GSN 2012 Awards announced: White House deputy of homeland security recognized for leadership at annual gala
GSN Awards 2012
Hundreds of the best of the homeland security community’s federal, state and municipal government officials, government contractors, systems integrators, IT vendors and physical security product and solutions providers all came together the night of November 29 in a ballroom of the Washington, D.C. convention center to receive accolades.
The GSN awards dinner, which has become a Washington tradition over the last four years, offered a chance for the excellence and civic-minded spirit of homeland security efforts nationwide to be recognized.
Not only were the best tools and technologies acknowledged , but the people and groups who use them, from local police departments in Florida and Washington state, to the White House, were honored at the event.
During the awards ceremonies, Richard Reed, Deputy Assistant to President Obama for Homeland Security, received the second annual Government Security News/Raytheon Award for Distinguished Leadership and Innovation in Public Safety and Security. Reed was chosen for tireless work in his key role in leading the development of national policy related to resilience, transborder security and community partnerships. He has been described as the president’s eyes and ears during disasters. In crises, such as the Gulf oil spill, H1N1 pandemic, and Haiti earthquake, Reed has sprung into action at the White House, coordinating information and gathering people to cope with these catastrophes.
Reed told Government Security News in an interview after the dinner that gatherings like GSN’s awards ceremony were invaluable in demonstrating that the hard work of creating a resilient, strong response to crises is performed by thousands of individuals, like those in attendance. Gatherings that bring the diverse emergency response and homeland security communities together can broaden perspectives and spur new ideas, he said.
Reed has been a determined, mostly behind-the-scenes, captain of federal emergency response efforts during the Bush and Obama administrations, helping prepare for, and respond to, some of the worst natural disasters the nation has known, from one of the deadliest tornado seasons in history in the Midwest, to historic wild fires in the west, and massive storms in the eastern U.S.
Reed said the key to capable response to such staggering events lies not only in federal hands, but in enabling state, local and even personal responses. Getting resources and training in place before disasters happen goes a long way in an effective response and recovery, he said. “The true first responders are friends, neighbors and co-workers” in the immediate aftermath of a disaster, said Reed. Local police, firefighters and other agencies arrive second, he said. Enabling people with information concerning what resources are available or where they can go for help or supplies empowers them, said Reed.
Government Security News managing partner Adrian Courtenay has made the GSN/Raytheon award an annual tradition. The prize is sponsored by the Raytheon Company, a technology and innovation leader specializing in defense, homeland security and other government markets throughout the world, which is headquartered in Waltham, MA.
Notable 2012 government excellence award winners included the local police departments in Tampa and St. Petersburg, FL, for their ground-breaking work in preparing for the Republican National Convention in Tampa this past summer. The departments put together comprehensive plans to gently defuse potentially volatile political demonstrations at the event. Both departments were also praised for implementing an innovative interoperable communications network during the GOP convention.
The Lawrence Livermore National Laboratory was recognized for its groundbreaking work on a small radiation detector. The Naval Air Systems Command won an award for its work on the Kestrel Wide Area Persistent Surveillance program, which developed an aerostat for long-term surveillance capabilities to protect ground soldiers in Afghanistan.
The complete list of GSN’s 2012 Award winners appears below:
CATEGORY 1 – VENDORS OF IT SECURITY PRODUCTS AND SOLUTIONS
Best Anti-Malware Solution
Best Identity Management Platform
Best Certificate Management Solution
Best Compliance /Vulnerability Assessment Solution
Best Data Security/Loss Management Solution
Best Endpoint Security Solution
Best Forensic Software
Best Intelligence Data Fusion and Collaborative Analysis Solution
Lookingglass Cyber Solutions
Best Intrusion Detection/Prevention Solution
Vanguard Integrity Professionals
Best Network Security/Enterprise Firewall
Best Privileged Access Management Solution
Best Real-Time Dynamic Network Analysis
Best Continuous Monitoring Solution
Best Security Incident/Event Management Solution (SIEM)
CATEGORY 2 – VENDORS OF PHYSICAL SECURITY PRODUCTS & SOLUTIONS
PHYSICAL SECURITY ACCESS CONTROL & INDENTIFICATION
Best Biometric Identification Solution
Best Integrated System for HSPD 12/FIPS 201 Compliance
Best Platform for Physical and Logical Access
Best Interoperable First Responder Communications
Best Mass Notification Systems
Best Regional or National Public Safety Communications Deployment
Best Explosives Detection Solution
Best Long Range Detection Systems
Best Nuclear/Radiation Detection
Lawrence Livermore National Laboratory
Best Intelligent Video Surveillance Solution
Best Thermal/Night Vision/Infrared Cameras
HGH Infrared Systems
Best Network IP Cameras
Best Video Storage/Digital Transmission Systems
Best Perimeter Protection Solution
Best Crash Barriers
Best Physical Security Information Management (PSIM) Solution
Best Disaster Preparedness or Disaster Recovery & Clean-up Service
High-Rise Escape Systems
Best Facility Security/Force Protection Service
Best Homeland Security Training/Higher Education Solutions
Category 3: Government Security News 2012 Government Excellence Awards
Most Notable Airport Security Award
Defense Manpower Agency
Most Notable Maritime/Port Security Program
Ohio Department of Public Safety/Northern Border Initiative
Most Notable Railroad/Mass Transit Security Program
Denver Regional Transportation Authority
Most Notable Critical Infrastructure Program, Project or Initiative
U.S. Veterans Administration Hospital, Tucson, AZ
Most Notable Cyber Security Program, Project or Initiative
U.S. Department of Energy
Most Notable Emergency Response Implementation
U.S. National Guard
Federal Emergency Management Agency (FEMA)
Most Notable Law Enforcement Interdiction, Arrest or Counter-Terrorism Program
Orange County Intelligence Assessment Fusion Center
Most Notable Municipal/County Programs, Projects or Initiatives
Seattle, Washington Police Department
Tampa and St. Petersburg, Florida Police Departments
Naval Air Systems Command (Kestrel Wide Area Persistent Surveillance)
The Government Security News 2012 Homeland Security Awards Program officially opened for entries on May 1, once again featuring 45 Awards in three broad Categories:Best Vendors of IT Security Products and Solutions, Best Vendors of Physical Security Products and Solutions and the 2011 Government Excellence Awards.
Returning as corporate Sponsors of the 2012 Program are BRS Laboratories of Houston, TX -- a leading software development company for video behavioral recognition software that deploys easily and rapidly on large scale video networks and provides actionable information without inundating end users with false alarms -- and Entrust, Inc. , of Dallas, TX, which offers physical/logical access, mobile security, certificate management and other identity-based solutions to governments and large enterprises. Additional sponsors will be announced, and profiles of all 2012 sponsors, will be published in coming weeks. Companies interested in joining the ranks of sponsors of the 2012 Awards Program should contact GSN Publisher and World Business Media President, Edward Tyler, at 212-344-0759, ext. 2001.
The cost to submit an entry in the 2012 program is $295 for vendors of IT security and physical security products and solutions. As in previous years, there is no cost for entries in the 10 categories of awards for federal, state and local government agencies. Vendors of IT and physical security products and solutions may nominate themselves or be nominated by colleagues or government clients, while government agencies or departments may similarly nominate themselves or be nominated by other agencies, colleagues or vendors.
According Adrian Courtenay, managing partner of World Business Media, several new categories created in 2011 to acknowledge successful initiatives of federal, state or local agencies in responding to emergencies, countering terrorism and preventing crime will again be included in 2012. These categories are “Most Notable Emergency Response Implementation – Federal, State or Local”; “Most Notable Law Enforcement Interdiction, Arrest or Counter Terrorism Program – Federal, State or Local”; and “Most Notable Counter Terrorism or Crime Prevention Program”.
In the 2011 contest, the Bastrop Country, TX, Unified Command (including county, state and federal government agencies) was awarded the trophy for “Most Notable Emergency Response Implementation” in battling 2011 Texas wildfires in Bastrop County. The United States Customs and Border Protection, Detroit Sector, was winner in the “Most Notable Law Enforcement Interdiction or Arrest” category for a dramatic arrest on St. Clair River in Detroit, and the Los Angeles Police Department was recognized for having the “Most Notable Law Enforcement Counter Terrorism or Crime Prevention Program.”
Another category that was new in 2011, “Most Notable Cyber Security Program or Technology – Government or Military”, will also be continued, in recognition of the emergence of Cyber Security as a vitally important component of overall security for any nation. The winner of this award in 2011 was the National Oceanic and Atmospheric Administration.
The 2012 Awards Program will once again culminate with a gala awards dinner in the fall, at a venue to be announced shortly. In the 2011 program, the “GSN/Raytheon Award for Distinguished Leadership and Innovation” was introduced and presented to Admiral Thad Allen (US Coast Guard-ret.), who came out of retirement twice in recent years to serve his country, first in heading up the federal response to Hurricanes Katrina and Rita, and later in managing the response to the Deepwater Horizon oil spill in the Gulf of Mexico.
In remarks for the 2011 Awards Dinner audience, Admiral Allen said the continuing work of technology companies and first responders was key in any disaster. He urged everyone to become a “lifelong rapid learner” to better cope with disasters, both man-made and natural. He also said “reconciling opportunity and competency” when disaster strikes is essential to any effective recovery, and being on top of the latest, most effective technology is a product of being a lifelong rapid learner. He also said clear communications is also a key to effective response and amplified his call for a nationwide interoperable first responder radio network.
Photos of the 2010 awards reception and dinner are available at www.flickr.com/photos/[email protected]/, and video interviews with Admiral Allen, as well as sponsors and winners in the 2011 Awards program, are available at the GSN Video Center at www.gsnmagazine.com/videocenter.
Entry forms and other information about the 2012 Awards Program are available at www.gsnmagazine.com/hsa2012/welcome.
Government Security News has announced that its 2011 Homeland Security Awards Program will officially open for business and start accepting entries in the program’s 45 awards categories on Tuesday, April 26.
The 2011 program contains a number of exciting new categories, reflecting the dynamically changing threat environment, in all three of the overall awards groupings: Best Vendors of IT Security Products and Solutions, Best Vendors of Physical Security Products and Solutions, and the 2011 Government Excellence Awards.
The cost for each entry in the 2011 program is $295 for vendors of IT security and physical security products and solutions. As in previous years, there is no cost for entries in the 10 categories of awards for federal, state and local government agencies.
Vendors of IT and physical security products and solutions may nominate themselves or be nominated by colleagues or government clients, while government agencies or departments may similarly nominate themselves or be nominated by other agencies, colleagues or vendors.
Adrian Courtenay, Managing Partner of GSN’s parent company, World Business Media, LLC, cited two intriguing new categories in the government sector that have been selected to acknowledge solid “boots on the ground” achievements of federal, state or local agencies in responding to emergencies, countering terrorism and stopping crime. These categories are “Most Notable Emergency Response Implementation – Federal, State or Local” and “Most Notable Law Enforcement Interdiction, Arrest or Counter Terrorism Program – Federal, State or Local.”
Acknowledging the increasing importance of cyber security and the threat of cyber war among nation-states, Courtenay also pointed out that the government awards in 2010 have been expanded to include a category titled, “Most Notable Cyber Security Program or Technology – Government or Military.”
Returning for its third year as a sponsor of the GSN Awards Program is founding sponsor ArcSight, now a business unit of Hewlett Packard Software and Solutions, whose enterprise threat and risk platform is an integrated product for collecting, analyzing and assessing security and risk information. ArcSight is also a repeat winner in the GSN awards program for its Security Incident Event Management (SIEM) products for collecting, analyzing and assessing security incident event information.
Also returning as event sponsors are General Dynamics C4, located in Phoenix, AZ, a major developer and integrator of secure communications and information systems and technology; and Mutualink, another GSN award winner, which creates networks of interoperable communities that can instantly share radio, voice, text, video and data files, and telephone communications in a secure environment.
The fourth and final sponsor to date in the 2011 Awards Program is Behavioral Recognition Systems, Inc., of Houston, TX, also known as BRS Labs, whose software uses the fascinating, scientifically developed cognitive reasoning and artificial intelligence of behavioral analytics to leverage a stream of intelligence from millions of surveillance cameras worldwide, in order to provide alerts regarding abnormal or suspicious behavior.
Profiles of each of the 2011 sponsors will be posted on the GSN Web site in the coming weeks.
Additional companies or organizations interested in joining the ranks of 2011 sponsors of the GSN 2011 Homeland Security Awards Program should contact GSN Publisher and World Business Media President, Edward Tyler, at 212-344-0759, ext. 2001.
According to Courtenay, the 2011 Awards Program will culminate with the annual awards dinner in early November at a venue to be announced shortly. “It’s going to be hard to top last year’s elegant dinner and spectacular after-dinner keynote presentation by four-star General Barry McCaffrey (USA-Ret.). But we’re going to try!”
In 2010, the GSN awards were presented to a sold-out ballroom at the JW Marriott Hotel in Washington, DC, that included many distinguished government and military officials, academics, law enforcement and public safety professionals from across the country, along with the systems integrators, defense contractors and vendors of products and solutions used in homeland security.
Photos of the 2010 awards reception and dinner are available at:
Further information and entry forms for the 2011 Awards Program are available at:
Greg Oslan, President and CEO of Narus corporation, say Narus’s software provides real-time traffic intelligence that helps carriers, service providers and governments around the world protect and manage large, complex networks. Although the Internet is still in its infancy, Internet crime is a global issue, and it is time to set up a global ecosystem and police force. Global criminal behavior and cyber warfare may be death by a thousand papercuts, he states, but it is still death.
Despite official murmurings a few months ago that the fiscal year 2011 budget request for DHS might decline slightly, the budget package unveiled on February 1 actually shows a three percent increase in “discretionary spending” by DHS in 2011, versus the prior year, and modest growth, at approximately the predicted rate of inflation, in the outer years.
“The total fiscal year 2011 budget request for DHS, including fee funded and mandatory spending, is $56.3 billion, a two percent increase over the fiscal year 2010 enacted level,” said Peggy Sherry, the acting chief financial officer at DHS, in a telephone conference call with journalists on February 1. “The department’s fiscal year 2011 net discretionary or appropriated funding request is $43.6 billion, an increase of three percent over the fiscal year 2010 enacted level.”
In releasing his overall budget request, President Obama proposed a freeze in government spending for a portion of the discretionary domestic spending plan for three years, but he specifically exempted homeland security expenditures from that freeze. “It won’t apply to our national security – including benefits for veterans,” said Obama in remarks he made in the White House on February 1.
Some observers speculated that the slight bump up in DHS spending may have resulted from the nationwide trauma caused by the failed Christmas Day underwear bombing attempt, and the urgent call for stronger screening measures at the country’s airports. However, a DHS official who participated on the conference call with journalists, but requested anonymity, would not attribute the budget increase to that terrorist attack.
“As part of the budget process, we examined different scenarios and options,” explained the official. “Those are discussions that are internal to the Administration and what you see in the budget release today is the end product of all those budget deliberations.”
Among the thousands of individual line-items for specific programs and planned procurements are the following highlights:
Advanced imaging systems – The 2011 budget requests an additional $214.1 million to install about 500 extra advance imaging technology machines at airport checkpoints, above and beyond the 500 systems that had already been planned. These funds will place such whole body scanners in 75 percent of the country’s largest airports, said Sherry.
Explosive detection – Beyond body scanners, DHS will seek an additional $85 million to bolster international flight coverage by federal air marshals, an increase in $60 million for an additional 800 explosive trace detection machines and a $71 million bump up to pay for an additional 275 K-9 teams at airport check points.
Border Patrol – The new budget envisions a decrease of 180 personnel in the ranks of the Border Patrol, which will be achieved largely through attrition. A DHS official suggested that the overall operating effectiveness of the Border Patrol will not be affected by this decline in personnel slots because the Border Patrol has almost doubled in size during the past five years. “A lot of the agent workforce, the substantial portion of it, has only a couple of years experience,” said this DHS official. “As they become more seasoned and more mature in their jobs, their effectiveness will increase, and because we are not doing the extensive hiring of 2,000 to 3,000 new agents a year, we can afford to put less into training improvement.”
Cyber-security – By contrast, DHS is planning a substantial beef-up in its cyber-security efforts. The new budget seeks $379 million to develop the National Cyber Security Division, which will attempt to safeguard the dot.gov and dot.com domains, and limit the nation’s vulnerability to computer attacks. DHS wants to add another $5 million to the $5 million that was in last year’s budget for the National Cyber Security Center, which one DHS official characterized as “still in its infancy.” The budget envisions an increase in the Center’s staffing to 40 people and the enhancement of its expertise, so it can integrate with other cyber-centers throughout the federal government.
Terror trials – Contrary to media reports that a terror trial in Manhattan might require a billion dollars in security measures, the 2011 budget request for DHS includes only $200 million for such security measures, which would be available through the traditional urban area grant programs. “The department took a look at it and we think $200 million is really our best estimate of the costs,” said the DHS official.
Federal contracting – In what it calls “re-balancing the workforce,” DHS is planning to rely less on outside vendors and more on internally recruited and trained personnel, particularly in the areas of cyber-security -- where DHS is authorized to hire as many as 1,000 new cyber-specialists – and the intelligence work often referred to as “connecting the dots.” “In our analysis and operations activity, we have a major increase in the number of feds doing intelligence type work,” said Sherry.
Coast Guard – A DHS fact sheet issued by the Office of Management and Budget points out that the budget request includes $538 million for a fifth National Security Cutter and $240 million to produce four new Fast Response Cutters. Even so, the new budget seeks funds for 1,100 fewer active duty Coast Guard personnel. “We are looking to reorganize and restructure certain elements of the Coast Guard to create greater efficiency,” explained a DHS official, “and there are obviously tradeoffs made as part of that to ensure we could continue to recapitalize the Coast Guard.”
President Obama’s budget request was delivered to Capitol Hill and will now undergo months of scrutiny by lawmakers. Fiscal year 2011 begins officially on October 1, 2010.
Honeywell Announces Multi-Site Industrial Cybersecurity Solution to Meet Needs of Connected Operations
Honeywell (NYSE: HON) today announced a software solution to provide cybersecurity to industrial customers who manage diverse process control networks, sites and vendors. As customers continue their digital transformation and their industrial sites become more connected, integrating cybersecurity has become even more critical.
The multi-site solution for cybersecurity management is based on Honeywell's ICS Shield™, which provides a top-down operational technology (OT) security management solution for securing connected industrial control system (ICS) environments with multiple physical sites and multiple automation equipment types. It also enables secure management of remote field assets through a single security operations center. Honeywell integrated and enhanced ICS Shield technology following its acquisition of Nextnine in 2017, and the solution has become the ICS cybersecurity platform of choice with more than 1 million industrial nodes managed globally.
"With industrial companies connecting operations worldwide to drive greater efficiencies, there's a real need for multi-site cybersecurity technologies designed for ICS environments," said Jeff Zindel, vice president and general manager of Honeywell Industrial Cybersecurity. "As a trusted partner to critical infrastructure providers for more than 50 years, Honeywell offers an industry-proven solution for enterprise-wide cybersecurity with a secure, vendor-agnostic approach that strengthens industrial cybersecurity defenses and lowers operational risks."
For companies facing internal cybersecurity skills and resource shortages, Honeywell Managed Security Services can help install, configure, and continually manage ICS Shield, allowing customers to focus on running their operations. Servicing more than 400 customers worldwide, Managed Security Services provide secure remote access, automated patching, continuous monitoring and incident response along with firewall and intrusion detection system management capabilities. These services expedite the ability of industrial companies to close major security gaps, and unlike pure IT solutions, ensure that industrial security experts carefully balance manufacturing and production priorities with security requirements. In addition, knowledge transfer from Honeywell experts improves customers' cybersecurity capabilities in the long term.
Honeywell is the leading provider of cybersecurity solutions that protect industrial assets, operations and people from digital age threats. With more than 15 years of industrial cybersecurity expertise and more than 50 years of industrial domain expertise, Honeywell combines proven cybersecurity technology and industrial know-how to maximize productivity, reliability and safety.
Visit Honeywell Industrial Cyber Security Solutions for more information.
Honeywell Process Solutions (www.honeywellprocess.com) is a pioneer in automation control, instrumentation and services for the oil and gas; refining; energy; pulp and paper; industrial power generation; chemicals and petrochemicals; biofuels; life sciences; and metals, minerals and mining industries. It is also a leader in providing software solutions and instrumentation that help manufacturers find value and competitive advantage through Honeywell Connected Plant, Honeywell's Industrial Internet of Things (IIoT) solution. Process Solutions is part of Honeywell's Performance Materials and Technologies strategic business group, which also includes Honeywell UOP (www.uop.com), a leading international supplier and licensor of process technology, catalysts, adsorbents, equipment, and consulting services to the petroleum refining, petrochemical, and gas processing industries.
Honeywell (www.honeywell.com) is a Fortune 100 software-industrial company that delivers industry specific solutions that include aerospace and automotive products and services; control technologies for buildings, homes, and industry; and performance materials globally. Our technologies help everything from aircraft, cars, homes and buildings, manufacturing plants, supply chains, and workers become more connected to make our world smarter, safer, and more sustainable. For more news and information on Honeywell, please visit www.honeywell.com/newsroom.
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with two families of malware used by the North Korean government:
- a remote access tool (RAT), commonly known as Joanap; and
- a Server Message Block (SMB) worm, commonly known as Brambul.
The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.
FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and enable network exploitation. DHS and FBI are distributing these IP addresses and other IOCs to enable network defense and reduce exposure to any North Korean government malicious cyber activity.
This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on how to report incidents. If users or administrators detect activity associated with these malware families, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.
See the following links for a downloadable copy of IOCs:
NCCIC conducted analysis on four malware samples and produced a Malware Analysis Report (MAR). MAR-10135536.3 – RAT/Worm examines the tactics, techniques, and procedures observed in the malware. Visit MAR-10135536.3 – HIDDEN COBRA RAT/Worm for the report and associated IOCs.
According to reporting of trusted third parties, HIDDEN COBRA actors have likely been using both Joanap and Brambul malware since at least 2009 to target multiple victims globally and in the United States—including the media, aerospace, financial, and critical infrastructure sectors. Users and administrators should review the information related to Joanap and Brambul from the Operation Blockbuster Destructive Malware Report  in conjunction with the IP addresses listed in the .csv and .stix files provided within this alert. Like many of the families of malware used by HIDDEN COBRA actors, Joanap, Brambul, and other previously reported custom malware tools, may be found on compromised network nodes. Each malware tool has different purposes and functionalities.
Joanap malware is a fully functional RAT that is able to receive multiple commands, which can be issued by HIDDEN COBRA actors remotely from a command and control server. Joanap typically infects a system as a file dropped by other HIDDEN COBRA malware, which users unknowingly downloaded either when they visit sites compromised by HIDDEN COBRA actors, or when they open malicious email attachments.
During analysis of the infrastructure used by Joanap malware, the U.S. Government identified 87 compromised network nodes. The countries in which the infected IP addresses are registered are as follows:
Malware often infects servers and systems without the knowledge of system users and owners. If the malware can establish persistence, it could move laterally through a victim’s network and any connected networks to infect nodes beyond those identified in this alert.
Brambul malware is a brute-force authentication worm that spreads through SMB shares. SMBs enable shared access to files between users on a network. Brambul malware typically spreads by using a list of hard-coded login credentials to launch a brute-force password attack against an SMB protocol for access to a victim’s networks.
Joanap is a two-stage malware used to establish peer-to-peer communications and to manage botnets designed to enable other operations. Joanap malware provides HIDDEN COBRA actors with the ability to exfiltrate data, drop and run secondary payloads, and initialize proxy communications on a compromised Windows device. Other notable functions include
- file management,
- process management,
- creation and deletion of directories, and
- node management.
Analysis indicates the malware encodes data using Rivest Cipher 4 encryption to protect its communication with HIDDEN COBRA actors. Once installed, the malware creates a log entry within the Windows System Directory in a file named mssscardprv.ax. HIDDEN COBRA actors use this file to capture and store victims’ information such as the host IP address, host name, and the current system time.
Brambul malware is a malicious Windows 32-bit SMB worm that functions as a service dynamic link library file or a portable executable file often dropped and installed onto victims’ networks by dropper malware. When executed, the malware attempts to establish contact with victim systems and IP addresses on victims’ local subnets. If successful, the application attempts to gain unauthorized access via the SMB protocol (ports 139 and 445) by launching brute-force password attacks using a list of embedded passwords. Additionally, the malware generates random IP addresses for further attacks.
Analysts suspect the malware targets insecure or unsecured user accounts and spreads through poorly secured network shares. Once the malware establishes unauthorized access on the victim’s systems, it communicates information about victim’s systems to HIDDEN COBRA actors using malicious email addresses. This information includes the IP address and host name—as well as the username and password—of each victim’s system. HIDDEN COBRA actors can use this information to remotely access a compromised system via the SMB protocol.
Analysis of a newer variant of Brambul malware identified the following built-in functions for remote operations:
- harvesting system information,
- accepting command-line arguments,
- generating and executing a suicide script,
- propagating across the network using SMB,
- brute forcing SMB login credentials, and
- generating Simple Mail Transport Protocol email messages containing target host system information.
Detection and Response
This alert’s IOC files provide HIDDEN COBRA IOCs related to Joanap and Brambul. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.
When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.
A successful network intrusion can have severe impacts, particularly if the compromise becomes public. Possible impacts include
- temporary or permanent loss of sensitive or proprietary information,
- disruption to regular operations,
- financial losses incurred to restore systems and files, and
- potential harm to an organization’s reputation.
DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:
- Keep operating systems and software up-to-date with the latest patches. Most attacks target vulnerable applications and operating systems. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
- Maintain up-to-date antivirus software, and scan all software downloaded from the internet before executing.
- Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of least privilege to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
- Scan for and remove suspicious email attachments. If a user opens a malicious attachment and enables macros, embedded code will execute the malware on the machine. Enterprises and organizations should consider blocking email messages from suspicious sources that contain attachments. For information on safely handling email attachments, see Using Caution with Email Attachments. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
- Disable Microsoft’s File and Printer Sharing service, if not required by the user’s organization. If this service is required, use strong passwords or Active Directory authentication. See Choosing and Protecting Passwords for more information on creating strong passwords.
- Enable a personal firewall on organization workstations and configure it to deny unsolicited connection requests.
Response to Unauthorized Network Access
Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC ([email protected] or 888-282-0870), FBI through a local field office, or FBI’s Cyber Division ([email protected] or 855-292-3937).
- May 29, 2018: Initial version
Claroty Commended by Frost & Sullivan for Dominating the OT Network Protection Market with Its Holistic Security Platform
SANTA CLARA, Calif., May 29, 2018 -- Based on its recent analysis of the North American operational technology (OT) network protection platform market, Frost & Sullivan recognizes Claroty with the 2018 North American Entrepreneurial Company of the Year Award for consolidating its position in the industrial cybersecurity market. Claroty delivers unmatched product value through its holistic enterprise-class OT security platform, which supports the open and proprietary protocols of all major industrial control systems (ICS) equipment vendors. It offers engineers, operators, and cybersecurity professionals the deepest visibility into their OT networks and full protection of their ICS, supervisory control and data acquisition (SCADA), and Industrial Internet of Things (IIoT) assets.
Click here for the full multimedia experience of this release - http://bit.ly/2x8L2Sj
"Claroty's platform performs continuous, real-time monitoring to deliver a range of benefits including context-rich alerts, non-intrusive monitoring, access policy enforcement and control, and agentless deployment to a central management console," said Sankara Narayanan Senior Industry Analyst. "Its continuous threat detection software, installed on a server or run as a virtual machine (VM), connects to a SPAN port on a switch. The solution then views the traffic and makes a copy of it, rather than asking network assets any questions."
Because the solution uses deep packet inspection (DPI), Claroty does not leave a footprint on the industrial network. Instead, it safely monitors ICS network traffic from the outside. This also means that there is zero impact on existing critical ICS or OT systems.
Significantly, Claroty's continuous threat detection software automatically discovers, classifies, and profiles the assets according to IP address, appropriate asset category, and type of communication. It builds an active inventory of assets prior to the threat detection stage, creates a deep profile of the network communication patterns, and uses this information to generate a high-fidelity behavioral baseline model that characterizes legitimate traffic. As soon as an attacker tries to gain a foothold on a server or perform reconnaissance on the network, Claroty will detect the activity as anomalous traffic and provide the system and organization control (SOC) with context-rich alerts.
Another major value proposition from Claroty is risk assessment. It analyzes the risk levels of certain assets and connections on the network and highlights the high-risk elements so customers can quickly secure them. Although competing solutions may be able to find an anomaly and send numerous alerts for every anomaly found, Claroty's solutions pull out far more granular and actionable information. For instance, the product can discern the kind of OT industrial conversations taking place as opposed to only checking the identity of the IP addresses engaged in conversations and the frequency of conversations.
"Claroty's strategic partners include two of the largest industrial control vendors—Rockwell Automation and Schneider Electric—and one of the world's largest networking companies—Cisco. Unlike other vendors, Claroty's platform is the fulcrum of its partners' new managed security services business," noted Sankara Narayanan. "For enhancing the value proposition of its customers and partners, Claroty richly deserves Frost & Sullivan's Entrepreneurial Company of the Year Award."
Each year, Frost & Sullivan presents this award to the company that has demonstrated excellence in devising a strong growth strategy and robustly implementing it. The recipient has shown strength in terms of innovation in products and technologies, leadership in customer value, as well as speed in response to market needs. The award looks at the emerging market players in the industry and recognizes their best practices that are positioned for future growth excellence.
Frost & Sullivan Best Practices awards recognize companies in a variety of regional and global markets for demonstrating outstanding achievement and superior performance in areas such as leadership, technological innovation, customer service, and strategic product development. Industry analysts compare market participants and measure performance through in-depth interviews, analysis, and extensive secondary research to identify best practices in the industry.
Headquartered in New York and launched as the second startup from the famed Team8 foundry, Claroty combines elite management and research teams and deep technical expertise from both IT and OT disciplines, with backing from premier investors such as Bessemer Venture Partners and Innovation Endeavors. With an unmatched understanding of ICS, SCADA and other essential OT/IIoT systems, the Claroty team is building an unparalleled suite of integrated products addressing the full spectrum of cybersecurity protection, control, detection and response requirements. For more information, visit www.claroty.com.
About Frost & Sullivan
Frost & Sullivan, the Growth Partnership Company, works in collaboration with clients to leverage visionary innovation that addresses the global challenges and related growth opportunities that will make or break today's market participants. For more than 50 years, we have been developing growth strategies for the global 1000, emerging businesses, the public sector, and the investment community. Contact us: Start the discussion.
E: [email protected]
SOURCE Frost & Sullivan
May 21, 2018 -- Secretary of Homeland Security Kirstjen M. Nielsen today announced the release of Fiscal Year (FY) 2018 Notices of Funding Opportunity for eight DHS preparedness grant programs totaling more than $1.6 billion. The grant programs provide funding to state, local, tribal, and territorial governments, as well as transportation authorities, nonprofit organizations, and the private sector, to improve the nation’s readiness in preventing, protecting against, responding to, recovering from and mitigating terrorist attacks, major disasters and other emergencies. The grants reflect the Department’s focus on funding for programs that address our nation’s immediate security needs and ensure public safety in our communities.
“The administration remains committed to strengthening the security and resilience of our state and local communities,” said Secretary Nielsen. “The DHS grant programs are flexible by design and will be used to help address evolving threats. They will go toward building and sustaining capabilities across all levels of government and the whole community to maximize preparedness.”
The FY 2018 grant guidance will continue to focus on the nation’s highest risk areas, including urban areas that face the most significant threats. For FY 2018, the Urban Area Security Initiative (UASI) will enhance regional preparedness and capabilities by funding 32 high-threat, high-density urban areas. This represents Congressional intent to limit FY 2018 UASI funding to those Urban Areas that represent up to 85 percent of the nationwide risk, as stated in the Explanatory Statement accompanying the Department of Homeland Security Appropriations Act, 2018 (Pub. L. No. 115-141).
Consistent with previous grant guidance, dedicated funding is provided for law enforcement and terrorism prevention throughout the country to prepare for, prevent and respond to pre-operational activity and other crimes that are precursors or indicators of terrorist activity.
Grant recipients are encouraged to use grant funding to maintain and sustain current critical core capabilities through investments in training and exercises, updates to current planning and procedures, and lifecycle replacement of equipment. New capabilities that are built using homeland security grant funding must be deployable if needed to support regional and national efforts. All capabilities being built or sustained must have a clear linkage to the core capabilities articulated in the National Preparedness Goal.
Preparedness Grant Program Allocations for Fiscal Year 2018:
Emergency Management Performance Grant (EMPG)—provides more than $350 million to assist state, local, tribal, territorial governments in enhancing and sustaining all-hazards emergency management capabilities.
Homeland Security Grant Program (HSGP)—provides more than $1 billion for states and urban areas to prevent, protect against, mitigate, respond to, and recover from acts of terrorism and other threats.
State Homeland Security Program (SHSP)—provides $402 million to support the implementation of risk-driven, capabilities-based State Homeland Security Strategies to address capability targets. States are required to dedicate 25 percent of SHSP funds to law enforcement terrorism prevention activities.
Urban Area Security Initiative (UASI)—provides $580 million to enhance regional preparedness and capabilities in 32 high-threat, high-density areas. States and Urban Areas are required to dedicate 25 percent of UASI funds to law enforcement terrorism prevention activities.
Operation Stonegarden (OPSG)—provides $85 million to enhance cooperation and coordination among local, tribal, territorial, state and federal law enforcement agencies to jointly enhance security along the United States land and water borders.
Since the enactment of the 9/11 Act, FEMA has required states to ensure that at least 25 percent of the total funds awarded to them under SHSP and UASI are dedicated toward law enforcement terrorism prevention activities (LETPA). The total LETPA allocation can be satisfied from SHSP, UASI or both. In addition, states must obligate at least 80 percent of the funds awarded under SHSP and UASI to local or tribal units of government within 45 days of receipt of the funds.
Tribal Homeland Security Grant Program (THSGP)—provides $10 million to eligible tribal nations to implement preparedness initiatives to help strengthen the nation against risk associated with potential terrorist attacks and other hazards.
Nonprofit Security Grant Program (NSGP)—provides $60 million to support target hardening and other physical security enhancements for nonprofit organizations that are at high risk of a terrorist attack. This year, $50 million is provided to nonprofits in UASI-designated urban areas, and $10 million is provided to nonprofits located in any state or territory.
Intercity Passenger Rail - Amtrak (IPR) Program—provides $10 million to protect critical surface transportation infrastructure and the traveling public from acts of terrorism and increase the resilience of the Amtrak rail system.
Port Security Grant Program (PSGP)—provides $100 million to help protect critical port infrastructure from terrorism, enhance maritime domain awareness, improve port-wide maritime security risk management, and maintain or reestablish maritime security mitigation protocols that support port recovery and resiliency capabilities.
Transit Security Grant Program (TSGP)—provides $88 million to owners and operators of transit systems to protect critical surface transportation and the traveling public from acts of terrorism and to increase the resilience of transit infrastructure.
Intercity Bus Security Grant Program (IBSGP)—provides $2 million to owners and operators of intercity bus systems to protect critical surface transportation infrastructure and the traveling public from acts of terrorism and to increase the resilience of transit infrastructure.
All preparedness Notices of Funding Opportunities can be found at www.grants.gov. Final submissions must be made through the Non-Disaster (ND) Grants system located at https://portal.fema.gov.
Further information on DHS’s preparedness grant programs is available at www.dhs.gov and http://www.fema.gov/grants.
# # #
PASADENA, Calif., May 21, 2018 -- Parsons today announced its acquisition of Polaris Alpha, an advanced, technology-focused provider of innovative mission solutions for complex defense, intelligence, and security customers, as well as other U.S. federal government customers. Parsons' acquisition of Polaris Alpha, from private equity firm Arlington Capital Partners, is the latest in the company's series of strategic investments focused on companies with technologies aligned to evolving threats in the land, sea, air, space, and cyber domains.
Parsons' existing artificial intelligence (AI), signals intelligence, and data analytics expertise supporting defensive and offensive cybersecurity missions will be expanded by the integration of Polaris Alpha's machine learning, data, video, multi-source analytics, and automated reasoning technologies. Polaris Alpha's portfolio of electromagnetic (EM) warfare, signals intelligence (SIGINT), space situational awareness, and multi-domain command and control (C2) technologies will significantly increase the scale and scope of Parsons' capabilities and customer relationships. Both companies support the U.S. intelligence community, numerous U.S. Department of Defense agencies, the Department of Homeland Security, and other federal agencies, including the National Aeronautics and Space Administration and the Department of Justice.
"The acquisition of Polaris Alpha is the latest transformative move for Parsons that takes our technology solutions strategy to a new level with customers needing advanced solutions to rapidly evolving threats," said Chuck Harrington, Parsons' Chairman and CEO. "With the integration of Polaris Alpha into Parsons, we enhance our proven artificial intelligence and data analytics expertise with new technologies and solutions, the demand for which is growing exponentially."
Polaris Alpha has more than 1,300 employees, with nearly 90% maintaining security clearances. The company's major office locations are in Colorado Springs, CO; Columbia, MD; Aberdeen, MD; and Fredericksburg, VA; with additional offices, research and development facilities, and onsite customer operations in several other states and the United Kingdom.
"Parsons and Polaris Alpha customers, many of which are common to both companies, will benefit from existing, complementary technologies and increased scale, enabling end-to-end solutions under our shared vision of rapid prototyping and agile development," said Carey Smith, President of Parsons' Federal business unit. "Our integration plan for the two companies is simple: combine Parsons' and Polaris Alpha's capabilities and cultures for the benefit of our customers and employees. We are fully committed to continuing to attract, develop, and retain the best talent in our industry."
Peter Cannito, Polaris Alpha's CEO, added, "The combination of Polaris Alpha into Parsons is a logical continuation of our strategy to deliver highly differentiated technical capabilities for the government's most critical missions. Joining Parsons significantly broadens our access to new markets, solidifies our ability to deliver at scale, and provides a unique opportunity for our employees to continue to have a meaningful role in a transformative culture and premier organization."
Polaris Alpha was formed through Arlington Capital's merger of EOIR Technologies, Intelligent Software Solutions (ISS), and Proteus Technologies. In 2017, Intelesys and Solidyn were added, and in April 2018, 4D was acquired.
"Polaris Alpha has grown rapidly both organically and through strategic acquisitions to become a recognized leader in the space and cyber domains. The strength of the Polaris Alpha management team has enabled the company to combine leading technical capabilities with a deep understanding of its customers' missions while establishing a strong, unified culture," stated Michael Lustbader, a Managing Partner at Arlington Capital. "We are excited to watch many of our key technology and infrastructure investments continue to pay dividends under Parsons' leadership."
David Wodlinger, a Partner at Arlington Capital, added, "Polaris Alpha occupies a unique market position by not only architecting and developing new cutting-edge technologies through its research and development programs, but also efficiently transitioning those same technologies to support the most critical operations conducted by the national security community in the emerging domains of warfare. We are thrilled to have played a role in that strategy and believe Parsons' increased scale and dedication to the same customers can take it to the next level."
Polaris Alpha will become part of Parsons' Federal business unit, led by Carey Smith. Baird advised Parsons on this deal.
Parsons is a digitally enabled solutions provider focused on the defense, security, and infrastructure markets. With nearly 75 years of experience, Parsons is uniquely qualified to deliver cyber-physical security, advanced technology solutions, and other innovative services to federal, regional, and local government agencies, as well as to private industrial customers worldwide. For more about Parsons, visit parsons.com, and follow us on Facebook, Twitter, LinkedIn, and YouTube.