Back to news

September 3, 2019 | International, Security

What’s changing in the cyber domain? We ask industry experts

By: Andrew Eversden

“What are you talking about now in cybersecurity that you weren't talking about six months ago?”

Fifth Domain posed this question to cybersecurity experts at Black Hat, a cybersecurity conference in Las Vegas, Nevada, that ran from Aug. 3-8. With the cyber domain rapidly evolving, we wanted to know how conversations within the cyber community are changing.

Some pointed to a new focus on utility systems and web-connected devices that sit on critical infrastructure.

“It's only a matter of time until there's another major disruption in an electric utility somewhere in the world, probably not in the U.S., but elsewhere,” Sergio Caltagirone, threat intelligence director at Dragos, said at the conference Aug. 5. “But oil and gas has the higher likelihood of a major destructive and loss-of-life event. And I think most people did not realize how close to that we actually were.”

Caltagirone was referring to the TRISIS event, malware that struck industrial control systems at a Saudi Arabian petrochemical plant and could've caused physical harm. He said that in the aftermath of that attack, threat researchers diving into the details realized just how bad it could've been.

“We started finding a lot of stuff which hadn't been found before,” Caltagirone said. “Which made us realize very quickly how close that space is to a major event.”

Dave Weinstein, chief security officer at Claroty, pointed to an “explosion” of devices connected to the internet of things..

“It's really a product of this general consensus among industrial organizations that the benefits exceed the costs in terms of embracing this type of digital transformation," Weinstein said Aug. 8, adding that organizations must be “mindful” of these devices and have a plan to mitigate their potential vulnerabilities.

Brian Costello, a senior vice president at Flashpoint, told Fifth Domain on Aug. 8 that he is more often than before focusing on targeted cyberattacks from bad actors. That's a shift away from “campaign-based” attacks that tracked.

There's “more planning out, more scoping out of targets and taking long-term planning to go after [a] particular target with a specific asset in mind,” Costello said.

Along that same vein, Julian Zottl, a senior cyber architect at Raytheon, said he's noticing more inclusion of all-source intelligence in threat analysis.

“We're looking at ... all the sources and trying to figure out indicators,” Zottl said Aug. 7. “[We're] even trying to do predictive analytics now, where it's like, ‘Oh, we see this threat might be coming.' I think that's something that we're starting to talk about more and more.”

Several cybersecurity professionals interviewed by Fifth Domain said the U.S. government is moving away from the classic cyber kill chain and over to the MITRE ATT&CK framework, which dives deeper into potential threats to information security.

“They used to think the hackers would just come in to steal secrets, conduct espionage and then leave,” said Tom Kellermann, chief cybersecurity officer at Carbon Black and a former commissioner on the Commission on Cyber Security for then-President Barack Obama.

“In fact, they're maintaining persistence in these systems. They're manipulating the integrity of data and then they're using federal government agencies themselves and personnel's devices themselves to target anyone who implicitly trusts that person, that agency, that department.” he told Fifth Domain on Aug. 6.

Chris Kennedy, chief information security officer at AttackIQ and a former official with the Treasury Department and the Marine Corps, said these new frameworks in use along with federal continuous monitoring programs allow for more attacker emulation, essentially simulating the attack agencies could face.

“Agencies are starting to realize the value of attacker emulation as a way to measure and benchmark the effectiveness of their security controls,” Kennedy said on Aug. 7.

And with government agencies in different stages of cloud migration, agencies will need to learn how that fits into their cybersecurity posture. Marten Mickos, CEO of white hat hacking company HackerOne, said this a new discussion. He also said the conversation surrounding the use of ethical hackers in government environments has evolved: The word “hacker” is becoming more accepted.

“I do think it signals a shift in mindset," Michos said. There's a realization that "those people who portray themselves as hackers are actually those who will rescue us, not those who will destroy us.”

Despite all the changing technology and evolving threats, one aspect of cybersecurity remains set in stone, said M. K. Palmore, a field chief security officer for the Americas at Palo Alto Networks and a recently retired FBI cyber agent.

“It's about adhering to cybersecurity fundamentals,” Palmore said. “That message hasn't changed regardless of my position or where I'm located.”

https://www.fifthdomain.com/show-reporters/black-hat/2019/08/30/whats-changing-in-the-cyber-domain-we-ask-industry-experts

On the same subject

  • SASC chairman: We must build the national security innovation base our defense strategy requires

    December 3, 2019 | International, Aerospace, Naval, Land, C4ISR, Security

    SASC chairman: We must build the national security innovation base our defense strategy requires

    By: Sen. Jim Inhofe Since World War II, the American people have believed our military has had the best of everything, but the technological superiority that kept us 20 years ahead of our competitors has rapidly diminished. In some cases, we're already behind. By 2030, unless we pursue “urgent change at significant scale,” as former Defense Secretary Gen. James Mattis put it, it's likely the U.S. will face an enemy with superior weapons, superior equipment and superior capabilities. Nowhere is this better illustrated than in our strategic competition with China. China used to just steal our technology. Now, through heavy investment, they are improving it. The result? China is outpacing the U.S. in key areas like hypersonic weapons, artificial intelligence and biotechnologies — not to mention conventional capabilities. China isn't the only one. Technological development is accelerating across the globe, expanding to more actors and changing the very nature of war. We can't afford to let our advantage erode further. It is up to the Department of Defense and Congress to make sure that the defense-industrial base becomes, as the National Defense Strategy demands, an “unmatched 21st century National Security Innovation Base.” If we want to “sustain security and solvency,” we need to consider wholesale change to industry culture and its interface with the Department of Defense, shed outdated management processes, and reimagine a resilient supply chain that mitigates 21st century risks. This begins with software, which is foundational to military capability. The DoD and its traditional hardware-dominant industry partners have been behind on software in almost every way — talent, tools, development and delivery processes. Software innovation has failed in countless DoD programs, including the Ford-class carrier, the F-35′s Autonomic Logistics Information System and the GPS next-generation operational control system. Instead of taking the Pentagon for granted as an endless source of cash flow, partners must refocus their attention on delivering secure capability that actually works. Next, the Department of Defense needs to continue to expand capacity — prioritizing speed of delivery and adapting its systems to maximize value and output. For too long we have been slow to expand our stockpiles of fifth-generation weapons required to fight peer adversaries. The second production line for JASSM-ER cruise missiles is a good start toward building the capacity needed to retain advantages that will make any enemy think twice before attacking. We must do the same for other fifth-generation weapons, including air-to-air missiles. Shipbuilding, including aircraft carriers, surface ships, submarines and our logistics fleet, is another area where our capacity is severely limited. The Chinese People's Liberation Army Navy, which recently surpassed ours in size, is on track to reach 400 ships in 2025 and is nearly self-sufficient for all components. Size of the fleet isn't a sole consideration. We've focused on ensuring the capability of our fleet remains unmatched and bolstering suppliers of critical components, but we must also improve the construction performance of lead ships in new classes to maintain and build upon our capability advantage. The last thing we want is a fair fight. Innovation is best done at the subsystem level through a rigorous engineering-based process centered on building knowledge through full-scale prototypes, which can then inform ship design. We are eager to work with the Navy to identify and fund more of these prototypes, which will serve as the building blocks of the future fleet. We also must accelerate innovation. Recent defense authorization legislation encourages the DoD to streamline acquisition, take a business-minded approach to contracting, and tap into nontraditional suppliers and public-private partnerships. This must continue. Dilapidated testing infrastructure is holding us back from catching up to our enemies. Just look at hypersonic weapons: Beijing is parading around dozens of its newest weapons, and we have yet to build one. The DoD has looked to Silicon Valley, but we are competing with Chinese influence there as well, and the Pentagon has often proven an impossible customer due to its antiquated bureaucracy. Any technological improvements will be meaningless if vulnerable to being infiltrated or stolen. Recent legislation continues support for the DoD as it assesses and mitigates risks to its supply chains posed by adversaries. Both the government and contractors need to cooperate on and use modern verification tools to identify trusted suppliers and manufacturers, as well as fix vulnerabilities. To make these tools useful, the DoD must first establish a working digital model of its suppliers. Lastly, while we must continue to invest in the domestic, organic industrial base, it's important to remember that we can't take on China and Russia alone — which is why the National Defense Strategy emphasizes our network of allies and partners. We must remove unnecessary barriers to industrial cooperation that degrade our collective competitive edge. We do not have to make a false choice between investing domestically and in our allies — we can do both. Under our National Technology and Industrial Base partnership with Canada, Australia and the United Kingdom, we can develop a more diverse, resilient industrial base, secure our supply chains, and become a “five eyes for defense procurement.” It's in our best interest to ensure our allies can leverage our technological advantages and we can leverage theirs. Without a strong national security innovation base, the Pentagon cannot implement the National Defense Strategy. Congress' job is to put the appropriate, tailored policy in place and provide sufficient, predictable resources to help the industrial base meet these challenges. Together, we can harness the power of American innovation to ensure that we are able to win the wars of the future. Sen. Jim Inhofe, R-Okla., is the chairman of the Senate Armed Services Committee. https://www.defensenews.com/outlook/2019/12/02/sasc-chairman-we-must-build-the-national-security-innovation-base-our-defense-strategy-requires/

  • Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

    October 9, 2024 | International, C4ISR, Security

    Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

    Multiple MMS protocol vulnerabilities expose industrial systems to remote code execution, crashes, and DoS attacks.

  • Javelin missile: Made by the US, wielded by Ukraine, feared by Russia

    May 13, 2022 | International, Land

    Javelin missile: Made by the US, wielded by Ukraine, feared by Russia

    The American-made FGM-148 Javelin has been making mincemeat of T-72s and T-90s in Ukraine, according to reports.

All news