Technology Sectors

Market Sectors

Federal | Agencies | Legislative

Dallas Fort Worth International Airport Named As TSA Innovation Site Airport

DFW AIRPORT, Texas, Feb. 2, 2018 -- Dallas Fort Worth International Airport has been designated an official Innovation Task Force (ITF) site by the Transportation Security Administration (TSA).

TSA's Innovation Task Force seeks to drive improvements in overall transportation security effectiveness and efficiency, while ensuring a positive experience for customers. To meet that goal, the ITF works with airports, airlines and other transportation partners to champion innovative and cutting-edge technologies and procedures to protect the nation's transportation systems.

"DFW Airport
has a long-standing, constructive relationship with the TSA and our team looks forward to hosting demonstrations of new technology that will explore how to make airports more secure while improving the customer experience," said Chad Makovsky, DFW's executive vice president of Operations. "We recently completed the installation of ten automated screening lanes, which will increase the throughput at four checkpoints, and we've welcomed the TSA into our Airport Operations Center where we collaborate on new ideas and respond quickly to our customers' needs."

"TSA has actively been demonstrating new technologies in airports across the country, and we are pleased that DFW Airport has been named an official Innovation Task Force site," said Steve Karoly, Assistant Administrator for the TSA Office of Requirements and Capabilities Analysis. "With this partnership, we can find new ways to work together to improve all aspects of aviation security."

This year, the task force will bring more deployment and experimentation of new technologies into public settings. As an ITF site, DFW is eligible for pilot programs to test and refine groundbreaking technologies and processes.

TSA selects innovation sites based on several criteria to ensure TSA resources are utilized efficiently, and in compliance with the requirements of the FAA Extension, Safety, and Security Act of 2016. Criteria include the ability of partner airports to support the initiative and nimbly respond to various needs.

In addition to Automated Screening Lanes, some of the additional technologies under demonstration with the ITF include Computed Tomography (CT) scans, Biometric Authentication and improved passenger communication techniques. For more information about TSA's Innovation Task Force, visit www.TSA.gov.

About Dallas Fort Worth International Airport:
Dallas Fort Worth International (DFW) Airport holds the distinction of the best large airport in North America for customer service from Airports Council International. DFW Airport warmly welcomes more than 66 million customers along their journey every year, elevating DFW to a status as one of the most frequently visited superhub airports in the world. DFW Airport customers can choose among 173 domestic and 57 international nonstop destinations worldwide. DFW is elevating the customer experience with modernized facilities and updated amenities, as well as through a $2 billion Terminal Renewal and Improvement Program. Centered between its owner cities of Dallas and Fort Worth, Texas, DFW Airport also serves as a major economic generator for the North Texas region, producing over $37 billion in economic impact each year by connecting people through business and leisure travel. For more information, visit the DFW website.

Follow Dallas Fort Worth International Airport On:
Twitter.com   | YouTube.com   | Facebook.com

SOURCE DFW International Airport

More birth defects seen in parts of U.S. with local Zika spread Findings show need for strong birth-defect surveillance networks

ATLANTA, Jan. 25, 2018 -- Birth defects most strongly linked to Zika virus infection during pregnancy have increased in parts of the United States that have had local Zika virus transmission, according to a report in CDC's Morbidity and Mortality Weekly Report (MMWR). Areas with local transmission of Zika – southern Florida, a portion of south Texas, and Puerto Rico – saw a 21 percent increase in births with outcomes most strongly linked to Zika virus in the last half of 2016 compared with births in the first half of that year.

It is not known if this increase is due to local transmission of Zika virus alone, or if there are other contributing factors. Most of the mothers who had babies with the Zika virus-linked birth defects did not have laboratory evidence of Zika virus infection—either because they were not tested, were not tested at the right time, or were not exposed to Zika virus. All cases with birth defects potentially related to Zika virus infection are monitored by birth defects surveillance systems.

"Babies with Zika-related birth defects need all the help they can get, as soon as possible and for as long as they need it," said CDC Director Brenda Fitzgerald, M.D. "This report highlights the critical importance of documenting birth defects possibly related to Zika and our need to maintain vigilance."

CDC looked at nearly 1 million births in 2016 in 15 U.S. states and territories, including Florida (select southern counties), Georgia (select metro-Atlanta counties), Hawaii, Iowa, Illinois, Massachusetts, New Jersey, New York (excluding New York City), North Carolina (select regions), Puerto Rico, Rhode Island, South Carolina, Texas (select regions), Utah, and Vermont.

About three out of every 1,000 babies born in 15 states and territories in 2016 had a birth defect possibly associated with Zika virus infection in the mother:

About half (49 percent) were born with brain abnormalities and/or microcephaly (small head size)
2 in 10 (20 percent) had neural tube defects and other early brain abnormalities
1 in 10 (9 percent) had eye abnormalities without brain abnormalities
More than 2 in 10 (22 percent) had nervous system damage, including joint problems and deafness, without brain or eye abnormalities
Because many pregnant women exposed to Zika virus in late 2016 gave birth in 2017, CDC researchers anticipate that there could be another increase in possible Zika-related birth defects when 2017 data are analyzed.

CDC uses tracking systems to find birth defects that might be related to Zika virus:

U.S. Zika Pregnancy and Infant Registry tracks pregnancies with laboratory evidence of Zika virus infection.
Zika Birth Defects Surveillance system tracks birth defects possibly related to Zika virus infection, regardless of exposure or laboratory testing.
"Our pregnancy and birth defects surveillance networks are a collaborative effort with state, local, and territorial health departments and are essential to protect mothers and babies affected by Zika virus," said Peggy Honein, Ph.D., M.P.H., acting director, Division of Congenital and Developmental Disorders,  National Center on Birth Defects and Developmental Disabilities. "These networks can also be used as models to help track other known and emerging health threats for mothers and babies."

For more information about Zika virus and pregnancy visit www.cdc.gov/pregnancy/zika.

US Department of Health and Human Services

CDC works 24/7 protecting America's health, safety and security. Whether disease start at home or abroad, are curable or preventable, chronic or acute, or from human activity or deliberate attack, CDC responds to America's most pressing health threats. CDC is headquartered in Atlanta and has experts located throughout the United States and the world.

Contact: CDC Media Relations
(404) 639-3286

SOURCE Centers for Disease Control and Prevention (CDC)

Related Links

https://www.cdc.gov

NASA Television to Air Live Coverage of Upcoming Rare Lunar Eclipse

WASHINGTON, Jan. 29, 2018 -- Sky-gazers are in for a rare treat Wednesday, Jan. 31, when three celestial events combine to create a super blue blood moon. NASA Television and the agency's website will provide live coverage of the celestial spectacle beginning at 5:30 a.m. EST.
Weather permitting, the broadcast will feature views from the varying vantage points of telescopes at NASA's Armstrong Flight Research Center in Edwards, California; Griffith Observatory in Los Angeles; and the University of Arizona's Mt. Lemmon SkyCenter Observatory.

This event offers a rare opportunity to see a supermoon, a blue moon and a lunar eclipse at the same time. A supermoon occurs when the Moon is closer to Earth in its orbit and appears about 14 percent brighter than usual. As the second full moon of the month, this moon is also commonly known as a blue moon, though it will not be blue in appearance. The super blue moon will pass through Earth's shadow and take on a reddish tint, known as a blood moon.

A total lunar eclipse occurs when the Sun, Earth, and a full moon form a near-perfect lineup in space. The total phase of the eclipse will last 1 hour and 16 minutes. The whole process will take more than four hours.

If skies are clear, the U.S. West Coast, Alaska and Hawaii will have the best view of totality, from start to finish. For the eastern U.S. and Canada, a clear view will be limited as the Moon sets and the Sun rises during the early stages of the eclipse.

The last total lunar eclipse occurred Sept. 27-28, 2015. The next total lunar eclipse visible across North America will occur Jan. 21, 2019.

The Jan. 31 eclipse is the third in a series of supermoons in December 2017 and January 2018. Watch the Supermoon Trilogy video.

Follow the event online at:

https://moon.nasa.gov 

Join the conversation on Twitter at:

https://twitter.com/NASAMoon

Michael McGarrity Named Assistant Director of the Counterterrorism Division

FBI Director Christopher Wray announced the appointment of Michael McGarrity as the assistant director of the Counterterrorism Division at FBI Headquarters in Washington, D.C. Mr. McGarrity most recently served as the special agent in charge of the Criminal Division of the New York Field Office.

Mr. McGarrity joined the FBI in 1996 and began his career in the New York Field Office, where he investigated violent gangs, Colombian drug trafficking organizations, and international money laundering networks. After the terror attacks on September 11, 2011, Mr. McGarrity transferred to the New York Joint Terrorism Task Force, where he investigated international terrorism matters.

Throughout his career, Mr. McGarrity has held leadership positions as the FBI detailee assigned to the CIA’s Counterterrorism Center, as the FBI’s deputy on-scene commander in Afghanistan, as the supervisor of the FBI’s extraterritorial investigation squad in the Washington Field Office, as the director for Counterterrorism on the White House National Security Staff, as the FBI’s legal attaché in Switzerland, and as the first director of the Hostage Recovery Fusion Cell, where he led national efforts to secure the safe recovery of U.S. nationals held hostage abroad.

Before joining the FBI, Mr. McGarrity was a prosecutor in New York City and an economist for the U.S. Department of Energy. He obtained his law degree magna cum laude and undergraduate degree in economics from The Catholic University of America. He also attended Harvard University’s Kennedy School of Government Senior Executives in National Security program.

Mr. McGarrity will report to Washington, D.C. in February.

Pasternack Debuts New Line of Compact Waveguide Gunn Diode Oscillators

IRVINE, Calif., Jan. 24, 2018 -- Pasternack, a leading provider of RF, microwave and millimeter wave products, has unveiled a new line of compact waveguide Gunn diode oscillators that are tunable and generate signal levels that exhibit low phase noise at popular K and Ka band frequencies. Typical applications include transmit and receive oscillators for radio communications, local oscillator source that can be multiplied for higher mm-wave frequency test and measurement, military and commercial radar sources, police radar, Doppler sensors and security screening.

Pasternack's new Gunn diode oscillators incorporate high performance devices and machined aluminum cavities.  Due to the extremely high external Q and temperature compensation mechanism, these oscillators exhibit excellent frequency and power stability, lower phase noise and higher anti-load pulling characteristics. There are two models in this series, the PEWGN1001 model is a K-Band waveguide Gunn oscillator module that generates a center frequency of 24.125 GHz with a tuning range of +/- 1.0 GHz. The PEWGN1000 model generates a Ka band center frequency of 35 GHz with a tuning range of +/- 3.0 GHz.  Both models incorporate self-locking tuning screws.

Performance specifications include phase noise as low as -98 dBc/Hz typical at 100 KHz offset and frequency stability as low as -0.2 MHz/°C maximum. The output power of these oscillators is +10 dBm min with power stability of -0.03 dB/°C maximum. Bias supply is +5 to +5.5 Vdc at 200 to 250 mA typical with an operating temperature range of -40°C to +85°C.  The rugged and compact package designs support output frequency ports with fully integrated Mil-grade waveguide flanges of WR-42 UG-595/U for K band and WR-28 UG-599/U for Ka band.    

"Our new series of K and Ka band Gunn diode oscillators offer popular center point frequencies of 24.125 and 35 GHz that are tunable. Designers will find these devices extremely useful for sensitive communication, radar and test and measurement applications. Pasternack offers both models available in stock with detailed datasheets and ready for immediate shipment," said Tim Galla, Product Manager.

Pasternack's new Gunn diode oscillators are in stock and ready for immediate shipment with no minimum order quantity. For detailed information on these products, please visit https://www.pasternack.com/pages/rf-microwave-and-millimeter-wave-products/waveguide-gunn-diode-oscillators.html.
For inquiries, Pasternack can be contacted at +1-949-261-1920.

About Pasternack:
A leader in RF products since 1972, Pasternack is an ISO 9001:2008 certified manufacturer and supplier offering the industry's largest selection of active and passive RF, microwave and millimeter wave products available for same-day shipping. Pasternack is an Infinite Electronics company.

Responding to Cyber Attacks: LegalCIO 2018 Roundtable Offers Practical Advice for Law Firms and Legal IT Professionals

SAN ANTONIO, Jan. 23, 2018 -- Delta Risk, a global provider of cyber security and risk management services, announced today that it will host a roundtable on incident response best practices on February 1 as part of the LegalCIO conference. The conference is held in conjunction with Legalweek New York 2018 January 29 – February 1 at the New York Hilton Midtown. Delta Risk experts John Hawley, VP of Product Strategy and Andrew Cook, Manager, ActiveResponse, will lead a discussion on, "Is Your Organization Prepared for a Cyber Attack? Key Takeaways from Real-Life Incidents."

 

Hawley and Cook will share learnings from recent incident response engagements with participants, along with insights on best practices. Other topics of discussion will include:

 

  • How incidents occur and key warning signs
  • The pros and cons of migrating to cloud services
  • Practical steps for prevention, preparation, and mitigation

"Law firms and legal professionals are under significant pressure to reduce cyber risk and demonstrate that they have documented incident response plans," said Hawley. "As we've seen in our work with legal clients, even a single ransomware attack, for example, can have a dramatic impact on the day-to-day business."

As a sponsor, Delta Risk is offering registrants discount codes for a Legalweek MasterPass or Exhibit Plus Pass. The Legalweek MasterPass offers attendees all-access privileges to all events at Legalweek New York 2018, including LegalCIO. Legalweek features 14 educational tracks, three interactive keynote sessions, 100+ speakers, 75+ sessions, and extensive networking opportunities, and is expected to draw more than 9,000 legal professionals. Delta Risk will also be at table three in the LegalCIO exhibit area.

About the Speakers
John Hawley, Vice President of Product Strategy, has been in the security space for more than 15 years. Prior to joining Delta Risk in 2017, he served as Vice President, Portfolio Strategy for the Worldwide Security business at CA Technologies. Prior to CA, John founded and managed a venture funded SaaS company providing performance monitoring for cloud applications. Before this, he served in senior leadership roles at UUNET/WorldCom and Ernst & Young, LLC. John holds an MBA from the KATZ School of Business at University of Pittsburgh and a BS in Information Systems from Virginia Tech. 

Andrew Cook is the Manager of Delta Risk's ActiveResponse service. In this role he is responsible for the firm's solutions to discover, investigate, contain, and eradicate incidents and intrusions on customer networks. In addition, he provides defensive and offensive cyber security training and exercises to commercial and government clients. Drawing from his Air Force background, he is one of the firm's leading subject matter experts in cyber threat hunting and incident response.

About Delta Risk  
Delta Risk LLC, a Chertoff Group company, provides customized and flexible cyber security and risk management services to government and private sector clients worldwide. Founded in 2007, we are a U.S.-based firm offering a wide range of advisory services as well as managed security services. Our roots are based in military expertise, and that background continues to drive our mission focus. We are passionate about keeping our clients safe and secure. For more information, visit https://www.deltarisk.com.

 

SOURCE Delta Risk

Related Links

http://www.deltarisk.com

DHS Enforcing Critical Identification Requirements to Protect the Homeland

WASHINGTON – Beginning February 5, 2018, residents of American Samoa will no longer be able to use territory-issued driver’s licenses or identification cards to fly domestically, or enter federal buildings and military installations. On that date, the Department of Homeland Security (DHS) will begin enforcing compliance with the Real ID Act to better protect the American people.

American Samoa formerly had an extension that allowed federal agencies to continue to accept its driver’s licenses and identification cards. However, that extension expired on October 10, 2017, triggering a three month grace period before enforcement would begin on February 5, 2018. American Samoa has subsequently not been able to demonstrate a clear achievable plan for compliance as needed to receive a new extension.


DHS continues to work with American Samoa on what actions it can take to receive a new extension. DHS has provided grants and offers technical assistance to support compliance with the REAL ID security requirements.

 

IMPACT ON AMERICAN SAMOA RESIDENTS

As a result of today’s decision, a driver’s license or ID issued by American Samoa (AS) will no longer be an acceptable document to board a federally-regulated commercial aircraft. American Samoa is the only state or territory that has not reached compliance or received an extension. As a result, starting February 5, 2018, American Samoan residents should bring to the airport an identity document acceptable to TSA. TSA provides a list of acceptable documents here

To allow for a smooth transition, between February 5, 2018 and May 6, 2018, TSA will provide assistance to American Samoans who arrive at an airport without an acceptable identification document. 

For federal buildings and military bases, REAL ID only affects locations where individuals are required to present an identification document for access. It does not require individuals to present identification where it is not otherwise required. When planning a visit to a Federal facility or military base, residents of American Samoa should contact the facility to determine what, if any, identification is needed for access.

 

BACKGROUND ON REAL ID

Based on a recommendation of the bipartisan 9/11 Commission, REAL ID is a coordinated effort by the states and the federal government to inhibit terrorists’ ability to evade detection by using fraudulently-obtained driver’s licenses and identification cards. The REAL ID Act was passed by Congress in 2005, and is designed to ensure that people boarding a flight or entering a federal building are who they say they are.

REAL ID established minimum security standards for state-issued driver’s licenses and identification cards. This includes incorporating anti-counterfeiting technology, preventing insider fraud, and using documentary evidence and record checks to ensure a person is who he or she claims to be. It also prohibits federal agencies from accepting non-compliant licenses and identification cards for access to federal facilities, nuclear power plants, and commercial aircraft. The goal of REAL ID is to improve the reliability and accuracy of state-issued driver’s licenses and identification cards used for Federal official purposes.

Because of the potential for confusion about the REAL ID enforcement milestones, residents can use the following guidelines to be fully informed and prepared.

  • Be aware of changes to American Samoa’s status. You can check for updates on REAL ID compliance or extensions at www.dhs.gov/real-id.
  • Read answers to frequently asked questions at www.dhs.gov/real-id-public-faqs.
  • Bring identity documents to the airport that are acceptable for flying domestically. TSA provides a list of acceptable alternative documents at www.tsa.gov/travel/security-screening/identification. If you need to obtain a new form of ID, please allow sufficient processing time before you travel. For example, the current processing times for U.S. passports are 6-8 weeks for routine service and 2-3 weeks for expedited service.

DHS is working closely with American Samoa to implement their REAL ID requirements and stands ready to provide additional assistance as needed. The women and men of DHS will continue to work tirelessly to put protections in place to keep our country and our people safe.

# # #

Two Top Leaders in Italy and Five Us Residents Indicted for Racketeering, Health Care Fraud and Drug Trafficking Conspiracies to Distribute Opioids Resulting in Deaths Involving “Pill Mills” Operating in Tennessee and Florida

January 19, 2018 - On Jan. 4, a federal grand jury in Knoxville, Tennessee, returned a 14-count superseding indictment unsealed today charging seven individuals for their roles in a Racketeer Influenced and Corrupt Organization (RICO) conspiracy and drug trafficking conspiracy to distribute and dispense oxycodone, oxymorphone and morphine outside the scope of professional practice and not for a legitimate medical purpose and resulting in deaths, maintenance of drug-involved premises, distribution of oxycodone resulting in death, conspiracy to defraud the United States through the solicitation and receipt of illegal healthcare kickbacks and money laundering.

 

Attorney General Jeff Sessions, Acting Assistant Attorney General John P. Cronan of the Justice Department’s Criminal Division, U.S. Attorney J. Douglas Overbey of the Eastern District of Tennessee and Special Agent in Charge Renae M. McDermott of the FBI’s Knoxville Division made the announcement.

 

“Throughout this country, and certainly in Tennessee and Florida, the illegal and unconscionable mass-distribution of prescription opioids through the operation of illegal pain clinics has taken a heavy toll on our citizens, families and communities,” said Attorney General Sessions.  “This sort of profiteering effectively trades human lives for financial riches.  The U.S. Department of Justice is determined to stamp out the operation of illegal pain clinics by all legal means, including finding and arresting those responsible wherever they may be in the world.”

 

“The Eastern District of Tennessee has been at the forefront in the battle against illegal pain clinics and mass-prescribing of opioids for years,” said U.S. Attorney Overbey.  “Now, under the leadership of Attorney General Sessions, additional resources have been made available through recent Department of Justice initiatives, including the Opioid Fraud and Abuse Task Force.  This latest indictment is a real and tangible result of all of those combined efforts.  The citizens of East Tennessee can be assured that we are committed to ridding our district of illegal pill mills.”

 

Luca Sartini, 58, of Rome, Italy, and Miami; Luigi Palma aka Jimmy Palma, 51, of Rome, Italy, and Miami; Benjamin Rodriguez, 42, of Delray Beach, Florida; Sylvia Hofstetter, 53, of Knoxville; Courtney Newman, 42, of Knoxville; Cynthia Clemons, 45, of Knoxville; and Holli Womack aka Holli Carmichael, 44, of Knoxville, are charged in a third superseding indictment filed in the Eastern District of Tennessee.

 

On Jan. 19, Sartini and Palma were arrested in the Rome, Italy-area by Italian authorities.  Extradition is being sought by the United States.  Rodriguez is set to self-surrender.  All other defendants were previously charged in prior indictments.  The case has been assigned to Chief U.S. District Court Judge Thomas A. Varlan in Knoxville.

 

According to the indictment, Sartini, Palma, Rodriguez, Hofstetter and a co-conspirator charged in another indictment, from about April 2009 to March 2015, ran the Urgent Care & Surgery Center Enterprise (UCSC), which operated opioid based pain management clinics, “pill mills,” in Florida and Tennessee, where powerful narcotics were prescribed and/or dispensed.  The defendants are alleged to have hired medical providers with DEA registration numbers, which would allow the providers to prescribe controlled substances. The prescriptions were primarily large doses of highly addictive and potentially deadly controlled substances. As alleged in the indictment, individuals seeking prescriptions would often travel long distances purporting to suffer from severe chronic pain.  

 

The superseding indictment alleges the defendants distributed quantities of oxycodone, oxymorphone and morphine sufficient to generate clinic revenue of at least $21 million.  As per the indictment, the clinics did not accept insurance, received gross fees and ordered unnecessary drug screenings defrauding Medicare.  Shell companies were set up to launder the proceeds.

 

As alleged in the indictment, approximately 700 UCSC enterprise patients are now dead and a significant percentage of those deaths, directly or indirectly, were the result of overdosing on narcotics prescribed by the USSC Enterprise. As alleged in the indictment, the narcotics prescribed by the UCSC enterprise contributed to the deaths of another significant percentage of those patients.

 

The indictment further alleges that many patients arrived in groups, who were sponsored by drug dealers who paid for the pain clinic visits and prescriptions to obtain all or part of the opioids and other narcotics prescribed to the purported pain patients. In return, drug addicted patients would receive a portion of prescribed narcotics for free from the sponsor.

 

To date, as a result of this investigation, approximately 30 narcotics traffickers have been charged and convicted federally, and approximately 80 to 90 smaller narcotic distributers have also been charged and convicted.  Today’s superseding indictment is among 35 related indictments charging approximately 140 individuals, including medical providers who worked at the pill mills, with various crimes.

 

The charges in the indictment are merely allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

 

The superseding indictment is the result of an investigation conducted by the the U.S. Attorney’s Office for the Eastern District of Tennessee, Criminal Division’s Organized Crime and Gang Section, , and the FBI High Intensity Drug Trafficking Area (HIDTA) which is comprised of investigators assigned to the task force by the Loudon County Sheriff’s Office, Knoxville Police Department, Blount County Sheriff’s Office, Roane County Sheriff’s Office, Harriman Police Department and Clinton Police Department.  Other agencies provided invaluable assistance, including the Rome Attaché of the Justice Department’s Office of International Affairs; the FBI’s liaison in Rome; the FBI Miami Health Care Fraud Strike Force; the Hollywood, Florida Police Department; the U.S. Department of Health and Human Services; the Tennessee Department of Health; and the DEA’s Knoxville Diversion Group.  The Department of Justice extends its gratitude to Interpol and the Italian Financial Police (Guardia di Finanza) for their assistance in locating and apprehending the defendants.

 

Assistant U.S. Attorneys Tracy L. Stone and Anne-Marie Svolto of the Eastern District of Tennessee, and Trial Attorney Kelly Pearson of the Criminal Division’s Organized Crime and Gang Section, are prosecuting the case.

 

In light of the nationwide opioid epidemic which led to the declaration of a public health emergency by the Acting Secretary of the Department of Health and Human Services on Oct. 26, 2017, this superseding indictment represents just the latest in a series of federal efforts in the Eastern District of Tennessee meant to combat the scourge of prescription opioids.

Alert (TA18-004A) Meltdown and Spectre Side-Channel Vulnerability Guidance

Systems Affected

CPU hardware implementations

Overview

On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of security vulnerabilities—known as Meltdown(link is external) and Spectre(link is external)— that affect modern computer processors. Exploitation of these vulnerabilities could allow an attacker to obtain access to sensitive information.

Description

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Meltdown is a bug that "melts" the security boundaries normally enforced by the hardware. Meltdown affects desktops, laptops, and cloud computers.  Spectre is a flaw that an attacker can exploit to force a program to reveal its data. The name derives from speculative execution—an optimization method a computer system performs to check whether it will work to prevent a delay when actually executed. Spectre affects almost all devices including desktops, laptops, cloud servers, and smartphones. Many of these security issues are remediated through the Kernel Address Isolation to have Side-channels Efficiently Removed (KAISER) patch described in detail in an academic paper named “KASLR is Dead: Long Live KASLR.” While this paper identifies a fix for Linux operating systems, the exploit concepts in the article can apply to other operating systems.

More details of these attacks are described in detail by

Impact

An attacker can gain access to the system by establishing command and control presence on a machine via malicious Javascript, malvertising, or phishing. Once successful, the attacker’s next attempt will be to escalate privileges to run code on the machine. Running code will allow the attacker to exploit the Meltdown and Spectre vulnerabilities. Sensitive information could be revealed from a computer’s kernel memory, which could contain keystrokes, passwords, encryption keys, and other valuable information.

Solution

NCCIC encourages users and administrators to refer to their hardware and software vendors for the most recent information. In the case of Spectre, the vulnerability exists in CPU architecture rather than in software, and is not easily patched; however, this vulnerability is more difficult to exploit. 

MICROSOFT

Microsoft has temporarily halted updates for AMD machines. More information can be found here: https://support.microsoft.com/en-us/help/4073707/windows-os-security-update-block-for-some-amd-based-devices(link is external)

For machines running Windows Server, a number of registry changes must be completed in addition to installation of the patches.  A list of registry changes can be found here: https://support.microsoft.com/en-us/help/4072698/windows-server-guidance-to-protect-against-the-speculative-execution(link is external)

ANTIVIRUS

Microsoft has recommended that third-party antivirus vendors add a change to the registry key of the machine that runs the antivirus software. Without it, that machine will not receive any of the following fixes from Microsoft:

  • Windows Update
  • Windows Server Update Services
  • System Center Configuration Manager 

More information can be found here: https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software(link is external).

MITIGATION

Mitre has published Common Vulnerability and Exposure (CVE) notes for Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715).

NCCIC recommends administrators review CISCO TALOS Snort SIDs: 45357 – 45368  and apply the necessary updates. These twelve rules were released as an emergency update on January 4, 2018, to cover the detection of Meltdown and Spectre side-channel vulnerabilities, and relate to CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754. These signatures cover the specific proofs of concept and sample code outlined in the Spectre and Meltdown whitepapers. While these signatures have the potential to detect variants, they may not work for all cases.

The table provided below lists available advisories and patches. As patches and firmware updates continue to be released, it is important to check with your hardware and software vendors to verify that their corresponding patches can be applied, as some updates may result in unintended consequences. Note:Download any patches or microcode directly from your vendor’s website.

NCCIC recommends using a test environment to verify each patch before implementing.

After patching, performance impacts may vary, depending on use cases. Administrators should ensure that performance is monitored for critical applications and services, and work with their vendor(s) and service provider(s) to mitigate the effect, if possible.

Additionally, users and administrators who rely on cloud infrastructure should work with their CSP to mitigate and resolve any impacts resulting from host OS patching and mandatory rebooting.

 

Vulnerability Note VU#584653

__________________________________________

CPU hardware vulnerable to side-channel attacks

__________________________________________

 

 

 

 

Overview

CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.

Description

Note: This Vulnerability Note is the product of ongoing analysis and represents our best knowledge as of the most recent revision. As a result, the content may change as our understanding of the issues develops.

CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel. These attacks are described in detail by Google Project Zero, the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz) and Anders Fogh. The issues are organized into three variants:

  • Variant 1 (CVE-2017-5753, Spectre): Bounds check bypass
  • Variant 2 (CVE-2017-5715, also Spectre): Branch target injection
  • Variant 3 (CVE-2017-5754, Meltdown): Rogue data cache load, memory access permission check performed after kernel memory read

Spectre

Spectre attacks take advantage of a CPU's branch prediction capabilities. Modern CPUs include a feature called branch prediction, which speculatively executes instructions at a location that the CPU believes it will branch to. Such speculative execution helps to more fully utilize the parts of the CPU, minimizing the time waiting, and therefore improving performance. When a branch is successfully predicted, instructions will retire, which means the outcomes of the instructions such as register and memory writes will be committed. If a branch is mispredicted, the speculatively-executed instructions will be discarded, and the direct side-effects of the instructions are undone. What is not undone are the indirect side-effects, such as CPU cache changes. By measuring latency of memory access operations, the cache can be used to extract values from speculatively-executed instructions.

With Spectre variant 1 (CVE-2017-5753), the instructions after a conditional branch are speculatively executed as the result of a misprediction. With Spectre variant 2 (CVE-2017-5715), the CPU executes instructions at a location determined by a mispredicted branch target.

With both variants of the Spectre attack, the impact is that a process may leak sensitive data to other processes on a system. Spectre may also allow one part of an application to access other parts of the same process memory space that would otherwise not be permitted.

While the Spectre attack itself does not cross a user/kernel memory privilege boundary, depending on the configuration of the target platform, the Spectre attack may indirectly allow a user-space application to access kernel memory. For example, the Project Zero blog post describes a scenario that uses eBPF to exfiltrate kernel memory contents into user-space code. This is made possible because eBPF JIT allows for userspace applications to inject code that is executed in kernel space. While this code is verified by the kernel, eBPF-compliant code will be allowed to execute with kernel permissions. The exploit described by Project Zero leverages eBPF to execute the Spectre attack in kernel space, while exfiltrating the data to user space. It is possible that other technologies that allow in-kernel code execution may also possibly be leveraged to leak kernel memory using Spectre.

Meltdown

Meltdown is related to the Spectre attack in that it also uses a cache side channel to access data that otherwise wouldn't be available. The main difference is that it leverages out-of-order execution capabilities in modern CPUs. Like speculative execution due to branch prediction, as used by Spectre, out-of-order execution on a CPU is a technique for ensuring fullest utilization of the CPU's parts. Although instructions may appear sequentially in the machine language, a CPU that supports out-of-order execution may execute instructions in a non-sequential manner, which can minimize the time that a CPU spends idle.

Meltdown leverages insecure behavior that has been demonstrated in Intel CPUs and may affect CPUs from other vendors. Vulnerable CPUs allow memory reads in out-of-order instruction execution, and also contain a race condition between the raising of exceptions and the out-of-order instruction execution. The Meltdown attack reads a kernel memory value, which raises an exception because code running with user-space privileges are not permitted to directly read kernel memory. However, due to the race condition, out-of-order instructions following the faulting instruction may also execute. Even though instructions appear after the faulting instruction, out-of-order execution allows them to execute, using data retrieved from the instruction that raises the exception. By the time the exception is raised, some number of out-of-order instructions have executed. Although the raised exception causes the CPU to roll back the out-of-order instructions, the cache state is not reverted. This allows data from out-of-order instructions to persist beyond the point when the exception has been raised.

The impact of Meltdown is that a process running in user space is able to view the contents of kernel memory. Meltdown may also allow Spectre-like memory content leaking that does not cross the user/kernel privilege boundary.

The Linux kernel mitigations for Meltdown are referred to as KAISER, and subsequently KPTI, which aim to improve separation of kernel and user memory pages. Because the Spectre attacks do not cross user/kernel boundaries, the protections introduced with KAISER/KPTI do not add any protection against them.

 

 

Impact

An attacker able to execute code with user privileges can achieve various impacts. The Meltdown attack allows reading of kernel memory from userspace. This can result in privilege escalation, disclosure of sensitive information, or it can weaken kernel-level protections, such as KASLR. The Spectre attack can allow inter-process or intra-process data leaks.

To execute code locally, an attacker would require a valid account or independent compromise of the target. Attacks using JavaScript in web browsers are possible. Multi-user and multi-tenant systems (including virtualized and cloud environments) likely face the greatest risk. Systems used to browse arbitrary web sites are also at risk. Single-user systems that do not readily provide a way for attackers to execute code locally face significantly lower risk.

 

 

 

Solution

Apply updates

Operating system, CPU microcode updates, and some application updates mitigate these attacks. Note that in many cases, the software fixes for these vulnerabilities will have a negative affect on system performance. Also note that Microsoft Windows systems will no longer receive security updates via Windows Update if they are not running compliant anti-virus software. As with deploying any software updates, be sure to prioritize and test updates as necessary.

Consider CPU Options

Initial reports from the field indicate that overall system performance is impacted by many of the available patches for these vulnerabilities. Depending on the software workflow and the CPU capabilities present, the performance impact of software mitigations may be non-trivial and therefore may become an ongoing operational concern for some organizations. While we recognize that replacing existing CPUs in already deployed systems is not practical, organizations acquiring new systems should evaluate their CPU selection in light of the expected longevity of this vulnerability in available hardware as well as the performance impacts resulting from the various platform-specific software patches. Deployment contexts and performance requirements vary widely, and must be balanced by informed evaluation of the associated security risks. Contact your system vendor to determine if the CPU and operating system combination will experience a performance penalty due to software mitigations for these vulnerabilities.

New Crystal Group RACE™ accelerates autonomous vehicle development

HIAWATHA, Iowa, Jan. 17, 2018 -- Crystal Group Inc., a leading designer/manufacturer of rugged computer hardware for industry and defense, is introducing the first product in the new Crystal Group RACE™ (Rugged Autonomous Computer Equipment) line, engineered to accelerate autonomous vehicle (AV), automated driving system (ADS), and unmanned (UAV) projects. The Crystal Group RACE0161 high-performance, rugged computer is specifically designed to help engineers shorten development time, bringing autonomous vehicle innovations to market ahead of their competitors. The fast-paced autonomous industry is estimated to be worth trillions of dollars.

Autonomous driving technology is quickly ushering in a new economy predicted to achieve unprecedented growth and reach $7 trillion by 2050, according to a new study by Intel Corporation and Strategy Analytics. Crystal Group and Intel have partnered together to provide autonomous solutions for several leading OEM's to date. The partnership will continue to tap the booming autonomous market with leading edge technology of Crystal Group's new RACE offerings.

Crystal Group's latest autonomous vehicle computer provides the horsepower AV and ADS projects need, combining robust I/O, multiple GPU capacity, dual Intel® Xeon® Scalable Processors, sophisticated thermal management, and other high-quality components stabilized in a rugged, aluminum enclosure measuring just 6.5 x 14.1 x 15.6 inches and weighing 30 to 40 pounds. Processing real-time data of LIDAR, RADAR, image, and sensor fusion, the Crystal Group RACE0161 combines impressive compute power, data-handling capabilities, and storage capacity in a compact, rugged solution capable of withstanding harsh environmental conditions, including potholes, collisions, and extreme temperatures that are likely to cause traditional systems to fail.
"The new RACE0161 and the entire line of Crystal Group RACE™ products ease AV and ADS development and give our customers the advantage of quick time-to-market with a safe, reliable, high quality AV solution," Crystal Group Executive Vice President of engineering, Jim Shaw says. "Our RACE solutions leverage decades of experience engineering rugged, reliable compute solutions for US and international military programs, as well as some of the world's largest car manufacturers," adds Shaw.

Crystal Group RACE systems are built for safety and reliability, tapping 30 years of experience tailoring high-performance, fail-safe rugged hardware for hundreds of military and aerospace missions, as well as challenging industrial, critical infrastructure, and commercial programs, including some of the hottest OEM autonomous vehicles. Crystal Group also offers its award-winning RS363S15F 3U Rugged Server, designed and developed in collaboration with Intel®, for use in autonomous vehicles.

About Crystal Group Inc.
Crystal Group Inc., a technology leader in rugged computer hardware, specializes in the design and manufacture of custom and commercial off-the-shelf (COTS) rugged servers, embedded computing, networking devices, displays, power supplies, and data storage for high reliability in harsh environments. An employee-owned small business founded in 1987, Crystal Group provides the defense, government and industrial markets with in-house customization, engineering, integration, configuration management, product lifecycle planning, warranty, and support services.

Crystal Group products meet or exceed IEEE, IEC, and military standards (MIL-STD-810, 167-1, 461, MIL-S-901); are backed by warranty (5+ year) with in-house support; and are manufactured in the company's Hiawatha, Iowa, USA, facility certified to AS9100C:2009 and ISO 9001:2008 quality management standards.
© 2018 Crystal Group Inc.  All rights reserved. All marks are property of their respective owners. Design and specifications are subject to change.
SOURCE Crystal Group Inc.

Pages

 

Recent Videos

IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...