Home Tags Cyber Defence

Tag: Cyber Defence

Australia’s new critical cyberdefender needs action rather than announcements

The newly-announced Critical Infrastructure Centre could become Australia's hub for the kind of civil cyber defence corps that have been suggested for years. Let's hope it starts with SCADA.

UK.gov state of the nation report: Infosec’s very important, mmmkay

Gov Secure Internet to be revamped, world still on brink of digital destruction, etc etc The UK government’s first annual report on the implementation of the 2015 National Security Strategy has reaffirmed that cyber-security remains a key priority. The 39 page report (pdf) lists cyber-security alongside Russia’s actions in Syria and Ukraine and terrorism as among the greatest threats Britain faces. The range of cyber threats and cyber actors threatening the UK has grown significantly – both from state and non-state actors.

The UK increasingly relies on networked technology in all areas of society, business and government.

This means that we could be vulnerable to attacks on parts of networks that are essential for the day-to-day running of the country and the economy. The government goes on to say that it is “working with industry, especially communications service providers, to make it significantly harder to attack UK internet services and users, and to greatly reduce the prospects of successful attacks having a sustained impact on the UK”. The National Cyber Security Centre, which opened for business in October, will have a key role in co-ordinating response and developing best practice. May Day PM Theresa May's administration updated the National Cyber Security Strategy in November 2016.

The updated strategy - which did not contain any new spending pledges - is expected to include an increase in focus on investment in automated defences to combat malware and spam emails as well as a greater emphasis on building skills and research.

The revamped programme also places a greater emphasis on active cyber defence, a broad term that in practice means anything from running honeypot networks to hacking back against adversaries. We continue to invest in cyber detection and response, as attacks against the UK continue to rise. Over the last year, we have developed new technical capabilities to improve our ability to detect and analyse sophisticated cyber threats. Law enforcement continues to work with industry partners to increase specialist capability and expertise, as well as providing additional training in digital forensics. We are also continuing to progress our Active Cyber Defence measures against high-level threats, by strengthening UK networks against high volume/ low sophistication malware. The report unveiled plans, still only at the proof of concept stage, to develop a new secure cross-government network to “enable more efficient handling of national security matters”. No timetable was given for what might be described as the Government Secure Intranet (GSI) 2.0. Skills are always a key problem in the cyber security arena.

The UK government wants to promote cyber security education, starting with teenagers in schools and going all the way up to university programmes. A new Cyber Security Skills Strategy is now under development, which will set out how we will work with industry and academic providers to secure a pipeline of competent cyber security professionals. GCHQ’s CyberFirst scheme was established to identify, support and nurture the young cyber talent the UK will need in the digital age.
In 2016, we announced a major expansion to the scheme, including a programme in secondary schools, with the aim of having up to a thousand students involved by 2020.

The first cohort of 14-17 year olds will begin training under this programme in 2017. We are working with industry to establish specific cyber apprenticeships for three critical national infrastructure sectors: energy, finance and transport.

Acknowledging the key role universities play in skills development, we are also working to identify and support quality cyber graduate and postgraduate education, building on the certification programme for cyber security Masters courses, established by GCHQ. We are working to establish an active body to provide visible leadership and direction to the cyber security profession, and to advise, shape and inform national policy. Moving towards tackling cyber crime, the National Crime Agency (NCA) and the police have increased their numbers of ‘cyber specials’ working alongside law enforcement officers on cyber crime, and are “making good progress towards a target of 80 cyber specials in post by the end of March 2018”.

To tackle criminal use of the 'dark web', a new Dark Web Intelligence Unit has been established within the NCA, the report states. “The upgrade of its capability will continue throughout the 2016-17 financial year and beyond leading to significantly greater technical capability.

This will enable the use of multiple data sources, offer new and different types of analysis, and coordinate with multiple agencies to deal with issues at scale.” Back to more mundane matters, the UK government is also investing in regional cyber crime prevention coordinators, who “engage with SMEs and the public to provide bespoke cyber security advice”. On a related theme, UK.gov promised to promote its Cyber Essentials scheme to help businesses protect against common cyber threats. Although GCHQ and policing agencies are most vested in developing cyber security policies, the cyber arena also enters into the work of other government departments.

For example, the FCO’s £3.5m Cyber Security Capacity Building Programme is delivering a portfolio of 35 projects benefiting 70 countries to support the “openness and security of networks that extend beyond our own borders”. To help promote commercial endeavours in security the government is introducing two new cyber innovation centres based in Cheltenham and London; academic start-ups; a £10m Innovation Fund; a proving ground; and an SME boot camp. “GCHQ has reached out to industry and encouraged firms to invest in cyber security research through the CyberInvest programme which now has 25 industry members committed to investing millions of pounds in cyber security research at UK universities over the next five years,” the government report added. ® Sponsored: Want to know more about PAM? Visit The Register's hub

Symantec buys anti-ID fraud firm LifeLock for $2.3 billion

Ben Hudsonreader comments 13 Share this story Symantec, one of the biggest consumer computer security firms in the world, is about to become even bigger with plans to buy LifeLock—an identity-theft protection service. The proposed $2.3 billion (£1.86 billion) deal has been okayed by the boards of directors of both companies, and is expected to close in the first quarter of 2017, pending regulatory approval. LifeLock's shareholders will receive $24 (£19.45) per share—a 16 percent premium to its closing price on Friday of $20.75. Symantec, which owns the Norton suite of cybersecurity software, claimed that the deal will make it the world's largest consumer-facing online protection outfit. "As we all know, consumer cybercrime has reached crisis levels. LifeLock is a leading provider of identity and fraud protection services, with over 4.4 million highly-satisfied members and growing. With the combination of Norton and LifeLock, we will be able to deliver comprehensive cyber defence for consumers,” said Symantec chief Greg Clark. The cybersecurity market is growing: it's currently worth around $10 billion (£8.1 billion), while Symantec estimates that the total addressable market in the US alone is 80 million people. Tempe, Arizona-headquartered LifeLock says it provides "proactive identity theft protection services for consumers and consumer risk management services for enterprises." Among other things, it apparently alerts users to unauthorised identity access by monitoring new account openings and credit applications, while it also trains police, government, merchants, and NGOs in identity protection techniques. Symantec is taking on $750 million (£608 million) in new debt to finance the purchase, which follows its acquisition in August of cloud security firm Blue Coat for $4.65 billion (£3.77 billion).

That deal saw Clark—who had been Blue Coat’s CEO—take the helm at Symantec.

The company's former boss, Michael Brown, was ousted earlier this year following disappointing financial results. This post originated on Ars Technica UK

UK will retaliate against state-sponsored cyber attacks, Chancellor warns

Middle path between cheek-turning and all-out war Microsoft Decoded Britain will strike back against nations launching cyber attacks on the UK’s critical national infrastructure. Chancellor Philip Hammond promised retaliatory measures against state-sponsored hackers while unveiling an expanded $1.9bn, five-year national cyber security strategy. Crucially this isn’t new money - Hammond’s predecessor George Osborne had announced this in November 2015, during the last spending review. What was new was the pledge Britain would go on the offensive against attackers and not simply turn the other cheek.

The alternative, Hammond, warned was armed war. Also new was a sharper focus, announced by Hammond, around tactics and strategy around cyber security to protect the nation’s critical national infrastructure and business. In October defence secretary Sir Michael Fallon said Britain had used cyber warfare against ISIS as part of the bid to retake the Iraqi city of Mosul. “We will deter those who seek to steal from us, or harm our interests,” Hammond told Microsoft’s Future Decoded conference in London on Tuesday. “We will strengthen law enforcement to raise cost and reduce rewards,” he said of criminal attackers. He promised the UK would “continue to invest in cyber defense capabilities - the ability to trace and retaliate in kind is likely to be the best deterrent. “If we don’t have the ability to respond in cyberspace to attack that takes down power networks or air traffic control systems we would be left with the impossible choice of turning the other cheek or resorting to a military response - that’s a choice we don’t want to face.” “No doubt the precursor to any state-on-state conflict would be a campaign of escalating cyber attack. We will not only defend ourselves in cyberspace but will strike back in kind when attacked.” Moments before Hammond, who chairs the Cabinet’s cross-department cyber-security committee, had listed high-profile cyber attacks against other nation’s critical infrastructure. He didn’t name those responsible, but many attendees inferred the attacks were sponsored by Russia. He referenced the April 2015 takedown of French TV network TV5 initially blamed on ISIS but subsequently attributed to a group of hackers with links to the Kremlin.

A power blackout in the Ukraine following an attack on power utilities has also been blamed on Russia-based hackers. Moscow has backed separatists in the former Soviet republic seeking the reunification of the USSR. Hammond asked that suggestions as to who might be behind those attacks should be written on a postcard and posted to No. 11. Under the new cyber strategy, Hammond pledged a five-year plan to “work to reduce the impact of cyber attacks and to drive up security standards across public and private sectors.” This would involve ensuring government networks are secure and see UK government “taking a more active cyber defence approach” using tactics such as automatic protection to secure UK users “by default”. He pointed to the recent rollout of software to cut to zero an estimated 50,000 fraudulent emails a day from hackers purporting to be from HMRC offering tax refunds in order to obtain people's bank details. Hammond promised “increased investment” in the “next generation” of students and experts and talked up the formation of a virtual link-up between universities to secure laptops, tablets and smartphones. The Chancellor also laid responsibility for greater security at the feet of Britain’s chief executives. Having name-checked TV5 and the Ukraine, he referenced last year’s TalkTalk attack - which is almost certainly not the work of a nation state.

Altogether five suspects, all based in the UK, have so far been arrested in connection with the 2015 hack. That breach saw details of 156,959 customers sprung with TalkTalk fined a record £400,000 by the Information Commissioner. “CEOs and boards must recognise they have responsibility to manage cybersecurity,” Hammond said. “Similarly, technology companies must take responsibility for incorporating the best possible security measures into the technology of their products.

Getting this right will be crucial to keeping Britain at the forefront of digital security technology.” ®

UK government vows to sink $2.3 billion into new cybersecurity plan

EnlargeDefence Images reader comments 8 Share this story The UK government has promised to spend nearly £2 billion over the next five years to try to tackle the growing problem of cyber attacks in the country. Recent research suggested that Britain is particularly susceptible to data breaches involving compromised employee account data. Nonetheless, chancellor of the exchequer Philip Hammond claimed on Tuesday that the country is "an acknowledged global leader in cyber security." Number 11's occupant crowed that the previous Tory-led coalition government had chucked £860 million at the problem, but Hammond then undermined himself somewhat by adding that "we must now keep up with the scale and pace of the threats we face." Which underlines the fact that the government is playing catch-up in its race against cybercrims. The answer, according to the treasury, is to up taxpayer-funded spending in the fight against cyber attacks.

The chancellor said: Our new strategy, underpinned by £1.9 billion of support over five years and excellent partnerships with industry and academia, will allow us to take even greater steps to defend ourselves in cyberspace and to strike back when we are attacked. If your toes aren't already curled enough, perhaps paymaster general Ben Gummer can help. He said: "No longer the stuff of spy thrillers and action movies, cyber-attacks are a reality and they are happening now. Our adversaries are varied—organised criminal groups, 'hactivists,' untrained teenagers, and foreign states." Readers of these pages know that there is nothing new about baddies misbehaving on the Web.

But since the TalkTalk hack attack in October 2015, such crimes have finally gone mainstream. The treasury added that Whitehall's hefty investment would be three-pronged.
It said a "world-class cyber workforce" would be developed, added that the UK would "use automated defences to safeguard citizens and businesses against growing cyber threats," and said that deterrent plans would be put in place propped up by better policing capabilities. Number 11 said it would work closely with industry partners such as Bath-based Netcraft—an outfit that specialises in Internet security services and counts clients that include Microsoft, BT, Cisco, and Intel. Hammond is also expected to announce plans to invest in the next generation of infosec experts with a new Cyber Security Research Institute, which we're told is a "virtual collection of UK universities" that will be tasked with beefing up smart phone, tablet, and laptop security "through research that could one day make passwords obsolete." The GCHQ-backed National Cyber Security Centre opened its doors for the first time last month.

By early 2017, the government has promised that the cyberhub will have a 700-strong team running the show. However, the government's so-called National Cyber Security Strategy isn't entirely welcomed by industry.
ISPs recently expressed concern about regulatory meddling, arguing that the focus should be on raising awareness, rather than burdening telcos with yet more rules. As part of its cyber defence plan, Hammond's department said that the industry would be expected to adopt "a range of technical measures" including DNS filtering against malware and phishing sites, an e-mail verification system on government networks to try to prevent domain spoofing, and researching methods to move "safely beyond passwords." It hopes to also bring in a scheme to detect government network attacks. The chancellor claimed that the government had already improved its efforts against "a website serving Web-inject malware." We're told that it previously "would stay active for over a month—now it is less than two days. UK-based phishing sites would remain active for a day—now it is less than an hour.

And phishing sites impersonating government’s own departments would have stayed active for two days—now it is less than five hours." NHS trusts have, for years, been particularly susceptible to such attacks.
Indeed, the Northern Lincolnshire & Goole NHS Foundation Trust remains on red alert with appointments cancelled as it battles a virus that blighted its IT systems on Sunday. This post originated on Ars Technica UK

Wow, RIP hackers … It’s Cyber-Lord Blunkett to the rescue for...

New system to ensure suppliers are up to scratch on IT security A high-profile project has been launched with the aim of strengthening UK enterprises' IT security. The Cyber Highway was launched in London on Tuesday by Lord David Blunkett.

The resource offers a “user-friendly online portal for large enterprises that want to strengthen the cyber defence of their supply chain.” Corporations will, essentially, be able to monitor in real-time the progress their suppliers are making en route to Cyber Essentials certification. Cyber Essentials is a UK government scheme that launched in June 2014 and is designed to help organisations protect themselves against hackers and malware infections.
It’s largely about baseline security controls. So basically, Cyber Highway ensures that your suppliers are following the Cyber Essentials requirements of good security – which is crucial as more and more Whitehall departments insist on suppliers being Cyber Essentials certified. Lord Blunkett – a former Home Secretary and chairman of Cyber Essentials Direct, the outfit behind The Cyber Highway – said: “The UK Government has made significant progress.

Government departments now require suppliers bidding for particular contracts to be Cyber Essentials certified, and next month sees the launch of the National Cyber Security Centre.

These are all steps in the right direction but we can and must go further, especially to assist many more companies to become certified.” Small organisations account for 92 per cent of cyber attacks, often because of limited resources.

The issue of vulnerabilities in third-party suppliers leading to compromises of the companies they serve has been around for years, and gained much greater prominence after a mega-breach at US retailer Target was traced back to its refrigeration, heating and air conditioning subcontractor. Cyber Essentials Direct chief exec John Lyons said: “We have spent the last eighteen months designing a practical and helpful approach to help de-risk and secure otherwise vulnerable supply chains from cyber attack.” All about the baseline Javvad Malik, security advocate at security tools firm AlienVault, said that Cyber Essentials was helpful in improving baseline security standards. “There definitely have been benefits from cyber essentials,” Malik explained. “Many small businesses that were not even aware of security needs or requirements have, by way of Cyber Security Essentials, been able to establish a baseline.

The better-equipped and aware of security needs companies are, the better the chance they can spot, prevent, and respond to a cyber attack. However, we may not see a visible reduction in the amount of data breaches immediately.

The process needs time to distil through organisations.

During this time, it is likely that attackers will change their tactics – but overall the security bar will be raised. “The most important thing enterprises should be doing is [to] know what their assets are, where they are located, and be aware of when [they are] attacked, compromised, or stolen,” Malik added. Gubi Singh, COO at pen testing and management threat detection firm Redscan, noted that many businesses, particularly small- and medium-sized ones, are “still complacent” about the risks posed by cyber threats. “Obtaining accreditation like Cyber Essentials demonstrates to customers, partners and investors that a company takes protection of data seriously, and many businesses are now waking up to the competitive advantages of having effective security controls in place,” Singh said. Compliance is not a tick box exercise, however. With the threat landscape evolving on a daily basis, defences and processes need to be continually reviewed to keep pace with the latest attacks,” he added. Prospects Firms that gain Cyber Essentials certification through The Cyber Highway will have access to AIG’s CyberEdge range of cyber liability insurance cover at reduced rates. Cyber Highway said it was in talks with 300 companies representing supply chain businesses in the retail and technology sectors about getting onto its platform. The organisations have also signed up an unnamed High Street bank as a customer.

Government suppliers are another potential source of customers. Malcolm Carrie, industry programme director of the Defence Cyber Protection Partnership, said, “Cyber Essentials is the ground level for the Defence supply chain – the Defence Cyber Protection Partnership has layered further controls on top of it to address higher-risk scenarios.
Smoothing the path to obtaining Cyber Essentials certification is welcome.” Overseas governments are also in talks with Cyber Essentials Direct about implementing the Cyber Essentials programme in their own countries.  For example, CyberNB (Cyber New Brunswick), Canada’s first provincial body to develop a comprehensive cyber security strategy, is weighing up the benefits of The Cyber Highway. ®

National Cyber Security Centre to shift UK to ‘active’ defence

Cyber chief calls for 'offensive' weapons The head of the UK’s new National Cyber Security Centre (NCSC) has detailed plans to move the UK to "active cyber-defence", to better protect government networks and improve the UK’s overall security. The strategy update by NCSC chief exec Ciaran Martin comes just weeks before the new centre is due to open next month and days after the publication of a damning report by the National Audit Office into the UK government’s current approach to digital security. Martin called for the "development of lawful and carefully governed offensive cyber capabilities to combat and deter the most aggressive threats". Active cyber defence means hacking back against attackers to disrupt assaults, in US parlance at least. Martin defined the approach more narrowly as "where the government takes specific action with industry to address large-scale, non-sophisticated attacks". During his speech at the Billington Cyber Security Summit in Washington DC, NCSC's Martin also floated the idea of sharing government network security tools such as DNS filters with private-sector ISPs, as previously reported. Security vendors praised the UK government's more pro-active approach to cybersecurity, arguing it’s (if anything) overdue. “The Government is right to look for innovative ways to disrupt organised cybercrime,” said Paul Taylor, partner and UK Head of cyber security at management consultants KPMG. “It’s crucial that we stay one step ahead of attackers and that takes constant innovation and coordination. No one is immune from cyber-attacks but UK small businesses are especially vulnerable as the reality is that many struggle to deal with an onslaught of ransomware and cyber enabled frauds.” Taylor also backed the greater sharing of information security intelligence, a key plank in the NCSC’s policy that’s viewed with suspicion by privacy advocates*. “A new partnership between Government and industry is needed to protect our society, take the offensive against criminals, and work together to disrupt digital crime,” Taylor explained. “At the moment many companies are reluctant to share information on attacks they’ve suffered, we need to build a safe space for Government and industry to share intelligence so that we have the best chance of tackling cybercrime.” Matt Walker, VP Northern Europe, HEAT Software, noted that stronger defences were needed as government services such as universal credit become available online. “The protection of citizens’ information from the threat of cyber-attack needs to become a higher priority for central and local government as we continue to move more and more interaction online,” Walker said. “The universal credit system alone will pay out seven per cent of UK GDP– making it a target for online fraud.

Equally, the ransomware attack that locked Lincolnshire County Council out of its own systems for days had repercussions for mission-critical services such as health and social care.” The NCSC will act as a hub for sharing best practices in security between public and private sectors as well as taking a lead role in national cyber incident response.

The organisation will report to GCHQ, the signals intelligence agency. Bootnote *The US's Cybersecurity Information Sharing Act was bitterly but ultimately unsuccessfully opposed by privacy activists.

These Figures Show Cybercrime Is A Much Bigger Menace Than Anyone...

One in 10 people have fallen victim to cybercrime. (Image: iStock) Cybercrime rates are much higher than previously estimated, with new figures from the Office for National Statistics, the UK's official producer of national statistics, suggesting that ...

NATO Ambassador: How The Ukraine Crisis Fits Cyber War Narrative

Kenneth Geers previews his Black Hat talk and discusses the strategic military maneuvers governments can make within cyberspace. When Kenneth Geers, ambassador of the NATO Cyber Centre, first suggested two years ago that there might be a connection between spikes in cybercriminal activity and spikes in geopolitical conflict, there was skepticism.
Since then, NATO has declared cyberspace a domain for war and regions of geopolitical strife have also seen their fair share of cyberespionage and cybercrime. What's been learned and has the skepticism waned or grown?    Geers, who has been living in Ukraine for the past two years, will discuss this in an upcoming session at Black Hat USA, "Cyber War in Perspective: Analysis from the Crisis in Ukraine." The talk will cover some of the work published by 20 prestigious researchers on behalf of the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE), investigating the cyber activity in the region between 2013 and 2015. Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016.

Click for information on the conference schedule and to register.
Two years ago, Vladimir Putin signed a bill incorporating the Crimean peninsula into the Russian Federation, and Russian military forces massed along the Ukrainian border. Geers was a global threat analyst for FireEye at the time, and noticed a spike in malware traffic traced back to Ukraine and Russia at the height of the conflict between the two nations. Geers tentatively suggested at the time that there could be a connection between the geopolitical climate and the increase in cybercriminal activity, and that this connection could be used for threat intelligence. He received some pushback, at the time, even among colleagues within FireEye. Since then, however, Ukrainian targets have been hit with more cyberattacks that directly or indirectly impact the country's autonomy.    Ukrainian presidential elections in 2014 were “completely, utterly, thoroughly hacked,” says Geers.

Three days before the election was to be held, a pro-Moscow hacking group attacked the election commission.

As a Wall Street Journal feature described: Its stated goal: To cripple the online system for distributing results and voter turnout throughout election day.
Software was destroyed. Hard drives were fried. Router settings were undone.

Even the main backup was ruined. A valiant effort by the election commission's IT staff rebuilt the voting system in time for the election, starting from an offline backup. However, attackers were able to post false election results that appeared to be hosted by the Commission's website -- media outlets reported these false results briefly before they were debunked. Cyber war skeptics would argue that these attacks didn’t actually change the results of the election, so the impact was minimal, says Geers, who maintains “it degrades the integrity of the government” and the systems on which it relies. In addition to these moves against elections, there have been cyberattacks on Ukraine's banks, railroads, mining industry, and of course the highly publicized one in December that took down a significant portion of the Ukrainian power grid.  Skeptics of the very existence or possibility of "cyber war" could point to attacks like these and dismiss them by saying they did not cause death or widespread destruction.

They therefore challenge terms like "Cyber Pearl Harbor."   "People don’t like it," says Geers, "but we talk about ['Cyber Pearl Harbor'] a lot at Cyber Command.” The term, says Geers, is in reference to the tactical advantage the Japanese forces gained in World War II by the attacks on Pearl Harbor. "It wasn’t meant to win the war.
It was meant to create some breathing space.” Similarly, he says, cyberattacks can be used “to give you a bit of time.

An edge.” Disrupting satellite communications, causing mass blackouts, derailing trains, or stirring up some public unrest, might not be the ultimate goal, but it could be a strategic maneuver in a war.
It's something to divert leaders' attention and resources away from something of greater importance.  Perhaps more sinister, is the possibility of cyberattacks being used to change data. “So the ship goes left, not right.
So the agent meets at 2, not 12.

Those things could get people killed," and that, says Geers, is not hyperbole.

A cyberattack, he says “is not an artillery barrage, but you could lead troops into an artillery barrage” with a cyberattack. The changes could be smaller, he says, to less critical systems, and maybe socks get sent to the base that needs more bullets and bullets get sent to the base that needs more socks. Regardless, it's a matter of diminished integrity, says Geers -- diminished integrity of data, of systems, and of people. Once citizens' trust in their own nation is compromised, they could be open to other kinds of manipulation, like "psyops," (psychological operations), the process of changing people's minds -- something Geers says Russian intelligence is particularly good at.  Regardless of what skeptics believe, NATO officially declared cyberspace a domain for war in June, which would mean that an act of war in cyberspace would initiate a collective response by NATO allies. (Neither Russia nor Ukraine are NATO member countries.) Geers says that governments will spend “ungodly” amounts to prepare the battle space for the military, and that he's sure they are investing heavily in ways to compromise military vehicles. "They're floating, driving, and flying computers at this point," he says.  What has become clear to Geers and his co-authors of the NATO CCDOE book is that as geopolitical tension rises, not only does the amount of malware traffic rise -- as Geers reported in 2014 -- but so does the number of sophisticated cyberattacks. Which one is driving the other? To this point, says Geers, geopolitics has been driving the cyber activity -- with both intelligence agents and opportunistic financially driven attackers upping their game when the action gets hot. However, he says, “the ubiquity of computers will mean they’ll begin to play a lead role.” Related Content: Black Hat’s CISO Summit Aug 2 offers executive-level insights into technologies and issues security execs need to keep pace with the speed of business.

Click to register.
Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ...
View Full Bio More Insights

IDG Contributor Network: Israeli cybersecurity prowess on display in DC and...

Israeli cybersecurity has been at the forefront of global attention in recent years, but especially in the last few months.

First, the who's who of global cybersec convened in Tel Aviv for Cybertech 2016 and in May Israeli and American cyber experts met for DCOI in Washington, DC. and last week Tel Aviv University hosted its annual Cyberweek. In February, I wrote about the Cybertech conference in Tel Aviv, which attracted thousands of visitors from abroad and featured Prime Minister Benjamin Netanyahu as the keynote speaker. The conference was a climax to 2015 as the year that put Israeli cybertech at the forefront of the fast-growing global cyber scene.
In 2015 alone Israel generated cybersecurity sales worth $4 billion, resulting in a whopping 20 percent of all global private sector investments in the booming industry. DCOI in Washington, DC. brings together Israeli and American cyber experts The two-day event hosted at the George Washington University brought together high profile individuals from the industry, including General David Petraeus, who is the former head of CIA, and Richard A.

Clarke, the former special advisor to President George W.

Bush on Cybersecurity.
IDF's former Head of Intelligence, Amos Yadlin and Gil Shwed, the founder, and CEO of Check Point were some of the notable Israeli guests in attendance. Petraeus had some warm words regarding the relationship between Israel and the US. "There has always been an extraordinarily close relationship between Israeli military and intelligence and various counterparts in the US government.

These have been unbelievable relationships.
I think they just keep getting better and better." Petraeus, who has invested in Windward, a maritime data and analytics company based in Tel Aviv, encouraged Israeli startups to consider the US as a stepping stone to bigger things. Petraeus advised Israeli startups not to sell at an early stage to a US IT firm, but instead, move operations to the US where the company can build and scale. Attending was also Omri Dotan, the CBO of Morphisec, an endpoint security solution based in Beersheba, Israel cyberhub. We had a long chat about Israeli and American cyber landscape and according to Dotan, Israel's experience and excellence stem from Israeli-style individualism coupled with a vibrant ecosystem.  "One key driver for all Israeli innovation is some innate urge to "be your own man," think out of the box and make your dream happen. Obviously, there are additional strong drivers in the cyber security space.
Israel's cybertech industry has grown out of real, not just theoretical, experience with national threats of all types.
It is supported by an entire innovation ecosystem consisting of government agencies, the IDF, with its cyber intelligence unit 8200, the local authorities, the universities, VCs, and international and local companies.

Even early education plays a role – mathematically talented children are identified early and high school exit exams are on par with university level studies elsewhere.

This collaborative space produces top talent, promotes unconventional thinking, stimulates creativity and creates an atmosphere where start-ups and entrepreneurs can validate and refine their ideas very quickly." Cyberweek at Tel Aviv University Global cybersecurity thought-leaders gathered at Tel Aviv University last week for the 6th Annual International Cybersecurity Conference.

The weeklong event brought together policy makers, entrepreneurs, investors and academics to discuss and debate the plethora of cybersecurity threats facing the international community today, and how best to prevent them. As part of the event, Israel and the US signed a cyber defence declaration "calling for real-time operational connectivity through respective Computer Emergency Response Teams (CERTS) of both nations." The declaration was signed by Israel's Head of National Cyber Directorate (NCD), Eviatar Matania and Alejandro Mayorkas, deputy secretary of the US Department for Homeland Security (DHS). "The declaration expresses the criticality of joining forces between countries for the benefit of dealing effectively with common threats in the cyber domain.
In particular, [it expresses] the obligation of the governments of Israel and the US to broaden and deepen bilateral cooperation in the field of cyber defense," a statement released by the Israeli Prime Minister's Office said. This article is published as part of the IDG Contributor Network. Want to Join?

Self-hacking key to Daimler’s cyber defence strategy

Vehicle manufacturer Daimler has a team of hackers to continually test the effectiveness of its cyber defences from the perspective of an outside attacker. “We found traditional penetration testing did not go far enough to expose vulnerabilities that could be exploited by attackers,” said Lüder Sachse, chief information security officer at Daimler. “By trying to break in like outsider attackers we can learn more and we are more likely to find any potential vulnerabilities,” he told the Gartner Security and Risk Management Summit 2014 in London. Sachse said this approach has led to some “tough lessons” about getting the basics done correctly, but has enabled the IT security team to focus on what most needs to be done at any given time. “We are no longer dealing with things on a theoretical basis, but can focus on eliminating the actual vulnerabilities that our hacking team finds in the context of a real attack,” he said. Exposing security vulnerabilities The company’s hacking team has helped expose basic security vulnerabilities that were thought to have been fixed up to 10 years ago. “For the first time we were able to ask for budget for real threats to specific assets rather than pitch for projects to fix theoretical risks to meet compliance requirements,” said Sachse. Daimler adopted this approach after the IT security team realised a security compliance checklist provided no guarantee that the company’s critical information was safe. By trying to break in like outsider attackers we can learn more and we are more likely to find any potential vulnerabilities Lüder Sachse, Daimler They also realised it was impossible to ensure 100% protection at all times of the firm’s up to one million live IP addresses and that application penetration testing did not take the overall IT estate into account. Faced with the challenge of securing 500 linked sites and more than 274,000 employees at 8,421 locations, Daimler adopted a new model for handling information security in 2012. “In this new approach we started to attack our own company from outside, regardless of organisations boundaries and geographical regions,” said Sachse. Another key element of the new model is having information security officers at each of the key locations. “This means I can act directly into locations, which helps overcome the challenge of implementing changes from a central location,” said Sachse. “Reporting directly to the CIO also means that I can have those hard discussions when necessary and get quick decisions,” he said. Security as a shared responsibility Daimler’s information security group is organised into five departments, each covering a different aspect of information security: threat intelligence; standards and polices; architecture and design; IT service management; and awareness and communication. “When you have so many people spread across the world, it is important to keep up the community and spread information,” said Sachse. “This includes collecting information on good things that work.” Using ideas from within the community helps promote acceptance and helps local information security officers build business cases for their managers supported by successes in other regions. Daimler users an annual internal security conference to further promote understanding on security topics across the group that is attended by more than 500 members of staff. “I can definitely recommend this for global companies because you have one point where people come together to discuss issues of mutual interest and maintain an essential security community,” said Sachse. Sachse has also worked to make security the responsibility of more than just the people in the security team. “Line functions are continually made aware that they are responsible for implementing the guidance that comes from the security team,” he said. Sachse said another important principle that Daimler has implemented in security is to do fewer projects, but to do them well and maintain focus so that they are completed and applied throughout the group. In response to the shift in recent years to predominantly outsider threats, Daimler deals with the remaining insider threat through a strong security culture that makes it risky to steal data. “Using this approach we have been able to keep technical controls and impact on usability to a minimum while reducing the risk of insider breaches because everyone understands the risk,” said Sachse. Increasing IT resilience On the other hand, he said the volume, range and complexity of external threats continues to increase, particularly in the form of hacktivisim and cyber espionage in the past three years. “These threats cannot be underestimated and, with cars increasingly being connected to the internet, we are putting a lot of effort into ensuring our products are not compromised in this way,” he said. Whereas in the past, Daimler has security tested only each control system in isolation, the hacking team now probes for potential security vulnerabilities in the context of the whole car. Total security is not possible, but it is also often unnecessary. It is better to improve the resilience of IT systems and reduce the time to discovery of any network intrusions Lüder Sachse, Daimler “Total security is not possible, but it is also often unnecessary,” said Sachse. “It is better to improve the resilience of IT systems and reduce the time to discovery of any network intrusions.” Another element of Daimler’s security model is the recognition that it is necessary to maintain two levels of security: baseline security for all IP addresses and enhanced security for critical data assets. Using this approach, baseline security is considered good enough when they can resist an attack over a period of four hours. “Attackers are unlikely to spend longer on systems that have no critical data,” said Sachse. For systems that do contain critical data, Daimler requires the much higher resilience level of five days. Protecting legacy systems typically require additional firewalling and network segmentation to achieve the required level of protection as there are often no security updates for such systems. Although Sachse provides guidance on how regional information security officers can achieve the required levels of resilience, it is up to them to find the best way of meeting these standards.  “In this way, they get dedicated information on the vulnerabilities and risks that apply to their systems to enable them to identify priorities. “And in turn, this information is fed through to the central IT security team that enables me to identify the group’s vulnerabilities and shape future IT security projects accordingly,” he said. This community approach also enables the central IT security team to identify good local practices, which can be shared across the group. Once implemented elsewhere in the group, these best practices are reassessed and modified if necessary to ensure continual improvement across the group. Reducing security complexity Sachse is determined to reduce security complexity and has overseen the start of five projects in the company to specifically address this issue around areas such as patch management. He also places a lot of importance on security awareness training, not only for users, but also for IT professionals. “In a working environment with high workload and high pressure, people tend to forget things like information security or they choose to do something else less difficult or complicated,” he said. Sachse emphasised the importance of governance in a global, decentralised environment. “The stronger the governance, the better,” he said. “Without it, you stand no chance of implementing controls successfully throughout the organisation.” And finally, Sachse said it is no use identifying threats without having the capacity to address them. For this reason, Daimler has adopted a support model that uses trusted partners to meet demand. “In this way we address the problems and can keep line managers engaged without sending them into panic mode,” he said. Sachse believes that only by getting an attackers' perspective through hands-on security can organisations identify the most important security vulnerabilities and how best to eliminate them. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK

Risk management key to cyber strategy, says BP

Cyber attacks constitute a group-level risk that is managed as part of BP’s standard set of risk management processes, according to Bob Dudley, group chief executive of BP. “We recognise cyber threats as a major risk and the need to have a system to manage that risk and minimise the impact of attacks,” he told the Global Cyber Security Innovation Summit in London. Risk management forms part of the governance component of BP’s cyber defence strategy. “Uncertainty is a fact of life, but we can be organised in our approach to managing risks by having a clear set of risk management processes in place,” he said. One key process is aimed at identifying and prioritising each threat based on a risk assessment. However, Dudley said as member of the highly-targeted energy sector, BP has a multitude of risks to manage and is constantly looking to innovations in cyber security to improve its defence capabilities.   “It is important to have a policy that sets out executive accountability and responsibilities of each member of staff, but rules are not effective without real defence capability,” he said. BP regularly reviews its cyber risk policies as well as its cyber defence capabilities to achieve continual improvement. Dudley said BP is constantly targeted by attackers seeking commercial business plans, seeking to disrupt operations and seeking to commit large-scale fraud. “Thousands of pieces of malware try to get through our firewalls every day, and our employees are constantly targeted to steal their user credentials,” he said. In an effort to educate staff to enable them to become frontline defenders, BP conducts regular awareness campaigns around issues such as keeping passwords safe and using unknown USB sticks. “We produce regular videos to demonstrate the risks to staff,” said Dudley. Phishing is also a significant threat, and BP conducts regular simulated phishing attempts with follow-up education sessions on identifying phishing for all those employees who click on risky links. “We see phone phishing as an equal threat, and in the face of thousands of fake emails and calls, employees need to learn to recognise them,” said Dudley. BP has introduced a “report phishing” button into its email application, which Dudley said indicates phishing awareness has risen from 75% to 86% across the group. Awareness campaigns are backed up with regular cyber attack drills to ensure every employee knows what to do in the event of a cyber attack. “Security controls are not enough – employees need to know they have a role to play and how they should respond to the worst-case scenarios,” said Dudley. But threats to business are often threats to government and vice-versa, he said, which is why BP works closely on cyber security issues with the governments in the UK and the US. “We welcome CERT-UK’s involvement of business and international partners, and welcome the opportunity of helping to shoulder the burden of cyber defence,” said Dudley. “Unlike physical attacks, government many not control key assets in cyber attacks, and we are willing to do our share,” he said. Dudley said energy sector firms could do more to help raise public awareness of cyber security issues, and that BP plans to expand its current public outreach programmes. Energy firms could also share practical advice on how to improve cyber security with governments as well as the general public, he said. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com RELATED CONTENT FROM THE TECHTARGET NETWORK