Tag Archive for: Defenses

Hackers are playing by new rules, and dealerships’ defenses aren’t ready

/in


Auto dealers are getting better at protecting their computer networks from cyberattacks, an information technology consultant who works with dealerships told me last week.

They’re investing in phishing training, a process that tests whether employees click on suspicious emails and trains those who do on proper security practices. More are carrying cyber insurance. They’re talking to colleagues in industry peer groups about best practices.

And yet, said Erik Nachbahr, president of Helion Technologies, just as dealerships have improved their defenses against hackers, the hackers have started using a different playbook.

It used to be that cybercriminals would deploy automated programs that would lock up files once someone clicked a malicious link or attachment in an email, he said. Then antivirus software and firewalls got better at blocking them. So the hackers evolved. Now, Nachbahr says, when they gain access to the networks, they’re embedding themselves in the systems, figuring out how they’re designed and laying the foundation for an attack before they launch it.

Those attacks — often ransomware, in which hackers lock down a computer system in exchange for a ransom demand — can be devastating, he said. Last month, for instance, Colonial Pipeline, which provides crucial energy supplies to the East Coast, went down for days after an attack; the CEO has said the organization paid a $4.4 million ransom. Municipal governments and public schools also have been targets.

So have dealerships. Nachbahr told me that among Helion’s 750 U.S. franchised dealership clients, “we see credible, critical-level threats a few times a week.”

“The attackers have identified industries where they’re not doing enough defense,” he said. “And dealers are one of those.”

New threat intelligence software can better detect hackers rooting around inside computer networks, he said. But it’s newer technology, and many dealerships aren’t yet using it.

Nachbahr says bringing awareness to the severity of cyberattacks and what’s at stake for dealers — including the possibility of having their operations shut down entirely — is his top priority.

“Dealers have always struggled with readiness when it comes to…

Source…

Joe Biden signs executive order to beef up federal cyber defenses following pipeline hack

/in


RICHMOND, Va. — President Joe Biden signed an executive order Wednesday meant to strengthen U.S. cybersecurity defenses in response to a series of headline-grabbing hacking incidents that highlight how vulnerable the country’s public and private sectors are to high-tech spies and criminals operating from half a world away.

The order will require all federal agencies to use basic cybersecurity measures, like multi-factor authentication, and require new security standards for software makers that contract with the federal government.

Officials are hoping to leverage the federal government’s massive spending power to make widely used software safer for the private sector as well.

“The federal government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life,” Biden said in his executive order.

His actions come as the administration has been grappling with its response to a massive breach by Russia of federal agencies and ransomware attacks on private corporations.

Biden’s executive order was announced shortly after the nation’s largest fuel pipeline restarted operations Wednesday, days after it was forced to shut down by a gang of hackers. The disruption of Colonial Pipeline caused long lines at gas stations in the Southeast.

And the U.S. sanctioned the Kremlin last month for a hack of several federal government agencies, known as the SolarWinds breach, that officials have linked to a Russian intelligence unit and characterized as an intelligence-gathering operation. The AP previously reported that Russian hackers gained access to an email account belonging to the Trump administration’s acting homeland security secretary, Chad Wolf.

“The United States is simply not prepared to fend off state-sponsored or even criminal hackers intent on compromising our systems for profit or espionage,” Sen. Mark Warner, the Virginia Democrat who leads the Senate Intelligence Committee, said in a statement.

Warner praised the executive order but said Congress needs to do more to address the country’s vulnerabilities in cyberspace.

The order also creates a pilot program to develop a rating system, similar to how New York City…

Source…

Space Force Looks to Boost Cyber Defenses of Satellites with Acquisition Reorganization

/in


The ongoing restructuring of Space Force acquisition authorities is designed in part to ensure proper cybersecurity testing and monitoring of new programs as they are developed and deployed, a senior Space Force procurement official said May 10.

The stand-up of Space Systems Command, and it’s absorption of the Space and Missile Systems Center (SMC), details of which were unveiled last month, was advertised as an effort to increase the speed and agility of Space Force acquisitions.

But in a lunchtime keynote at the CyberSatDigital event on May 10, Cardell DeLaPena, program executive officer for Space Production at SMC, stressed that it was also intended to improve the resilience of Space Force overhead architecture against new kinetic and cyber threats.

“The reason why we’ve stood up … a separate Space Systems Command for acquisition, and launch, and architecting is to make that shift from today’s peacetime architecture, … an architecture which was never envisioned to conduct offensive or defensive operations,” he said. In its place, Space Force plans a new architecture that could survive kinetic and cyberattacks by near-peer adversaries. “To make that pivot,” DeLaPena added, “We integrate all of those responses to those threats to our satellites into an integrated architecture, which will achieve space superiority.”

The new architecture, DeLaPena said, would rely on digital twinning technology, more properly called model-based systems engineering, in which a detailed virtual model of a satellite or other complex system is built so that it can be attacked and its cyber defenses tested.

DeLaPena said that cyber threats to U.S. satellite systems would be addressed in detail in a classified session later in the week, but outlined a series of “potential threats” in the cyber domain, which he said the newly reorganized acquisition elements in the Space Force would be “testing against” before turning new products over to operational commanders.

“The types of threats we are looking for [are] things like insertion of rogue components—that’s more on the supply side—malicious software, electronic warfare…

Source…

Opinion | There’s a Big Gap in Our Cyber Defenses. Here’s How to Close It.

/in


The problem is well known. The difficulty lies in resolving deeply felt concerns over any increase in government surveillance authority, no matter how important the purpose. We are also paralyzed by a sense of fatalism that cyber vulnerabilities are simply the price we pay for being online, and an erroneous belief that the Constitution stands in the way of any solution.

Most cybersecurity experts agree an effective public-private cyber information-sharing system is essential in stopping foreign cyber maliciousness before it causes too much damage. But information sharing isn’t enough; it would be hamstrung from the start if the government cannot seamlessly and quickly track malicious cyber activity from its foreign source to its intended domestic victims. If some government agency had that legal power, then it could, for example, quickly check out a domestic IP address after an alert from the NSA that the address was communicating with a suspicious overseas server. If that IP address showed questionable activity, the government and the private sector jointly could take steps to reconfigure firewalls or otherwise curtail the hack. Admittedly, this wouldn’t prevent hacks and attacks that were based on previously unknown software bugs (so called “zero-day exploits”). But the reality is that most large-scale hacks by foreign countries rely on already known software imperfections and hardware deficiencies.

The issue is that almost any kind of domestic cyber inspection, even in hot pursuit of a foreign adversary, would be considered a “search” within the Constitution’s Fourth Amendment, which requires searches and seizures by the government to be not “unreasonable” and in many (but by no means all) cases to be based on a search warrant issued by a judge. The notion that searches could possibly be electronic was of course not in the Framers’ minds when adopting the amendment in 1792, but the “reasonableness” standard has allowed courts over the years to apply it to new techniques and technologies, including cyber surveillance.

To track foreign cyber malevolence in a new domestic legal framework, we would need a cyber monitoring capability that was so limited and…

Source…