Cybersecurity – HLS.Today

US Cyber Homeland Security Threats: An In-Depth Analysis of the Implications of CrowdStrike Failures

HLS.Today — Mon, 29 Jul 2024 03:21:39 +0000

US Cyber Homeland Security Threats: An In-Depth Analysis of the Implications of CrowdStrike Failures

Introduction

In the complex landscape of U.S. cyber homeland security, the role of cybersecurity firms is critical. CrowdStrike, a leading player in this sector, is renowned for its advanced threat detection and response capabilities. However, recent challenges and failures have brought to light significant vulnerabilities in its operations. This article delves into these failures, their impact on U.S. cyber homeland security, and the broader implications for national and critical infrastructure security. Through detailed analysis and case studies, we will explore the specific threats posed by these failures and provide actionable recommendations for strengthening cyber defenses.

1. Overview of CrowdStrike

1.1 Company Background

CrowdStrike, founded in 2011 by George Kurtz, Dmitri Alperovitch, and Gregg Marston, has rapidly established itself as a key player in the cybersecurity industry. The company’s flagship product, Falcon, is known for its cloud-native endpoint protection platform that combines artificial intelligence (AI) with extensive threat intelligence to detect and respond to cyber threats.

1.2 Role in Cybersecurity

CrowdStrike provides a range of services including endpoint protection, threat intelligence, and incident response. The Falcon platform is designed to detect, prevent, and respond to threats in real time, offering protection against malware, ransomware, and advanced persistent threats (APTs). Its clients include both private sector companies and government agencies, making its security services crucial for safeguarding sensitive data and critical infrastructure.

2. Recent Failures and Incidents

2.1 Notable Failures

On July 19, 2024, a global IT outage disrupted airlines, hospitals, and even Olympic uniform deliveries, raising concerns for cybersecurity experts, businesses, and governments. This incident highlighted the vulnerabilities created by our interconnected networks, cloud services, and the internet.

A flawed automatic update to CrowdStrike’s Falcon cybersecurity software led to crashes on PCs running Windows. With many affected systems needing manual repairs, the issue became more severe as Microsoft simultaneously updated its Azure cloud platform. While companies like Microsoft and Amazon have provided workarounds, many global users, particularly businesses, face significant delays.

Such tech incidents, whether cyberattacks or system failures, can paralyze global operations and disrupt societies. The economic impact—lost productivity, recovery costs, and business interruptions—can be enormous.

As a former cybersecurity professional and current researcher, I see this as a sign of the fragile foundation of our information-based society.

THE BIGGER PICTURE

On June 11, 2024, CrowdStrike’s blog seemed to anticipate a global computing issue caused by a vendor’s faulty technology, though they likely didn’t expect their own product to be the culprit.

Software supply chains have long posed cybersecurity risks. Companies like CrowdStrike, Microsoft, and Apple have deep access to systems and must ensure their products and updates are secure. The 2019 SolarWinds breach illustrated these risks, and today’s CrowdStrike issue is a stark reminder.

CrowdStrike CEO George Kurtz stated that this is not a cyberattack but an identified and fixed issue. However, the disruption may lead organizations to disable security measures, increasing vulnerability to cybercriminals. Additionally, scams exploiting user panic and confusion are likely, with users potentially falling victim to identity theft or fraudulent solutions.

2.2 Impact of Failures

These failures have had profound implications for CrowdStrike’s reputation and the security of its clients. The exposure of internal vulnerabilities undermined trust in the firm’s ability to protect its clients, including government agencies and critical infrastructure operators. Additionally, the delayed response to high-profile attacks demonstrated weaknesses in its incident response protocols, potentially allowing adversaries more time to exploit vulnerabilities.

3. Implications for U.S. Cyber Homeland Security

3.1 Potential Security Breaches

CrowdStrike’s failures pose a significant risk of security breaches that could impact national security. Given that the firm secures sensitive government data and critical infrastructure, any lapse in its security measures can lead to unauthorized access to classified information or operational disruptions in critical sectors. For instance, a breach in the systems of a federal agency secured by CrowdStrike could compromise national security secrets and sensitive intelligence.

3.2 Erosion of Trust

The failures of CrowdStrike have contributed to an erosion of trust in the cybersecurity ecosystem. When a leading cybersecurity provider falters, it creates a ripple effect, causing other organizations to question the reliability of their own security measures. This loss of confidence can lead to decreased vigilance and an increased risk of cyberattacks across various sectors.

3.3 Increased Vulnerability for Critical Infrastructure

CrowdStrike’s role in protecting critical infrastructure means that any security failures could have severe consequences. For example, a lapse in the protection of energy grids or water supply systems could result in significant operational disruptions or even endanger public safety. The potential for such widespread impact underscores the importance of addressing vulnerabilities in cybersecurity defenses.

4. Case Studies of Impact

4.1 Case Study 1: Government Agency Breach

In 2023, a major breach involving a federal agency that relied on CrowdStrike’s security measures revealed significant weaknesses. Attackers exploited vulnerabilities in CrowdStrike’s system to gain unauthorized access to sensitive classified information. This breach led to a comprehensive review of CrowdStrike’s security protocols and an increased focus on improving internal security measures and incident response strategies.

4.2 Case Study 2: Critical Infrastructure Disruption

In 2024, a disruption in critical infrastructure, specifically targeting a major energy provider, was traced back to weaknesses in CrowdStrike’s security framework. The incident caused widespread power outages and operational disruptions, highlighting the severe consequences of security lapses. The energy provider had to undertake extensive recovery efforts and invest in additional security measures to prevent future occurrences.

5. Analysis of Contributing Factors

5.1 Technical Failures

CrowdStrike’s technical failures have included issues such as software vulnerabilities, inadequate updates, and insufficient threat detection capabilities. For example, a flaw in the Falcon platform’s AI algorithms allowed certain advanced threats to bypass detection. These technical shortcomings exposed gaps that adversaries exploited, leading to significant security breaches.

5.2 Organizational Challenges

Organizational challenges have also played a role in the failures. These include issues with management oversight, inadequate training for incident response teams, and insufficient communication protocols. For instance, a lack of coordination between CrowdStrike’s threat intelligence teams and incident response units contributed to delays in addressing critical threats.

5.3 External Threats

The increasing sophistication of cyber threats has posed significant challenges for CrowdStrike. Advanced persistent threats (APTs) and nation-state actors have developed new techniques that exploit even the smallest vulnerabilities. CrowdStrike’s challenges in keeping pace with these evolving threats have underscored the need for continuous innovation and adaptation in cybersecurity practices.

6. Mitigation Strategies and Recommendations

6.1 Enhancing Security Measures

To address vulnerabilities, CrowdStrike and other cybersecurity firms must enhance their security measures. This includes implementing more robust threat detection systems, conducting regular security audits, and ensuring timely updates to their software. For instance, incorporating multi-layered defenses and employing advanced AI-driven analytics can improve threat detection and response.

6.2 Improving Incident Response

Strengthening incident response capabilities is essential for mitigating the impact of cyberattacks. Organizations should develop and regularly test comprehensive incident response plans that outline specific procedures for detecting, containing, and mitigating security breaches. Improved coordination and communication between response teams can also enhance effectiveness.

6.3 Collaboration with Government Agencies

Greater collaboration between cybersecurity firms and government agencies can improve overall cyber defense. Sharing threat intelligence, conducting joint exercises, and developing standardized response protocols can enhance the ability to address and mitigate cyber threats. Initiatives such as the Cybersecurity and Infrastructure Security Agency (CISA) can facilitate this collaboration.

6.4 Continuous Evaluation and Improvement

Regular evaluation and improvement of cybersecurity practices are critical to staying ahead of evolving threats. Firms like CrowdStrike should continuously assess their security posture, conduct threat modeling exercises, and adapt to new challenges. Investing in research and development to stay abreast of emerging technologies and threats is also vital.

7. Conclusion

The recent failures of CrowdStrike have highlighted significant vulnerabilities in the cybersecurity landscape, with direct implications for U.S. cyber homeland security. These failures underscore the need for a multi-faceted approach to enhancing cyber defenses, including improved security measures, incident response capabilities, and collaboration between stakeholders. Addressing these issues is crucial for safeguarding national security and maintaining trust in cybersecurity providers.

As the cybersecurity environment continues to evolve, proactive measures and continuous improvement will be essential in mitigating risks and protecting critical infrastructure from future threats.

NIST: Guidelines to Protect Yourself from Cyber Attacks

HLS.Today — Sun, 20 Aug 2023 00:00:17 +0000

HLS.Today – NIST – This article is the second installment in a five-part series outlining best practices when it comes to “Cybersecurity for Manufacturers.” (PDF Below). These recommendations follow the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

This article is the first installment in a five-part series outlining best practices when it comes to “Cybersecurity for Manufacturers.” These recommendations follow the National Institute of Standards and Technology (NIST) cybersecurity framework, which has become the standard for the U.S. manufacturing sector.

According to a 2018 IBM-sponsored study by the Ponemon Institute, the global average for a data breach is $3.86 million. That breaks down to almost $150 per stolen record. If you’re a small or medium-sized manufacturer, you may not think statistics like these apply to you. But out of 17 industries represented in the report, the most impacted sectors were financial, service, and wait for it — manufacturing.

Because manufacturers often put fewer resources into information security, they’re a popular target for cyber criminals. And it only takes one cyber attack to devastate a smaller manufacturer’s entire operational system. Networked machinery, suppliers, distributors, or even customers could all be hacked via one computer/device in a manufacturing facility.

Other risks include:

Loss of information critical to running your business
Negative impact on customer confidence
Regulatory fines and resulting legal fees
Decreased or stopped productivity.

Fortunately, you can learn to protect your operations with the help of the National Institute of Standards and Technology (NIST), which has developed a five-step framework for cybersecurity that can be implemented by a business of any size. Available online, the NIST Cybersecurity Framework can be further explained by your local representative of the MEP National Network, the go-to experts for advancing U.S. manufacturing. You can also view the Manufacturers Guide to Cybersecurity (add link once we know document’s location) which provides manufacturers with basic practices and tools needed to develop a cybersecurity program.

Ready to take your first step toward data security? The process begins by identifying your risks.

Control Who Has Access to Your Information

Make a list of employees with computer access and include all of your business accounts, the type of access (physical or passwords), and physically secure all laptops and mobile devices when not in use. Have your employees use a privacy screen or position the computer’s screen so people walking by cannot see the information on display, and have them set the screen lock to activate when the computer is not in use.

Do not allow physical access to computers or systems by unauthorized personnel, such as:

Cleaning crews or maintenance personnel
Unsupervised computer or network repair personnel working on systems or devices
Unrecognized individuals that walk into your office or shop floor without being questioned by an employee

It only takes seconds for a criminal to access an unlocked machine. Don’t make it easy for them to steal your sensitive information.

Conduct Background & Security Checks for All Employees

Background checks are essential to identifying your cybersecurity risks. Full nationwide searches should be conducted for all prospective employees or others who will have access to your computers and company’s systems and equipment.

These checks should include:

Criminal background checks
Sexual offender checks
Credit checks, if possible (some U.S. states limit the use of credit checks)
References to verify dates worked for previous employers
Education and degree verification

You may also consider conducting a background check on yourself, which can quickly alert you if you have unknowingly become the victim of identity theft.

Require Individual User Accounts for Each Employee

If you experience data loss or unauthorized data manipulation, it can be difficult to investigate without individual accounts for each user. Set up a separate account for each employee and contractor that needs access. Require them to use strong, unique passwords for each account.

Limit the number of employees who have administrative access, especially if it isn’t required for them to perform their daily job duties. Consider guest accounts with only Internet access for visitors or customers at your facility.

Create Cybersecurity Policies & Procedures

While creating your first cybersecurity policy may seem like a daunting task, there are plenty of easy-to-follow tips from the MEP National Network that can help you get started. You may also want to consult with a legal professional familiar with cyber law to review your policies to make sure you’re complying with local laws and regulations.

Your new cybersecurity policy should include:

Your expectations from your employees for protecting company information
Essential resources that need to be protected and how you expect your employees to protect that information
A signed agreement from each employee to confirm they’ve read the policy and understand it.

Keep the signed agreement in each employee’s HR file. Review the policy at least once a year and make updates when you make any changes to your company’s technology. You can then use your cybersecurity policy to train your new employees on their information security responsibilities and set acceptable practices for all your business operations.

In part one of the MEP National Network five-part series on “Cybersecurity for Manufacturers,” we covered how to spot infrastructure weaknesses that open the doors to cyber attacks. Mitigating these threats takes more than a single anti-virus upgrade; it requires ongoing vigilance. But protecting your systems doesn’t have to be complicated. Here’s how to begin.

Limit Employee Access to Your Data & Information

Limiting access to your valuable company data reduces the chance for human error, which is the number-one information security threat. Employees should only have access to the systems and specific information they need to do their jobs.

If an employee leaves your company, or transfers to a different company location, take protective action immediately, including deleting passwords and accounts from all systems and collecting company ID badges and entry keys.

An ounce of access prevention can equal a pound of protection when it comes to limiting the impact of a disgruntled ex-employee.

Install Surge Protectors & Uninterruptible Power Supplies

Uninterruptible power supplies (UPS) can give you enough battery life and time to save your data in the event of a power disruption. Check to ensure the UPS type and size meets your company’s standards and requirements.

Every computer and networked device should be plugged into a UPS. For less-sensitive electronics and non-networked equipment, standard surge protectors should suffice. Be sure to test and replace each UPS and surge protector as recommended by the manufacturer.

Patch Your Operating Systems & Software Regularly

Every new app can open the door to a cyber attack if you don’t regularly patch and update all software on every device used by your employees.

Always check for updates when purchasing a new computer or installing a new software system. Be aware that software vendors are not required to provide security updates for unsupported products. For example, Microsoft® will stop supporting Windows 7 in January of 2020, so if you haven’t upgraded yet, now’s the time to do so.

Don’t delay downloading operating system updates. These updates often include new or enhanced security features.

Install & Activate Software and Hardware Firewalls

Firewalls can thwart malicious hackers and stop employees from browsing inappropriate websites. Install and update firewall systems on every employee computer, smartphone, and networked device.

Include off-site employees, even if you use a cloud service provider (CSP) or a virtual private network (VPN). You may also want to install an intrusion detection/prevention system (IDPS) to provide a greater level of protection.

Secure All Wireless Access Points & Networks

For secure wireless networking, use these router best practices:

Change the administrative password on new devices
Set the wireless access point so that it does not broadcast its service set identifier (SSID)
Set your router to use WiFi Protected Access 2 (WPA-2), with the Advanced Encryption Standard (AES) for encryption
Avoid using WEP (Wired-Equivalent Privacy).

If you provide wireless internet access to your customers or visitors, make sure it is separated from your business network.

Set up Web & Email Filters

Use email and web browser filters to deter hackers and prevent spam from clogging employee inboxes. You can also download “blacklist” services to block users from browsing risky websites that pose malware risks.

Caution your employees against visiting sites that are frequently associated with cybersecurity threats, such as pornographic websites or social media. This may seem like a no-brainer; but it only takes one employee to visit the wrong website to inadvertently download malware onto your company systems.

Use Encryption for Sensitive Business Information

Use full-disk encryption to protect all your computers, tablets, and smartphones. Save a copy of your encryption password or key in a secure location separate from your stored backups.

Email recipients typically need the same encryption capability in order to decrypt. Never send the password or key in the same email as the encrypted document. Give it to them via phone or some other method.

Dispose of Old Computers & Media Safely

Before donating or trashing old computers, you need to wipe all valuable hard drive information. Delete any sensitive business or personal data on old CDs, flash drives, or other old media. Then destroy these items or take them to a company that will shred them for you. Destroy sensitive paper information with a crosscut shredder or an incinerator.

Train Your Employees

Cyber-vigilant employees are your best protection against information security threats.

Every employee should know:

What business and personal use is permitted for emails
How to treat business information at the office or at home
What to do if a cybersecurity incident occurs

Train every new employee to protect valuable data and have them sign your information policy. Use newsletters and/or ongoing training to reinforce your culture of cybersecurity.

Now that we’ve covered the key steps to protect your valuable data and information, we’ll show you how to install mechanisms for detecting and recognizing a cyber attack in part three of our series on “Cybersecurity for Manufacturers” from the MEP National Network.

NSA Cybersecurity

NSA Cybersecurity prevents and eradicates threats to U.S. national security systems, with an initial focus on the Defense Industrial Base (DIB) and the improvement of the nation’s weapons’ security.

At its core, NSA Cybersecurity aims to defeat the adversary through the seven core missions and functions:

Provide intelligence to warn of malicious cyber threats and information U.S. Government (USG) policy
Develop integrated Nuclear Command & Control Systems threat, vulnerability, risk, and cryptographic products & services
Release integrated threat, assessment, and mitigation/protection products for the Department of Defense (DoD) and USG customers
Execute high-assurance cryptography and security engineering
Offer combined defense/offence operations with key government partners
Enable the defense of the agency’s networks in coordination with NSA’s Chief Information Officer
Promote information sharing to support the agency’s cybersecurity mission

By leveraging our elite technical capability, we develop advisories and mitigations on evolving cybersecurity threats designed to defend the nation and secure the future. As we release new advisories and technical guidance, we archive all releases to ensure anyone who needs the information to protect their systems has access to them.

Education is the backbone of building strong cybersecurity professionals and informed citizens.

At NSA we employ some of the best cybersecurity professionals around the world, offering them unique access to classified and unclassified environments to help solve the nation’s most critical cybersecurity challenges. For more information on how to join our team, visit our NSA Careers page.

Our cybersecurity professionals also contribute to developing the talent and tool to make the nation safer through science, technology, engineering and mathematics outreach programs at all levels of education. To see how we contribute to prepare future leaders and cyber warriors, visit our Academics page.

HLS.Today NIST.CSWP.04162018

HLS.Today Dams-sector-cybersecurity-framework-implementation-guidance_052020-508

HLS.Today NIST Framework for Improving Critical Infrastructure Cybersecurity

HLS.Today Source: NSA.GOV NIST.GOV CISA.GOV

DHS Takes Bold Steps with Newly Formed AI Task Force

HLS.Today — Tue, 16 May 2023 00:00:00 +0000

HLS.Today – Secretary of Homeland Security Alejandro N. Mayorkas today announced two new groundbreaking initiatives to combat evolving threats during his first address on the State of the Homeland Security. Focused on two trends that will shape what President Biden has called a “decisive decade” for the world” – the revolution created by generative artificial intelligence (AI) and the multi-faceted threat posed by the People’s Republic of China (PRC) – the Secretary unveiled the Department’s first-ever AI Task Force and a Department-wide 90-day sprint to counter PRC threats.

The address, delivered at the Council on Foreign Relations in Washington, DC, also highlighted the mission areas detailed in the Quadrennial Homeland Security Review delivered to Congress yesterday, which include combatting a range of evolving threats like cybersecurity, targeted violence, and crimes of exploitation. The Secretary’s remarks offered an insightful look at how the homeland security environment has changed since the Department was founded 20 years ago, and the modern approach driving it into its third decade.

“The profound evolution in the homeland security threat environment, changing at a pace faster than ever before, has required our Department of Homeland Security to evolve along with it,” said Secretary of Homeland Security Alejandro N. Mayorkas. “We must never allow ourselves to be susceptible to ‘failures of imagination,’ which, as the 9/11 Commission concluded nearly 20 years ago, held us back from connecting the dots and preparing for the destruction that was being planned on that tragic day. We must instead look to the future and imagine the otherwise unimaginable, to ensure that whatever threats we face, our Department – our country – will be positioned to meet the moment.”

The initiatives announced today draw on the entirety of the capabilities and expertise that the more than 260,000 personnel of DHS bring to bear every day in the protection of our homeland. Secretary Mayorkas also participated in a fireside chat with CBS “Face the Nation” moderator and chief foreign affairs correspondent Margaret Brennan, which included questions from the audience of members of the independent foreign policy think tank.

Artificial Intelligence Task Force

This is the first time the Department has announced a task force dedicated to AI. The Task Force will drive specific applications of AI to advance critical homeland security missions including:

Integrate AI into our efforts to enhance the integrity of our supply chains and the broader trade environment. We will seek to deploy AI to more ably screen cargo, identify the importation of goods produced with forced labor, and manage risk;

Leverage AI to counter the flow of fentanyl into the United States. We will explore using this technology to better detect fentanyl shipments, identify and interdict the flow of precursor chemicals around the world, and target for disruption key nodes in the criminal networks;

Apply AI to digital forensic tools to help identify, locate, and rescue victims of online child sexual exploitation and abuse, and to identify and apprehend the perpetrators of this heinous crime; and

Working with partners in government, industry, and academia, assess the impact of AI on our ability to secure critical infrastructure.

The Task Force shall report to Secretary Mayorkas regularly on its work and AI efforts across the Department. Within 60 days, the group will deliver a concept of operations and milestones for advancing the four priority initiatives outlined above.

The Task Force shall also be responsible for reviewing and where appropriate implementing the Homeland Security Advisory Council’s (HSAC) upcoming findings and recommendations on the intersection of AI and homeland security.

Department-wide 90-day Sprint to Counter PRC Threats

The Department-wide 90-day sprint will take immediate action to drive down risk and assess the evolving threat in six key areas:

Defending critical infrastructure;

Disrupting the global fentanyl supply chain;

Preventing the PRC from abusing our lawful travel system to harass dissidents;

Protecting against PRC malign economic influence;

Advancing safety, security, and economic prosperity in the Arctic and Indo-Pacific; and

Sharing information on threats posed by the PRC with our partners across all levels of government and the private sector.

The final report will identify opportunities for enduring enhancements to DHS posture to counter these threats. This may include further opportunities for public-private partnership, best practices that can be applied Department-wide, and opportunities for further enhancements to ensure DHS has the tools and capabilities to counter PRC threats today and well into the future.

Yesterday, DHS released the Third Quadrennial Homeland Security Review, the Department’s capstone strategy document, that identifies the most critical threats and challenges facing the homeland, and the approach the Department and the entire homeland security enterprise will take to address them. The Review added a new mission for DHS: Combat Crimes of Exploitation and Protect Victims, which stands alongside our other five mission areas to counter terrorism, secure our borders, administer our immigration system, secure cyberspace and critical infrastructure, and build resilience and respond to disasters.

Secretary of Homeland Security Alejandro N. Mayorkas recently announced two new initiatives to combat evolving threats during his first address on the State of the Homeland Security. Focused on two trends that will shape what President Biden has called a “decisive decade” for the world” – the revolution created by generative artificial intelligence (AI) and the multi-faceted threat posed by the People’s Republic of China (PRC) – the Secretary unveiled the Department’s first-ever AI Task Force and a Department-wide 90-day sprint to counter PRC threats.

Artificial Intelligence Task Force.

This is the first time the Department has announced a task force dedicated to AI. The Task Force will drive specific applications of AI to advance critical homeland security missions including:

Working with partners in government, industry, and academia, assess the impact of AI on our ability to secure critical infrastructure.

Department-wide 90-day Sprint to Counter PRC Threats.

The Department-wide 90-day sprint will take immediate action to drive down risk and assess the evolving threat in six key areas:

Defending critical infrastructure;
Disrupting the global fentanyl supply chain;
Preventing the PRC from abusing our lawful travel system to harass dissidents;
Protecting against PRC malign economic influence;
Advancing safety, security, and economic prosperity in the Arctic and Indo-Pacific; and
Sharing information on threats posed by the PRC with our partners across all levels of government and the private sector.

HLS.Today Source: DHS.GOV

Defence’s Supply Chain, the Next Main Target of Cyberattacks

HLS.Today — Fri, 10 Mar 2023 00:00:42 +0000

Cybersecurity has become a key issue to consider for all sectors in the wake of the growing connectivity between physical and digital systems. The sensitive nature of defence data and the consequential national security concerns elevate the importance of data security for defence manufacturers. Suppliers in the chain often work with multiple companies.

This makes several companies in the supply chain more vulnerable to just one fatal cyberattack, says GlobalData, a leading data and analytics company. GlobalData’s latest report, ‘Cybersecurity in Defence – Thematic Research’, reveals that small companies are often seen as sitting ducks for hackers, working as gateways to access the larger companies and defence companies are aware of the increasing threat landscape.

The number of mentions of cybersecurity by defence companies in their filings almost tripled between 2016 and 2021 to over 30,000, reveals GlobalData’s Company Filing Analytics.

Emma Taylor, Associate Analyst at GlobalData, comments: “Cybersecurity is of great importance for every sector. However, the sensitive nature of defence data and consequential national security concerns elevate the importance of data security for defence manufacturers. Defence companies, although aware of the cybersecurity threat, need to be aware of the weakest link of their cybersecurity defences. Unfortunately, that is often outside their own company.”

Smaller companies often do not have sufficient bandwidth to effectively monitor, correlate and respond to breaches in a cyber secure fashion. Limited resources and a severe industry-wide shortage of trained cybersecurity experts add to this pressure.

Taylor continues: “To counteract the threat of cyberattacks seeking sensitive defence data, companies are becoming increasingly collaborative in their approach, sharing information about attacks and breaches. They are also adopting a zero-trust security model that eliminates the concept of trust from an organization’s network architecture.”

Cyberattacks can severely disrupt supply chains. If operating systems (which any company in the supply chain is using) are compromised by cyberattacks, it will delay processes significantly.

Taylor concludes: “Supply chain disruption causes a knock-on effect that creates serious issues for both companies and militaries. More and more technologies used in defense need semiconductors to operate, including some missiles. This demand has outstripped supply, hitting the defense industry hard.”

Source: GlobalData

US: Cybersecurity Guidelines to Safely Operate Unmanned Aircraft Systems

HLS.Today — Wed, 08 Mar 2023 00:00:00 +0000

The office of Cybersecurity and Infrastructure Security Agency has published guidelines to safely operate Unmanned Aircraft Systems (UAS). UASs provide innovative solutions for tasks that are dangerous, time consuming, and costly. Critical infrastructure operators, law enforcement, and all levels of government are increasingly incorporating UASs into their operational functions and will likely continue to do so. Although UASs offer benefits to their operators, they can also pose cybersecurity risks, and operators should exercise caution when using them.

To help UAS users protect their networks, information, and personnel, the Department of Homeland Security (DHS)/Cybersecurity and Infrastructure Security Agency (CISA) identified cybersecurity best practices for UASs. This product, a companion piece to CISA’s Foreign Manufactured UASs Industry Alert, can assist in standing up a new UAS program or securing an existing UAS program, and is intended for information technology managers and personnel involved in UAS operations. Similar to other cybersecurity guidelines and best practices, the identified best practices can aid critical infrastructure operators to lower the cybersecurity risks associated with the use of UAS, but do not eliminate all risks.

UAS SOFTWARE AND FIRMWARE

An important part of managing risk when employing UASs is to understand the steps involved and potential vulnerabilities introduced during the installation and use of UAS software and firmware. UAS operators should strongly consider and evaluate the following cybersecurity best practices when dealing with software and firmware associated with UAS:

Ensure that the devices used for the download and installation of UAS software and firmware do not access the enterprise network.
Properly verify and securely conduct all interactions with UAS vendors and third-party websites. Take extra precaution to download software from properly authenticated and secured websites and ensure app store hosts verify mobile applications.
- Access these websites or app stores from a computer not associated with, or at least not connected to, the enterprise network or architecture.
- Ensure the management of security for mobile devices that will be directly or wirelessly connected to the UAS. Review additional information for enhancing security on mobile devices.
Ensure file integrity monitoring processes are in place before downloading or installing files. Check to see if individual downloads or installation files have a hash value or checksum. After downloading an installation file, compare the hash value or checksum of the installation file against the value listed on the vendor’s download page to ensure they match.
Run all downloaded files through an up-to-date antivirus platform before installation and ensure the platform remains enabled throughout installation.
Verify a firewall on the computer or mobile device is enabled to check for potentially malicious inbound and outbound traffic caused by the recently installed software. External network communications could be part of the installation process and could potentially expose your system to unknown data privacy risks.
During installation, do not follow “default” install options. Instead, go through each screen manually and consider installing software on a removable device (external HDD or USB drive).
- Deselect any additional features or freeware bundled into the default install package.
- Disable automatic software updates. Necessary updates should follow the same process outlined for download and installation.
- Thoroughly review any license agreements prior to approval. Consider involving a legal team in the process to ensure organizations do not unknowingly agree to unsafe or hazardous practices on the part of the vendor.

SECURING UAS OPERATIONS

An important part of operating UASs is to ensure that communications are secure during all aspects of usage. There are multiple publicly accessible sites that indicate and detail how to intercept UAS communications and hijack UASs during flight operations. UAS operators should consider and evaluate the following cybersecurity best practices when conducting UAS operations:

If a UAS data link is through Wi-Fi connections between the UAS and the controller.
- Ensure the data link supports an encryption algorithm for securing Wi-Fi communications.
  - Use WPA2-AES security standards or the most secure encryption standards available.
  - Use highly complicated encryption keys that are changed on a frequent basis. Ensure that encryption keys are not easily guessable, and do not identify the make or model of the UAS or the operating organization.
- Use complicated Service Set Identifiers (SSIDs) that do not identify UAS operations on the network. Avoid using the specific make or model of the UAS or the operating organization in the SSID.
- Set the UAS to not broadcast the SSID or network name of the connection.
- Change encryption keys in a secure location to avoid eavesdropping either visually or from wireless monitoring.

If the UAS supports the Transport Layer Security (TLS) protocol, ensure that it is enabled to the highest standard that the UAS supports.
Have the data links for UAS control, telemetry, payload transmission, video transmission, and audio transmission encrypted with different keys. Make sure the UAS is able to encrypt the data stored onboard.
Use standalone UAS-associated mobile devices with no external connections or disable all connections between the Internet and the UAS and UAS-associated mobile devices during operations. Consider running wireless traffic analyzers during selected UAS operations to understand and monitor UAS communications traffic while in use.
Run mobile device applications in a secure virtual sand-box configuration that allows operation while securely protecting the device and the operating system.

DATA STORAGE AND TRANSFER

Ensuring the security and privacy of UAS data, while at rest or in transit, is essential to managing UAS cybersecurity risks. UAS operators should consider and evaluate the following cybersecurity best practices for UAS data storage and transfer:

When connecting the UAS or UAS-associated removable storage device to a computer:
- Use a standalone computer to connect to the UAS or removable storage device to ensure no access to the Internet or enterprise network.
- Verify a firewall on the computer or mobile device is enabled to check for potentially malicious inbound and outbound traffic caused from the connection of the UAS or removable storage device. Verify and ensure that the computer has up-to-date antivirus installed.
Data should be encrypted both at rest and in transit to ensure confidentiality and integrity.
Authentication mechanisms should be in place for UASs with access to private or confidential data. Use MultiFactor Authentication (MFA) whenever possible for accounts associated with UAS operations.
Follow data management policies for data at rest, data in transit, and any sensitive data.
Erase all data from the UAS and any removable storage devices after each use.

INFORMATION SHARING AND VULNERABILITY REPORTING

By participating in information-sharing programs and reporting non-public, newly-identified vulnerabilities, users will have access to timely information to mitigate cybersecurity threats. These programs can also serve as a forum for UAS operators to share security vulnerabilities that could potentially impact the Nation’s critical infrastructure or pose a threat to public health and safety. The following are three information sharing programs:

Cyber Information Sharing and Collaboration Program (CISCP):
- CISCP enables actionable, relevant, and timely information exchange through trusted, public-private partnerships across all critical infrastructure (CI) sectors by leveraging the depth and breadth of DHS cybersecurity capabilities within a focused, operational context.

Automated Indicator Sharing (AIS) Program:
- The AIS program enables the quick exchange of cyber threat indicators between the Federal Government and the private sector through CISA. Companies that share indicators through AIS are granted liability protection and other protections through the Cybersecurity Information Sharing Act of 2015.
- For more information on CISA services, call 1-888-282-0870 or email Central@cisa.gov. For more information on AIS and how to join, go to www.cisa.gov/automated-indicator-sharing-ais.
Information Sharing and Analysis Centers (ISACs):
- Information Sharing and Analysis Centers (ISACs) are non-profit, member-driven organizations formed by critical infrastructure owners and operators to share information between government and industry. CISA, through the NCCIC, works in close coordination with all of the ISACs.
- For more information about ISACs, go to www.nationalisacs.org/.

If an organization discovers a UAS software or hardware vulnerability, or a suspicious or confirmed UAS cybersecurity incident occurs, CISA recommends reporting the vulnerability or incident through the following channels:

DHS CISA:
- Email the CISA office. When sending sensitive information to DHS CISA via email, we recommend encryption of messages.
CERT Coordination Center:
- To report a vulnerability, go to kb.cert.org

The UAS Cybersecurity Best Practices document is a collaborative product written by CISA’s National Risk Management Center and Cybersecurity Division. This product was coordinated with the DHS/CISA/Infrastructure Security Division, DHS/Federal Protective Service, U.S. Army/Combat Capabilities Development Command, and Federal Bureau of Investigation/Cyber Division. The National Risk Management Center (NRMC), Cybersecurity and Infrastructure Security Agency (CISA), is the planning, analysis, and collaboration center working in close coordination with the critical infrastructure community to Identify; Analyze; Prioritize; and Manage the most strategic risks to National Critical Functions. These are the functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating impact on security, national economic security, national public health or safety, or any combination thereof. NRMC products are visible to authorized users at HSIN-CI and Intelink.

HLS.Today Source: CISA.GOV

FBI EUROPOL Shuts Down Hive Cyber Criminals Ransomware Activities

HLS.Today — Thu, 02 Feb 2023 00:00:16 +0000

HLS.Today – EUROPOL Cybercriminals stung as HIVE infrastructure shut down. Europol supported German, Dutch and US authorities to shut down the servers and provide decryption tools to victims.

Europol supported the German, Dutch and US authorities in taking down the infrastructure of the prolific HIVE ransomware. This international operation involved authorities from 13* countries in total. Law enforcement identified the decryption keys and shared them with many of the victims, helping them regain access to their data without paying the cybercriminals.

In the last year, HIVE ransomware has been identified as a major threat as it has been used to compromise and encrypt the data and computer systems of large IT and oil multinationals in the EU and the USA. Since June 2021, over 1 500 companies from over 80 countries worldwide have fallen victim to HIVE associates and lost almost EUR 100 million in ransom payments. Affiliates executed the cyberattacks, but the HIVE ransomware was created, maintained and updated by developers. Affiliates used the double extortion model of ‘ransomware-as-a-service’; first, they copied data and then encrypted the files. Then, they asked for a ransom to both decrypt the files and to not publish the stolen data on the Hive Leak Site. When the victims paid, the ransom was then split between affiliates (who received 80 %) and developers (who received 20 %).

Other dangerous ransomware groups have also used this so-called ransomware-as-a-service (RaaS) model to perpetrate high-level attacks in the last few years. This has included asking for millions of euros in ransoms to decrypt affected systems, often in companies maintaining critical infrastructures. Since June 2021, criminals have used HIVE ransomware to target a wide range of businesses and critical infrastructure sectors, including government facilities, telecommunication companies, manufacturing, information technology, and healthcare and public health. In one major attack, HIVE affiliates targeted a hospital, which led to severe repercussions about how the hospital could deal with the COVID-19 pandemic. Due to the attack, this hospital had to resort to analogue methods to treat existing patients, and was unable to accept new ones.

The affiliates attacked companies in different ways. Some HIVE actors gained access to victim’s networks by using single factor logins via Remote Desktop Protocol, virtual private networks, and other remote network connection protocols. In other cases, HIVE actors bypassed multifactor authentication and gained access by exploiting vulnerabilities. This enabled malicious cybercriminals to log in without a prompt for the user’s second authentication factor by changing the case of the username. Some HIVE actors also gained initial access to victim’s networks by distributing phishing emails with malicious attachments and by exploiting the vulnerabilities of the operating systems of the attacked devices.

About EUR 120 million saved thanks to mitigation efforts

Europol streamlined victim mitigation efforts with other EU countries, which prevented private companies from falling victim to HIVE ransomware. Law enforcement provided the decryption key to companies which had been compromised in order to help them decrypt their data without paying the ransom. This effort has prevented the payment of more than USD 130 million or the equivalent of about EUR 120 million of ransom payments.

Europol facilitated the information exchange, supported the coordination of the operation and funded operational meetings in Portugal and the Netherlands. Europol also provided analytical support linking available data to various criminal cases within and outside the EU, and supported the investigation through cryptocurrency, malware, decryption and forensic analysis.

On the action days, Europol deployed four experts to help coordinate the activities on the ground. Europol supported the law enforcement authorities involved by coordinating the cryptocurrency and malware analysis, cross-checking operational information against Europol’s databases, and further operational analysis and forensic support. Analysis of this data and other related cases is expected to trigger further investigative activities. The Joint Cybercrime Action Taskforce (J-CAT) at Europol also supported the operation. This standing operational team consists of cybercrime liaison officers from different countries who work on high-profile cybercrime investigations.

*Law enforcement authorities involved

Canada – Royal Canadian Mounted Police (RCMP) & Peel Regional Police

France: National Police (Police Nationale)

Germany: Federal Criminal Police Office (Bundeskriminalamt) and Police Headquarters Reutlingen – CID Esslingen (Polizei BW)

Ireland: National Police (An Garda Síochána)

Lithuania: Criminal Police Bureau (Kriminalinės Policijos Biuras)

Netherlands – National Police (Politie)

Norway: National Police (Politiet)

Portugal: Judicial Police (Polícia Judiciária)

Romania: Romanian Police (Poliția Română – DCCO)

Spain: Spanish Police (Policía Nacional)

Sweden: Swedish Police (Polisen)

United Kingdom – National Crime Agency

USA – United States Secret Service, Federal Bureau of Investigations

Headquartered in The Hague, the Netherlands, Europol supports the 27 EU Member States in their fight against terrorism, cybercrime, and other serious and organized crime forms. Europol also works with many non-EU partner states and international organisations. From its various threat assessments to its intelligence-gathering and operational activities, Europol has the tools and resources it needs to do its part in making Europe safer.

HLS.Today SOurce: EUROPOL.EU

CISA: 2022 Protected Critical Infrastructure Information Program

HLS.Today — Sun, 25 Dec 2022 12:23:06 +0000

HLS.Today – The Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA) are issuing a technical rule to improve and modernize aspects of the Protected Critical Infrastructure Information (PCII) Program, which provides legal protections for cyber and physical infrastructure information submitted to DHS. These non-substantive, technical edits amend the Protected Critical Infrastructure Information (PCII) Program regulation found at 6 CFR part 29, to help critical infrastructure owner/operators, state and local governments, and other important stakeholders more effectively use the PCII Program.

On September 1, 2006, DHS published the PCII Program regulation, 6 CFR part 29, “Procedures for Handling Critical Infrastructure Information; Final Rule.” Established as part of major security reforms following the 9/11 terror attacks, the PCII Program has become a cornerstone of CISA’s public-private partnership to secure our Nation’s cybersecurity and critical infrastructure by providing legal protections for information shared with the government by the private sector for homeland security purposes. This technical rule represents the first-ever update to the PCII regulations since their initial publication in 2006. Since then, the implementing component within DHS underwent substantial reorganization (i.e., transitioning the National Protection and Programs Directorate into CISA). As a result of this change, several technical revisions to 6 CFR part 29 were required to reflect updates to organization and to address typographical and other errors in the 2006 final rule. These improvements help to modernize the Program and further position CISA as the Nation’s lead cyber defense agency. These technical, non-substantive revisions qualify for publication as a final rule without the notice and comment typically required by the Administrative Procedure Act.

“The PCII Program is essential to CISA’s ability to gather information about risks facing critical infrastructure,” said Dr. David Mussington, Executive Assistant Director for Infrastructure Security. “This technical rule modernizes and clarifies important aspects of the Program, making it easier for our partners to share information with DHS. These revisions further demonstrate our commitment to ensuring that sensitive, proprietary information shared with CISA remains secure and protected. I would like to thank CISA’s PCII Program Office and Office of the Chief Counsel for their hard work in making this technical rule a reality.”

These revisions constitute non-substantive technical, organizational, and conforming amendments in various sections of 6 CFR part 29 to correct errors, change addresses, update titles, and make other non-substantive amendments that improve the clarity of the PCII Program regulations. This rule does not create or change any substantive requirements. A complete description of the revisions is in the technical Final Rule, which can be found at 87 Fed. Reg. 77971 (December 21, 2022). An accompanying unofficial redline of the regulatory text, which is provided as a courtesy only, will be available at the PCII Program website for public view.

PROTECTED CRITICAL INFRASTRUCTURE INFORMATION (PCII) PROGRAM

Congress created the Protected Critical Infrastructure Information (PCII) Program under the Critical Infrastructure Information Act of 2002 (CII Act) to protect information voluntarily shared with the government on the security of private and state/local government critical infrastructure. Title 6 Code of Federal Regulations (CFR) part 29, Procedures for Handling Critical Infrastructure Information; Final Rule, establishes uniform procedures on the receipt, validation, handling, storage, marking, and use of critical infrastructure information (CII) voluntarily submitted to the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security (DHS).

The protections offered by the PCII Program enhance the voluntary sharing of CII between infrastructure owners and operators and the government. The PCII Program protections provide homeland security partners confidence that sharing their information with the government will not expose sensitive or proprietary data to public disclosure.

HLS.Today - CISA - pcii-final-rule-federal-register-092006-508

HLS.Today - CISA - Critical-infrastructure-information-act-of-2002-012014

HLS.Today Source: CISA.GOV

CISA: Cyber Safety Review Board Meets Again on Lapsus$

HLS.Today — Tue, 13 Dec 2022 08:56:12 +0000

HLS.Today – Today, the U.S. Department of Homeland Security (DHS) announced that the Cyber Safety Review Board (CSRB) will review the recent attacks associated with Lapsus$, a global extortion-focused hacker group. Lapsus$ has reportedly employed techniques to bypass a range of commonly-used security controls and has successfully infiltrated a number of companies across industries and geographic areas. The CSRB will develop actionable recommendations for how organizations can protect themselves, their customers, and their employees in the face of these types of attacks. Once concluded, the report will be transmitted to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas and CISA Director Jen Easterly.

“The Cyber Safety Review Board has quickly established itself as an innovative and enduring institution in the cybersecurity ecosystem,” said Secretary Alejandro N. Mayorkas. “With its review into Lapsus$, the Board will build on the lessons learned from its first review and share actionable recommendations to help the private and public sectors strengthen their cyber resilience.”

The CSRB is an unprecedented public-private initiative that brings together government and industry leaders to conduct authoritative fact-finding and to issue recommendations in the wake of significant cybersecurity incidents. The CSRB’s first review focused on vulnerabilities discovered in late 2021 in the widely used Log4j open-source software library. In July 2022, the CSRB concluded that review and published its report, which included 19 actionable recommendations for government and industry. The CSRB does not have regulatory powers and is not an enforcement authority. Its purpose is to identify relevant lessons learned to inform future improvements and better protect our communities.

“Lapsus$ has targeted some of the most sophisticated companies on the planet,” said CSRB Chair and DHS Under Secretary for Policy Robert Silvers. “In the wake of major incidents, the Cyber Safety Review Board conducts authoritative fact-finding and issues recommendations that can have immediate impact on the security of the ecosystem. As a unified effort between government and industry, we will advise on how to repel and respond to these types of cyber-enabled extortion attacks.”

“As cyber threats continue to evolve it is imperative that all organizations recognize that they are not invincible,” said CSRB Deputy Chair Heather Adkins. “The CSRB will review the cyber activity of Lapsus$ in order to analyze their tactics and help organizations of all sizes protect themselves.”

“Lapsus$ actors have perpetrated damaging intrusions against multiple critical infrastructure sectors, including healthcare, government facilities, and critical manufacturing,” said CISA Director Jen Easterly. “The range of victims and diversity of tactics used demand that we understand how Lapsus$ actors executed their malicious cyber activities so we can mitigate risk to potential future victims. We applaud the CSRB for taking on this review to help advance our collective cyber defense.”

The CSRB was established as a mandate in the President’s Executive Order, Improving the Nation’s Cybersecurity, to drive a thoughtful approach to learn from cyber incidents. For more information, visit CISA.gov/CSRB. 

Cyber Safety Review Board Releases Unprecedented Report of its Review into Log4j Vulnerabilities and Response

Release Date: July 14, 2022

Report Includes 19 Specific Recommendations for Government and Industry

WASHINGTON – Today, the U.S. Department of Homeland Security (DHS) released the Cyber Safety Review Board’s (CSRB) first report, which includes 19 actionable recommendations for government and industry. The recommendations from the CSRB – an unprecedented public-private initiative that brings together government and industry leaders to review and assess significant cybersecurity events to better protect our nation’s networks and infrastructure – address the continued risk posed by vulnerabilities discovered in late 2021 in the widely used Log4j open-source software library. These are among the most serious vulnerabilities discovered in recent years. The CSRB’s recommendations focus on driving better security in software products and enhancing public and private sector organizations’ ability to respond to severe vulnerabilities. This report was delivered to President Biden through Secretary of Homeland Security Alejandro N. Mayorkas.

“At this critical juncture in our nation’s cybersecurity, when our ability to handle risk is not keeping pace with advances in the digital space, the Cyber Safety Review Board is a new and transformational institution that will advance our cyber resilience in unprecedented ways,” said Secretary Mayorkas. “The CSRB’s first-of-its-kind review has provided us – government and industry alike – with clear, actionable recommendations that DHS will help implement to strengthen our cyber resilience and advance the public-private partnership that is so vital to our collective security.”

As directed by President Biden through Executive Order 14028 Improving the Nation’s Cybersecurity, Secretary Mayorkas established the CSRB in February 2022 to review and assess significant cybersecurity events so that government, industry, and the broader security community can better protect our nation’s networks and infrastructure. The CSRB provides a unique forum for leading senior experts from government and industry to deliver strategic recommendations designed to elevate our nation’s cybersecurity. During its inaugural review, the CSRB engaged with nearly 80 organizations and individuals to gather insights into the Log4j event, inform findings, and develop actionable recommendations to prevent and respond more effectively to future incidents. As the release of this report demonstrates, DHS and the CSRB are committed to transparency and will, whenever possible, release public versions of CSRB reports, consistent with applicable law and the need to protect sensitive information from disclosure.

“The Cyber Safety Review Board has established itself as a new, innovative, and enduring institution in the cybersecurity ecosystem,” said CSRB Chair and DHS Under Secretary for Policy Robert Silvers. “Never before have industry and government cyber leaders come together in this way to review serious incidents, identify what happened, and advise the entire community on how we can do better in the future. Our review of Log4j produced recommendations that we are confident can drive change and improve cybersecurity.”

“Cybersecurity is a shared responsibility, which is why it is so critical that the CSRB is a private-public partnership,” said CSRB Deputy Chair Heather Adkins. “We hope that the independent fact-finding, analysis, and conclusions reached, as well as the recommendations, are taken in earnest as lessons-learned and instructive actions for both the near and long-term.”

“The CSRB is a remarkable public-private initiative that has produced an important blueprint for CISA – our nation’s civilian cyber defense agency – to meaningfully increase cybersecurity resilience and preparedness across our country,” said CISA Director Jen Easterly. “I look forward to implementing the CSRB’s impactful recommendations and thank the members for their time and thoughtful counsel.”

The CSRB conducted its review in the public interest and recommended the release of its full report to the public. In keeping with his commitment to improving transparency, Secretary Mayorkas followed that recommendation to enable both public and private partners to fully benefit from the CSRB’s review.

The CSRB is composed of highly esteemed cybersecurity leaders from the federal government and the private sector. The CSRB does not have regulatory powers and is not an enforcement authority. Instead, its purpose is to identify and share lessons learned to enable advances in national cybersecurity. Robert Silvers, DHS Under Secretary for Policy, serves as Chair and Heather Adkins, Google’s Vice President for Security Engineering, serves as Deputy Chair.

CSRB

The CSRB is composed of 15 highly esteemed cybersecurity leaders from the federal government and the private sector that make up the inaugural board membership:[3]

Robert Silvers, Under Secretary for Policy, Department of Homeland Security (Chair)

Heather Adkins, Vice President, Security Engineering, Google (Deputy Chair)

Dmitri Alperovitch, Co-Founder and Chairman, Silverado Policy Accelerator and Co-Founder and former CTO of CrowdStrike, Inc.

Chris DeRusha, Federal Chief Information Security Officer, Office of Management and Budget

Chris Inglis, National Cyber Director, Office of the National Cyber Director

Rob Joyce, Director of Cybersecurity, National Security Agency

Katie Moussouris, Founder and CEO, Luta Security

David Mussington, Executive Assistant Director for Infrastructure Security, Cybersecurity and Infrastructure Security Agency

Chris Novak, Co-Founder and Managing Director, Verizon Threat Research Advisory Center

Tony Sager, Senior Vice President and Chief Evangelist, Center for Internet Security

John Sherman, Chief Information Officer, Department of Defense

Bryan Vorndran, Assistant Director, Cyber Division, Federal Bureau of Investigation

Kemba Walden, Assistant General Counsel, Digital Crimes Unit, Microsoft

Wendi Whitmore, Senior Vice President, Unit 42, Palo Alto Networks

HLS.Today CSRB-Report-on-Log4-July-11-2022_508

HLS.Today lapsus

HLS.Today 42 Cyber Attack Statistics in past 10 years - InfoSec

HLS.Today Source: DHS.GOV Wiki

DOD Cybersecurity Report: All Cyber Attacks Must be Reported

HLS.Today — Tue, 15 Nov 2022 09:13:05 +0000

HLS.Today – Cyber attacks threaten national security—but hackers continue to target DOD as well as private companies and others involved in the nation’s military operations. DOD has taken steps to combat these attacks and has reduced the number of cyber incidents in recent years.

What GAO Found

The Department of Defense (DOD) and our nation’s defense industrial base (DIB)—which includes entities outside the federal government that provide goods or services critical to meeting U.S. military requirements—are dependent on information systems to carry out their operations. These systems continue to be the target of cyber attacks, as DOD has experienced over 12,000 cyber incidents since 2015.To combat these incidents, DOD has established two processes for managing cyber incidents—one for all incidents and one for critical incidents. However, DOD has not fully implemented either of these processes.

Video: Jennifer Franks, director of information technology and cybersecurity at the Government Accountability Office (GAO), discusses her office’s review of the cybersecurity of DoD computer systems with sensitive and unclassified data.

Cyber Incidents Reported by Department of Defense’s Cyber Security Service Providers from Calendar Years 2015 through 2021

Despite the reduction in the number of incidents due to DOD efforts, weaknesses in reporting these incidents remain. For example, DOD’s system for reporting all incidents often contained incomplete information and DOD could not always demonstrate that they had notified appropriate leadership of relevant critical incidents. The weaknesses in the implementation of the two processes are due to DOD not assigning an organization responsible for ensuring proper incident reporting and compliance with guidance, among other reasons. Until DOD assigns such responsibility, DOD does not have assurance that its leadership has an accurate picture of the department’s cybersecurity posture.

In addition, DOD has not yet decided whether DIB cyber incidents detected by cybersecurity service providers should be shared with all relevant stakeholders, according to officials. DOD guidance states that to protect the interests of national security, cyber incidents must be coordinated among and across DOD organizations and outside sources, such as DIB partners. Until DOD examines whether this information should be shared with all relevant parties, there could be lost opportunities to identify system threats and improve system weaknesses.

DOD has established a process for determining whether to notify individuals of a breach of their personally identifiable information (PII). This process includes conducting a risk assessment that considers three factors—the nature and sensitivity of the PII, likelihood of access to and use of the PII, and the type of the breach. However, DOD has not consistently documented the notifications of affected individuals, because officials said notifications are often made verbally or by email and no record is retained. Without documenting the notification, DOD cannot verify that people were informed about the breach.

HLS.Today - GAO Report Cybersecurity november 2022 23-105084

Why GAO Did This Study

DOD and DIB information technology systems continue to be susceptible to cyber incidents as cybersecurity threats have evolved and become more sophisticated. Federal laws and DOD guidance emphasize the importance of properly reporting and sharing cyber incident information, as both are vital to identifying system weaknesses and improving the security of the systems.

House Report 116-442 included a provision for GAO to review DOD’s cyber incident management. This report examines the extent to which DOD established and implemented a process to

(1) report and notify leadership of cyber incidents,

(2) report and share information about cyber incidents affecting the DIB, and

(3) notify affected individuals of a PII breach.

To conduct this work, GAO reviewed relevant guidance, analyzed samples of cyber incident artifacts and cyber incident reports submitted by the DIB and privacy data breaches reported by DOD, and surveyed 24 DOD cyber security service providers. In addition, GAO interviewed officials from DOD and cyber security service providers and convened two discussion groups with DIB companies.

Recommendations

GAO is making six recommendations, including that DOD assign responsibility for ensuring proper incident reporting, improve the sharing of DIB-related cyber incident information, and document when affected individuals are notified of a PII breach. DOD concurred with the recommendations.

Recommendations for Executive Action

Department of Defense The Secretary of Defense should ensure that the DOD CIO, Commander of CYBERCOM, and Commander of JFHQ-DODIN assign responsibility for overseeing cyber incident reporting and leadership notification, and ensuring policy compliance.

(Recommendation 1)

Department of Defense The Secretary of Defense should ensure that the DOD CIO, Commander of CYBERCOM, and Commander of JFHQ-DODIN align policy and system requirements to enable DOD to have enterprise-wide visibility of cyber incident reporting to support tactical, strategic, and military strategies for response.

(Recommendation 2)

Department of Defense The Secretary of Defense should ensure that the DOD CIO, Commander of CYBERCOM, and Commander of JFHQ-DODIN include in new guidance on incident reporting include detailed procedures for identifying, reporting, and notifying leadership of critical cyber incidents.

(Recommendation 3)

Department of Defense The Secretary of Defense should ensure that the Commander of CYBERCOM—in coordination with DOD CIO and Directors of DC3 and DCSA—examines whether information on DIB-related cyber incidents handled by CSSPs is relevant to the missions of other DOD components, including DC3 and DCSA, and identifies when and with whom such information should be shared

(Recommendation 4)

Department of Defense The Secretary of Defense should ensure that the DOD CIO determines what actions need to be taken to encourage more complete and timely mandatory cyber incident reporting from DIB companies.

(Recommendation 5)

Department of Defense The Secretary of Defense should ensure—through the Director of the Privacy, Civil Liberties, and Freedom of Information Directorate—that DOD components document instances where individuals affected by a privacy data breach were notified.

(Recommendation 6)

HLS.Today Source: GAO.GOV

FTX Crypto Disaster Tip of the Iceberg with Billions Dollars Melted

HLS.Today — Mon, 14 Nov 2022 07:01:21 +0000

HLS.Today – Testimony of Sam Bankman-Fried Co-Founder and CEO of FTX

“I think Sam is going to jail Sam is going to prison all right we have enough I have enough evidence to put him away for 20 years at least when people find out what he’s doing, tax evasion..”

FTX founder Bankman-Fried secretly moved $10 billion in funds to trading firm Alameda – sources

Bankman-Fried showed spreadsheets to colleagues that revealed shift in funds to Alameda – sources

Spreadsheets indicated between $1 billion and $2 billion in client money is unaccounted for – sources

Executives set up book-keeping “back door” that thwarted red flags – sources

Whereabouts of missing funds is unknown – sources

HLS.Today Testimony_Bankman-Fried_0209202211

New York, Nov 11 (Reuters) – At least $1 billion of customer funds have vanished from collapsed crypto exchange FTX, according to two people familiar with the matter.

The exchange’s founder Sam Bankman-Fried secretly transferred $10 billion of customer funds from FTX to Bankman-Fried’s trading company Alameda Research, the people told Reuters.

A large portion of that total has since disappeared, they said. One source put the missing amount at about $1.7 billion. The other said the gap was between $1 billion and $2 billion.

While it is known that FTX moved customer funds to Alameda, the missing funds are reported here for the first time.

The financial hole was revealed in records that Bankman-Fried shared with other senior executives last Sunday, according to the two sources. The records provided an up-to-date account of the situation at the time, they said. Both sources held senior FTX positions until this week and said they were briefed on the company’s finances by top staff.

Bahamas-based FTX filed for bankruptcy on Friday after a rush of customer withdrawals earlier this week. A rescue deal with rival exchange Binance fell through, precipitating crypto’s highest-profile collapse in recent years.

In text messages to Reuters, Bankman-Fried said he “disagreed with the characterization” of the $10 billion transfer.

“We didn’t secretly transfer,” he said. “We had confusing internal labeling and misread it,” he added, without elaborating.

Asked about the missing funds, Bankman-Fried responded: “???”

FTX and Alameda did not respond to requests for comment.

In a tweet on Friday, Bankman-Fried said he was “piecing together” what had happened at FTX. “I was shocked to see things unravel the way they did earlier this week,” he wrote. “I will, soon, write up a more complete post on the play by play.”

At the heart of FTX’s problems were losses at Alameda that most FTX executives did not know about, Reuters has previously reported.

Customer withdrawals had surged last Sunday after Changpeng Zhao, CEO of giant crypto exchange Binance, said Binance would sell its entire stake in FTX’s digital token, worth at least $580 million, “due to recent revelations.” Four days before, news outlet CoinDesk reported that much of Alameda’s $14.6 billion in assets were held in the token.

That Sunday, Bankman-Fried held a meeting with several executives in the Bahamas capital Nassau to calculate how much outside funding he needed to cover FTX’s shortfall, the two people with knowledge of FTX’s finances said.

Bankman-Fried confirmed to Reuters that the meeting took place.

Bankman-Fried showed several spreadsheets to the heads of the company’s regulatory and legal teams that revealed FTX had moved around $10 billion in client funds from FTX to Alameda, the two people said. The spreadsheets displayed how much money FTX loaned to Alameda and what it was used for, they said.

The documents showed that between $1 billion and $2 billion of these funds were not accounted for among Alameda’s assets, the sources said. The spreadsheets did not indicate where this money was moved, and the sources said they don’t know what became of it.

In a subsequent examination, FTX legal and finance teams also learned that Bankman-Fried implemented what the two people described as a “backdoor” in FTX’s book-keeping system, which was built using bespoke software.

They said the “backdoor” allowed Bankman-Fried to execute commands that could alter the company’s financial records without alerting other people, including external auditors. This set-up meant that the movement of the $10 billion in funds to Alameda did not trigger internal compliance or accounting red flags at FTX, they said.

In his text message to Reuters, Bankman-Fried denied implementing a “backdoor”.

The U.S. Securities and Exchange Commission is investigating FTX.com’s handling of customer funds, as well its crypto-lending activities, a source with knowledge of the inquiry told Reuters on Wednesday. The Department of Justice and the Commodity Futures Trading Commission are also investigating, the source said.

FTX’s bankruptcy marked a stunning reversal for Bankman-Fried. The 30-year-old had set up FTX in 2019 and led it to become one of the largest crypto exchanges, accumulating a personal fortune estimated at nearly $17 billion. FTX was valued in January at $32 billion, with investors including SoftBank and BlackRock.

The crisis has sent reverberations through the crypto world, with the price of major coins plummeting. And FTX’s collapse is drawing comparisons to earlier major business meltdowns.

On Friday, FTX said it had turned over control of the company to John J. Ray III, the restructuring specialist who handled the liquidation of Enron Corp – one of the largest bankruptcies in history.

HLS.Today wstate-bankman-frieds-20211208

HLS.Today Source: Wikipedia SEC Reuters

Cyber Command and NSA Defending 2022 Midterm Elections

HLS.Today — Sun, 06 Nov 2022 09:48:31 +0000

HLS.Today – The director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), in an appearance on CBS “Face the Nation” said the agency is concerned about a range of threats, including cyber, insider, physical and disinformation even as it sees no “specific or credible” threats.

With days to the midterm elections, the Defense Department is fully engaged to defend the U.S. electoral system from foreign interference and foreign influence alongside interagency partners.

“This is an enduring, no-fail mission for U.S. Cyber Command and the National Security Agency, who bring unique insights and actions to the whole-of-government effort,” U.S. Army Gen. Paul M. Nakasone, commander of Cybercom and Director of NSA/Chief of the Central Security Service, said.

“Together, we bring speed and unity of effort against any foreign adversary who might seek to undermine our democratic institutions.”

The joint Cybercom-NSA Election Security Group, stood up again in early 2022, aligns both organizations’ efforts to disrupt, deter and degrade foreign adversaries’ ability to interfere and influence how U.S. citizens vote and how those votes are counted.

The group spearheads DOD’s efforts and is co-led by Air Force Brig. Gen. Victor Macias, Cybercom’s co-lead and deputy commander of Cyber National Mission Force, and Anna Horrigan, NSA’s senior executive and election security co-lead.

“The ESG team is composed of some of the best and brightest in this field,” Horrigan said. “We are building on previous successes, while also maximizing our strong relationships and synchronizing often – enabling the U.S. to respond rapidly to election threats.”

The ESG‘s primary objectives are to: generate insights on foreign adversaries who may interfere or influence elections; bolster domestic defense by sharing information with interagency, industry and allied partners; and impose costs on foreign actors who seek to undermine democratic processes.

As in previous election cycles, Cybercom and NSA are closely partnered across the government and industry and are one critical component of a whole-of-government effort. The group directly supports partners, like the Department of Homeland Security and the FBI, in collecting, declassifying and sharing vital information about foreign adversaries to enable domestic efforts in election security.

However, the ESG plays a unique role in combating and disrupting adversary activity in this space. NSA’s unique foreign intelligence collection and technical expertise can provide insight into adversary plans and cyber tradecraft, while Cybercom’s full-spectrum cyber operations can defend and disrupt malicious cyber actors.

“The biggest success of the last two election cycles wasn’t just the defense of our democratic processes from foreign influence and interference,” Macias said. “It is also the organizational focus on this enduring mission, the partnerships created, and the people who come to work every day to defend our nation’s elections from foreign adversaries.”

For example, if the ESG sees a cyberattack occurring in foreign space, it could communicate that information to domestic agencies to mitigate the issue and use its offensive cyber authorities to disrupt and degrade that foreign cyber actor’s operations.

Election security was deemed a critical infrastructure component in 2017 by DHS.

The U.S. government is actively defending against foreign interference and influence operations in U.S. elections, specifically, by focusing on how adversaries seek to undermine U.S. interests and prosperity, the will to vote of the populace, as well as their belief in the sanctity and security of their elections.

According to the Office of Director of National Intelligence, Russia, China, Iran and other foreign, malicious actors may seek to interfere in U.S. voting processes and influence voter perception. Such foreign activity can threaten to undermine fundamental principles of U.S. democracy and influence U.S. public sentiment.

“In the complex cyberspace domain we operate in, we have to consider both the adversary threat landscape and the scale of technological advancements,” Macias said. “These adversaries use discrete cyber operations to achieve their strategic objectives and operate below the threshold of armed conflict. It’s our job to disrupt them.”

Another key component of election defense is partnership—not just with interagency partners like DHS and the FBI, but also with the private sector and U.S. allies and partners.

Leveraging on past successes, the ESG has increased its whole-of-society engagement with industry to share threats and potential vulnerabilities.

“Successful defense against threats to elections requires robust relationships that include information and intelligence exchanges across both public and private sectors,” Horrigan said. “We can’t just watch our adversaries—we have to do something about it, whether sharing timely information or taking action against that actor. Our nation expects that of us.”

HLS.Today Source: Defense.GOV

FBI IC3: 2021 Internet Crime Report, Cybersecurity Annual Losses

HLS.Today — Tue, 25 Oct 2022 13:20:58 +0000

Reports of crimes committed on the internet rise every year, resulting in significant financial losses for businesses and individuals of all ages and backgrounds.

In 2021, the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) logged nearly 850,000 complaints of crimes committed online—a 7% increase from the 791,790 cybercrime complaints filed in 2020—with potential losses exceeding $6.9 billion. The most common crimes reported include ransomware, business email compromise schemes, and the criminal use of cryptocurrency.

Adults over age 60 accounted for the most cybercrime complaints (92,371) and the highest reported losses ($1.68 billion) in 2021. To help combat fraud against older Americans and provide services to victims, OVC supports the National Elder Fraud Hotline. This free resource helps victims navigate federal, state, and local crime reporting processes.

October is Cybersecurity Awareness Month—a good time to review best practices for protecting your personal information online. The Cybersecurity and Infrastructure Security Agency will provide monthly tips for staying safe online at home, school, and work.

The use of technology to harass or track victims increased during the COVID-19 pandemic, and research supported by the Office for Victims of Crime (OVC) suggests that technology-focused abuse tactics are not going away. In addition, researchers found that lack of technology access is a barrier for victims to connect with legal support, courts, and other victim services.

Children and teenagers can be particularly vulnerable to online crimes—tricked by anonymous predators because they do not recognize suspicious behavior or activity online. Developed with support from the Office of Juvenile Justice and Delinquency Prevention (OJJDP), the National Center for Missing & Exploited Children’s Safety Pledge website provides free resources to help parents, educators, and other caregivers learn about the risks children face online and how to help them respond safely.

OJJDP also supports 61 Internet Crimes Against Children task forces nationwide to help law enforcement agencies respond to online child victimization.

Cyberbullying can be defined as willful and repeated harm inflicted through computers, cell phones, or other electronic devices. During the 2019-20 school year, 16% of public schools reported cyberbullying occurring among students at least once a week. In comparison, 8% of schools noted cyberbullying issues during the 2009-10 school year, according to the Report on Indicators of School Crime and Safety: 2021.

The Law Enforcement Cyber Center, supported by the Bureau of Justice Assistance, assists law enforcement personnel, digital forensic investigators, and prosecutors who investigate and work to prevent crimes involving technology.

Visit the following pages for additional information and resources from OJP and other federal sources:

HLS.Today 2021_IC3Report

HLS.Today Source: OJP.GOV

UK: Lindy Cameron CEO of the National Cyber Security Centre

HLS.Today — Mon, 03 Oct 2022 07:47:56 +0000

Lindy Cameron at Chatham House security and defence conference 2022

Lindy Cameron discusses the cyber dimension of the Russia-Ukraine conflict in keynote speech. The National Cyber Security Centre’s CEO Lindy Cameron delivered a keynote speech at the Chatham House security and defence conference 2022. Lindy Cameron discussed the cyber dimension of the Russia-Ukraine conflict, focusing on what the NCSC has observed and the UK’s response.

Following her keynote speech, Lindy Cameron took part in a panel discussion on the topic of how cyber considerations reshape transatlantic security thinking alongside Madeline Carr (Professor of Global Politics and Cyber Security, UCL), Heli Tiirma-Klaar (Director of Digital Society Institute, ESMT Berlin) and Jamie Shea CMG (Associate Fellow, International Security Programme, Chatham House).

Lindy Cameron’s keynote speech in full

Good afternoon and thank you for inviting me.

As we approach the first winter of the Russian invasion of Ukraine, Russia’s physical brutalities are clear for all to see. I also want to continue to illuminate the dark corners of Russia’s digital campaign.

As CEO of the UK’s National Cyber Security Centre, I will focus on the cyber component of this conflict – sharing our observations and understanding of what has happened, as well as highlighting the measures we can all take to secure our digital future.

Tracking Russia

Since President Putin came to power, we have seen an increasingly aggressive and reckless Russian approach to foreign policy and casual disregard of international law.

From the poisoning of Sergei and Yulia Skripal to the bloody conduct in the Syrian Civil War and much in between.

Since its establishment in 2016, a primary focus of the NCSC has been tracking and defending against the threat posed by state actors, including Russia.

But our efforts go back much further than that. For decades, our parent organisation GCHQ has been studying Russian doctrine and tracking the threat Russia poses in the cyber domain. Over this period, Russia has invested significantly in its cyber capabilities – and has used it as a means of projecting power.

This has given us a deep understanding of the Russian threat in cyberspace, both by state and non state actors. That does not necessarily make attacks simple to counter, but it does allow the UK to draw upon these unique insights and capabilities to act responsibly in cyberspace, and to more effectively defend itself and its allies, in the digital realm.

Ukraine background

To understand Russia’s invasion of Ukraine, we have to begin by looking back over the last decade.

In 2014, Putin’s illegal annexation of Crimea was accompanied by cyber activity. Alongside the invasion, he instigated a cyber-enabled information campaign, encouraging Russian speakers to vote for annexation and then set loose a series of botnets to attack Ukrainian infrastructure and government targets.

While the Minsk II ceasefire reduced the kinetic warfare, it did not prevent Russia’s sustained pairing of cyber and information warfare against Ukraine. The most notable attacks, in 2015 and 2016, of the Ukrainian power grid caused massive power outages in the depths of winter. But these were just the most prominent – Ukraine was on the receiving end of fairly constant attacks from Russia.

Then in 2017 Russia launched the destructive NotPetya cyber attack, which affected Ukraine’s financial, energy and government institutions.

But NotPetya’s indiscriminate design caused it to spread further, affecting other European and Russian businesses, and causing billions of dollars’ worth of damage.

This kind of collateral damage is the risk of careless and irresponsible use of cyber capabilities, and this kind of uncontained spillover was one of the risks we were most concerned about earlier this year in the run up to the invasion of Ukraine.

Russian global cyber operations

While the principal focus of this speech is on the cyber dimensions of the Russian invasion of Ukraine, it’s worth briefly reflecting on the fact that Russia’s cyber activity is not solely focused on Ukraine.

Russia runs highly sophisticated, global cyber operations against the UK and our allies – and has done for decades. The SolarWinds compromise in 2020 is a good example of the espionage threat that we face. While less destructive than some of the incidents I will go on to describe – these cyber campaigns are designed to undermine our national interest and that of our allies and so should be vigorously defended against.

Ukraine 2022

This brings us to Russia’s invasion of Ukraine in February this year.

As Jeremy Fleming, the Director of GCHQ, has articulated recently in his Economist article, Putin’s struggle for influence extends beyond the physical battlefield.

Putin’s online disinformation campaign was designed to cause confusion and chaos, while his cyber attacks sought to undermine confidence in the Ukrainian leadership.

Both efforts have largely failed, thanks to the efforts of Ukrainian and Western digital expertise within governments and the private sector.

The release of intelligence by the UK and our Allies enabled us to get ahead of Putin false flag operations and disinformation narratives, while staunch, professional and effective cyber defences have disrupted Russia’s clumsy efforts to deploy offensive cyber measures in Ukraine.

This is not to say that cyber activity has not featured in this war. Far from it.

Both sides are using cyber capabilities to pursue their aims. Both sides understand the potential of integrating cyber and information confrontation with their military effort.

What have we seen?

We haven’t seen ‘cyber Armageddon’. But that’s not a surprise to cyber professionals, who never expected it. What we have seen is a very significant conflict in cyberspace – probably the most sustained and intensive cyber campaign on record – with the Russian State launching a series of major cyber attacks in support of their illegal invasion in February.

Prior to the invasion, the GRU launched multiple DDoS attacks against Ukrainian government websites and its financial sector. This happened alongside the deployment of Whispergate and HermeticWiper wiper malware.

And this was followed on 24 February by the attack against ViaSat, an American commercial satellite internet company. The primary target was the Ukrainian military, but thousands of personal and commercial internet users were affected, including wind farms in central Europe. While not as damaging as the spill over from NotPetya, this clearly shows that the use of cyber in warfare can go beyond the borders of the countries involved.

I could go on, but most of this is a matter of public record, so it’s probably more beneficial to tell you what we make of all this.

What do we make of it?

Firstly, and most importantly, we have not been surprised by the volume of Russian offensive cyber operations, nor have we been surprised by their targeting.

It fits our understanding of Russian doctrine – integrating cyber operations alongside real world offensive actions.

Russian cyber forces from their intelligence and military branches have been busy launching a huge number of attacks in support of immediate military objectives.

While these attacks may not have been apocalyptic in nature, this was not necessarily their purpose. Their actions suggest a clear rationale to reduce the Ukrainian Government’s ability to communicate with its population, impact the Ukrainian financial system at a time of heightened concern and divert Ukrainian cyber security resource from their other priorities.

Attacks such as ViaSat were more sophisticated, but the goal was similar – disable or downgrade the Ukrainian government’s ability to communicate. Russia launched this cyber attack one hour before its physical military attacks against Ukraine – a visible example of Russian doctrine in action: using cyber operations as a tool in support of wider military objectives.

One specific observation is that Russia has favoured wiper malware. Much like ransomware, this encrypts a device, making its data inaccessible. But, unlike ransomware, the effect is not designed to be undone. Thus, the infected device is rendered useless. Obviously, there would be dire consequences globally if such malware propagated in the same way NotPetya did.

Ukrainian defence

But for me, in many ways the most important lesson to take from the invasion is not around the Russian attacks – which have been very significant and, in many cases, very sophisticated. It is around Russia’s lack of success.

Try as they might, Russian cyber attacks simply have not had the intended impact.

This lack of Russian success could be considered unexpected. However, the reasons for it can be attributed to three elements: impressive Ukrainian cyber defences, incredible support from industry partners and impressive collaboration between the UK, US, EU, NATO and others.

Just as we have seen inspirational and heroic defence by Ukrainian military on the battlefield. We have seen incredibly impressive defensive cyber operations by Ukrainian cyber security practitioners.

Many commentators have suggested that this has been the most effective defensive cyber activity undertaken under sustained pressure in history.

In many ways, Russia has made Ukraine match fit over the last ten years by consistently attacking them.

Of course, the UK has provided support. For several years, the UK has supported Ukraine to improve their resilience against cyber threats. This has included measures to enhance their incident response, forensics, and assessment processes.

The UK has also dedicated significant resources to enable others to better monitor and understand Russia’s cyber threats. This intelligence is shared with our allies and others subject to Russia’s malign cyber interference in their sovereignty, so that we are all better prepared.

But if the Ukrainian cyber defence teaches us a wider lesson – for military theory and beyond – it is that in cyber security, the defender has significant agency. In many ways you can choose how vulnerable you can be to attacks.

This activity has provided us with the clearest demonstration that a strong and effective cyber defence can be mounted, even against an adversary as well prepared and resourced as the Russian Federation.

UK response

There is a huge amount that countries – and organisations for that matter – can learn from the Ukrainian cyber defence about preventing cyber attacks from taking hold or minimising the impact if they do get through.

Central to this is a commitment to long term resilience.

Building resilience means we don’t necessarily need to know where or how the threat will manifest itself next. Instead, we know that most threats will be unable to breach our defences. And when they do, we can recover quickly and fully.

Since the start of the year, the NCSC has been advising UK organisations to take a more proactive approach to cyber security, in light of the situation in Ukraine.

Effectively, we said organisations should be operating at a heightened threat level. This includes taking measures such as verifying all software is up to date, checking backups and preparing an incident plan. You can find this advice on our website at www.ncsc.gov.uk

But there may be organisations that are beginning to think “is this still necessary?” as in the UK we haven’t experienced a major incident related to the war in Ukraine. My answer is an emphatic “yes.”

In response to significant battlefield set-backs, in the last week we have seen Putin react in unpredictable ways. So, we shouldn’t assume that just because the conflict has played out in one way to date, it will continue to go the same way.

There is still a real possibility that Russia could change its approach in the cyber domain and take more risks – which could cause more significant impacts in the UK.

We have already seen – in the case of ViaSat – the conflict causing significant impact outside the borders of Ukraine.

And increasing organisational resilience in response to the threat from Russia doesn’t just increase resilience to attacks from Russia, it raises the bar against all threats, such as criminally motivated ransomware, in a non-escalatory way.

So UK organisations – and their network defenders – should be prepared for this period of elevated alert to be with us for the long haul. Across the UK, we need to focus on building long-term resilience. Just as the Ukrainian defenders have done.

True resilience is a marathon not a sprint.

Unified partnerships

Along with resilience comes the need for a united front.

The pooling of resources among friends and allies is what will enable us to stay ahead of the threats and protect the freedoms and security of the digital age in which we live.

Our open, collaborative approach gives us a natural advantage. It encourages innovation, spurring the creation of an ecosystem which evolves naturally to defend against any and all threats.

This is not a simply an alliance of governments. The private sector is also deeply entrenched in the defence of Ukraine.

From my perspective, the private sector has an increasingly critical role to play in cyberspace, and Ukraine has demonstrated the advantage that public-private partnerships afford to hardening cyber defences.

Indeed, Russian actors face a formidable force from cyber experts in the UK, US, EU and other allied nations who are frustrating their activity. It’s a strong ray of hope for the future.

Conclusion

So, looking back to the start of the year, we can’t help but be impressed by the hugely effective defence that the Ukrainian network defenders have mounted. They have been true heroes and have saved lives in the face of sophisticated and sustained Russian cyber aggression.

But it’s vital that we learn the lessons that Ukraine learnt over the last decade. We need to invest in resilience – right across the UK.

This remains an urgent challenge. Despite not being as successful as Putin would have liked, Russia remains a very sophisticated cyber power.

Thank you for your time.

Source: Wiki Profile GOV.UK

US: Lt General Braga Concerned on New Approach for Future Threats

HLS.Today — Thu, 15 Sep 2022 00:00:25 +0000

The Army’s special operations forces need a closer look at how to operate as they prepare for an increasingly complex world, the commander of Army Special Operations Command said.

“We must understand our critical vulnerabilities and challenge all assumptions, processes and everything that’s been developed for the counterterrorism fight,” Lt. Gen. Jonathan Braga said July 27.

Speaking during the Association of the U.S. Army’s inaugural Warfighter Summit and Exposition near Fort Bragg, North Carolina, Braga said special operations forces must “consider every space, every domain contested.”

“As a nation, we need industry, academia, warriors, policymakers to come together for a whole-of-nation—not just whole-of-government—approach to innovate against future threats,” Braga said as part of a panel discussion focused on the future of irregular warfare.

Special operations forces provide commanders with “asymmetric options with tailorable solutions” and a “unique mindset to prevail in any conflict,” Braga said.

Today’s strategic environment requires Army Special Operations Command to optimize force structure and modernize for multidomain operations, he said. From the proliferation of technology to challenges from peer adversaries such as Russia and transboundary complexities such as pandemics and climate change, the force faces “unprecedented challenges,” and it must prepare for a growing prevalence of irregular warfare, Braga said.

Irregular warfare requires “continuous” effort, forward presence and strong relationships with partners and allies, Braga said. The Army’s special operations troops benefit from “deep generational relationships” with their partners, Braga said.

With more than 2,800 special operations soldiers deployed to 77 countries, the Army maintained those deployment cycles even during the height of the global war on terror, he said. “We didn’t step away from those generational relationships,” he said. “[Special operations forces] depend on these strong relationships with our allies and partners, and that requires deliberate investment and really can’t be built overnight.”

To prepare for the future, the Army also must focus on intellectual training, said Carolyne Davidson, assistant professor of strategic studies at the National Defense University.

“Your brains are a massive capability,” she said. “If we can’t think nimbly about competition and how to use the tools we have effectively and efficiently, we’re going to lose the vital edge we have.”

Irregular warfare requires an educated force, Davidson said. “We need smart technologies, absolutely. We need human ingenuity. We can’t have smart bombs and not-too-smart personnel. We need both, and the stakes are really high.”

Soldiers must be able to think strategically, creatively and critically, Davidson said.

“The global threat landscape is as complex and challenging as it has been in decades,” Braga said. “Today’s challenges are truly a team sport, and [Army Special Operations Command] will be ready for the [People’s Republic of China] pacing threat and the Russian acute threat.”

Source: Association of the United States Army

CISA: Cybersecurity Post-Quantum Cryptography Guidelines

HLS.Today — Mon, 05 Sep 2022 05:13:02 +0000

The Cybersecurity and Infrastructure Security Agency (CISA) released a new CISA Insight, Preparing Critical Infrastructure for Post-Quantum Cryptography, which provides critical infrastructure and government network owners and operators an overview of the potential impacts from quantum computing to National Critical Functions (NCFs) and the recommended actions they should take now to begin preparing for the transition.

HLS.Today cisa_insight_post_quantum_cryptography_508

While quantum computing promises greater computing speed and power, it also poses new risks to critical infrastructure systems across the 55 NCFs. This CISA Insight incorporates findings from an assessment conducted on quantum vulnerabilities to the NCFs to understand the urgent vulnerabilities and NCFs that are most important to address first and the three NCF areas to prioritize for public-private engagement and collaboration.

“While post-quantum computing is expected to produce significant benefits, we must take action now to manage potential risks, including the ability to break public key encryption that U.S. networks rely on to secure sensitive information,” said Mona Harrington, acting Assistant Director National Risk Management Center, CISA. “Critical infrastructure and government leaders must be proactive and begin preparing for the transition to post-quantum cryptography now.”

In March 2021, Secretary of Homeland Security Alejandro N. Mayorkas outlined his vision for cybersecurity resilience and identified the transition to post-quantum encryption as a priority.

To ensure a smooth and efficient transition, CISA encourages all critical infrastructure owners to follow the Post-Quantum Cryptography Roadmap along with the guidance in this CISA Insight. The roadmap includes actionable steps organizations should take, such as conducting an inventory of their current cryptographic technologies, creating acquisition policies regarding post-quantum cryptography, and educating their organization’s workforce about the upcoming transition.

For more information about CISA’s efforts, visit CISA.gov/quantum.

Source: CISA.GOV

Source Abstract:

What Is Quantum Computing and How Is It a Threat?
Quantum computers leverage the properties of quantum physics to derive computing capabilities that are different and, in some ways, far exceed those of classical computers. By leveraging quantum mechanics, quantum computers utilize qubits, or “quantum bits,” rather than binary bits, to achieve greater computing power and speed for specific scenarios—such as breaking current public key encryption.
The algorithms that underpin the current encryption standards rely on solving mathematical problems that classical computers cannot reasonably solve. Because of their expense and physical size, quantum computers that can break encryption algorithms are likely to first be developed for use by technology companies, research institutions, or nation-states. In the hands of adversaries, sophisticated quantum computers could threaten U.S. national security if we do not begin to prepare now for the new post-quantum cryptographic standard.

Recommended Actions for Leaders
Although NIST will not publish the new post-quantum cryptographic standard until 2024, CISA urges leaders to start preparing for the migration now by following the Post-Quantum Cryptography Roadmap. Do not wait until the quantum computers are in use by our adversaries to act. Early preparations will ensure a smooth migration to the post-quantum cryptography standard once it is available. Note: Organizations should wait until the official release to implement the new standard in a production environment.

Cybersecurity: $1 Billion Funding for First-Ever State and Local Grant Program

HLS.Today — Mon, 05 Sep 2022 00:00:56 +0000

Funding from President Biden’s Bipartisan Infrastructure Law will be available over four years to help States and Territories become more resilient to cyber threats. The Department of Homeland Security (DHS) announced a first-of-its-kind cybersecurity grant program specifically for state, local, and territorial (SLT) governments across the country.

This State and Local Cybersecurity Grant Program, made possible thanks to President Biden’s Bipartisan Infrastructure Law, provides $1 billion in funding to SLT partners over four years, with $185 million available for FY22, to support SLT efforts to address cyber risk to their information systems. With this funding, SLT governments will be better equipped to address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure resilience against persistent cyber threats for the services SLT governments provide their communities.

With the release today of a Notice of Funding Opportunity (NOFO), DHS has opened the application process for the grant program. Applicants have 60 days to apply for a grant, which can be used to fund new or existing cybersecurity programs.

State, local, and territorial government cybersecurity grant program
Read video transcript at the end of this page.

This program is the latest example of a unified approach across DHS, in which a FEMA-administered program leverages CISA’s capabilities to accomplish the Department’s goal of increasing state and local cyber defenses. By leveraging FEMA’s grant administration expertise, along with CISA’s expertise in cybersecurity, DHS is taking steps to help more SLT stakeholders across the country understand the severity of cyber threats and cultivate partnerships to reduce risks across the state, local, and territorial enterprise.

“Cyberattacks have emerged as one of the most significant threats to our homeland,” said Secretary of Homeland Security Alejandro N. Mayorkas. “In response, we continue to strengthen our nation’s cybersecurity, including by resourcing state and local communities to build and enhance their cyber defenses. The cybersecurity grant process we are starting today is a vital step forward in this critical effort. Our approach is one of partnership, in the service of an all-of-society investment in the security of our homeland.”

“As we build a better America, we’re ensuring that our infrastructure is more modern and digitally connected. But along the way, we must also take proactive steps to increase our resilience to the increasing threat of cyberattacks,” said White House Infrastructure Coordinator Mitch Landrieu. “Thanks to the President’s Bipartisan Infrastructure Law, we’re making a once-in-a-generation investment of $1 billion in infrastructure cybersecurity, giving our state and local governments the resources they need to guard against debilitating cyber threats. Today’s announcement marks an important step in our commitment to strengthen resilience, protect and improve our nation’s infrastructure, and safeguard our economy.”

“As the nation’s cyber defense agency, CISA works hand-in-hand with our partners in state, local, and territorial governments who face unique cybersecurity challenges but often lack the resources to address them. The State and Local Cybersecurity Grant Program will play a critical role in helping these organizations build their capability and capacity,” said CISA Director Jen Easterly. “We encourage all eligible entities to apply for grant funds to protect our critical infrastructure and communities from malicious cyber activity and to grow their partnership with CISA. CISA is here to provide the expertise, tools, and technical assistance to be a reliable partner to state, local, and territorial governments in combating the growing cyber threats they face each day.”

“FEMA’s mission to help people before, during, and after disasters is not limited to climate-related events. Responding to man-made threats to our nation’s critical infrastructure, like cybersecurity, is a role we take seriously and stand ready to support,” said FEMA Administrator Deanne Criswell. “We value our partnership with CISA and look forward to administering this novel cybersecurity grant program that will help protect crucial resources nationwide and ensure that state, local, and territorial governments have more tools to become more resilient to all hazards.”

“Today’s announcement is another example of President Biden’s commitment to secure the essential services Americans rely on. The Biden-Harris Administration is committed to trying creative, new approaches, like this grant program to state and local governments, to strengthen our cyber defenses to protect the Americans we serve,” said Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology.

“Securing the Nation’s cyber ecosystem requires a whole-of-society approach, and that includes the crucial work that state, local, and territorial governments do in partnership with the Federal government every day. This program, made possible by the Bipartisan Infrastructure Law, demonstrates the Biden-Harris Administration’s commitment to ensuring that all Americans can thrive in cyberspace,” said National Cyber Director Chris Inglis.

The cyber grant program is an innovative program established by the State and Local Cybersecurity Improvement Act, part of the Bipartisan Infrastructure Law, to help address the unique challenges state and territorial governments face when defending against cyber threats. This new grant program will help state and local partners reduce cyber risk and build resilience to the dynamic and evolving cybersecurity threat environment.

Specifically, the cyber grant program will fund efforts to establish critical governance frameworks across states and territories to address cyber threats and vulnerabilities, identify key vulnerabilities and evaluate needed capabilities, implement measures to mitigate the threats, and develop a 21st-century cyber workforce across local communities. CISA will support these efforts with a suite of available resources, including state cybersecurity coordinators and cybersecurity advisors.

The grants will significantly improve national resilience to cyber threats by giving state, local, and territorial governments much-needed resources to address network security and take steps to protect against cybersecurity risks to help them strengthen their communities. There will be two funding opportunities for this program. The funding opportunity being announced today is for state, local, and territorial governments. As part of this NOFO, local governments are eligible sub-recipients through their respective states and territories. A separate tribal grant program will be released later in the fall.

Source: DHS.GOV

HLS.Today fema_fy-2022-preparedness-grants-manual

FY22 STATE AND LOCAL CYBERSECURITY GRANT PROGRAM FACT SHEET
In fiscal year (FY) 2022, through the Infrastructure Investment and Jobs Act, the Department of Homeland Security is providing $185 million to address cybersecurity risks and cybersecurity threats to information systems owned or operated by, or on behalf of, state, local and territorial governments.

Overview
The goal of the State and Local Cybersecurity Grant Program (SLCGP) is to help states, local governments, rural areas, and territories address cybersecurity risks and cybersecurity threats to information systems. The program enables DHS to make targeted cybersecurity investments in state, local and territorial government agencies, thus improving the security of critical infrastructure and resilience of the services that state, local, and territorial governments provide to their communities. Federally recognized Tribes also have a dedicated grant program; details on the Tribal Cybersecurity Grant Program are forthcoming.

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Emergency Management Agency (FEMA) are jointly managing the SLCGP. CISA will provide subject-matter expertise and determine allowable activities, while FEMA will conduct eligibility reviews, and issue/administer the grant awards consistent with all applicable laws, regulations, and policies.

Goals and Objectives
CISA developed a series of overarching goals and objectives for the SLCGP based on input from state, local, and territorial stakeholders, and consideration of national priorities, frameworks, and the national cyber threat environment:

Implement cyber governance and planning;
Assess and evaluate systems and capabilities;
Mitigate prioritized issues; and
Build a cybersecurity workforce.
Funding
In FY 2022, $183.5 million is available under the SLCGP, with varying funding amounts allocated over four years from the Infrastructure Investment and Jobs Act. This year, each state and territory will receive a funding allocation as determined by the statutory formula:

Allocations for states and territories include a base funding level as defined for each entity: 1% for each state, the District of Columbia, and Puerto Rico; and 0.25% for American Samoa, the Commonwealth of the Northern Mariana Islands, Guam, and the U.S. Virgin Islands.
State allocations include additional funds based on a combination of state population and rural population totals.
80% of total state allocations must support local entities, while 25% of the total state allocations must support rural entities; these amounts may overlap.
Eligibility
All 56 states and territories, including any state of the United States, the District of Columbia Puerto Rico, American Samoa, and the Commonwealth of the Northern Mariana Islands, Guam, and the U.S. Virgin Islands, are eligible to apply for SLCGP funds. The designated State Administrative Agency (SAA) for each state and territory is the only entity eligible to apply for SLCGP funding.

Multi-Entity Groups
An SAA may partner with one or more other SAAs to form a multi-entity group. Members of these groups work together to address cybersecurity risks and cybersecurity threats to information systems within their jurisdictions. There is no limit to the number of participating entities in a multi-entity group. Local entities can be included in the project, but their respective eligible entity (i.e., the SAA) must also participate at some level. There is no separate funding for multi-entity awards. Instead, they should be considered as group projects within their existing state or territory allocations. These projects should be included as individual Investment Justifications from each participating eligible entity, each approved by the respective Cybersecurity Planning Committee and be aligned with each respective eligible entity’s Cybersecurity Plan.

Funding Guidelines
Cybersecurity Committee and Plan Requirements
Each state and territory must establish a Cybersecurity Planning Committee that coordinates, develops, and approves a Cybersecurity Plan. These plans are meant to guide development of cybersecurity capabilities across the state or territory. The Cybersecurity Planning Committee is responsible for approving the Cybersecurity Plan and prioritizing individual projects. Eligible entities submit Cybersecurity Plans for review and approval as part of their grant application. Initial Cybersecurity Plans will be approved for two years. Subsequent Cybersecurity Plans, building on the investments from the previous year(s), must be submitted for approval annually.

Pass-Through Requirements
Awards made to the entity or multi-entity group for SLCGP carry additional pass-through requirements. The SAA must pass-through at least 80% of the funds awarded under the SLCGP to local units of government, including at least 25% of funds to rural entities, within 45 calendar days of receipt of the funds. “Receipt of the funds” occurs either when the SAA accepts the award or 15 calendar days after the SAA receives notice of the award, whichever is earlier.

Pass-through is defined as an obligation on the part of the entity or multi-entity group to make funds available to local units of government, combinations of local units, tribal governments, or other specific groups or organizations. Four requirements must be met to pass-through grant funds:

The SAA must make a firm written commitment to passing through grant funds to subrecipients.
The SAA’s commitment must be unconditional (i.e., no contingencies for the availability of SAA funds).
There must be documentary evidence (e.g., award document, terms, and conditions) of the commitment.
The award terms must be communicated to the subrecipient.

Cost-Share Requirements
Eligible entities applying as a single entity must meet a 10% non-federal cost-share requirement for the FY 2022 SLCGP. The recipient contribution can be cash (hard match) or third-party in-kind (soft match). Eligible applicants shall agree to make available non-federal funds to carry out an SLCGP award in an amount not less than 10% of the total project cost. In other words, the federal share applied toward the SLCGP budget at the project/activity level shall not exceed 90% of the total budget as submitted in the application and approved in the award. If the total project ends up costing more, the recipient is responsible for any additional costs. If the total project ends up costing less, the recipient may owe FEMA an amount required to ensure that the federal cost share is not in excess of 90%.

Unless otherwise authorized by law, federal funds cannot be matched with other federal funds. The recipient’s contribution should be specifically identified. These non-federal contributions have the same eligibility requirements as the federal share.

The Secretary of Homeland Security may waive or modify the non-federal share for an individual entity if the entity demonstrates economic hardship. More information on what constitutes economic hardship, and how to request a cost-share waiver will be forthcoming.

For a multi-entity group project, a cost share or cost match is not required for the FY 2022 SLCGP.

Application Process
Applying for an award under the SLCGP is a multi-step process. Applicants are encouraged to register early as the registration process can take four weeks or more to complete. Registration should be done in sufficient time to ensure it does not impact a state or territory’s ability to meet required submission deadlines. Section D in the FY 2022 SLCGP Notice of Funding Opportunity contains more detailed information and instructions.

Eligible applicants must submit their initial application through the grants.gov portal at www.grants.gov. Applicants needing grants.gov support should contact the grants.gov customer support hotline at (800) 518-4726, 24 hours per day, 7 days per week except federal holidays.

Eligible applicants will be notified by FEMA and asked to proceed with submitting their complete application package in the Non-Disaster (ND) Grants System. Applicants needing technical support with the ND Grants System should contact NDgrants@fema.dhs.gov or (800) 865-4076, Monday-Friday from 9 a.m. to 6 p.m. Eastern Time (ET).

Completed applications must be submitted no later than 5 p.m. ET by the deadline included in the funding notice.

SLCGP Resources
There are a variety of resources available to address programmatic, technical and financial questions, which can assist with SLCGP applications:

The SLCGP funding notice will be released on September 16, 2022 and available online at www.fema.gov/grants as well as www.grants.gov.
For SLCGP program-specific questions, please email SLCGPinfo@cisa.dhs.gov.
For additional program-specific information, please contact the Centralized Scheduling and Information Desk (CSID) help line at (800) 368-6498 or AskCSID@fema.dhs.gov. CSID hours of operation are from 9 a.m. to 5 p.m. ET, Monday through Friday.
For support regarding financial grants management and budgetary technical assistance, applicants may contact the FEMA Award Administration Help Desk via e-mail at ASK-GMD@fema.dhs.gov.

Video intro Transcript:

Jen Easterly, director of CISA.

“I’m super excited to announce a first of its kind cybersecurity grant program for state and local governments across our country. The cyber threat is real. It’s dynamic and it’s evolving. And because of this, the administration has made cybersecurity a top national security priority. And we know many communities are hard pressed to address cybersecurity due to resource challenges.

In fact, some of you may already have had firsthand experience with threats like ransomware, and that’s just one type of cyber threat. Our state and local partners are not alone in the cybersecurity mission. To support our communities across the nation, we’ve launched the State and Local Cybersecurity Grant Program.

It’s a huge step toward building national resilience from the ground up. And the administration has tasked the Department of Homeland Security to develop and administer this grant program to get communities the resources they need to reduce risks to cyber threats and raise the security baseline to keep all Americans safe.

This program is an example of the strong collaboration taking place across DHS to deliver for our state and local partners with CISA lending its immense subject matter expertise to the grant development and implementation process, while FEMA brings its long experience in administering the grants.

Bottom line, these grants will be a game changer for our communities. Supporting our state and local government partners is critical to our national security, and these grants will provide state, local, and territorial governments much needed resources to take action to protect against cybersecurity risks and strengthen our communities.

Funding from these grants will help communities better understand their cyber risk profile and develop a plan to reduce those risks and build resilience. Specifically, the grants will provide funds to assist in addressing identified vulnerabilities. So find out who is eligible and get all of the details at CISA.gov. Applications should include a completed cybersecurity plan and a capabilities assessment. Thank you for doing your part to make sure our nation’s cybersecurity defense is the new offense.”

INTERPOL: World Day Time for Coordinating Efforts in Fighting Human Trafficking

HLS.Today — Fri, 29 Jul 2022 08:29:57 +0000

France: Human trafficking constitutes a modern form of slavery, denying people their dignity and basic rights. It is a crime that knows no borders, affecting people of all ages and regions worldwide.

In the eyes of organised crime networks, victims of this crime are a commodity for economic profit, to be exploited and sold. Such networks make large profits through human trafficking as they subject their victims to mental and physical abuse.

Trafficking can take on many forms. However, its constant feature is the exploitation of vulnerabilities. Examples include, among others, cases of labour exploitation in areas like construction, fishing and agriculture; forced criminality, sexual exploitation and organ removal.

For this year’s World Day against Trafficking in Persons, annually held on 30 July, INTERPOL sheds light on its work combatting this crime. This year’s focus is on the role of technology as a tool that can both facilitate and impede human trafficking.

“Traffickers are recruiting, transporting, harbouring and exploiting victims abusing a wide diversity of technology platforms. These platforms allow traffickers to reach a larger number of potential victims in any region in the world.” Isaac Espinosa Delgado, Acting Coordinator, Human Trafficking and Smuggling of Migrants Unit

“Global Law Enforcement must stay vigilant, work together, and leverage that same technology to prevent and disrupt this serious transgression to human rights” Mr Espinosa added.

INTERPOL-coordinated operations

Although human trafficking is predominantly a domestic crime, data shows that international human trafficking is commonly organised by criminal networks often involved in other serious crimes whose victims are trafficked for longer periods and with more violence.

Through regional and global operations, INTERPOL is helping law enforcement dismantle these criminal networks by promoting international police cooperation and using INTERPOL policing capabilities. By engaging in these operations, member countries act synchronously on ongoing criminal investigations and strengthen their controls to identify victims of trafficking in borders and hotspots for this criminal activity.

Operation WEKA II

Last month, INTERPOL-coordinated police actions mobilised 44 countries across four continents. Amongst the operation’s outcomes were the rescue and safeguarding of nearly 700 human trafficking victims and the arrest of 300 suspected traffickers and migrant smugglers.

Significantly, in the aftermath of this operation, police in Togo were able to locate a teenage girl trafficked from Burkina Faso. The INTERPOL National Central Bureau in Lomé traced the location where the girl was held captive in Togo, rescuing her and reuniting her with her family.

Operation Storm Makers

As part of Operation Storm Makers (March 2022), authorities successfully dismantled organised crime groups believed to be facilitating the travel of Asian men, women and children across borders for exploitation. Throughout the operation, authorities rescued and assisted 80 human trafficking victims, arrested 121 suspects and opened 193 new investigations.

Operation Turquesa III

Last December, Operation Turquesa III resulted in 216 arrests and the identification of more than 10,000 irregular migrants from 61 different countries. Other key operational results included the rescue and assistance of 127 human trafficking victims from forced labour and sexual exploitation, and the arrest of 27 people in El Salvador concerning child sexual abuse and child labour offences.

Victim-centric approach

Activities are carried out with a victim-centric approach, emphasising the importance of victims’ safety and wellbeing, and access to care following their rescue, to promote recovery and avoid further trauma.

Source: INTERPOL

Texas Border: Rio Grande Valley Agents Identified Illegals in Smuggling Attempts

HLS.Today — Fri, 29 Jul 2022 08:13:51 +0000

Rio Grande Valley Sector (RGV) Border Patrol agents apprehend 24 migrants from two vehicle stops and a stash house. On July 28, Texas Game Warden officers observed numerous individuals load into a Ford F250 pickup truck near Mission and notified RGV agents.

A Texas Department of Public Safety (TXDPS) trooper located the vehicle and attempted to perform a vehicle stop. The vehicle failed to yield and led troopers and agents on a vehicle pursuit. The vehicle stopped in Alton, TX, where the driver and several occupants fled into the brush. After a search of the area, 18 migrants from Central America and Mexico were apprehended. TXDPS took custody of the driver to face state charges.

Hours later, RGV agents, with assistance from the Hidalgo County Sheriff’s Office, apprehended 3 subjects in a human smuggling stash house located in Donna. Agents identified all subjects to be illegally present in the United States. The subjects were citizens of Mexico and El Salvador. No caretaker was identified.

Yesterday evening, Falfurrias Border Patrol agents responded to a request for assistance from the Brooks County Sheriff’s Office (BCSO) on a vehicle stop which resulted in a bailout. Agents determined two passengers were unlawfully present in the U.S. BCSO officers seized the vehicle. The migrants who are citizens of Mexico and El Salvador were transported to a Border Patrol facility. The driver was not located.

All subjects will be processed accordingly.

The public is encouraged to take a stand against crime in their communities and to help save lives by reporting suspicious activity.

Source: CBP

UK: National Air Traffic Services Joined Forces with the BVLOS Operations Forum

HLS.Today — Thu, 28 Jul 2022 08:39:10 +0000

Pioneering companies in the emerging uncrewed aviation industry have joined forces in a forum established by air traffic control leader NATS, to break through the barriers to the UK industry’s development.

The BVLOS Operations Forum, which includes the UK’s leading beyond-visual-line-of-sight (BVLOS) operators, brings together organisations at the cutting edge of uncrewed flight to learn from each other’s experiences collectively improve their operations, and jointly develop solutions to the challenges faced by this fast-growing industry.

The ever-increasing number of operators believe there are huge potential benefits to achieving routine BVLOS flights – including increased connectivity, decarbonisation, and economic opportunities for all parts of the country. Because innovation in this sector has moved so quickly, regulations have not yet caught up, meaning BVLOS flights are still restricted to specific areas.

Some progress has been achieved, and the Forum has actively supported recent policy initiatives which set out a positive direction from the Government and the regulator. However, operators are still operating in restricted spaces. While these have allowed the sector to hone operations and develop real opportunities for BVLOS services, many operators, including members of the BVLOS Operations Forum, have now outgrown the available capacity and the constraints are posing a genuine challenge to their business model.

Looking for ways to address that, while encouraging ever-increasing safety standards is the central mission of the Forum.

“The BVLOS Operations Forum has given those seeking to operate uncrewed aircraft beyond-visual-line-of-sight a platform to work together, and a means for driving change and establishing a safe and workable regulatory regime that will benefit the industry as a whole” said Russell Porter, Head of UTM Programmes at NATS and Chair of the BVLOS Operations Forum.

“This method of working together has been used by traditional airspace operators for many years and has contributed to the robust safety culture that exists today. By uniting uncrewed operators with extensive experience and equally extensive ambition we can develop a similarly robust safety culture, and collectively plot a course toward safely integrated BVLOS operations.”

The founding members of the Forum include ARPAS UK, Blue Bear, Callen Lenz, Flylogix, Maritime & Coastguard Agency, NATS, Network Rail, sees.ai, Skyports and Windracers, all of whom are actively involved in developing BVLOS operations, and some of whom are already operating BVLOS flights commercially.

The shared goal is to achieve routine BVLOS operations, outside of restricted areas and integrated with other traffic, making uncrewed aircraft a safe and effective option in the aeronautical toolbox.

Source: Air Traffic Management

US Army: Chief of Staff McConville Warns on Unreadiness in Dangerous Times

HLS.Today — Thu, 28 Jul 2022 08:24:31 +0000

From COVID-19 response to supporting allies and partners in Eastern Europe, the Army has shown it is ready, versatile and able to respond quickly whenever the nation calls, the service’s top general officer said.

“We can do a lot of things that the nation asks us to do, but that’s not really our reason for being,” Army Chief of Staff Gen. James McConville said on July 28. “The Army exists for one purpose, and that’s to protect the nation by being ready to fight our nation’s wars along with the joint force. We are a warfighting organization, and we should never forget that.”

The keynote speaker to open the second day of the Association of the U.S. Army’s inaugural Warfighter Summit and Exposition near Fort Bragg, North Carolina, McConville said the Army is living in “very, very challenging times.”

“I’m not sure, in my 41-plus years of service, I’ve seen a more potentially dangerous time for our country and for our military,” McConville said.

At Fort Bragg alone, the Army has called on its soldiers to respond to several no-notice missions, McConville said. “We’ve asked a lot of the troops from Fort Bragg,” he said.

The XVIII Airborne Corps is deployed to Europe to bolster allies and partners there amid the fighting in Ukraine, while the 82nd Airborne Division just returned from there, he said. “For those in the 82nd, we have deployed you four times, no-notice, in the last three years, and every single time, you have excelled,” McConville said.

It’s appropriate that the Warfighter Summit is being held near Fort Bragg, he said. “We’re here at Warfighter Town, USA,” he said. “This is where the greatest units in the world train, live and deploy from.”

It’s also fitting that a summit focused on the warfighter is taking place now, as the U.S. faces the “acute threat” of Russia and the “pacing threat” of China, McConville said.

“As we talk to many of our European colleagues and our allies, it was unimaginable not too long ago that we could have an unprovoked attack like this on the European continent,” he said about Russia’s invasion of Ukraine.

In the Indo-Pacific, China has an economy “nearly equal to ours or, depending on how you measure it, bigger than ours,” and it is building a “world-class military to challenge us and to challenge the world order,” McConville said.

The Army also can’t take its eye off other persistent threats, including North Korea, Iran and violent extremist threats, he said. “It’s a very, very busy time for our military and our Army,” he said.

This is why the Army needs to remain focused on the threats of today but also the challenges of tomorrow, particularly as the force transitions its focus from counterinsurgency and counterterrorism operations to irregular warfare and large-scale combat operations, McConville said.

“For many of our leaders, this is an inflection point,” he said. “It’s a major shift in how we do business.”

What’s certain is the Army will face a future fight where it is contested in all domains—land, sea, air, cyber and space—and it will have to be nimble and mobile while contending with communications and navigation systems that are jammed or degraded, McConville said.

McConville said that the Army is also taking close notes on lessons learned from the fight in Ukraine.

“There are lots of lessons to be learned about what’s happening in Ukraine, which if our doctrine works, which of our weapons systems work,” he said. “We’re going to take advantage of that and take the lessons we need to set the Army on the right path for the future.”

Source: Association of the United States Army