DHS Signals Need to Share Critical Infrastructure Training with More People
Two weeks ago, the DHS’s new National Risk Management Center began meeting with three of its 16 identified critical infrastructure sectors. Those sectors will need training that reaches thousands, not hundreds, of people as signified by an RFI from DHS. According to NextGov, “The department is seeking a video conferencing service that it can use to provide cybersecurity webinars to 5,000 or more critical infrastructure operators simultaneously… […] Homeland Security already provides training webinars on a variety of cyber topics to critical infrastructure owners as well as to state and local governments using the Adobe Connect tool, but the current system can’t serve more than 500 simultaneous attendees, the contracting document states.” This RFI shows that DHS is seriously planning to engage more with critical infrastructure companies in the United States.
US Cyber Command Promotes More Cyber Threat Intelligence Sharing and Transparency with New Malware Initiative
Over the past few years, the NTSC has tracked and discussed our observations of efforts by the federal government to improve cyber threat intelligence sharing. Taking a step in that direction, the Cyber National Mission Force (a unit subordinate to U.S. Cyber Command) said in a press release that it had “posted its first malware sample to the website VirusTotal. Recognizing the value of collaboration with the public sector, the CNMF has initiated an effort to share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity.” The CNMF also set up a Twitter feed that will “highlight when #CNMF posts malware samples to VirusTotal.” Quoted in Threatpost, Tom Kellermann (Chief Cybersecurity Officer at Carbon Black) said, “This is a huge leap forward for the cybersecurity community. For too long, the U.S. has overclassified cyber threat intelligence. This empowers the cybersecurity community to mobilize on clandestine threats in real time, thus aiding the U.S. government in protecting and securing American cyberspace.”
Eaton Researcher Warns About Side-Channel Attacks on Industrial Control Systems
According to SecurityWeek.com, “Demos Andreou, a lead engineer at power management company Eaton, has conducted an analysis of protection devices typically used in the energy sector, specifically in power distribution stations. Side-channel attacks can be used to extract data from a system based on information gained by observing its physical implementation. There are several side-channel attack methods, but Andreou’s research looked at timing and power analysis attacks. […] A malicious actor could cause the system to fail or have it send false data back to its operator. These devices are distributed and they are controlled by a master system. Incorrect readings from one device can have repercussions for a different part of the network. […] Power analysis attacks can pose a serious threat because they are practically impossible to detect, as an attacked device could seemingly continue performing its normal operations even after it has been compromised…” (Last year, the NTSC published an article from Georgia Tech’s Dr. Raheem Beyah titled “Ransomware for Industrial Control Systems–the Next Frontier?” that also addresses ICS security concerns.)
Cybersecurity Reports and Surveys Roundup
We’ve rounded up a few of the best cybersecurity reports and surveys released last week:
Threat Stack Announces Acquisition of Runtime Application Security Vendor, Bluefyre
According to a press release, cloud infrastructure security company Threat Stack announced last Thursday that it acquired application security vendor Bluefyre “to deliver full stack security observability from the control plane to the application layer. With the addition of Bluefyre, Threat Stack will empower developers to build secure, cloud-native applications that can detect and prevent threats at runtime, including applications running on Kubernetes. […] By adding the application layer to its existing cloud infrastructure security capabilities, Threat Stack will enable its customers to truly integrate development, security, and operations into a completely unified DevSecOps program.” The Bluefyre team will be based in Threat Stack’s Boston headquarters.