Cyber Briefing ~ 06/17/2024
McCrary Institute for Cyber & Critical Infrastructure Security
Working to protect and advance U.S. interests in the areas of cyber and critical infrastructure security.
The House and Senate Armed Services Committees have passed measures in their versions of the National Defense Authorization Act legislation directing independent assessments examining the prospect of an independent U.S. Cyber Force. The issue has gained momentum over the last year as threats have grown. The DOD has been conducting its own examinations of the future of cyber forces. Still, some observers believe it is working to prevent Congress from directing outsiders to study a Cyber Force. While the status quo is not working, detractors say now is not the time to shake things up.
The Cybersecurity and Infrastructure Security Agency (CISA) conducted its first tabletop exercise focused on AI cybersecurity, bringing together 15 companies and several international cyber agencies. The exercise aimed to understand AI-related cybersecurity incidents, foster information-sharing between industry and government and develop a collaborative approach to incident response. CISA plans to release an AI security incident collaboration playbook by the end of 2024 to guide future efforts in this area.
A wave of attacks on Snowflake customers' databases sheds light on the complex issue of responsibility in cloud security. While Snowflake primarily blamed customers who didn't use multifactor authentication (MFA), experts argue that cloud providers should raise minimum security standards and implement MFA by default. The Cybersecurity and Infrastructure Security Agency (CISA) advocates for MFA as part of its secure-by-design principles, but Snowflake does not enforce it by default. The incident has prompted Snowflake to consider requiring customers to implement advanced security controls, although details of the plan remain unclear.
Since 2010, GAO has made 1,610 cybersecurity recommendations, with federal agencies implementing 1,043 but leaving 567 unaddressed as of May 2024. Threats to essential technology systems are increasing, with 30,659 federal agency security incidents in 2022 alone. Concerted action is urgently needed to address four key challenges: establishing an effective cybersecurity strategy and oversight, securing federal systems and information, protecting critical infrastructure cybersecurity, and protecting privacy and sensitive data. Within these are 10 critical actions like improving incident response and workforce management. Until all recommendations are implemented, agencies will be limited in providing oversight, securing systems, protecting infrastructure, and safeguarding data. GAO has ongoing work to cover the 10 actions across the four challenge areas. With growing threats, the federal government must act to implement GAO's recommendations and address critical cybersecurity challenges fully.
NATO chief Jens Stoltenberg announced that the alliance is addressing Russian attempts to sabotage NATO through hostile activities. Defense ministers will discuss response options, including closer intelligence sharing, increased protection of critical infrastructure, and tighter restrictions on Russian intelligence personnel. NATO allies, including Poland, Germany, the United Kingdom, and the Czech Republic, have reported incidents of Russian sabotage, cyber attacks, and disinformation. Stoltenberg emphasized NATO's unwavering support for Ukraine despite Russian actions.
Lawmakers are pushing Commerce Secretary Gina Raimondo to include drones in the regulatory crackdown on Chinese-made vehicles capable of collecting and transmitting data. Concerns about national security risks associated with connected software and hardware also apply to uncrewed aerial vehicles.
Army Sees Combo of Kinetic, Non-Kinetic Capabilities as Essential to Combating China’s Military Mass
The U.S. Army believes combining kinetic weapons like missiles with non-kinetic capabilities like cyber and electronic warfare is critical to offset China's larger military. This lesson comes from Ukraine's experience against Russia's jamming. The Army's new All-Domain Sensing team aims to integrate sensors and enable rapid data sharing to apply effects at machine speed. They are focused on synchronizing kinetic and non-kinetic effects across domains, especially electronic warfare. The goal is to use sensors and command and control to inform commanders and enable both electronic support and attack capabilities.
The House Committee on Science, Space and Technology passed the bipartisan Expanding Partnerships for Innovation and Competitiveness (EPIC) Act, which would establish a nonprofit Foundation for Standards and Metrology to facilitate partnerships between NIST and academia, industry, and other organizations. This aims to supplement NIST's budget, given recent funding decreases. The foundation would have a democratic board with transparency requirements and safeguards against conflicts of interest. Supporters highlight NIST's importance for AI standards. The bill has bipartisan, bicameral support and over 40 organizational endorsements.
The Federal Aviation Administration issued a market survey seeking information on using artificial intelligence to improve aviation safety and enhance its safety information systems. The FAA aims to incorporate advanced analytics from commercial AI tools for deeper insights into safety events and predicting risks. This reflects the FAA's gradual exploration of AI amid hurdles in adapting the technology for the safety-critical aviation industry. The FAA wants to address potential data sensitivity and a variety of issues with AI.
Microsoft Vice Chair Brad Smith testified before the House Homeland Security Committee about Microsoft's efforts to bolster cybersecurity in response to the CSRB report on the Microsoft Exchange hack. Microsoft accepts responsibility and is implementing all 16 CSRB recommendations applicable to it, as well as 18 additional objectives under its Secure Future Initiative. Steps include transitioning identity systems, isolating production systems, protecting networks and engineering systems, enhancing monitoring and response, and incorporating security into performance reviews. Smith warned of escalating nation-state cyberattacks and ransomware, urging government and industry collaboration on cyber defense.
The House passed its annual defense policy bill, including a requirement for an independent study on creating a U.S. Cyber Force. The provision mandates the Pentagon Commission and the National Academy of Sciences to evaluate establishing a seventh military service focused on cyber operations. The Senate Armed Services Committee was also expected to include a similar amendment. DOD leaders have resisted the idea, arguing that Cyber Command should be given more time to mature before considering a separate cyber service. The House bill also includes provisions to designate the Joint Force Headquarters-DOD Information Network as a subordinate unified command under Cyber Command, establish a DOD Hackathon Program, and fence off some of the Defense Secretary's travel budget until overdue cyber studies are delivered.
A study published in Risk Analysis finds that advanced AI-driven cyberattacks could significantly reduce exports between China and the US. In simulated scenarios, China's exports to the US plunged over 8%, while US exports to China dropped nearly 6%. The attacks could paralyze payments, disrupt supply chains, and erode confidence. The study recommends investing in AI defense systems, international cooperation, and awareness to counter the threat.
Documents show London hospitals struggling with a recent cyberattack were aware of weaknesses leaving them vulnerable for years, failing to meet UK health service data standards. The Guy's and St Thomas' NHS Trust acknowledged in April that cybersecurity was a high risk before a ransomware attack in May forced the cancellation of some patient services. Concerns over meeting security standards were raised in board meetings over several years. The Trust says it has taken action to improve cyber defenses and is investigating the incident.
领英推荐
Sources say the International Criminal Court is investigating Russian cyberattacks on Ukrainian civilian infrastructure as possible war crimes. Attacks disrupting power, water, emergency services, or air raid warnings could lead to arrest warrants. ICC prosecutors have been working with Ukraine on attacks since the 2015 Crimean annexation. Groups like Sandworm are suspected. It's uncertain if destroying data is a war crime, but hacks endangering lives may qualify. Ukraine provided details of an attack on telecoms provider Kyivstar.
Amazon Web Services will launch an AWS infrastructure region in Taiwan by early 2025 and invest billions of dollars as part of its long-term commitment. The new infrastructure will enable local customers to store data securely and run workloads with low latency. AWS is accelerating global cloud spending as Amazon focuses on AI and catching up to competitors. AWS is Amazon's most profitable unit, with Q1 bottom line up 17% to $25B. Taiwan has become a center of the AI race with chipmaker TSMC. This year, AWS unveiled spending plans totaling billions on cloud infrastructure in Singapore, Japan, Mexico, and Saudi Arabia. AWS aims to invest almost $13B in India by 2030. Microsoft and Google also recently announced major cloud infrastructure investments in Southeast Asia and Malaysia.
Ascension, a large Catholic health system, disclosed that personally identifiable information and protected health data may have been exposed in a recent ransomware attack. The hackers accessed files on 7 of Ascension's 25,000 servers in early February before deploying ransomware. Ascension is still investigating the full extent of impacted data. While clinical systems like the EHR don't appear breached so far, a full forensic analysis is needed. The attack has disrupted care delivery, forcing Ascension to divert ambulances and delay procedures until key systems are restored. Ascension is working to fully restore its EHR by Friday across its 140 hospitals in 19 states. Cyberattacks on healthcare are rising, with hacking incidents now impacting more patient records than ever before.
Microsoft's response to the Cyber Safety Review Board's investigation into the 2023 Microsoft Online Exchange intrusion was questioned by a House panel. Lawmakers are seeking clarity on the findings and expressed concerns about the board's future work. Microsoft emphasized its cooperation with the investigation and its commitment to addressing the board's recommendations. The panel also discussed the inclusion of competitors on the board and the need to strengthen cybersecurity protection across the board. Legislation to codify the Cyber Safety Review Board is being worked on, and a hearing on secure by design will be held.
The National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence has requested feedback on a draft technical note for a water sector project aimed at securing remote access solutions used for operational technology interaction. The draft presents reference architectures and example solutions for various-sized water systems, including a cloud-based architecture. NIST is currently building lab prototypes described in the draft and may modify them based on input received.
The Federal Bureau of Investigation (FBI), in coordination with the Department of Homeland Security’s (DHS) Office of Intelligence and Analysis (I&A), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Election Assistance Commission (EAC) prepared this overview to help partners defend against insider threat concerns that could materialize during the 2024 election cycle. Recent examples of election security-related insider threats include a temporary worker inserting an unauthorized flash drive into a poll book, a state identifying published confidential passwords for its voting systems, and county officials allowing unauthorized access during an audit process. While foreign exploitation of insider threats is unlikely, adversaries could attempt to gain insider access to interfere with election infrastructure and undermine confidence in U.S. democratic institutions. Key elements of insider threat programs include procedures, access controls, audits, monitoring, and reporting incidents.
Ukraine's Cyber Police have arrested a 28-year-old individual suspected of offering services to the LockBit and Conti ransomware groups. The suspect specialized in developing crypters to obfuscate malicious payloads and evade security programs. The crypter was allegedly used by the ransomware syndicates to disguise their malware and carry out successful attacks. The arrest is part of a larger effort to combat cybercrime, with recent law enforcement actions targeting various criminal activities in the digital realm.
Traverse City, Michigan, and Newburgh, New York, have experienced ransomware attacks, leading to disruptions in services and the closure of government facilities. The cities are unable to process payments for taxes, water, permits, and other services. The FBI and Michigan State Police are involved in the recovery efforts in Traverse City, while Newburgh has retained outside IT experts to restore operations. Emergency services are unaffected in both cities. These incidents add to the growing number of ransomware attacks on U.S. city governments.
Microsoft President Brad Smith testified before a congressional committee, accepting responsibility for cybersecurity mistakes while calling for consequences for nation-state hackers. He discussed a recent DHS report on a breach linked to China's government and emphasized the need for clear red lines and collective action to hold threat actors accountable. Smith also addressed concerns about deepfakes and Microsoft's Recall feature, highlighting the importance of considering security aspects during feature design. He committed to providing Congress with updates on the implementation of cybersecurity recommendations.
The United States, United Kingdom, and Canada jointly accuse Russia of employing disinformation, propaganda, and criminal groups to interfere in Moldova's upcoming elections. They aim to support Moldova in countering Russian election interference and emphasize their commitment to democracy. Measures include sharing findings with the Moldovan government and urging Russia to respect Moldova's sovereignty and the outcomes of free and fair elections.
Lawmakers express skepticism and lack of trust towards Microsoft President Brad Smith during a congressional hearing, questioning the company's transparency regarding recent security breaches and its business operations in China. Microsoft faces increasing scrutiny and concerns about its cybersecurity practices.
Subscribe to our LinkedIn Cyber Briefing .
Subscribe to the daily Cyber Briefing email .
Subscribe to our Cyber Focus podcast .
Copyright ? 2024 Auburn University 's McCrary Institute. All Rights Reserved.