Cybersecurity Fabric: The Future of Advanced Threat Response
Today, it is not enough to protect your assets by collecting high quality threat intelligence – organizations need inline detection & mitigation at line-speed to protect themselves from incoming or existing threats on the network. As cyber strategy shifts towards a “Zero Trust” model, your organization needs to ensure that every device, user, workload, or system is being monitored with a Cybersecurity Fabric. Join LookingGlass for our upcoming webinar October 2, 2pm EST to learn more.
September 5, 2019.
News from the 10th Annual Billington CyberSecurity Summit
We've been attending the 10th annual Billington CyberSecurity Summit in Washington, which began yesterday and wraps up today. The theme this year is "top government priorities: a call to action," and the presenters represent a strong mix of industry and government leaders. This year's Summit has a strongly international tone: Canada, Israel, and the United Kingdom. We share here a few highlights from yesterday's presentations.
Perspective from the Federal CISO. Grant Schneider, currently the US Federal Chief Information Security Officer, working from the Office of Management and Budget, explained that while his organization does have oversight responsibility, he sees it essentially as a “support structure” designed to enable sound cyber practices throughout the Federal Government. Schneider's predecessor and co-presenter, Brigadier General (retired) Greg Touhill (now president of Cyxtera Federal), said that his own views shifted over the course of his service. At one time he would have attributed most incidents to “careless, negligent and indifferent people.” But he eventually came to add "overworked," and that may be the most important risk factor. Learning how to manage risk under these conditions is a challenge, and Government personnel need to fully understand the new reality: “If you use a computer or a mobile phone, you are a cyber operator, and a target.” When both current and former Federal CISOs were asked what keeps them up at night, Touhill [corrected] pointed to the exposure of critical infrastructure to attacks against industrial control systems. As the Internet-of-things expands, risk exposure grows, and the cost of entry to threat actors declines. Schneider [corrected] gave a one-word answer: "China."
Notes on data and artificial intelligence. There are, a panel pointed out, two sides to artificial intelligence in cybersecurity: AI's use in cybersecurity, and the cybersecurity of AI systems themselves. Jack Shanahan, (Director of the US Department of Defense Joint Artificial Intelligence Center) described a challenge the Government has with artificial intelligence and data. The data the Government has collected (and it's been collecting data from the earliest days of the republic) is that collection obviously didn't assume that the data would be used with artificial intelligence. Commercial businesses like Amazon, Google, and Facebook aren't in this position. They don't have two centuries of legacy collection to reconsider. Dean Souleles (Chief Technology Advisor to the US Principal Deputy Director of National Intelligence) noted that a major problem with artificial intelligence is that we don’t really know what ‘normal’ is, and without some such baseline, it's unclear how we might detect anomalous behavior. Lynne E. Parker (Assistant Director of Artificial Intelligence, White House Office of Science and Technology Policy) raised the question of data integrity as a problem that grows sharper with the deployment of AI. Data poisoning attacks are a very real threat, and ensuring that data are trustworthy is a challenge, Weighing in from the private sector, Swami Sivasubramanian (Vice President, Amazon Web Services) compared stage of development of machine learning to the internet. "If the internet is still in Day 1 after 30 years, machine learning just awoke and hasn’t yet had a cup of coffee."
And thoughts from NSA's Cybersecurity Directorate. The day concluded with a fireside chat between Anne Neuberger, the director of the NSA’s new Cybersecurity Directorate, and Niloofar Razi Howe, a well-known cybersecurity venture investor. Howe asked if there was a strategy behind the directorate, which is set to launch on October 1st, and Neuberger said the goal was to “prevent and eradicate cyber actors from critical infrastructure.” She said NSA needed to change its approach in response to a drastically changing threat landscape. In particular, information operations changed with the rise of social media, and criminal operations changed with cryptocurrency. With the Cybersecurity Directorate, Neuberger plans to increase information sharing with other agencies and with the private sector, emphasizing how important it is to cooperate with social media companies to fight information operations. Neuberger also highlighted the threat posed by ransomware, saying that there are about 400,000 of these attacks per day. The intelligence community’s main objective is looking at threats posed by nation states, and Neuberger pointed to China as a major focus. She said the OPM hack, the Cloud Hopper activities, and rampant intellectual property theft reveal China’s goals.
We'll have more notes from the Billington CyberSecurity Summit tomorrow.
By the CyberWire staff
Facebook has sustained a significant data exposure incident. TechCrunch reports that a researcher found an unsecured database that contained data on some 419 million users. The data contained for the most part user phone numbers linked with account IDs, but in many cases it also included users' real names, gender, and country. The data were scraped: the exposed database was not maintained or controlled by Facebook. Facebook said that the information appear to have been scraped at some time before Facebook restricted third-party access to its data last year. Who scraped the data is so far unknown.
The head of NSA's Cybersecurity Directorate said yesterday at the Billington CyberSecurity Summit that ransomware represents an "interesting" threat to upcoming US elections. TheHill quotes Anne Neuberger as saying ransomware will be a "focus" of her Directorate during the election cycle. The ongoing wave of ransomware attacks against US local governments thus acquires another level of menace. Emsisoft thinks extortionists are choosing targets likely to pay. An IBM study concludes that taxpayers oppose paying.
There are fears currently finding expression in social media that big corporations routinely eavesdrop on phone calls and ambient conversations, the better to serve up targeted ads to chatty naïfs. The BBC says these fears are on balance unfounded, Wandera studied the concerns and concluded that they were mostly hooey.
The Feds got a guilty plea from one Kenneth Schuchman who copped to involvement in the Satori botnet. The Register's unkind lede is "One moron down, two to go."
Today's issue includes events affecting China, European Union, Iran, Ireland, Thailand, United Arab Emirates, United Kingdom, United States.
Bring your own context.
It's back-to-school time, as we've been noticing. It's easy to overlook the need kiddos have for some security help. That can sound preposterous, like helicopter parenting, but consider this:
"I think it was a couple years ago that my daughter was playing a game on her cellphone, and it sent her a text message, asking, we need some kind of authorization code for you to get more toys for the game. And she texted back, saying, my dad's sleeping right now so let me get back to you once he's awake. And I realized being in the cybersecurity profession myself, I haven't taught my own daughter the right skills. And there's a huge gap when it comes to teaching kids about cybersecurity. They're introduced to new technology very, very early on. You see 2-, 3-year-olds with iPads and phones, and they know how to use technology. And yet we're not teaching them the most important part, which is around cybersecurity."
—Rinki Sethi, chief information security officer at Rubrik, on the CyberWire Daily Podcast, 9.3.19.
You want to allow the children their Huck Finn time, but nowadays the Duke and the Dauphin are online, and it that don't fetch 'em, we don't know Arkansaw.
Correction: In the account above on the Billington CyberSecurity Summit, the section "Perspective from the Federal CISO" has been corrected. General Touhill was kept awake by ICS threats, Mr. Schneider by China. The attribution was originally reversed.
Conduct secure and anonymous research on the open and dark web.
If you are doing online research, the common web browser can betray you by exposing you and your organization to cyber attacks. Authentic8, the maker of Silo Cloud Browser and Silo Research Toolbox, ends this betrayal. Silo insulates and isolates all web data and code execution from user endpoints, providing powerful, proactive security even if you are gathering data and collections across the deep and dark web. Learn more.
ON THE PODCAST
In today's podcast, out later this afternoon, we talk with our partners at Bristol University, as Awais Rashid discusses the notion of bystander privacy. Carole Theriault speaks with Dov Goldman, Director of Risk and Compliance at Panorays, on the most noteworthy third-party breaches 2019 has so far seen.
And Hacking Humans is up. In this week's episode, "Think before you post," We have some follow-up from down under. Joe shares the story of a Mom scammed out of Gaelic Football League tickets. Dave describes a bounty hunter hoaxing suicide threats to get location information from mobile providers. The catch of the day requires a response from the grave. Our guest is Ben Yelin, senior law and policy analyst from the University of Maryland Center for Health and Homeland Security. He digs in to a particular Facebook scam that refuses to die.
Second Annual DataTribe Challenge(Online, October 1, 2019) Register now for a chance to be DataTribe's next world-class company. Finalists will split a $20,000 prize, and the winner may receive $2m in funding from DataTribe. Contestants have until October 1st to apply at www.datatribe.com/challenge.
Zero Day Con(Washington, DC, USA, October 22, 2019) Zero Day Con hosts a day of expert discussion on security approaches to regain control over your systems, data, and information. Join us to examine insights, security technologies, and key priorities to secure your systems. Get a 30% discount for Labor Day using code LABOR30.
OMB's CyberStat program is 'evolving'(FCW) Following an audit that found the Office of Management and Budget could be making better use of the cybersecurity reviews, Federal CISO Grant Schneider said agency is looking at revamping the program ahead of next fiscal year.
A huge database of Facebook users’ phone numbers found online(TechCrunch) Hundreds of millions of phone numbers linked to Facebook accounts have been found online. The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K…
Blevene/Crimeware-In-The-Modern-Era(GitHub) Paper and Links to Crimeware in the Modern Era. Contribute to Blevene/Crimeware-In-The-Modern-Era development by creating an account on GitHub.
The ‘weaponisation’ of vulnerabilities(ITWeb) Cyber criminals are exploiting vulnerabilities to launch co-ordinated attacks against individuals, businesses and specific groups, says Craig Jett, VP, Global Security Consulting at Dimension Data.
ZeroNorth Appoints Karen Higgins as Chief Financial Officer(ZeroNorth) Cybersecurity Industry Veteran Joins ZeroNorth to Drive Growth, Scale to Meet Demand for Risk-Based Vulnerability Orchestration Across the SDLC BOSTON – September 4, 2019 – ZeroNorth, the industry’s first provider of risk-based vulnerability orchestration across applications and infrastructure, today announced the appointment of Karen Higgins as chief financial officer (CFO). Reporting to John Worrall, chief …
Nozomi Networks Cyber Security Solution Embedded in RUGGEDCOM(Nozomi Networks) Fortinet and Nozomi Networks achieved another partnership milestone with two new integrations that deliver full security visibility and management across IT and OT environments. Now with comprehensive integrations for FortiGate, FortiNAC, and FortiSIEM, we’re helping eliminate the gap between IT and OT. Read on to learn how the integrations provide full visibility across IT and OT, allowing customers to detect and respond to threats more effectively.
F-Secure Countercept continues to win trust from US enterprises(Global Security Mag Online) F-Secure Countercept, an award-winning managed detection and response (MDR) solution from cyber security provider F-Secure, has won the trust of another US-based enterprise in a new deal. The contract, valued at over one million dollars (USD) per year, affirms F-Secure Countercept’s position as a world-class solution that enterprises trust to help them contain today’s increasingly advanced threats.
Scale Computing & Acronis Partner On Data Protection, Continuity, & DR(Storage Reviews) Today Scale Computing and Acronis announced a partnership for OEMs that will offer Acronis Backup through Scale Computing channels. This can bring all of the benefits of Acronis Backup (including archiving, enhanced data protection, disaster recovery, and threat mitigation) to the Scale Computing HC3 platform.
NIST Publishes Second Draft of Cyber Resilience Guidance(MeriTalk) The National Institute of Standards and Technology (NIST) has released draft two of Special Publication (SP) 800-160 Volume 2: Developing Cyber Resilient Systems. NIST Is seeking public comments on the draft through Nov. 1.
First Blockchain-Only Birth Certificates Recorded By IBM, Raising Stakes for Security(Dash News) The first blockchain-only birth certificates have been issued in Brazil through a partnership with IBM, achieving a major milestone in blockchain technology, as well as significantly raising the stakes for network security. On September 01 2019, the birth of Álvaro de Medeiros Mendonça became the first child to be registered only on the blockchain. This …
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
Newly Noted Events
RSA Conference 2020(San Francisco, California, USA, February 24 - 28, 2020) Be part of a conversation that has the power to change the world. Join top cybersecurity leaders and a dedicated community of peers as we exchange the biggest, boldest ideas that will help propel the industry...
9th Annual Peak Cyber Symposium(Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Peak Cyber Symposium is designed to further educate Cybersecurity, Information Management, Information Technology and Communications Professionals by providing a platform to explore some of today's...
9th Annual Peak Cyber Symposium(Colorado Springs, Colorado, USA, September 3 - 5, 2019) The Information Systems Security Association (ISSA) - Colorado Springs Chapter will once again host the 9th Annual Peak Cyber Symposium. This year's theme is "Cyber Hygiene: Everyday for Everyone." The...
10th Annual Billington CyberSecurity Summit(Washington, DC, USA, September 4 - 5, 2019) This year's theme is, "Reinventing Cybersecurity: Addressing Tomorrow's Top Cyber Challenges." The summit has become the world's leading summit on government cybersecurity. It will convene again U.S. and...
2019 Intelligence and National Security Summit(National Harbor, Maryland, USA, September 4 - 5, 2019) The Intelligence & National Security Summit, powered by AFCEA International and the Intelligence and National Security Alliance (INSA), is the premier forum for unclassified dialogue between U.S. Government...
Derbycon 2019(Louisville, Kentucky, USA, September 4 - 8, 2019) DerbyCon isn’t just another security conference. We’ve taken the best elements from all the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet...
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.