ICD Brief 35.
This week’s ICD Brief brings encouraging news of increasing investment in critical infrastructures, bilateral agreements, memoranda of understanding, public private partnerships from the US, Canada, China, Estonia, the EU, Germany, Guyana, India, Japan and NATO.
Our Feature: Google and Sister Company to Offer Cyber Security to Election Groups “Google and sister company Jigsaw are joining forces to defend election organizers and civic groups [world wide] against cyber attacks free of charge .as the broader tech industry seeks to fend off criticism that it is not doing enough to stop online efforts to distort elections..”
Our Software Update on Israeli cybersecurity defense firm Cybellum’s discovery of the so-called “DoubleAgent attack. that can be used maliciously to gain access to vulnerable antivirus programs, and weaponize them.
“Siemens, a global engineering leader, and Atos, a global leader in digital services, have entered into a Memorandum of Understanding (MOU) and will leverage their portfolios to help US utilities and the oil and gas industry establish an integrated first line of defense against cyber-attacks. Siemens and Atos work together in the area of cybersecurity for industrial companies, providing customers in the manufacturing and processing industries with comprehensive security services and products.”
“The Homeland Security Department hopes to produce a new strategy to protect and defend federal networks within the next couple months and to implement it within two years, the department’s acting cyber lead said Monday. I think we can do it and I think we have a lot of support from the administration leadership,” Jeanette Manfra, acting deputy undersecretary for the DHS cyber division, said during a New America think tank cybersecurity conference.”
“The U.S. Chamber of Commerce is making several recommendations for the Trump administration on cybersecurity, including soliciting private sector input for a new cybersecurity strategy and modernizing the government’s IT infrastructure. The Chamber unveiled the cybersecurity policy priorities on Thursday at a conference in Salt Lake City.”
“Earlier this month, the Subcommittee on Cybersecurity and Infrastructure Protection of the Homeland Security Committee held a hearing to determine the value and effectiveness of the current engagement between the private sector and the Department of Homeland Security (DHS). DHS wanted to see what made particular outreach efforts successful, and how the private sector was approaching cybersecurity.”
“Christopher Krebs, a cybersecurity policy executive for Microsoft and vice-chair of the National Cyber Security Alliance, started work this week as a senior counselor to Homeland Security Secretary John Kelly, the first major cyber-policy appointment at the department. Krebs “started at [the Department of Homeland Security] this week, as a senior counselor, and he’s generally working cyber issues,” DHS Spokesman David Lapan told CyberScoop via email.”
“Last week the Idaho National Laboratory (INL) and the Department of Homeland Security (DHS) announced the successful completion of the 100th iteration of the Industrial Control Systems Cybersecurity training on defending systems used across the critical infrastructure sectors. Since April 2007, over 4,000 cybersecurity professionals have participated in the advanced course. These professionals represent all 50 states, the international cyber community and all 16 of the nation’s critical infrastructures. The training is conducted in Idaho Falls, Idaho, and is hosted by the DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). Lane Thames, Software Development Engineer and Security Researcher at Tripwire commented below.”
“A quartet of former government cyber specialists stood behind a congressional proposal to elevate the Homeland Security Department’s cyber mission during a Wednesday hearing, saying structural barriers currently hinder the department from doing its best to defend government networks. That proposal, championed by House Homeland Security Committee Chairman Michael McCaul, R-Texas, has been bedeviled, however, by congressional gridlock and by overlapping jurisdictions among committees.”
“Back in 1991, when Marina Kaljurand was new to Estonia’s recently established foreign ministry, very few people had heard of the Internet. So it seems improbable that, just over a quarter of a century later, she would be charged with leading a global commission to ensure a stable future for a cyberspace that connects nearly four billion users. But that is exactly what she has done. So as we celebrate Women’s History Month, it is not unreasonable to see Kajurand’s appointment as a milestone in the short and undeniably male-dominated history of cybersecurity.”
“Ahead of a 450-soldier Canadian-led NATO deployment to Latvia, military planners in the country are reportedly sending a contingent of cyber-warriors to fend off Russian sabre-rattling in the region, according to CBC News. Brigadier-general Paul Rutherford, commander of the Canadian military’s Joint Forces Cyber-Component, told CBC that the decision was made to help respond to attacks which target civilians, rather than government infrastructure, similar to the attack on government agencies and banks in Estonia in 2007.”
“On February 4, 2017, the Cyberspace Administration of China (“CAC”) issued its consultation draft measures for the security review of online products and services (“draft measures”), among the anxieties caused by the vagueness of multiple provisions in China’s Cyber Security Law (“Cyber Security Law”). Cyber Security Law was promulgated by the Standing Committee of the National People’s Congress of China (“NPC”) on November 7, 2016, which will take effect on June 1, 2017. CAC’s February move, immediately following the Chinese New Year holidays, marks the first top-level administrative efforts to clarify the Cyber Security Law. CAC, also known as the Office of the Central Leading Group for Cyberspace Affairs, was founded in 2014 and operates under a special group headed by the Communist Party General Secretary and President of China, Mr. XI Jinping and imposes an “imperial envoy” type of influence on the enforcement of the Cyber Security Law. ”
“At the China Development Forum in Beijing on Sunday (March 19), Mastercard CEO Ajay Banga shared how the proliferation of connected devices has opened the door for China to upgrade its cybersecurity framework in order to keep pace with increasing digital connectivity and integration. Banga discussed how small and medium enterprises (SMEs) are in need of significant support to help manage and mitigate cyber risks. In his opinion, both the public and private sector have a shared responsibility to help develop solutions that would protect against growing threats by exchanging knowledge and working together.”
“CERT-EU’s mission is to support the European Institutions to protect themselves against intentional and malicious attacks that would hamper the integrity of their IT assets and harm the interests of the EU. EASA and CERT-EU will cooperate in the establishment of a European Centre for Cyber Security in Aviation (ECCSA).”
“Meet the man in charge of protecting Europe’s largest country against the ever-changing threat of hacking: the German government’s IT commissioner, Klaus Vitt. During an interview with POLITICO at the German Interior Ministry, Vitt described the country’s current cyber threat level as “increasingly critical,” announced plans to cooperate with private companies and explained why his analysts believe most professional hacking attacks on Germany come from Russia or China.”
“The Guyana Police Force (GPF) in collaboration with the Zara Group of Companies today, re-commissioned the computer training centre as the Zara Cyber Security Centre.
The Zara Cyber Security Centre
Located at the Felix Austin Training College, Eve Leary, the centre is a realisation of long-standing collaboration between the GPF and the Zara Group. Valued at $20.5M, the centre is expected to boost the GPF’s ability to fight cybercrime”
“The Indian Cabinet chaired by the Prime Minister Narendra Modi has been apprised of the Memorandum of Understanding (MoU) signed between the Indian Computer Emergency Response Team (CERT-ln) under the Ministry of Electronics and Information Technology and the US Homeland Security Department on cooperation in the field of Cyber Security. The MOU was signed on 11th January 2017 in New Delhi.”
“Japan and Germany agreed Monday to coordinate on international standards for the “internet of things” and artificial intelligence in a collaboration that could benefit Japanese technology companies.”
The Clever ‘DoubleAgent’ Attack Turns Antivirus Into Malware Discovered by researchers at the Israeli cybersecurity defense firm Cybellum, the so-called “DoubleAgent attack” takes advantage of the Microsoft Application Verifier, a tool used for strengthening security in third-party Windows applications, to inject customized code into programs. The approach could potentially manipulate any software target, but antivirus programs would be particularly appealing to an attacker since they have such extensive system privileges for scanning.”
“Microsoft released a security-minded architecture for antivirus three years ago, called Protected Processes, that successfully protects users against Double Agent. The researchers only found one antivirus program that had implemented Protected Process—Microsoft’s own Windows Defender.
Update March 23, 2017 5:30 pm: Four of the named antivirus vendors contacted WIRED with statements about DoubleAgent. Both Kaspersky Lab and Avast say they have patched the bug. Comodo says that its antivirus’s default protections already negated the attack. Symantec says that its Norton Security products were not vulnerable, but adds that it has “developed and deployed additional detection and blocking protections to users in the unlikely event they are targeted.”
“Google and sister company Jigsaw are joining forces to defend election organizers and civic groups against cyber attacks free of charge as the broader tech industry seeks to fend off criticism that it is not doing enough to stop online efforts to distort elections. The growing frequency of politically-motivated online attacks — from the recent hacking of Twitter accounts by Turkish nationalists to the U.S. Democratic Party’s email breach — has left governments and pro democracy groups scrambling for ways to thwart hackers and the rising tide of “fake” news.”