functionality,” magnifying the scope of damage that hackers could do. Accompanying the document’s “Defend ICS Processes Today” checklist, which lists cybersecurity basics such as “Disable unnecessary services, ports, and protocols,” is a forward-looking “Proactively Protect Tomorrow” section with advice about network architecture, security monitoring, supply chain security and risk management. Absent from the document, however, is advice for ICS component manufacturers and purchasers. CPS, ICS, IoT…which term applies to you? Cyber-Physical Systems and Control Systems (CPS/CS) include those systems referred to as industrial control systems (ICS), internet of things (IoT), operational technology (OT), platform information technology (PIT), and supervisory control and data acquisition (SCADA). Examples include but are not limited to: building automation systems; energy/utility monitoring and control systems; lighting; fire and life safety; physical security; fuel handling; logistics; medical; manufacturing; and weapons systems. Damage to or compromise of any CPS/CS may compromise a mission  or cause cascading failures if the CPS/CS is used as a gateway into an organization’s broader information networks.  Source: Report to the President on Strengthening the Nation’s Cybersecurity Workforce for Cyber-Physical Systems and Control Systems (CPS/CS) in accordance with Executive Order 13870, “America’s Cybersecurity Workforce.”

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod Army to release white paper request seeking vendors through 4th iteration of "cyber innovation challenge" to "rapidly integrate innovative and novel capabilities" into the Persistent Cyber Training Environment (PCTE) platform https://insidedefense.com/insider/army-release-white-paper-request-persistent-cyber-training-environment Army to release white paper request for Persistent Cyber Training Environment By Jaspreet Gill / May 22, 2020 at 12:36 PM The Army later this year is planning to release a white paper request for the Persistent Cyber Training Environment and award a contract in the first quarter of fiscal year 2021. The service is seeking vendors through the fourth iteration of a "cyber innovation challenge" to "rapidly integrate innovative and novel capabilities" into the PCTE platform, according to a May 19 Army notice. The PCTE will provide the Defense Department cyber workforce a joint training environment that will enable cyberspace training, exercises, mission rehearsals, experimentations and more capabilities. The PCTE will be integrated into the Cyber Training, Readiness, Integration, Delivery and Enterprise Technology effort, for which the Army plans to award a contract next year. Specifically, the service is looking for solutions to address emerging U.S. Cyber Command operational priorities, including Cyber Mission Force assessment planning and analytics. The Army is looking for an assessment planning tool, visualizations and dashboards, a scoring engine and more capabilities tied to mission tasks. To address traffic generation priorities, the PCTE platform should "define, shape, control and record realistic traffic emulation capabilities" that mirror real-world activities and terrain. Specific areas of interest for the Army include network traffic layers, cyber traffic terrain and traffic command-and-control dashboards. The service will award a vendor for the PCTE through an other transaction agreement, according to the notice, and a request for white papers will be released in the fourth quarter of this fiscal year. Thanks to => Dan Bennett of National Renewable Energy Laboratory (NREL) =>for forwarding

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod The National Aeronautics and Space Administration (NASA) has experienced an exponential increase in malware attacks and a doubling of agency devices trying to access malicious sites in the past few days as personnel work from home, the space agency's Office of the Chief Information Officer said on Monday. "A new wave of cyber-attacks is targeting Federal Agency Personnel, required to telework from home, during the [COVID-19] outbreak," officials wrote in a memo. The wave includes the doubling of email phishing attempts, an exponential increase in malware attacks on NASA systems, and double the number of mitigation-blocking of NASA systems trying to access malicious sites (often unknowingly) due to users accessing the Internet. The FBI has issued an alert over a persistent Kwampirs malware attack targeting the healthcare sector Tuesday. The healthcare sector supply chain attacks deploy Kwampirs Remote Access Trojan that exploits network vulnerabilities of the targeted organization. Attacks involving the Kwampirs malware have intensified during the ongoing COVID-19 crisis. The healthcare sector has become an easy target of the Kwampirs malware attacks due to the COVID-19 pandemic. Separately, Illinois is one of seven states that will offer Abbott Laboratories' new rapid response COVID-19 tests at Walgreens. Deerfield-based Walgreens announced Tuesday that drive-thru testing will be available at 15 locations across Arizona, Florida, Kentucky, Louisiana, Tennessee, Texas, and Illinois -- which are expected to be activated beginning later this week. Federal officials will choose the locations based on areas identified as outbreak "hot spots." Once they're ready, they'll test up to 3,000 people a day, and get positive or negative results within five minutes. U.S. Army researchers at Fort Detrick in Maryland have begun testing potential vaccines for the novel coronavirus on animals, officials said. The U.S. Army Medical Research Institute of Infectious Diseases in Frederick is testing on "non-human primates," said a U.S. Department of Defense official. According to the official, human trials on a small group of people would begin if the animal trials were successful.

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod •          Introduction to Networking: How the Internet Works by Charles R. Severance:  Short but provides a very accessible introduction to the basics of networking.  Individuals who have taken Network+ or another introductory course may find it overly basic. •          Tubes: A Journey to the Center of the Internet by Andrew Blum: This book is essentially a travelogue focusing on the physical sites that make up the global internet architecture.  It provides a readable introduction to internet exchanges, peering, fiber-optic cable infrastructure, and other esoteric topics that are seldom addressed outside of niche publications (and certainly not as painlessly as they are handled by Blum). •          Worm: The First Digital War by Mark Bowden: The subtitle is misleading—the book definitely does not address a “digital war”—but Worm is nevertheless a very readable description of the global cybersecurity community’s attempts to battle the Conficker worm.  The technical descriptions of the malware are decent and the book does a good job of showing the multitude of government and private sector entities that must work together across national boundaries to degrade large-scale botnets. •          The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll:  An entertaining and accessible classic of the cybersecurity literature canon.  Although it was written 20 years ago it is still pertinent today. •          Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zetter: Probably the best description of advanced malware available for non-specialist readers. Also provides a decent overview of the computer security industry and the collaboration that takes place to reverse engineer destructive malware samples. Very readable. •          Network Attacks and Exploitation: A Framework by Matthew Monte: Monte is a former practitioner and this book clearly and concisely lays out some frameworks and approaches to thinking through offense and defense in cyberspace. He describes the different steps required to execute network attacks and presents and analyzes useful case studies of specific incidents. •          On Cyber: Towards an Operational Art for Cyber Conflict by Greg Conti and David Raymond: The authors have a combination of operational experience and technical expertise and in On Cyber they attempt to bridge the gap between the tactics of cybersecurity and the strategic implications of cyber conflict.

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod Cyber Trends and Policy Issues · Rob Joyce – DEF CON 26 - “NSA Talks Cybersecurity” · Thomas Dullien – CyCon 2018 – “Security, Moore’s law, and the anomaly of cheap complexity” · Matt Tait – INFILTRATE 2018 – “Updating how we think about security” · Nate Fick – INFILTRATE 2016 – “Learning to Win” · Alex Stamos – DataEDGE 2019 – “The Platform Challenge: Balancing Safety, Privacy and Freedom” · Thomas Dullien – Black Hat Asia 2017 – “Why We Are Not Building A Defensible Internet” Computers and Code 101 · CS50, “Lecture 0 – Computational Thinking” · CS50, “Lecture 0 – Arrays” · CS50, “Lecture 0 – Memory” · Computerphile, “Inside the CPU” · Computerphile, “Turing Complete” · Computerphile – “Virtual Machines Power the Cloud” Internet 101 · Jessica McKellar – RuPy 13 – “How the Internet Works” · Andrew Blum – TED – “What is the Internet, really?” · Martin Hannigan – NANOG 37 – “Analysis of DNS Root Server Location” · Geoff Huston – ENOG 13 – The Death of Transit and Beyond · Craig Labovitz – NANOG 76 – “Internet Traffic 2009-2019 Offensive Cyber 101 · Computerphile – “Running an SQL Injection Attack” · Computerphile – “Buffer Overflow Attack” · Computerphile – “Cracking Websites with Cross-Site Scripting” · Haroon Meer – Black Hat USA 2010 - “Memory Corruption: The (almost) Complete History” Offensive Cyber 201 · Thomas Dullien – RuhrSec 2018 – “Weird Machines, Exploitability, and provable non-exploitability: Understanding the nature of ‘exploits’” · dotsarecool – “Super Mario World Credits Warp Explained” · Mikko Hypponen – DEF CON 19 – “The History and Evolution of Computer Viruses” · Alexei Bulazel – ShmooCon 2018 – “Catch Me If You Can: A Decade of Evasive Malware Attack and Defense” Defensive Cyber 201 · Ivan Dwyer – Google Security for Everyone Else · David Weston – Black Hat USA 2018 – “ZEROing Trust: Do Zero Trust Approaches Deliver Real Security?”

Submitted by: Daryl Haegley, Director, Mission Assurance & Cyber Deterrence at Dod People who are intentionally spreading and infecting others with COVID-19 could face federal terrorism charges, according to Department of Justice (DOJ) officials. A U.S. attorney said the DOJ is working to stop coronavirus-related fraud and hold people accountable who are infecting others on purpose. Federal terrorism threat charges were filed against a Pennsylvania man after police said he intentionally coughed on an elderly man recovering from pneumonia and claiming he had COVID-19. In a separate incident, authorities in Pennsylvania are planning on filing criminal charges against a woman who coughed on more than $35,000 worth of food that all then had to be thrown away in what the grocery store owners are calling a coronavirus prank. "What we're seeing is that it's quite possible that the coronavirus mutually fits the definition of biological weapon potentially under the federal terrorism statues," said the DOJ official. "So, if someone is out there purposefully infecting others, whether it's coughing on someone or infecting something that they then give to another person - that it's just despicable. I think it's also criminal and we're going to hold them accountable," he added.