NTSC Technology Security Roundup

Weekly News Roundup: July 10, 2017

Critical Infrastructure Potentially at Risk as Hackers Breach US Power Plants

According to a report from Bloomberg, hackers breached about 12 US power plants in a cyberattack that appeared as if they were looking for security vulnerabilities. Bloomberg noted “Adding to those concerns, hackers recently infiltrated an unidentified company that makes control systems for equipment used in the power industry, an attack that officials believe may be related.” The Washington Post reported over the weekend that Russia may have been the nation state behind the attack.

US Military May Stop Using Kaspersky Lab Cybersecurity Software Due to Russian Cyberthreats

Because of recent cyberthreats from Russia, the US Military may stop using Moscow-based Kaspersky Lab cybersecurity software. Wary that the software might be a tool of the Russian government, the Senate Armed Services Committee is contemplating removing Kaspersky Lab from a military funding bill. According to The Wall Street Journal, “[Eugene] Kaspersky [founder and CEO of Kaspersky Lab] has offered to testify in front of the U.S. Senate about the integrity of his company’s work. No Senate panel has taken Kapersky up on his offer to appear.” In addition, the Associated Press reported that Kaspersky is also willing to share his source code with the United States.

NIST Advisory Board Against the Idea of Auditing Agencies

The National Institute of Standards and Technology (NIST) already creates standards that government agencies use for benchmarking. But after President Trump’s executive order and the House Science, Space and Technology Committee suggested that NIST would also audit agencies, the NIST advisory board cautioned against it. According to NextGov, “NIST has traditionally shied away from taking on an auditing role, which could complicate its current mission as a neutral adviser to agencies on cybersecurity and other issues.” It’s also likely that NIST would struggle with focus and the ability to carry out these auditing duties as budget cuts loom.

Help Net Security Provides Analysis of Upcoming TLS 1.3 Release

The cybersecurity community is awaiting and eager for the official release of TLS 1.3. Right now, it’s in draft form and some organizations have already started to use early versions of these protocols. Help Net Security author Rolf Oppliger recently provided an excellent analysis of TLS 1.3’s benefits that include the following points:

  • “From a security perspective, TLS 1.3 is a major breakthrough and tries to get rid of all cryptographic techniques and primitives that [are] known to be weak and exploitable.”
  • “TLS 1.3 also disallows cryptographic algorithms that are known to be weak, such as stream ciphers like RC4, hash functions like MD5 or SHA-1, and block ciphers like 3DES, as well as all types of export-grade cryptography.”
  • “Finally, TLS 1.3 is highly efficient and can therefore get rid of session resumption and renegotiation. These shortcut features have led to distinct attacks in the past, i.e., session renegotiation and triple handshake attacks.”

Oppliger also notes that uncertainties around implementation may jeopardize TLS 1.3’s effectiveness.

DHS Awards $206,000 to Carnegie Mellon University for Development of Data Platforms for Analyzing Cyberattacks

According to a press release, the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) has awarded Carnegie Mellon University $206,062 to develop data and analysis platforms that cybersecurity researchers can use to understand and counter cyberattacks. The university will conduct its work under a project titled “A Query-able Platform for Online Crime Repositories.” Its objective is to enhance and deploy a sustainable backend data-collection capability and front end web-based platforms that will allow cybersecurity researchers to search cyber-crime information. This body of data aggregates anonymous online marketplace data and information on search-redirection attacks (an attack type that is primarily used for attracting customers to illicit or fraudulent websites).