How to Build a Security Operations Center (SOC) on a Budget
Get an in-depth look at how organizations with limited resources can set up a successful operations center for monitoring, detecting, containing, and remediating IT threats across applications, devices, systems, networks, and locations. Get all 5 Chapters in 1 eBook. Download your free copy now.
October 24, 2019.
"Caveat:" a new podcast on cybersecurity law and policy
The CyberWire is pleased to announce the launch today of “Caveat,” a new weekly podcast addressing cybersecurity law and policy, with a particular focus on surveillance and digital privacy. Caveat is available at our website.
This latest addition to the CyberWire’s popular lineup of programs is hosted by Dave Bittner and Ben Yelin, the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security. Each week, Dave and Ben break down important current legal cases, policy battles, and regulatory matters along with the news headlines that matter most. It’s not just a podcast for lawyers and policymakers; security professionals, businesses, and anyone concerned about privacy and security in the digital age will find the discussions accessible, relevant, and thought provoking.
We happily thank KnowBe4, the sponsor of Caveat, for their indispensable support.
SecurityWeek's 2019 ICS Cyber Security Conference
SecurityWeek's 2019 ICS Cyber Security Conference began its final day this morning with a discussion of the convergence of safety and cybersecurity. Dale Malony, OT Leader of Honda of America brought a manufacturer's perspective; Ben Stirling, Vistra Energy's Lead, Generation Cyber Security, contributed a view from the energy sector. It's a developing system, and, as Malony pointed out, we still tend to rely on "dragon slayers." He asked the community to think through education that can take personnel "from zero to hero." Stirling thinks education has to approach cybersecurity from both sides, bringing control engineers to an understanding of IT security, and IT personnel to an understanding of controls. "You have to approach the problem from both sides of the coin." Senior leaders in manufacturing companies are interested in consistent plant stability and a reliable product, and that's how they need to be approached on matters involving cybersecurity.
Four interesting side observations were made on safety and cybersecurity. First, the panelists have found it useful to get their control engineers certifications, because those were important to establishing credibility with the IT side. Second, they find it more difficult to get the IT types oriented to, and familiar with, control engineering than they do familiarizing the control engineers with IT because, "The IT types don't like it. They're used to air conditioning." (Much laughter at this second observation.) Third, the IT types need to find your stuff "cool" (apart from any air conditioning issues). If they can be induced to take an "innate interest" in the control engineering space, you've got a much better chance of working together effectively. And fourth, thinking in terms of safety as driving defensive priorities can be foreign to cybersecurity personnel who came up through the IT ranks. Bear this in mind when familiarizing them with plant controls.
A presentation on smart cities, and specifically on how IT and OT join forces to defend them, drew attention to another cultural gap the speaker perceived between the two communities. Trend Micro's William J. Malik sees the communities as having very different assumptions about the longevity of systems. Architectural decisions we take today can have significant consequences decades hence, and in Malik's view the IT community is not yet comfortable thinking in these terms.
We'll wrap up our coverage of SecurityWeek's 2019 ICS Cyber Security Conference tomorrow. In the meantime, you'll find an account of a presentation by Dragos on process integrity here.
By the CyberWire staff
Amazon Web Services sustained a distributed denial-of-service attack yesterday that affected AWS for some eight hours. Google Cloud also encountered difficulties on Tuesday. Computer Business Review says there are no indications the two incidents were connected. Both AWS and Google Cloud services report they've now returned to normal operation.
Pilz Gmbh, an automation tool manufacturer with headquarters in Ostfildern, Baden-Württemberg, and operations globally, has disclosed that it continues to recover from a ransomware incident that began on October 13th. ZDNet says the ransomware was Bitpaymer, with business but not production systems affected.
BlackBerry Cylance's ThreatVector has an account of how mobile malware has assumed an important position in the cyber espionage space. Several nation states actively engage in this form of spying, and the researchers emphasize that this is neither a novelty nor a niche effort, "but a longstanding part of a cross-platform strategy integrated with traditional desktop malware in diverse ways across the geopolitical sphere." Beijing, Hanoi, Pyongyang, and Tehran have been particularly active against both Android and iOS targets, and they all show a troubling degree of sophistication. Many of these efforts have their origins in highly targeted work against specific targets, and many of those targets are domestic.
The US FBI has given Congress an overview of election-security preparation.
In what's presumably not an admission against interest, Huawei's global cybersecurity and privacy officer tells ZDNet that, you know, it's probably easier to bribe a telco executive than it is to backdoor equipment. (So don't sweat those backdoors?)
Today's issue includes events affecting Australia, Austria, China, European Union, Germany, Iran, Democratic Peoples Republic of Korea, NATO/OTAN, Russia, Sri Lanka, United States, and Vietnam.
Bring your own context.
Much of the concern over deep fakes has centered on their potential for harassment, embarrassment, or political disinformation. But this family of techniques has other security implications as well.
"And also in the cybersecurity space, we're seeing growing concern about the ability of synthetic voice audio in particular right now to enhance social engineering attacks, such as fraud and kind of impersonation attacks, where someone could use synthetic voice audio to impersonate a CEO or another kind of C-suite executive or something like this to move money or to make key business decisions. So, you know, there are multiple vectors. I think it's general level, whereas deepfakes threats any process where audio visual media is used to inform key decision-making or key communications."
—Henry Ajder, from Deeptrace Labs, on Hacking Humans, 10.24.19.
The modern workplace is infiltrated everyday — bring your own device policies and increased vendor access have introduced a whole new layer of cyber risk to the office environment. Since no vendor or customer should be automatically trusted, Zero-Trust frameworks have become more prevalent. How can organizations best protect themselves and their networks? Join LookingGlass’ Eric Olson & James Carnall for a webinar discussing best practices and war stories at 1 pm ET October 31, 2019.
Hacking Humans is up. In this episode, "The ability to fundamentally deceive someone," Joe has the story of a convincing scammer who makes an innocent woman doubt herself. Dave describes an online utility that helps users delete unwanted user accounts and also rates the difficulty of doing so. The catch of the day requests help in an investment scam (but lacks punctuation). Our guest is Henry Ajder from Deeptrace Labs discussing their research on deep fakes.
And, finally, the CyberWire's new weekly podcast Caveat is also up. In this inaugural episode, "Crowdsourced private surveillance," Dave shares a candidate's plan to make personal data private property. Ben describes a system of crowdsourced private surveillance. The listener on the line has a question about expectations of privacy in places like shopping malls. Our guest is Kim Phan from the law firm Ballard Spahr, here to discuss new privacy legislation going into effect in Nevada.
Georgetown University Programs in Cybersecurity Webinar(Online, October 29, 2019) We invite you to learn more about the Master's and Graduate Certificate in Cybersecurity Risk Management at Georgetown University. Our programs prepare you with hands-on practice developing and executing integrated strategies, policies, and safeguards to manage cybersecurity risks across an enterprise. Register for a free webinar on October 29 at noon ET to learn more.
IMAGINE, A MISI salon-style bespoke dinner event(Columbia, Maryland, United States, November 1, 2019) IMAGINE a world where more young women can see themselves in the faces of the legendary women of science & technology – and say, "Yes I can!" The event on November 1 is a fundraiser in support of the region's unique and inclusive STEM program and will be held at the DreamPort Facility in Columbia Maryland. While its focus is on the under-represented young women, young men are also included in MISI's STEM programs.
Cyber Security Summits: November 6 in Boston and November 21 in Houston(Boston, Massachusetts, United States, November 6, 2019) Register for reduced admission to the Cyber Security Summit with promo code cyberwire19 for $95 admission ($350 without code). Sr. Level Executives are invited to learn about the latest threats & solutions in Cyber Security from experts from The FBI, Google, IBM, Verizon, Center for Internet Security and more. Breakfast, Lunch & Cocktail Reception are included with your admission. Your full day’s attendance will earn you 6 CEUs. Passes are limited, secure yours today: www.CyberSummitUSA.com
NXTWORK 2019(Las Vegas, Nevada, United States, November 11 - 13, 2019) Join us at NXTWORK 2019 to learn, share, and collaborate with GameChangers from companies across the networking industry. This year’s event features keynotes from Juniper executives, as well as special guest speaker Earvin “Magic” Johnson, along with 40+ breakouts and master classes led by Distinguished Engineers, as well as various opportunities for certification testing and training.
Process integrity as central to ICS security(The CyberWire) "The past and future of integrity-based attacks in ICS environments." Industrial control systems aren't smart buildings, still less the whole Internet of Things. When we talk about ICS, we should be clear that we're talking about control of industrial processes.
MedusaLocker Ransomware Wants Its Share of Your Money(BleepingComputer) A new ransomware called MedusaLocker is being actively distributed and victims have been seen from all over the world. It is not known at this time, how the attacker is distributing the ransomware.
Your Cache Has Fallen: Cache-Poisoned Denial-of-Service Attack(CCS '19) Web caching enables the reuse of HTTP responses with the aim to reduce the number of requests that reach the origin server, the volume of network traffic resulting from resource requests, and the user-perceived latency of resource access.
Dodgy mobile apps found to be on the increase: RiskIQ(ITWIre) The number of blacklisted mobile apps in the 120-odd mobile stores, examined by security firm RiskIQ on a regular basis, grew from 44,850 to 53,955, a rise of 20%, the company said in its mobile threat report for the second quarter of the year.
Huawei: Easier to bribe telco staff than build backdoors(ZDNet) It requires so much effort to build backdoors into networking equipment that work across different global communications networks and system configurations that it likely is easier and more effective to bribe a telco executive, says Huawei's chief cybersecurity officer.
Analysis | When Will Boeing 737 Max Fly Again and More Questions(Washington Post) Two crashes within five months -- Lion Air Flight 610 in October 2018 off the coast of Indonesia and Ethiopian Airlines Flight 302 in March outside Addis Ababa -- killed 346 people and led to a global grounding of Boeing Co.’s 737 Max jets, the fourth generation of a venerable brand first flown in 1967. Uncertainty over when it will fly again is rippling through the airline industry and Boeing’s finances. The U.S. manufacturer’s bill is $9.2 billion and rising, as it faces questions about the pl
The Underrated Risks of Data Exposure(Terbium Labs®) We surveyed over 300 information technology (IT) professionals in the United States and Canada to better understand how businesses currently monitor and detect incidents of exposed data on the Internet, their current and future risks and the potential negative outcomes.
Risk Management And Black Swan Events(Forbes) Black Swans bring challenges to risk management, especially in our rapidly transforming technological landscape. However, those transformative changes in emerging technology add to the ability to analytically forecast and try to mitigate Black Swan events.
Forcepoint Web Security offering reaches for the edge(SearchSecurity) Incorporating elastic cloud gateway technology, Forcepoint Web Security provides protection for the growing number of network perimeters associated with the growing corporate multi-cloud implementations. The offering grants access to content from any edge location.
Information Security Forum Teams with NIST to Create Online Informative References(PRLog) Information Security Forum Teams with NIST to Create Online Informative References. The Information Security Forum (ISF) has been working with the United States National Institute of Standards and Technology (NIST) as part of a pilot project to create Online Informative References (OLIRs) between information security standards and the...
On “Quantum Supremacy”(IBM Research Blog) Recent advances in quantum computing have resulted in two 53-qubit processors
TU Announces Enhanced Cyber Program(Tulsa Public Radio) The University of Tulsa together with venture group Team8, today announced a first-of-its-kind advanced degree program to create experts in cyber R&D,
IAB Issues Draft CCPA Framework(Cooley) The Interactive Advertising Bureau (IAB) has released for public comment the IAB California Consumer Privacy Act Compliance (CCPA) Framework for Publishers and Technology Companies. According …
FBI Updates Initiative to Protect U.S. Elections from Cyberattacks(BleepingComputer) FBI has updated and expanded the resources and tools designed to help political campaigns, private businesses, and individuals to better understand and mitigate risks posed by foreign entities' cyber intrusions and disinformation efforts during the 2020 U.S. election season.
NSC Makes Cyber Security For Space Industry ‘Top Priority’(Breaking Defense) The National Security Council, Air Force Space Command, the Missile Defense Agency, and NASA among others will share analysis about, warnings of, and potential responses to cybersecurity threats to satellites and ground stations with industry under a new public-private partnership.
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Industrial Control Systems (ICS) Cyber Security Conference(Atlanta, Georgia, USA, October 21 - 24, 2019) SecurityWeek’s ICS Cyber Security Conference is the conference where ICS users, ICS vendors, system security providers and government representatives meet to discuss the latest cyber-incidents, analyze...
PCI SSC 2019 Europe Community Meeting(Dublin, Ireland, October 22 - 24, 2019) The PCI Security Standards Council’s 2019 Europe Community Meeting is the place to be. We will provide you with the information and tools to help secure payment data. We lead a global, cross-industry effort...
Omaha Cybersecurity Conference(Omaha, Nebraska, USA, October 24, 2019) Data Connectors brings together security professionals to discuss mitigating risk and improving their overall security posture. Eight industry speakers, an FBI/NSA/DHS keynote speaker, and a CISO Panel...
Florida Cyber Conference 2019(Tampa, Florida, USA, October 24 - 25, 2019) Join hundreds of stakeholders from Florida's cybersecurity community and beyond for innovative content, in-depth discussion, hands-on demos, networking, and more! With more than 20 breakout sessions across...
National Security Leaders Symposium(Naples, Florida, USA, October 27 - 29, 2019) If there is anything that unifies CISOs, change is the one constant. For 2019, the focus is on the rapid evolution of the security industry, the rising tide of visibility on security organizations, and...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.