Cyber Briefing ~ 05/17/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
Weekly Director's Note
Dear Readers,
This week on Cyber Focus, we released two episodes recorded live at the RSA Conference with cybersecurity leaders Phil Venables, Chief Information Security Officer for Google Cloud, and Matt Hayden, a McCrary Institute Senior Fellow and Vice President at GDIT.? Both stressed the convergence of cyber-physical systems and the need for ambitious resilience goals. Venables highlighted the proposed national critical infrastructure "observatory" as a digital twin, while Hayden warned of adversaries pre-positioning for potential disruption. They both talk about the urgency around cyber deterrence strategies imposing costs on adversaries through offensive operations and other levers. I always enjoy my time with these guys and think you will enjoy our conversations.
Next week, the McCrary Institute will host the White House National Cyber Director Harry Coker, Jr for a virtual briefing on the newly released update to the National Cybersecurity Strategy Implementation Plan, and you are invited to attend virtually. A panel discussion will follow with senior government representatives, moderated by McCrary Senior Fellow Katherine Gronberg. I encourage you to register for this timely virtual briefing. Don't miss this chance to understand the updated implementation plan.?
Michael Holden and James Pearson reported that Director Coker recently warned that Chinese military hackers are circumventing American defenses at an "unprecedented scale.” The U.S. and U.K. are raising urgent alarms that China poses an "epoch-defining" challenge, aggressively conducting cyber operations to steal intellectual property and pre-positioning itself to potentially disrupt American critical infrastructure during a crisis. McCrary Institute Senior Fellows Bill Evanina and Steve Kelly along with Rob Joyce and Charles Carmakal, emphasized that this existential threat requires a whole-of-nation response, with the public and private sectors enhancing partnerships, cybersecurity investments, and deterrence measures to counteract China's cyber warfare strategy targeting the foundations of America's economic and national security.
In a story by David Jones, the FBI, CISA, HHS, and MS-ISAC jointly warned that the Black Basta ransomware group has aggressively targeted over 500 organizations worldwide as of this month, including healthcare providers and other critical infrastructure entities across 12 of the 16 designated sectors. The growing attacks on hospitals and utilities is a reminder of the threat Black Basta poses.
Continuing with my friend Matt Hayden, who has been very busy this week, we have this video of him discussing how AI can be used to defend against cyber threats.? Hayden noted that AI enables rapid detection and proactive response at scale against sophisticated threat actors’ efforts. It’s worth noting that America's adversaries are also employing AI to attack us by producing misleading content and amplifying false narratives across social media, as reported by David Klepper and Eric Tucker. Hayden's emphasis on leveraging cyber threat intelligence as a "force multiplier" is particularly pertinent as foreign disinformation adapts innovative AI techniques requiring proactive defense and shared countermeasures to safeguard election integrity.
A Wall Street Journal survey found organizations facing intensifying cybersecurity risks driven by major cyber attacks and stricter regulations, as reported by David Smagalla. However, many compliance teams need more expertise to tackle escalating threats effectively. Despite these challenges, the industry is taking a proactive stance, with most respondents viewing their cybersecurity compliance programs as at least somewhat effective. To help address the organizational threats, George Barnes, a former NSA Deputy Director and current McCrary Institute Senior Fellow, emphasized the need for enhanced public-private partnership. Barnes reminds us that while the government and private sector possess valuable information individually, combining their insights would significantly bolster cybersecurity readiness and effectiveness.
Finally, McCrary Institute Senior Fellow and Exiger Senior VP Bob Kolasky, a prolific writer, cautions that the recent severe geomagnetic storm serves as a warning for the risks of extreme space weather crippling critical infrastructure. He emphasizes enhancing predictive capabilities, infrastructure resilience, and improved risk communications to prepare for future potentially devastating events. Kolasky advocates for formally designating space infrastructure as a critical infrastructure sector to strengthen resilience efforts. Not to sound like a broken record, but this is something I fully support.
Well, it’s been a busy week. Just a reminder to get registered for next week’s McCrary Event. Until then,
War Eagle,
Frank Cilluffo
A bipartisan group of senators released a policy roadmap calling for $32 billion in annual federal spending to bolster U.S. leadership in artificial intelligence. The plan aims to spur innovation while also addressing concerns about AI's potential harms, such as job displacement and misinformation. However, the senators deferred on specific AI regulations, stating that congressional committees and agencies are best equipped to develop those.
A bipartisan group of senators released a plan calling for $32 billion in annual spending to bolster U.S. leadership in AI but deferred on specific regulations to address the technology's risks. The plan aims to spur innovation while leaving regulatory details to congressional committees and agencies.
U.S. officials flagged concerns over China's "misuse" of artificial intelligence during bilateral talks, stressing the need to maintain open communication on AI risk and safety as part of managing competition.
U.S. intelligence and cybersecurity officials, including former National Counterintelligence and Security Center Director Bill Evanina and Institute for Security and Technology Chief Trust Officer Steve Kelly - both Senior Fellows at the McCrary Institute - warn of a vast, long-term campaign by China to infiltrate and potentially disrupt American critical infrastructure using sophisticated "living off the land" hacking tactics that allow them to blend in and remain undetected. Experts testified that China's cyber warfare capabilities vastly outpace U.S. defenses, with the potential to sow chaos across the country by targeting power, water, transportation, and other vital systems in a crisis. The panel called for urgent, whole-of-government action to deter these threats, including new regulations, investments in cyber talent and technology, and enhanced public-private partnerships, emphasizing that China's cyber campaign represents an existential risk that demands a concerted national response.
The U.S. Senate recently released a bipartisan AI policy roadmap covering areas like funding, innovation, bias, and privacy. It's a first step, but legislation is still needed. Meanwhile, companies like Google, OpenAI, and Apple are rolling out major AI capabilities, and the UK is boosting election cybersecurity.
Key U.S. national security officials express confidence in the security of the 2024 presidential election while senators call for greater urgency and improved plans to counter foreign interference. Officials acknowledge the increasing complexity of the threat landscape and emphasize the need to address foreign malign influence operations and emerging technologies like AI. Senators push for a more streamlined notification framework and urge agencies to work closely with state election officials to enhance cybersecurity measures.
The U.S. Justice Department has charged five individuals, including a U.S. citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program. The individuals were accused of participating in a campaign to infiltrate U.S. job markets through fraud and raise funds for North Korea's illicit nuclear program. Two of the suspects have been arrested, while the others remain at large. The U.S. State Department has offered a reward of up to $5 million for information related to the co-conspirators.
Reps. Michelle Steel, Adam Schiff, and other lawmakers have introduced the Strengthening Cybersecurity in Health Care Act to address the increasing cyber-attacks on American healthcare systems. The bill would require the Inspector General to consistently evaluate the Department of Health and Human Services' cybersecurity systems and report findings to Congress. The bipartisan legislation aims to protect sensitive health data and ensure patients receive care without compromising their data.
Nissan suffered a data breach in a ransomware attack last November, exposing the Social Security numbers of thousands of current and former employees. While Nissan promptly notified law enforcement and took immediate actions to contain the threat, it did not disclose whether it paid the ransom. The company has launched an investigation, provided free identity theft protection services to affected individuals for two years, and stated that there is no indication of misuse or intentional targeting of the information. Ransomware attacks are increasingly common, with cybercriminals exploiting vulnerabilities such as stolen passwords or multi-factor authentication codes.
领英推荐
The US has invited France, Germany, and New Zealand to join its Operation Olympic Defender, a military initiative to strengthen defense and deter hostility in space. France remains undecided but may join, though it will maintain operational control over its military space capabilities.
This joint guide, developed as part of CISA's High-Risk Community Protection (HRCP) initiative and NCSC-UK's Defending Democracy campaign, provides mitigation measures for civil society organizations to reduce their risk based on common cyber threats. The authoring agencies strongly encourage civil society organizations and affiliated individuals to apply the mitigations provided in this joint guide. The authoring agencies also encourage software manufacturers to take responsibility for their customers' security outcomes by applying the mitigations in this advisory and designing products that prevent the most common classes of attacks by malicious actors.
Recent ransomware attacks on major American healthcare firms have revealed vulnerabilities in the US healthcare system's defenses against hackers. These attacks disrupted patient care and highlighted the need for new security regulations and mandatory cybersecurity standards in the healthcare sector. The attacks have also drawn attention to the industry's over-consolidation, where the failure of one company's security measures can impact millions of patients. Efforts are underway to establish minimum cybersecurity requirements for hospitals and to address the sector's cybersecurity weaknesses.
Authorities allege that Dmitry Yuryevich Khoroshev, a Russian man, is the leader of the infamous LockBit ransomware group. The article examines Khoroshev's online activities and alter egos, tracing his involvement in cybercrime over the past 14 years, including his potential connection to the Cerber ransomware and the development of the LockBit strain.
UK politicians and election officials will receive support to safeguard against cyberattacks by foreign spies before an anticipated election later this year. The National Cyber Security Centre (NCSC) will provide enhanced security measures to individuals at risk, including protection against malware and spear-phishing attacks. Concerns have been raised about disinformation and foreign interference in the political process, with Russian intelligence and groups linked to the Chinese state identified as potential threats.
During closed-door talks in Geneva, high-level U.S. government envoys expressed concerns about China's "misuse of AI," while Beijing rebuked Washington over "restrictions and pressure" on artificial intelligence. The discussions covered AI's risks and risk management, highlighting the tension between the two countries over the rapidly advancing technology. The talks were the result of a meeting between Presidents Joe Biden and Xi Jinping in November and reflect concerns and hopes about the potential of AI. While the U.S. underscored the importance of ensuring safe and trustworthy AI systems, China criticized U.S. restrictions and advocated for global governance of AI by the United Nations. Both sides acknowledged the opportunities and risks presented by AI.
Japan's Defense Ministry plans to establish a technology research center this fall to develop innovative applications, including for artificial intelligence and autonomous vehicles. Modeled after U.S. institutions like DARPA, the center aims to encourage private-sector collaboration and rapid innovation in areas critical for Japan's defense capabilities, such as submarine detection. This initiative reflects Japan's efforts to bolster its defense technology base to keep pace with advancements by rivals like China.
According to a new report, China has secretly built what could be the world's first dedicated fixed-wing drone carrier. The ship's compact flight deck and catamaran-like hull suggest it is designed to launch and land drones, though experts caution that its exact purpose remains to be seen. This development comes as China continues to expand its naval capabilities, including the recent start of sea trials for its third aircraft carrier.
Security officials warn that America's foreign adversaries, including Russia, China, and Iran, will leverage AI to spread disinformation, mislead voters, and undermine trust in the 2024 U.S. elections. However, the U.S. has improved its ability to safeguard election security and combat foreign interference since 2016.
The FBI and the US Department of Justice have seized the hacking forum BreachForums and its Telegram channel. The website now displays a message indicating that it has been taken down by law enforcement and asks visitors to report any information about cybercriminal activity on the platform. The takedown involved international partners from New Zealand, Australia, the UK, Germany, Iceland, and Ukraine. The forum, which replaced RaidForums, has been under scrutiny for over a year, and the FBI has been investigating the group since June 2023. BreachForums was known as a marketplace for cybercriminals to buy, sell, and trade illegal goods and services.
DHS Undersecretary for Policy, Rob Silvers, commends Microsoft for its recent security overhaul but vows to maintain a "muscular" effort to hold the company and other cloud giants accountable. While Silvers believes that Microsoft's changes meet the mark, he emphasizes the importance of follow-through. DHS will work closely with Microsoft as it rebuilds its security culture. Silvers also mentions a new CISA-led cloud assessment program that will publish annual reviews of cloud providers' security practices, creating incentives for compliance. The administration is open to discussing minimum security practices for the industry with Congress.
Senate Majority Leader Chuck Schumer's bipartisan AI working group has proposed a policy framework to regulate the use of AI in health care. The framework aims to harness AI's potential while addressing concerns related to bias, privacy, and patient safety. The group suggests a risk-based approach to scrutinize high-impact AI applications, explore transparency requirements, develop payment methods, allocate funding for AI research, enhance biosecurity measures, combat drug trafficking using data analytics, and consider liability standards for AI users and developers. The group emphasizes the need for committee-level discussions and individual bills to advance the framework.
Subscribe to our LinkedIn Cyber Briefing.
Subscribe to the daily Cyber Briefing email.
Subscribe to our Cyber Focus podcast.
Copyright ? 2024 Auburn University's McCrary Institute. All Rights Reserved.