At a glance.
- ASD to put billions toward cybersecurity.
- Biden extends cyberthreat national emergency order.
- House passes cybercrime metrics bill.
- GAO report says CyberCom needs better metrics to support acquisitions.
- Election security warning: industry comment.
ASD to put billions toward cybersecurity.
On Tuesday the Australian Signals Directorate (ASD), the Defense Department’s signals intelligence and cybersecurity unit, announced a new A$10 billion spending package. The funds, Bloomberg explains, are intended to help the unit double its staffing and triple its offensive powers in an attempt to better protect against potential aggression from adversary China. A China-linked threat group was found to be behind the recent ransomware attack on Aussie electricity company CS Energy. The funding is part of a national defense program called REDSPICE, short for Resilience, Effects, Defense, Space, Intelligence, Cyber, Enablers. Rachel Noble, ASD director-general, told parliament last year that just one attack could drain Australia of A$30 billion and 160,000 jobs.
Biden extends cyberthreat national emergency order.
The White House yesterday announced it’s extending Executive Order 13694, a 2015 order declaring a national emergency in response to the “unusual and extraordinary” threat posed by malicious cyberactivity. Though the EO was set to expire on April 1 of this year, US President Joe Biden has deemed it necessary to extend the order for an additional year, no doubt motivated by the threat of potential Russian cyberagression as a result of the ongoing war in Ukraine. As Bleeping Computer notes, EO 13694 was originally issued by former President Barack Obama and included sanctions against entities found to be responsible for cyberattacks against the country. President Biden stated, “Significant malicious cyber-enabled activities originating from, or directed by persons located, in whole or in substantial part, outside the United States continue to pose an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States."
House passes cybercrime metrics bill.
The US House of Representatives Tuesday approved the Better Cybercrime Metrics Act, bipartisan cybersecurity legislation focused on improving the federal government’s tracking, measurement, and analysis of cybercrime. The Hill explains that the measure aims to help law enforcement agencies better identify, prevent, and prosecute cyber-related crime. Rep. Abigail Spanberger, who sponsored the bill, explained, “Our nation is under constant attack from cyber criminals. And with a range of new threats emanating from adversaries around the world — including the Russian Federation, Congress has an obligation to move legislation forward that can better protect the American people, their data, their finances, and their personal information.” She added that the law is intended to reveal disparities in reporting of cyberattacks compared to other types of crime. Following in the footsteps of recent cyberincident reporting legislation, the move signifies the government’s commitment to gathering as much information about malicious cyberactivity as possible. The Senate passed its version of the measure in December, and the bill now heads to President Biden’s desk to be signed into law.
Neil Jones, director of cybersecurity evangelism, Egnyte, sees the measure as an important step toward gaining an accurate picture of cybercrime:
"The Better Cybercrime Metrics Act, which passed the U.S. House of Representatives with broad bipartisan support, provides a series of mission-critical guidelines that are long overdue. If the bill becomes law, it will provide law enforcement with a clearer picture of online crimes in the U.S., by requiring the FBI to integrate cybercrime incidents into its current reporting streams to better understand the impact of the numerous cyber-crimes that Americans face. Government statistics indicate that only 10 to 12 percent of estimated cybercrime victims report their cybercrime incidents in the U.S., but accurate numbers are hard to come by, based on current reporting processes. For businesses, effective endpoint security, a powerful ransomware detection and recovery program, and Multi-Factor Authentication (MFA) can help combat potential attacks and prevent you from becoming a cyber-crime statistic."
GAO report says CyberCom needs better metrics to support acquisitions.
The US Government Accountability Office (GAO) yesterday released a report titled “Defense Acquisitions: Cyber Command Needs to Develop Metrics to Assess Warfighting Capabilities,” and it indicates that although US Cyber Command has strengthened its cyber warfighting abilities, the command has room for improvement when it comes to justifying acquisitions. FCW says the Senate-mandated study found that CyberCom needs to develop outcome-based metrics to better track a Joint Cyber Warfighting Architecture JCWA capability’s success in delivering mission goals in order to direct new acquisitions. GAO’s report states, “The command has been slow to determine metrics, in part because of inexperience conducting Value Assessments and the challenge of accounting for other factors—like new cyber operations tactics—on mission outcomes. If Cyber Command does not develop outcome-based metrics to inform future Value Assessments, it risks not being able to understand whether and how new capabilities benefit the cyber warfighting mission.” FedScoop explains that Cybercom’s JCWA was established in 2019 to help steer its acquisition priorities and covers four programs: the Persistent Cyber Training Environment, the data-management program Unified Platform, Joint Cyber Command and Control, and the Joint Common Access Platform. CyberCom officials say that understaffing has posed a challenge to determining the appropriate metrics, and that a request for additional resources has been submitted to the Office of Management and Budget.
Election security warning: industry comment.
As we noted yesterday, the US FBI has issued a Private Industry Notification warning of an uptick in phishing attacks targeting election officials ahead of the 2022 midterm elections. Magni Reynir Sigurðsson, Senior Manager of Detection Technologies at Cyren, describes how phishing can pay off in this context:
“By targeting election officials with invoice-themed phishing emails, cyber criminals increase the likelihood that the victim will click on the link and enter their credentials in what they believe to be legitimate day-to-day administration.
"As we get closer to the 2022 midterm elections, the data held on the systems of the officials will become ever-more valuable, and therefore ever-more attractive to cyber criminals looking to make a quick buck. The FBI are correct in speculating that these kinds of attacks will only increase. Therefore, it is more important than ever to implement Security Awareness Training (SAT) to educate people, including election officials, to recognise the basic signs of a phishing attack, such as spelling errors, incorrect logos, and inconsistent font size, and equip users with the necessary combative skills, including how to report links within suspicious emails, or to contact a company directly after receiving unexpected communication.
"It is also imperative that organizations implement multi-factor authentication (MFA) wherever possible to add an additional layer of security, including on webmail, virtual private networks, and services that can be used to access critical systems.
"However, it is important to note that SAT and MFA alone will never be enough to keep increasingly sophisticated phishing attacks at bay because humans are fallible, and a single phishing email fooling just one employee can be enough to facilitate an organization’s demise. Moreover, SAT often directs users to report suspicious emails to the company’s already over-burdened helpdesk or security staff for analysis, so is not adequate real-time protection.
"Therefore, SAT is best used in combination with the implementation of a resilient, layered security strategy for maximum protection against phishing attempts. This strategy should compromise continuous monitoring of all emails in every folder within users’ mailboxes, ongoing analysis of email sender and recipient behavior to detect anomalies, as well as real-time remediation capabilities. By adding instantaneous detection and elimination, any organization can dramatically minimize the aftermath should a malicious email make it through their defenses.”