Might

now browsing by tag

 
 

Intel #Chairman: Election #Cybersecurity Fixes ‘Might Not be in #Time to Save the #System’

Homeland Security Secretary Kirstjen Nielsen told senators that most states are being cooperative with the whole-of-government effort to protect voting systems from cyberintrusions, though there are two unnamed states “who aren’t working with us as much as we would like right now.”

Members of the Senate Intelligence Committee grilled Nielsen last week about what is being done to secure the vote in light of Russia’s campaign influence operation in the 2016, and for an inside perspective on that campaign season former DHS Secretary Jeh Johnson joined Nielsen at the witness table.

Chairman Richard Burr (R-N.C.) praised DHS for making “great strides towards better understanding elections, better understanding the states, and providing assistance that makes a difference to the security of our elections.”

“But there’s more to do. There’s a long wait time for DHS premier services. States are still not getting all the information they feel they need to secure their systems,” Burr said. “The department’s ability to collect all the information needed to fully understand the problem is an open question, and attributing cyber attacks quickly and authoritatively is a continuing challenge.”

The chairman stressed that “this issue is urgent — if we start to fix these problems tomorrow, we still might not be in time to save the system for 2016 and 2020.”

Vice-Chairman Mark Warner (D-Va.) noted that in 2016 Russian actors “were able to penetrate Illinois’ voter registration database and access 90,000 voter registration records — they also attempted to target the election systems of at least 20 other states.”

“The intelligence community’s assessment last January concluded that Russia secured and maintained access to multiple elements of U.S. state and local election boards,” he said. “And the truth is clear that 2016 will not be the last of their attempts.”

Nielsen described the DHS arm of the election security mission as providing “assistance and support to those officials in the form of advice, intelligence, technical support, incident response planning, with the ultimate goal of building a more resilient, redundant, and secure election enterprise.”

“Our services are voluntary and not all election officials accept our offer of support. We continue to offer it; we continue to demonstrate its value. But in many cases state and local officials have their own resources and simply don’t require the assistance that we’re offering,” she said.

So far, the secretary told senators, “more than half” of states have signed up for DHS’ cyber hygiene scanning service, an automated remote scan “that gives state and local officials a report identifying vulnerabilities and offering recommendations to mitigate them.”

Another tool DHS is using is information sharing directly with election officials “through trusted third parties such as the Multi-State Information Sharing and Analysis Center, or MS-ISAC, and we look forward to the creation of the Election ISAC.”

Nielsen emphasized the need to “rapidly share information about potential compromises with the broader community so that everyone can defend their systems.”

“This collective defense approach makes all election systems more secure,” she said. “We’re also working with state election officials to share classified information on specific threats, including sponsoring up to three officials per state with security clearances and providing one-day read-ins as needed when needed, as we did in mid-February for the secretaries of state and election directors. We are also working with the intelligence community to rapidly declassify information to share with our stakeholders.”

Unlike DHS’ posture in 2016, Nielsen said the department now knows which person to contact in every state to share threat information.

“DHS is leading federal efforts to support and enhance the security of election systems across the country. Yet we do face a technology deficit that exists not just in election infrastructure but across state and local government systems,” she said. “It will require a significant investment over time and will require a whole-of-government solution to ensure continued confidence in our elections.”

Johnson talked about the Obama administration’s reticence to make a wrong move on Russia’s campaign interference and give the appearance that the White House was stepping into the election.

“The reality is that, given our electoral college and our current politics, national elections are decided in this country in a few precincts in a few key swing states. The outcome, therefore, may dance on the head of a pin. The writers of the TV show House of Cards have figured that out. So can others,” Johnson told lawmakers, adding he’s “pleased by reports that state election officials to various degrees are now taking serious steps to fortify cybersecurity of their election infrastructure and that the Department of Homeland Security is currently taking serious steps to work with them in that effort.”

Nielsen said DHS is trying to get security clearances for those three election contact persons in each state, but only “about 20” of those 150 officials have received the full clearance. “We’re granting interim secret clearances as quickly as we can,” she said, adding later that they’re “widely using day read-ins now, so we’re not going to let security clearances hold us up.”

The secretary said “a lot of work” has been accomplished at DHS over the past year on “related processes,” including working with the intelligence community to declassify information as “some of the information does not originate within DHS, so we need to work with our partners to be able to share it.”

“The second one is on victim notification. We have a role there, but so does FBI and so does MS-ISAC, which in this case the Multi-State Information Sharing and Analysis Center was in some cases the first organization to identify some of the targeting,” Nielsen said. “So we have to work with whomever originates the information. We all have different roles. So we’ve worked to pull it all together so that we can quickly notify victims of what has occurred.”

Pressed on the current level of cyber threat from malicious actors heading into midterm elections, Nielsen replied that “the threat remains high.”

“We think vigilance is important, and we think there is a lot that we all need to do at all levels of government before we have the midterm elections,” she said. “I will say our decentralized nature both makes it difficult to have a nationwide effect, but also makes it perhaps of greater threat at a local level. And, of course, if it’s a swing state or swing area that can, in turn, have a national effect.”

“So what we’re looking at is everything from registration and validation of voters — so those are the databases, through to the casting and the tabulation of votes, through to the transmission — the election night reporting, and then, of course, the — the certification and the auditing on the back end. All of those are potential vulnerabilities. All of those require different tools and different attention by state and locals,” Nielsen continued, adding that the federal government continues to work with state and local jurisdictions “to also help them look at physical security.”

“They need to make sure that the locations where the voting machines are kept, as well as the tabulation areas, they need access control and very traditional security like we would in other critical infrastructure areas,” she said.

Johnson told senators that “with the benefit of two years’ hindsight it does seem plain… that the Russian effort has not been contained; it has not been deterred.”

“In my experience, superpowers respond to sufficient deterrence and will not engage in behavior that is cost prohibitive. Plainly, that has not occurred and more needs to be done,” the former DHS chief said. “With the benefit of hindsight, the sanctions we issued in late December [2016] have not worked as an effective deterrent and it’s now on the current administration to add to those and follow through on those.”

advertisement:

The post Intel #Chairman: Election #Cybersecurity Fixes ‘Might Not be in #Time to Save the #System’ appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

How #Recent Attacks Might #Raise The #Bar In #Cybersecurity

Source: National Cyber Security – Produced By Gregory Evans

After more than two decades, malware attacks have started to hit the corporate bottom line and to show significant losses in quarterly earnings reports. The shipping company Maersk, which was hit by ransomware WannaCry in May,reported a third quarter loss in 2017 of about $200- $300 million. A few weeks later the pharmaceutical company Merck was hit by NotPetya and reported a quarterly loss of around $200 million while FedEd’s subsidiary TNT reported $300 million in losses from the same outbreak. As a result, last spring’s viral ransomware attacks are causing organizations today to take another look at their current security and therefore may offer a silver lining.

“[Its] because of the high profile nature of these incidents and the exploits, business people –organizational leadership — are taking a keener interest in what’s happening in cybersecurity,” said Amit Yoran, Chairman and Chief Executive Officer of Tenable.  “Maybe you have a sexy story around APT and nation-state actors. These events are all forcing a professionalization in our industry — they’re driving a professionalization in our industry — that we haven’t seen before.”

Yoran said the 2017 ransomware attacks didn’t have to be so bad.

“The combination [of WannaCry and Petya] is a face palm moment,” Yoran said. “It’s all so prototypical of our industry. This is very basic stuff. It’s been around for a while. People have known about this for a while.”  He added, “This is not like some super-elite hacker. Not some nation state, a sophisticated thing coming down. It’s the basic blocking and tackling that people just still don’t get, they still aren’t getting basic hygiene. People still aren’t going bounds checking. They’re still writing buffer overflows.”

As damaging as the attacks where for some, they may have had a positive effect for others.  Yoran said Boards of Directors “today would be negligent to ignore cyber risk to the extent that they rely on technology which pretty much every enterprise does.”

Yoran has observed some organizations now going the extra distance with a security vendor, asking the vendor how the organization can better manage their own security program.  These organizations want metrics. And want to know what can be done without putting the entire organization on the line.

“Cyber risk and technology risk are a core components of business risk today,” Yoran said. “Hey, if we’re accepting this business risk, then we want to mature our practices around cyber and that’s a trend that has started to evolve our industry a lot faster than it has been in the past.”

What will reduce the risks to organizations?  It depends

“I’d say if somebody’s focused and you have a funded advisory who is focused on intent with any modicum of skill they are going to get into your environment,” Yoran said. “At that point how do you raise the bar?  How do you make it more difficult for them? And how do you decrease your time to detection?”

So, given all that, is cybersecurity better today?

“Broadly, things are better — maybe too broadly,” Yoran added with a chuckle. “The risk today is probably higher than it’s ever been as organizations rely more on technology than they have before, as core processes and technologies get more and more complex, more and more interconnected. Complexity is the enemy of security.”

That and perhaps the threats today are more persistent?

“The threat actors are as or more aggressive than they’ve ever been,” Yoran said. “I think from that perspective things are probably worse off than we’ve seen in years past. I’d say for first time, though, there’s a light at the end of the tunnel. We can see a path to improvement, which is really driven by outside influence.”

Yoran said the vast majority of the high-profile breaches that occur actually rely on a fairly simple subset of exploits which are occurring out in the wild. And as more organizations exercise better hygiene – bring more professionalism to their cybersecurity programs — that will raise the overall protection against these threats, whether it is targeted or if somebody stumbles upon you as an exposed entity.

The post How #Recent Attacks Might #Raise The #Bar In #Cybersecurity appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

FIREWALLS DON’T STOP HACKERS. AI MIGHT.

Source: National Cyber Security – Produced By Gregory Evans

The cybersecurity industry has always had a fortress mentality: Firewall the perimeter! Harden the system! But that mindset has failed—miserably, as each new headline-generating hack reminds us. Even if you do patch all your software, the way Equifax didn’t, or you randomize all your passwords, the way most of us…

The post FIREWALLS DON’T STOP HACKERS. AI MIGHT. appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

‘Cybersecurity’ term might be scaring off young talent

Source: National Cyber Security – Produced By Gregory Evans

While 18- to 26-year-olds are showing interest in cybersecurity, there’s a disconnect in the language around the field, skills and opportunities. BOSTON — When the National Cyber Security Alliance asked 18- to 26-year-olds what skills they are looking for in a career, researchers uncovered a list that would, if framed…

The post ‘Cybersecurity’ term might be scaring off young talent appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Millennials, popular dating apps might have increased your risk of getting STDs, experts say

Over 1.5 million people dated last week thanks to dating app Tinder, according to company stats. It’s hard to say how many of them took it farther than first base, but public health officials say one thing is certain: dating apps are quickly becoming the primary way partners connect. The rise of online dating has correlated with another more disturbing trend: STD rates are also very much on the rise in the U.S. The total combined cases of chlamydia, gonorrhea and syphilis reported in 2015, the most recent year for which data are available, rose to the highest numbers ever in the U. Read More….

The post Millennials, popular dating apps might have increased your risk of getting STDs, experts say appeared first on Dating Scams 101.

View full post on Dating Scams 101

FBI says it can’t release iPhone hacking tool because it might still be useful

Source: National Cyber Security – Produced By Gregory Evans

Justice Dept. officials say that details of a hacking tool used to access a terrorist’s iPhone should not be released because it may still be “useful” to federal investigators. The government is fighting a case against three news organizations, including …

The post FBI says it can’t release iPhone hacking tool because it might still be useful appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

If You Match With This Girl On Tinder, She Just Might Steal Your Organs

I just got Tinder a couple weeks ago, and FINDING LOVE IS HARD, GUYS! Sure, there are a lot of fish in the sea, but some of those fish are jellyfish and some are sharks and some are just plankton robots trying to get you to follow them on Skype so they can sell you bRaNd NeW ipHonE$. That metaphor may have gotten away from me. My point is, online dating can be tough. Especially when you come across a user who seems less interested in sharing an intimate connection with another human being who has a similar point of view, sense of humor and sexual fetish, and more interested in the health and viability of your internal organs for transplants. Read More….

The post If You Match With This Girl On Tinder, She Just Might Steal Your Organs appeared first on Dating Scams 101.

View full post on Dating Scams 101

Why You Might Want To Reconsider Getting Married On Valentine’s Day

Planning to get married on Valentine’s Day? You may want to reconsider; while it might seem like the height of romance to say “I do” on a day celebrating love, a new study suggests that people who marry on Valentine’s Day and other gimmicky dates face a higher risk of divorce

Weddings that take place on Valentine’s Day or special-number dates like 9/9/99 or 1/2/03 are 18 to 36 percent more likely to end in divorce than weddings on ordinary dates, according to researchers at the Melbourne Institute of Applied Economic and Social Research.

Not so romantic after all, eh?

Read More

The post Why You Might Want To Reconsider Getting Married On Valentine’s Day appeared first on Parent Security Online.

View full post on Parent Security Online

Your Cyber Security Tools Might Be Your Biggest Threat

cyber_security_tools

Source: National Cyber Security – Produced By Gregory Evans

Your Cyber Security Tools Might Be Your Biggest Threat

The Need for Security Tool Integration and Consolidation
Organizations of all sizes face serious security threats
There are more cyber security threats facing US organizations than ever before. These threats come from sophisticated hacker rings, nation-state sponsored attacks, and terrorist

The post Your Cyber Security Tools Might Be Your Biggest Threat appeared first on National Cyber Security.

View full post on National Cyber Security

Researchers might have found a way to protect our brains from hackers

&NCS_modified=20160526154445&MaxW=640&imageVersion=default&AR-160529269

Source: National Cyber Security – Produced By Gregory Evans

Researchers might have found a way to protect our brains from hackers

“Wait, what?” is probably your first thought, but in actuality brain-computer interfaces are closer than we think, perhaps arriving as early as the next decade, reports TheNextWeb. And though this new interaction could do wonders for computing—allowing people to easily manipulate connected devices by just using their thoughts—it also means our brains could literally be […]

The post Researchers might have found a way to protect our brains from hackers appeared first on National Cyber Security.

View full post on National Cyber Security