Cybersecurity News and Resources Roundup

By Bernie Acre

As I started putting some thoughts together on what and how to write something up for this newsletter, it dawned on me there should not be much that I can add that you do not or should not already know in regard to the necessity of having a strong cybersecurity culture at your organization.

Rather than putting together one long boring read, I thought I’d share with you some opinions, along with some excellent reading, with sources, for you to further research on your own. Please keep in mind that I am submitting this article on March 8 and that MUCH will change in world events between now and the time you look at this.

Did you know that it takes more than a year, 379 days, for 75% of victim companies to experience the downstream impact of a cyber incident, according to research by RiskRecon and the Cyentia Institute?

Did you know that a city in Texas was compromised this month via a DDoS attack? Did you know that the corporate network at an electric utility within ERCOT was also compromised this month? Are you aware that a cache of chat logs belonging to the Conti ransomware group were leaked online thanks to an apparent insider, who claimed to have objected to the group’s support for the Russian invasion of Ukraine?

Did you also know that as of January 2022, the Federal Bureau of Investigation (FBI) has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors? According to Presidential Policy Directive 21, “There are 16 critical infrastructure sectors whose assets, systems, and networks, whether physical or virtual, are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”

The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network.

The Cybersecurity and Infrastructure Security Agency (CISA) also encourages network architects, defenders, and administrators to review the NSA’s Network Infrastructure Security Guidance as well as CISA’s recently published Layering Network Security Through Segmentation infographic for assistance in hardening networks against cyber threats.

On February 26, CISA and the FBI released an advisory on destructive malware targeting organizations in Ukraine. The advisory also provided recommendations and strategies to prepare for and respond to destructive malware. Additionally, CISA has created a new Shields Up Technical Guidance webpage that details other malicious cyber activity affecting Ukraine. The webpage includes technical resources from partners to assist organizations against these threats. CISA further recommends organizations review Destructive Malware Targeting Organizations in Ukraine for more information.

Here is a “shocker” alert! Yes, that’s irony speaking. According to an Axios article written March 8, Beijing is rewriting the Ukraine narrative by scrubbing the country’s internet of sympathetic or accurate coverage of Russia's invasion of Ukraine, and systematically amplifying pro-Putin talking points. Chinese media outlets were told to avoid posting "anything unfavorable to Russia or pro-Western" on their social media accounts, and to only use hashtags started by Chinese state media outlets, according to a leaked censorship directive.

Major components in a strong cyber program include isolated backups, tested disaster planning scenarios, and redundant communication paths, among many other known and unknown scenarios. At a minimum an annual robust penetration test must be a part of your budget that includes internal and external Infrastructure penetration testing; wireless penetration testing; web application testing; mobile application testing; build and configuration review; physical facility controls; and social engineering employees.

What should all of the above and the current world events going on today tell us? Whether you feel YOU are in the top or bottom 10% in regard to planning for the inevitable cyber attack that WILL hit YOUR organization, YOU need to do more. And it’s not going to get better anytime soon. If YOU are reading this article, YOU are in the cyber war, like it or not. Just because YOU were not hired as the ISO, does not mean cybersecurity is not YOUR problem. In today’s world, EVERYONE must embrace cybersecurity as the MOST important priority. Without a strong cyber defense, everything else is cannon fodder.

 On a final note: you may or may not be aware that for the past two years I am an appointed full voting member on the Texas Cybersecurity Council for the State of Texas. Members and affiliate members of this council are all appointed and come from various backgrounds, including K-higher education, River Authorities, Port of Houston, state-level executives, and members of the State of Texas’ House of Representatives and Senate. My unique and primary responsibility on this committee is to represent the perspectives of cities, counties, tribal, and all electric utilities. This past year I was asked to serve in a breakout sub-committee to help develop a statewide mutual-aid concept for state and local entities. We are currently working on the training requirements, liability concerns, etc. for those wishing to sign up. You can read more about the concept here: Texas Volunteer Incident Response Team (VIRT). More will come out on this program as soon as the details are finalized.