5 décembre 2024 | International, C4ISR, Sécurité
Critical Mitel MiCollab exploit CVE-2024-41713 patched; update to prevent file access and admin misuse.
https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html
1 août 2023 | International, Aérospatial, Sécurité, Autre défense
Leidos Holdings Inc on Tuesday raised its full-year revenue forecast as the defense contractor benefited from resilient weapons demand.
31 juillet 2019 | International, Aérospatial, Sécurité
By: Kelsey Reichmann A new report warns that the cybersecurity vulnerabilities related to military space systems, specifically terminals and command-and-control systems, deserves renewed attention from NATO countries. The report, titled “Cybersecurity of NATO's Spaced-based Strategic Assets,” was produced by Chatham House, which is part of the Royal Institute of International Affairs, a policy institute in London. The paper, by Beyza Unal, was released July 1. “There is an urgent need to study and address cyber-related challenges to strategic assets within NATO and its key member countries, particularly the cyberthreat to space-based command and control systems,” the report read. “The increasing vulnerability of space-based assets, ground stations, associated command and control systems, and the personnel who manage the systems, has not yet received the attention it deserves.” The report highlights cybersecurity vulnerabilities to space systems used by countries in the NATO alliance, notably singling out commercial products used in military operations as a particular risk. These vulnerabilities can come from back-door encryption, supply chain security, and personnel and procedural practices, according to the report. NATO uses space assets to defend territory, peacekeeping missions, humanitarian assistance and disaster relief, counterterrorism, and conflict prevention. “There is an increasing need to apply higher-grade military hardening and cyber protection specifications to civilian capabilities that have the potential to be used in support of military applications,” the report read. “If military standards are not met, items procured from commercial industry with design flaws may expose NATO's systems to additional vulnerabilities." The report also points to the importance of securing satellite terminals. “Terminals located in ground stations constitute a critical vulnerability, as a terminal is an access point to a satellite and is usually not protected by authentication in order not to hinder operational actions,” the report said. “Terminals house software systems that can be compromised and require patching and upgrading.” Data flowing between satellites, especially ground stations, can become vulnerable, according to the report. “Adversaries infiltrating ground- or space-based systems could exploit weak software implementation, or the incompatibility of network or data transfer protocols in the chain,” the report read. “While the absence of data is easy to detect, the manipulation of data or erosion of confidentiality at such an interface is potentially more difficult to discern.” Among the report's recommendations is that NATO strengthen its cyber defense through increased collaboration between the public and private sector. This would allow for more timely information sharing of cyberthreats. The report also urges NATO to emphasize that commercial manufacturers meet basic cybersecurity standards and possibly more stringent military protection standards. “In the future, military systems will be increasingly connected to non-military systems,” the report stated. “This has important implications for the laws of armed conflict, as the combination of civilian, commercial and military capabilities in the cyber domain and space raises the risk that civilian capabilities used for military purposes qualify as legitimate military targets.” https://www.fifthdomain.com/international/2019/07/30/the-next-cybersecurity-concern-for-nato-space/
31 décembre 2018 | International, C4ISR
By: Mark Pomerleau The Air Force is beginning to build specialized cyber teams across the service whose primary mission is to defend local installations and critical mission tasks from cyberattacks. These teams will ensure that a particular wing or smaller organization can complete their mission from a cyber perspective, Maj. Gen. Robert Skinner, commander of 24th Air Force/Air Forces Cyber, told Fifth Domain in a November interview. For example, Skinner said if a wing has an F-16 unit that's responsible for offensive counter air or defensive counter air support, mission defense teams will understand those weapon system and everything that goes into making those air sorties successful as a way to defend that mission from a cyber standpoint. As an example, an eight-man team at the 2nd Weather Group within the 557th Weather Wing monitors the network and recently discovered several “bogus” account requests. The commander, Col. Patrick Williams, said the team was able to figure out that many of the requests were either bots or foreign requests that “had no business being on that network.” By working with the Network Operations and Security Center to eliminate that activity, the number of requests dropped by 80 percent, a huge win, Williams said. He added this was done with just a nascent mission defense team given that the teams are just being filled out across the major commands now. Skinner said each major command is at a different point in activating the teams. In addition, Air Force leaders said the service hopes to achieve efficiencies within its entire IT and cyber defense enterprise. The officials pointed to the Air Force's “enterprise IT as a service” pilot, which examines what efficiencies can be gained by having commercial companies conduct the IT services as opposed to having airmen maintain the IT infrastructure. One benefit of such a move could be that it frees up personnel to spend more time on cyber defense. “Our core strategic theme is moving from IT focused delivery into mission defense teams,” Bill Marion, deputy CIO of the Air Force, said during a keynote presentation in early December. Skinner said the service will likely be able to “re-mission” workers from their IT positions and assign them to these more active defensive roles such as mission defense teams. These mission defense teams are different from cyber protection teams that the Air Force, and other services, provide to U.S. Cyber Command. “In my eyes the [mission defense team] is a [cyber protection team] lite,” Skinner said. "We're very proud of our cyber protection team training and I think that the more of that I can get with our mission defense teams, the more successful they'll be and then our cyber protection teams can be really focused on the high end, the big threats that we'll run into in a peer competition and peer adversaries.” https://www.fifthdomain.com/dod/air-force/2018/12/27/air-force-begins-to-roll-out-special-cyber-defense-teams