Presidential advisory committee provides recommendations to improve critical infrastructure security.

Critical infrastructure in the U.S. faces a significantly heightened threat landscape. The importance of securing information technology (IT) and operational technology (OT) systems and their convergence has become a national security imperative. Successful OT attacks can impact human safety and damage physical equipment, taking offline for extended periods of time the critical processes that OT equipment supports.

Compromises of critical infrastructure IT, ICS and OT are happening with increasing frequency globally. Recent high-profile examples include:

Ukraine electric grid (2015, 2016)
Colonial Pipeline (2021)
Oldsmar, Florida water treatment plant (2021)

According to the Gartner® report “Predicts 2022: Cyber Physical Systems Security – Critical Infrastructure in Focus”, published in 11/17/21, “Attacks on organizations in critical infrastructure sectors have increased dramatically, from less than 10 in 2013 to almost 400 in 2020 – a 3,900% change.”

In light of this reality, the President’s National Security Telecommunications Advisory Committee (NSTAC) was tasked with developing a report to examine the key challenges of securing converged OT systems against threats that emerge from IT network connections and to identify emerging approaches to increase OT resiliency to these threats. I had the privilege of serving as the Chair for the NSTAC subcommittee that developed the report.

The NSTAC received more than 30 briefings from subject-matter experts, including government entities and policymakers; critical infrastructure owners and operators of converged IT/OT environments and original equipment manufacturers; and cloud service providers, integrators and cybersecurity vendors.

IT/OT cybersecurity has not been prioritized

The resulting report found that, as a nation, we have not yet prioritized securing these interconnected systems. This is despite the fact that IT/OT convergence is not new, and that we have the technology and knowledge to protect these systems.

Briefers noted that many organizations lack complete visibility into their OT environments, including IT/OT interconnections and supply chain dependencies. In addition, OT and IT personnel often operate in silos, negatively impacting coordination on security. And further exacerbating the challenge, requests for proposals and procurement vehicles for OT systems acquisitions in both the public and private sectors rarely include cybersecurity requirements.

Government has an opportunity to lead

The report includes 15 recommendations, which can help improve the security of converged IT/OT systems in both the public and private sectors. Among these, the report identified three recommendations, which can be implemented by President Biden to immediately improve the cybersecurity posture of OT systems that are owned and operated by the U.S. government, and to serve as a model for protecting privately owned critical infrastructure:

First, the Cybersecurity and Infrastructure Security Agency (CISA) should issue a Binding Operational Directive requiring executive civilian branch departments and agencies to maintain a real-time continuous inventory of all OT devices, software, systems and assets within their area of responsibility, including an understanding of any interconnectivity to other systems. Once federal agencies clearly understand the vast interconnected nature of their OT devices and infrastructure, they can then make risk-informed decisions about how to prioritize their IT, OT, and cybersecurity resources.

Second, CISA should develop guidance for procurement language for OT products and services and require the inclusion of risk-informed cybersecurity capabilities for products and services that support converged IT/OT environments, including for supply chain risk management. CISA should then work with the General Services Administration to require the inclusion of risk-informed cybersecurity capabilities in procurement vehicles for the federal government.

Finally, the National Security Council, CISA, and the Office of the National Cybersecurity Director should prioritize the development and implementation of interoperable, technology-neutral and vendor-agnostic information-sharing mechanisms to enable the real time sharing of sensitive collective-defense information between authorized stakeholders involved with securing the critical infrastructure of the U.S.

The cybersecurity threats to critical infrastructure are real. And yet, we are not helpless. We have the knowledge and capabilities necessary to materially improve our security posture. What we have lacked is the determination to put this knowledge and technology to use. It is time we started meeting IT/OT convergence with the sense of urgency it requires. Implementing the recommendations of the NSTAC report will help improve government and critical infrastructure IT/OT security, and will have significant positive downstream effects on the private sector.

Read More

Have you ever said something you wish you could take back? Maybe it was a comment muttered in the heat of the moment that hurt someone’s feelings. Or maybe you just had a night out full of silly antics that you wouldn’t want your boss or grandma to see.  

These are completely normal occurrences that happen all the time. We’re human! We make mistakes and letting loose every now and again is good for us. When these scenarios happen in person, we’re able to apologize or explain ourselves; however, the social media age complicates things. High-def cameras and video recorders are in everyone’s pocket, meaning that in-person slip-ups or lapses in judgement can come back to haunt you in a cyberscheme known as doxing. 

Doxing can be harmful to one’s reputation and can cost someone their job, their friends, or their privacy. Here are five things you should know about doxing, plus some tips on how to prevent it from happening to you. 

1. Doxing Defined

The term doxing originated from the phrase “dropping documents/docs.” It refers to a situation where an enemy or a rival seeks to tarnish the reputation of someone else by releasing documents (aka dropping docs) about them. These documents often contain personally identifiable information (PII) –  like full names, birthdates, addresses, employment details, financial information, phone numbers, email addresses – and private correspondences or embarrassing videos or photos. The doxer – or the person dropping the documents – will publish these private details online, whether that’s on a forum, on social media, or a blog. 

Doxing is considered cyberbullying because it is a form of online harassment. The doxer often does so with the intent of drumming up widespread hate about the victim and having the release of these private details negatively affect the victim’s life, such as getting them fired from their job or breaking up a relationship. 

2. Doxing Can Happen to Anyone

Doxing happens most frequently to public figures, such as celebrities, politicians, streamers, and journalists. It is also a prevalent practice in the hacking community, where hackers reveal the identities of the real people behind forum usernames. However, anyone is susceptible to having their PII or sensitive photos or videos widely released on the internet for the sake of reputation sabotage. All it takes is for one scorned partner, a disgruntled coworker, or a disagreement to set a doxer on a warpath.  

3. Doxing Isn’t Always Illegal

When the saboteur doesn’t have to dig into your past via the dark web or through hacking a personal device, doxing isn’t illegal. It’s malicious and can be emotionally damaging, but there is no law stopping a doxer from publishing the private details of someone else. Doxing crosses the line into a crime when it is accompanied by threats.  

So, if a doxer didn’t hack a personal device or buy the PII off the dark web, where did they find these details? Oftentimes, people incriminate themselves with their social media footprint. What seems like ancient history in your social media timeline is again front and center after just a few minutes of scrolling. 

4. Ways to Prevent Doxing From Happening to You

Check out these tips that can lessen the chances of doxing happening to you: 

Don’t goad people online. Doxing can happen to anyone. Sometimes the doxer is someone you know in real life, but other times it’s a stranger with whom you may or may not have crossed paths with online. One great rule of thumb is to not make enemies online. For example, if there’s an argument happening in the comments of an online video, do not engage with it. You’re not going to change a keyboard warrior’s mind with a clever comeback. You’ll likely only agitate them. 
Don’t overshare. Remember, you can’t take back what you post online! Think long and hard before you hit publish on any social media post or comment. Never post online when you’re angry. You’ll likely say something that you’ll regret later.  
Delete old accounts. Periodically taking stock of all your online accounts and deactivating the ones you no longer use limits the number of opportunities a doxer has to lift your PII, such as your address, banking details, or contact information. Not every site prioritizes security as much as we’d all hope, so it’s best to create online accounts with trustworthy organizations. 

5. Services That Can Give You Peace of Mind

In addition to the above tips, McAfee can help you fill in the gaps in your defense. McAfee Total Protection is an all-in-one privacy and identity protection service that includes all the tools you need to secure your PII and help you recover if identity theft occurs after a doxing incident. Personal Data Cleanup scans 40 risky data broker sites for your information. If you appear on any of those sites, McAfee will help you remove it to keep your PII out of a doxer’s hands. 

The post 5 Things About Doxing You Should Know appeared first on McAfee Blog.

Read More

This blog has been written by an independent guest blogger.

Since its advent, the debate over its ethical and unethical use of AI has been ongoing. From movies to discussions and research, the likely adversarial impact AI has had over the world has been a constant cause of concern for every privacy and security-conscious person out there.

AI indeed plays a core role in the modern milestones the world has achieved nowadays. Nevertheless, despite graphic movies like I-Robot splaying out the potential damages of integrating AI into normal functions of life, AI has continued to grow rapidly. Its roots and impacts are evident in every sphere of life, be it medical, technological, educational, or industrial sectors. Its flipside that everyone has long since been dreading is rapidly starting to take form.

The emergence of AI-based attacks

AI-based attacks are still relatively rare, but according to a survey by Forrester, 88% of security experts believe that these AI-powered attacks will become more common in recent years. For now, some of the most prevalent AI-based cyber-attacks that have surfaced are as follows:

 AI manipulation or data poisoning

For a long time, AI manipulation or data poisoning has become the typical type of AI-based cyber-attack. It is an adversarial attack that features hackers implementing data poisoning on trained AI models forcing them to become malicious. Nowadays, the use of AI is prevalent in almost every organization. AI tools play an essential part in data storage and analysis along with protection from various cyber-attacks such as malware or phishing. Such tools that are designed to automate tasks, but may enable threat protection to become a target of data poisoning.

Since the AI works by observing behavior patterns and pre-fed information, a hacker can easily remove the pre-fed information and feed the AI tool with malicious data. Such an act can cause an adversarial impact. For example, hackers can manipulate a phishing tool designed to detect and delete phishing emails into accepting them within its users’ inboxes. One common example of data poisoning attacks is AI-manipulated deepfakes that have taken the social media platform by storm. 

 AI-based social engineering attacks

Since AI is designed to develop principles and tasks typically associated with human cognition, cybercriminals can exploit it for several nefarious purposes, such as enhancing social engineering attacks. AI works by trying to identify and replicate anomalies in human behavior, making them a convenient tool to persuade users into undermining systems and handing over confidential information. Apart from that, during the reconnaissance phase of an attack, AI can be used to study the target by scouring social media and various databases.

AI can find out the behavioral patterns of the target, such as the language they use, their interests, and what topics they usually talk about. The information collected can be used to create a successful spear phishing or BEC attack.

 AI automation

Another significant advantage cyber criminals have in using AI-based attacks is automation. AI tools can significantly endanger endpoint security by automating intrusion detection techniques and launching attacks at unprecedented speeds. Moreover, AI can also scour target networks, computers, and applications for possible vulnerabilities and loopholes that hackers can exploit. Apart from that, automation allows cybercriminals to launch significantly larger attack campaigns.

With AI automating most of their work, such as vulnerability assessment and data analysis, cybercriminals now have the leverage to target more companies and organizations and thus increase their overall attack surface. AI automation was evident in the TaskRabbit attack, which featured the use of massive zombies controlled by AI to launch DDoS attacks on TaskRabbit servers. The online freelance platform had the personal information such as credit card and banking details of 3.75million website users stolen from their database.

How to ensure cybersecurity

AI is a powerful tool that with rapid development occurring each passing day. Since it plays a significant role in how the world runs today, completely avoiding AI-based tools is downright impossible. However, with every form of cyber-attack, there can be some serious security measures that organizations can take to improve their cybersecurity posture.

Like defending against any other cyber-attack, the most efficient way of ensuring cybersecurity for any organization is to strengthen its defense system—using technical tools such as vulnerability assessment. Threat hunting and penetration testing can help organizations remain secure in the long run. These methods can help organizations identify their weaknesses, allowing them the leverage to patch them timely and thus ensure security.

Apart from that, another crucial step toward cybersecurity that organizations can take is to ensure proper training and awareness. Since cybersecurity is an area that is continuing to grow rapidly, the masses need adequate understanding and training to ensure relevant security. Organizations deploying practical training and education programs for their employees can help them identify the tell-tale signs of various cyber-attacks such as malware pushing or invasion and alert the security teams on time.

Moreover, despite having state-of-the-art, AI-powered security tools and systems, organizations must maintain regular security check-ups of these tools. It is crucial that these AI tools go through regular maintenance to ensure there are no vulnerabilities that hackers can exploit. The security teams that have designed these products also need to release routine security patches to patch possible vulnerabilities in the system.

Final words

AI is undergoing rapid development. However, its growth will get stunted if its adversarial impact is not recognized and given the attention it requires. For proper use and implementation of AI technology, it is downright crucial to acknowledge the potential downsides it can pose so that there can be appropriate measures against them, as cybercriminals are getting more sophisticated with each passing day.

The cyber threat landscape is now a thriving hub of criminal activity and demands the use of equally sophisticated cybersecurity measures to ensure robust security. Amidst this, it is crucial to scale and adequately analyze any new technology such as AI that is now being developed so that its potential downsides can be recognized and met with proper security measures.

Read More

Apparel giant detects unusual activity on accounts

Read More