April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Cyber Security

Raytheon, MetTel establish alliance to secure government, industry communications networks

NEW YORK and DULLES, Va., Nov. 16, 2017 -- Raytheon and MetTel today announced a global security alliance to protect government and commercial communications networks against growing cybersecurity threats, including those that exploit the proliferating Internet of Things (IoT). The companies will provide a range of cybersecurity offerings and support the migration from legacy technologies to ensure cybersecurity is designed into the government's telecom infrastructure.

This alliance is well-positioned to support the Administration's IT modernization and cybersecurity priorities, including the emerging security challenges posed by internet-connected devices, including computers, routers and security cameras.

"Security is foremost on everyone's mind today, especially with the constant emergence of new threat forms compounded by the exploding array of devices and network access points," said Ed Fox, vice president of Network Services for MetTel. "The world needs a network that meets the highest government security standards and together, MetTel and Raytheon are committed to delivering that network."

The MetTel-Raytheon alliance will provide a range of managed security services, professional consulting services and technologies to detect, assess and defeat potential intrusions on MetTel-owned or managed customer networks. The principal elements of the agreement include:

  • MetTel and Raytheon will build and operate Managed Trusted Internet Protocol Services for Federal government agencies through the GSA's Enterprise Infrastructure Solutions (EIS) contract. MetTel was named in August 2017 as a vendor for the $50 billion, 15-year award.
  • As part of MetTel's team on the EIS contract, Raytheon will offer cybersecurity experts on a contract basis to Federal agencies for custom consultations, including detailed insight and recommendations for incident remediation and vulnerability testing.
  • In addition, MetTel will employ Raytheon's Automated Threat Intelligence Platform (ATIP) and other advanced managed security services.

Managed Security Services for Federal Agencies
"As Federal agencies and businesses aggressively pursue digital transformation, this alliance will support the security of their data and systems," said John DeSimone, vice president of Cybersecurity and Special Missions for Raytheon Intelligence, Information and Services. "Raytheon will work with MetTel to leverage our 30 years of experience and significant investment in cybersecurity to hunt, detect and remediate advanced cyber threats on government and commercial networks."

Hardening the Network for MetTel and its Customers
In addition to supporting government customers, MetTel will integrate with Raytheon's Virtual Security Operations Center service to provide advanced threat hunting, intrusion analysis, incident notification and triage to safeguard its 10,000 customer locations worldwide.

"As rogue governments, nation-states and independent cyber criminals increasingly focus their attacks on commercial industry targets, the need becomes apparent for the combined forces of MetTel and Raytheon with our proven success in security and network management," Fox added.

Webinar – "2018 Security Threats: What's next…and will you be ready?"
Join MetTel and Raytheon for a joint webinar on Wednesday, December 6, 2017 @ 2:00pm ET. Register here: http://bit.ly/2zWJVFG

About MetTel
MetTel® is a leading global provider of integrated digital communications solutions for enterprise customers. By converging all communications over a proprietary network, MetTel enables enterprise companies to easily deploy and manage technology-driven voice, data, wireless and cloud solutions worldwide. MetTel's comprehensive portfolio of customer solutions boosts enterprise productivity, reduces costs and simplifies operations. Combining customized and managed communication solutions with a powerful platform of cloud-based software, the company's MetTel Portal enables customers to manage their inventory, usage, spend and repairs from one simple, user friendly interface. For more information visit www.mettel.net, follow us on Twitter (@OneMetTel) and on LinkedIn, or call us directly at 877.963.8663.   MetTel. Smart Communications Solutions.™

About Raytheon
Raytheon Company, with 2016 sales of $24 billion and 63,000 employees, is a technology and innovation leader specializing in defense, civil government and cybersecurity solutions. With a history of innovation spanning 95 years, Raytheon provides state-of-the-art electronics, mission systems integration, C5I products and services, sensing, effects, and mission support for customers in more than 80 countries. Raytheon is headquartered in Waltham, Massachusetts. Follow us on Twitter @Raytheon.

Media Contacts
Raytheon
Ellen Klicka
571.250.1029
[email protected] 

MetTel
Mike Azzi
347.420.0957 
[email protected]

SOURCE MetTel

US-CERT Alert: HIDDEN COBRA - North Korean Malicious Cyber Activity

Alert (TA17-318B)
HIDDEN COBRA – North Korean Trojan: Volgmer


Original release date: November 14, 2017 | Last revised: November 15, 2017

Systems Affected


Network systems
Overview
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS and FBI identified Internet Protocol (IP) addresses and other indicators of compromise (IOCs) associated with a Trojan malware variant used by the North Korean government—commonly known as Volgmer. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.
FBI has high confidence that HIDDEN COBRA actors are using the IP addresses—listed in this report’s IOC files—to maintain a presence on victims’ networks and to further network exploitation. DHS and FBI are distributing these IP addresses to enable network defense and reduce exposure to North Korean government malicious cyber activity.
This alert includes IOCs related to HIDDEN COBRA, IP addresses linked to systems infected with Volgmer malware, malware descriptions, and associated signatures. This alert also includes suggested response actions to the IOCs provided, recommended mitigation techniques, and information on reporting incidents. If users or administrators detect activity associated with the Volgmer malware, they should immediately flag it, report it to the DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch), and give it the highest priority for enhanced mitigation.
For a downloadable copy of IOCs, see:
IOCs (.csv)
IOCs (.stix)
NCCIC conducted analysis on five files associated with or identified as Volgmer malware and produced a Malware Analysis Report (MAR). MAR-10135536-D examines the tactics, techniques, and procedures observed. For a downloadable copy of the MAR, see:
MAR (.pdf)
MAR IOCs (.stix)
Description
Volgmer is a backdoor Trojan designed to provide covert access to a compromised system. Since at least 2013, HIDDEN COBRA actors have been observed using Volgmer malware in the wild to target the government, financial, automotive, and media industries.
It is suspected that spear phishing is the primary delivery mechanism for Volgmer infections; however, HIDDEN COBRA actors use a suite of custom tools, some of which could also be used to initially compromise a system. Therefore, it is possible that additional HIDDEN COBRA malware may be present on network infrastructure compromised with Volgmer
The U.S. Government has analyzed Volgmer’s infrastructure and have identified it on systems using both dynamic and static IP addresses. At least 94 static IP addresses were identified, as well as dynamic IP addresses registered across various countries. The greatest concentrations of dynamic IPs addresses are identified below by approximate percentage:
India (772 IPs) 25.4 percent
Iran (373 IPs) 12.3 percent
Pakistan (343 IPs) 11.3 percent
Saudi Arabia (182 IPs) 6 percent
Taiwan (169 IPs) 5.6 percent
Thailand (140 IPs) 4.6 percent
Sri Lanka (121 IPs) 4 percent
China (82 IPs, including Hong Kong (12)) 2.7 percent
Vietnam (80 IPs) 2.6 percent
Indonesia (68 IPs) 2.2 percent
Russia (68 IPs) 2.2 percent


Technical Details
As a backdoor Trojan, Volgmer has several capabilities including: gathering system information, updating service registry keys, downloading and uploading files, executing commands, terminating processes, and listing directories. In one of the samples received for analysis, the US-CERT Code Analysis Team observed botnet controller functionality.
Volgmer payloads have been observed in 32-bit form as either executables or dynamic-link library (.dll) files. The malware uses a custom binary protocol to beacon back to the command and control (C2) server, often via TCP port 8080 or 8088, with some payloads implementing Secure Socket Layer (SSL) encryption to obfuscate communications.
Malicious actors commonly maintain persistence on a victim’s system by installing the malware-as-a-service. Volgmer queries the system and randomly selects a service in which to install a copy of itself. The malware then overwrites the ServiceDLL entry in the selected service's registry entry. In some cases, HIDDEN COBRA actors give the created service a pseudo-random name that may be composed of various hardcoded words.
Detection and Response
This alert’s IOC files provide HIDDEN COBRA indicators related to Volgmer. DHS and FBI recommend that network administrators review the information provided, identify whether any of the provided IP addresses fall within their organizations’ allocated IP address space, and—if found—take necessary measures to remove the malware.
When reviewing network perimeter logs for the IP addresses, organizations may find instances of these IP addresses attempting to connect to their systems. Upon reviewing the traffic from these IP addresses, system owners may find some traffic relates to malicious activity and some traffic relates to legitimate activity.
Network Signatures and Host-Based Rules
This section contains network signatures and host-based rules that can be used to detect malicious activity associated with HIDDEN COBRA actors. Although created using a comprehensive vetting process, the possibility of false positives always remains. These signatures and rules should be used to supplement analysis and should not be used as a sole source of attributing this activity to HIDDEN COBRA actors.
Network Signatures
alert tcp any any -> any any (msg:"Malformed_UA"; content:"User-Agent: Mozillar/"; depth:500; sid:99999999;)
___________________________________________________________________________________________________
YARA Rules
rule volgmer
{
meta:
    description = "Malformed User Agent"
strings:
    $s = "Mozillar/"
condition:
    (uint16(0) == 0x5A4D and uint16(uint32(0x3c)) == 0x4550) and $s
}
Impact
A successful network intrusion can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include
temporary or permanent loss of sensitive or proprietary information,
disruption to regular operations,
financial losses incurred to restore systems and files, and
potential harm to an organization’s reputation.
Solution


Mitigation Strategies
DHS recommends that users and administrators use the following best practices as preventive measures to protect their computer networks:
Use application whitelisting to help prevent malicious software and unapproved programs from running. Application whitelisting is one of the best security strategies as it allows only specified programs to run, while blocking all others, including malicious software.
Keep operating systems and software up-to-date with the latest patches. Vulnerable applications and operating systems are the target of most attacks. Patching with the latest updates greatly reduces the number of exploitable entry points available to an attacker.
Maintain up-to-date antivirus software, and scan all software downloaded from the Internet before executing.
Restrict users’ abilities (permissions) to install and run unwanted software applications, and apply the principle of “least privilege” to all systems and services. Restricting these privileges may prevent malware from running or limit its capability to spread through the network.
Avoid enabling macros from email attachments. If a user opens the attachment and enables macros, embedded code will execute the malware on the machine. For enterprises or organizations, it may be best to block email messages with attachments from suspicious sources. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.
Do not follow unsolicited web links in emails. See Avoiding Social Engineering and Phishing Attacks for more information.


Response to Unauthorized Network Access
Contact DHS or your local FBI office immediately. To report an intrusion and request resources for incident response or technical assistance, contact DHS NCCIC ([email protected](link sends e-mail) or 888-282-0870), FBI through a local field office, or the FBI’s Cyber Division ([email protected](link sends e-mail) or 855-292-3937).
References
Revisions
November 14, 2017: Initial version

HIDDEN COBRA - North Korean Malicious Cyber Activity
The information contained on this page is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) to provide technical details on the tools and infrastructure used by cyber actors of the North Korean government. The intent of sharing this information is to enable network defenders to identify and reduce exposure to North Korean government cyber activity. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA.

For more information, see:
November 14, 2017: Alert (TA17-318A) HIDDEN COBRA – North Korean Remote Administration Tool: FALLCHILL
November 14, 2017: Alert (TA17-318B) HIDDEN COBRA – North Korean Trojan: Volgmer
August 23, 2017: Malware Analysis Report (MAR-10132963) – Analysis of Delta Charlie Attack Malware
June 13, 2017: Alert (TA17-164A) HIDDEN COBRA – North Korea’s DDoS Botnet Infrastructure

Lockheed Martin Honors Two Wounded Army Veterans through Scholarship Program

PORTLAND, Maine, Nov. 13, 2017 -- The Beacon Group welcomes Major General James "Jim" Madora, as Senior Advisor for Beacon's Aerospace, Defense & Government practice. Major General Madora will work alongside Senior Vice President Matt Keegan and Beacon's President and CEO Cliff Farrah. Major General Jim Madora is a retired Army Major General who has over 10 years' experience in the defense industry.

"I am really looking forward to having Jim on the team.  I am certain he will offer sage wisdom and experience.  His expertise in air defense, national security, and business will help us provide our clients with top notch strategies," says Senior Vice President and ADG practice leader Matt Keegan.

Major General Madora has had a distinguished career in the United States Army.  His last assignment before retirement was as Director of Army Program Analysis and Evaluation, in the office of the Deputy Chief of Staff for Programs and Resources.  In this role, he developed Army funding strategy and the 6 year $500B Army Program / Budget Plan.  During his career, Major General Madora commanded at platoon, company, battalion, brigade and general officer level.  He is a combat veteran and his numerous military awards include the Distinguished Service Medal, Defense Meritorious Service Medal, 6 awards of the Legion of Merit, 3 awards of the Bronze Star and 3 awards of the Army Meritorious Medal.

"Major General Madora's addition to the team is a wonderful way to position the firm for our activities in 2018. As we recently observed Veterans Day, our firm is grateful for the opportunity to work with some of our country's finest and most knowledgeable veterans through our Senior Advisor Program. Major General Madora exemplifies the thought leadership and strategy acumen our clients value so highly," said Cliff Farrah, Beacon's President and CEO.  

Originally from Wilmington, Delaware, Jim is a graduate of the United States Military Academy at West Point.  He also holds a Master's Degree in Mathematics and a Master's Degree in Operations Research and Statistics from Rensselaer Polytechnic Institute and a Master's Degree in Business Administration from Long Island University.  In addition, he received a State Department Fellowship to serve as the Army's representative to the United States State Department Senior Executive Seminar.  Major military schools attended include the United States Marine Corps Amphibious Warfare School, Army Command and General Staff College and the National War College.

Media Contact: Natalie Barr, [email protected]

Blue Ridge Networks to Demo BorderGuard Suite of Products and AppGuard at the Capital Cybersecurity Summit

The Capital Cybersecurity Summit will take place at The Ritz-Carlton, Tysons Corner and will feature distinguished keynote speakers and panels offering insights on emerging cybersecurity technologies, digital solutions, operations and enforcement from the private sector and government perspectives. FBI Cyber Division Deputy Assistant Director Howard Marshall will keynote the Summit's opening reception on November 14.

Blue Ridge will offer hands-on demonstrations of both its BorderGuard and AppGuard solutions.

Blue Ridge's BorderGuard suite of products isolate and contain operational technology (OT) and Industrial IoT (IIoT) systems and networks from larger enterprise network vulnerabilities by virtually overlaying existing networking environments, creating trusted enclaves that prevent unauthorized access and contain all communications within trusted environments. OT and IIoT devices within the BorderGuard-enabled enclave are not discoverable or addressable from other networks. By using an overlay approach, BorderGuard deployments do not require changes to network infrastructure. The products allow authorized remote access to devices, while maintaining multi-layer isolation from IT networks and even the endpoint PC used for access. This provides extensive protection against insider threats as well as malicious end-users, while allowing secure remote access.

AppGuard prevents malware from detonating without requiring scanning, updates, or signature-based detection, which can be easily defeated by new emerging undetectable malware attacks. It delivers valuable Indicators of Attack (IOA) well in advance of conventional detection, response, and containment products which typically rely on detecting and identifying Indicators of Compromise (IOC) after a compromise has already occurred.

For more information, visit:  www.blueridgenetworks.com or contact us at [email protected]

ABOUT BLUE RIDGE NETWORKS
Based in Northern Virginia, Blue Ridge Networks is a visionary cybersecurity pioneer providing proven network breach prevention, secure remote access, and endpoint security solutions. Its BorderGuard suite of products isolate, contain, and protect operational technology and information technology systems by creating trusted enclaves that prevent unauthorized access and contain network sessions for remote sites, users, and Industrial IoT devices.  Blue Ridge also provides AppGuard, an award-winning endpoint breach prevention solution that stops malware from detonating without requiring detection, scanning, or updates, thus preventing breaches from occurring that are undetectable and unstoppable by other methods. Blue Ridge solutions have protected critical operations for some of the largest US government, financial, infrastructure, and healthcare customers for more than twenty years with no reported breaches.

Cybersecurity Leaders to Probe Growing Threats to Our Political Campaigns and Electoral Process

BROOKLYN, N.Y., Nov. 13, 2017  -- The latest in a long-running series of open lectures on cybersecurity at the NYU Tandon School of Engineering will unveil the growing intensity of cyber threat to the applications and systems supporting our national, state, and local elections.

 

The lecture, entitled "Democracy Confronts Cyber Insecurity," will be given by Ed Amoroso, newly appointed distinguished research professor at NYU Tandon and the NYU Center for Cyber Security. The former chief security officer of AT&T Services and an advisor to four presidential administrations, Amoroso is the CEO of TAG Cyber LLC, a global cybersecurity advisory, training, consulting, and media services company supporting hundreds of companies across the world.

During his lecture, Amoroso will probe critical risks to our infrastructure, survey how major political parties grapple with issues of cybersecurity, look back at previous presidential administrations and their security concerns, and offer advice on protecting our electoral systems from hacking.

A panel discussion will follow, featuring Austin Berglas, formerly of the FBI and now co-head of managed services and incident response at BlueteamGlobal; Tracie Grella, global head of cyber risk insurance at AIG;  Michael Higgins, chief information security officer of NBCUniversal; and Rick Howard, chief security officer of Palo Alto Networks. The experts will tackle the critical issue of how businesses and governments mitigate external digital risks to social, mobile, and web services. NYU Tandon Associate Professor of Computer Science and Engineering Justin Cappos will moderate.

The event will take place at the NYU Tandon School of Engineering in Downtown Brooklyn on Thursday, November 16, 2017, from 3 to 5:30 pm.

"Security issues increasingly arise outside the enterprise perimeter, often manifesting in social media botnets, malware-laden email payloads, and infected mobile apps," explained Amoroso, who has written six books and dozens of major papers on cybersecurity, holds 10 patents related to the field, and worked with four presidential administrations on national security and policy. "While enterprise teams have developed their skills to protect corporate and enterprise assets, dealing with security issues on the public Internet requires a different way of thinking."

Sponsored for the first time by AIG, the event is the ninth in a series on cybersecurity and privacy at NYU Tandon. The series has consistently drawn high-level representatives of New York's regional businesses, government agencies, nonprofits, academic institutions, media, and concerned members of the public.

"Our students and researchers are at the forefront of building more secure cyber technologies, and in the face of increasing cyber risks that have the potential to undermine systems and processes that we hold dear, their work has never been more vital," NYU Tandon School of Engineering Dean Katepalli R. Sreenivasan said. "We are honored to be affiliated with Ed Amoroso and proud to be hosting him and our esteemed panelists at this important and timely event."

Admission to the event is free, but space is limited, and registration is required. For more information and to register to attend or to view the live stream, visit http://engineering.nyu.edu/events/2017/11/16/democracy-confronts-cyber-security. Viewers may submit questions for the panelists during the lecture at [email protected] or on Twitter @cyberlecture. Follow discussions at #NYUCyberLecture.

The NYU School of Engineering is an internationally recognized center for cybersecurity research, education, and policy. It has received all three Center of Excellence designations from the National Security Agency and the United States Cyber Command.  The School of Engineering joined with other NYU schools to form the Center for Cybersecurity. The consortium researches new approaches to security and privacy by combining security technology, psychology, law, public policy, and business. NYU Tandon's online master's program in cybersecurity was named the outstanding online program in the nation by the organization Sloan-C (now the Online Learning Consortium).

About the NYU Center for Cybersecurity

The NYU Center for Cybersecurity (CCS) is an interdisciplinary research institute dedicated to training the current and future generations of cybersecurity professionals and to shaping the public discourse and policy, legal, and technological landscape on issues of cybersecurity. It is a collaboration between NYU School of Law, NYU Tandon School of Engineering, and other NYU schools and departments. Its wide range of activities include student scholarships, interdisciplinary research, teaching, and educational events. For more information, visit http://cyber.nyu.edu.

About the New York University Tandon School of Engineering

The NYU Tandon School of Engineering dates to 1854, the founding date for both the New York University School of Civil Engineering and Architecture and the Brooklyn Collegiate and Polytechnic Institute (widely known as Brooklyn Poly). A January 2014 merger created a comprehensive school of education and research in engineering and applied sciences, rooted in a tradition of invention and entrepreneurship and dedicated to furthering technology in service to society. In addition to its main location in Brooklyn, NYU Tandon collaborates with other schools within NYU, the country's largest private research university, and is closely connected to engineering programs at NYU Abu Dhabi and NYU Shanghai. It operates Future Labs focused on start-up businesses in downtown Manhattan and Brooklyn and an award-winning online graduate program. For more information, visit http://engineering.nyu.edu.

www.facebook.com/nyutandon 

@NYUTandon

Blue Ridge Networks to Demo BorderGuard Suite of Products and AppGuard at the Capital Cybersecurity Summit

CHANTILLY, Va., Nov. 13, 2017 -- Blue Ridge Networks announced today that it will be exhibiting and providing demonstrations of its BorderGuard and AppGuard cybersecurity solutions at the second annual Capital Cybersecurity Summit on November 14-15, 2017, at Booth #36.

The Capital Cybersecurity Summit will take place at The Ritz-Carlton, Tysons Corner and will feature distinguished keynote speakers and panels offering insights on emerging cybersecurity technologies, digital solutions, operations and enforcement from the private sector and government perspectives. FBI Cyber Division Deputy Assistant Director Howard Marshall will keynote the Summit's opening reception on November 14.

Blue Ridge will offer hands-on demonstrations of both its BorderGuard and AppGuard solutions.

Blue Ridge's BorderGuard suite of products isolate and contain operational technology (OT) and Industrial IoT (IIoT) systems and networks from larger enterprise network vulnerabilities by virtually overlaying existing networking environments, creating trusted enclaves that prevent unauthorized access and contain all communications within trusted environments. OT and IIoT devices within the BorderGuard-enabled enclave are not discoverable or addressable from other networks. By using an overlay approach, BorderGuard deployments do not require changes to network infrastructure. The products allow authorized remote access to devices, while maintaining multi-layer isolation from IT networks and even the endpoint PC used for access. This provides extensive protection against insider threats as well as malicious end-users, while allowing secure remote access.

AppGuard prevents malware from detonating without requiring scanning, updates, or signature-based detection, which can be easily defeated by new emerging undetectable malware attacks. It delivers valuable Indicators of Attack (IOA) well in advance of conventional detection, response, and containment products which typically rely on detecting and identifying Indicators of Compromise (IOC) after a compromise has already occurred.

For more information, visit:  www.blueridgenetworks.com or contact us at [email protected]

ABOUT BLUE RIDGE NETWORKS
Based in Northern Virginia, Blue Ridge Networks is a visionary cybersecurity pioneer providing proven network breach prevention, secure remote access, and endpoint security solutions. Its BorderGuard suite of products isolate, contain, and protect operational technology and information technology systems by creating trusted enclaves that prevent unauthorized access and contain network sessions for remote sites, users, and Industrial IoT devices.  Blue Ridge also provides AppGuard, an award-winning endpoint breach prevention solution that stops malware from detonating without requiring detection, scanning, or updates, thus preventing breaches from occurring that are undetectable and unstoppable by other methods. Blue Ridge solutions have protected critical operations for some of the largest US government, financial, infrastructure, and healthcare customers for more than twenty years with no reported breaches.

alliantgroup Hosts Former U.S. Secretary of Homeland Security Tom Ridge at its Technology, Economic, Legislative & Policy Summit

HOUSTON, -- Former U.S. Secretary of Homeland Security Tom Ridge and over 100 professionals, including current and former state officials, Congress members, executive officers, U.S. business leaders, CPA partners and business advisors from across the nation gathered for alliantgroup's inaugural Technology, Economic, Legislative & Policy Summit—an exclusive event created for the benefit of the firm's clients and CPA and industry partners.

During the two day conference, attendees were treated to a series of panels covering some of the most critical issues facing U.S. policymakers. Such topics included the impact of technology on the American workforce, the growing importance of cybersecurity, recent tax reform legislation and policy reforms that would foster a more technically skilled labor force and sustainable economic growth.

During the conference's keynote panel, former Secretary Ridge was joined by alliantgroup CEO Dhaval Jadav and the leaders of several technology alliances. With the advancement of new technologies and the Internet of Things making our world more connected, Ridge and the panel stressed how cybersecurity must become a primary focus for both the public and private sectors. The panel emphasized that while these new technologies have improved our overall quality of life and enhanced the efficiency of countless industries, from manufacturing to healthcare services, the growing connectivity of individuals, systems and networks has made the country more susceptible to cyberattacks.


"There is a greater threat today in my judgement of a cyberattack causing economic damage and potential personal injury and death than even a physical attack," said Ridge.

 

During the panel, Ridge and the other technology experts highlighted the importance of maintaining good safety protocols to identify and prevent attacks, from standardized employee procedures to ensuring firewalls and other security systems were up to date. The panel also stressed the importance of employees to maintain these best practices and to exercise good judgement.

"I would like to thank Secretary Ridge and everyone who took the time to attend this event," said Dhaval Jadav, alliantgroup CEO. "Our goal in hosting these conferences is to provide thought leadership to our CPA firms and the businesses they serve. By providing them with the information they need to stay ahead of emerging economic and policy trends, it is our hope that we are offering another avenue to ensure their continued success."

Those in attendance included former U.S. Secretary of Agriculture Mike Johanns, former Alabama Governor Bob Riley, former U.S. Congressman Rick Lazio, former Senior Counsel to the U.S. Senate Finance Committee Dean Zerbe, Private Equity and M&A Advisor Neeraj Mital, former IRS Commissioners Mark W. Everson, Steven Miller and Kathy Petronchak, and alliantgroup CEO Dhaval Jadav.

alliantgroup is a leading tax consultancy and the nation's premier provider of specialty tax services. The firm assists U.S. businesses and their CPA advisors in properly identifying and claiming all federal and state tax incentives that were designed for their benefit. These incentive programs were created to help American businesses grow and remain competitive in an increasingly global economy. To date, alliantgroup has helped 12,000 U.S. businesses claim over $6 billion in tax savings. For more information on alliantgroup, please follow us on LinkedIn, Facebook and Twitter.

Board Approves ERO Enterprise Long-Term Strategy; Accepts Special Assessment; Requests RISC Review of Resilience

NEW ORLEANS, – The North American Electric Reliability Corporation’s last Board of Trustees meeting of 2017 was held Thursday in New Orleans. Welcoming remarks were made by Leo Denault, chairman and chief executive officer of Entergy Corporation, who highlighted the importance of the work industry does assuring reliability; and Commissioner Cheryl LaFleur, of the Federal Energy Regulatory Commission, who focused on resilience, urging the Electric Reliability Organization to continue its work based on data and facts. Other remarks were also provided by Travis Fisher, special advisor, Department of Energy; Asim Haque, chairman and CEO, Public Utilities Commission-Ohio; and Murray Doehler, past chair, CAMPUT.
Board Chair Roy Thilly discussed resilience, noting a strong consensus that it is already built into NERC’s efforts. However, he added, there is a need to look at the various components of resilience and build upon them. With that, the Board requested the Reliability Issues Steering Committee (RISC) to review how NERC’s mission currently incorporates resilience of the bulk power system, consider working definitions of resilience and develop a framework for further discussion at the February Board meeting.
Gerry Cauley, president and CEO, reminded attendees in his remarks that the day marked the 52nd anniversary of the 1965 blackout that left more than 30 million people without power for up to 13 hours.“The 1965 event set the stage for who we are today,” Cauley stated. “Our job as the ERO is to identify existing and emerging risks and work with industry and policymakers to address them. We have done this on a variety of topics, including human error, equipment misoperations and the rapid change of the bulk power system.”
In Board action, the Board approved the 2018–2020 Reliability Standards Development Plan; the ERO Enterprise Long-Term Strategy; and the Compliance Monitoring and Enforcement Program technology project.

  • The 2018–2020 Reliability Standards Development Plan focuses on periodic reviews, Federal Energy Regulatory Commission directives, emerging risks, Standard Authorization Requests and the standards grading initiative.
  • The ERO Enterprise Long-Term Strategy in 2017 looks ahead five-to-seven years to examine how changes in the industry will affect the ERO Enterprise now and in the future. The strategy highlights emerging and potential reliability impacts and incorporates recommendations from the Reliability Issues Steering Committee’s draft report. The ERO Executive Management Group, which is comprised of the CEOs from NERC and the Regions, has undertaken strategic and operational planning as an enterprise to guide coordinated operations and resource budgeting.
  • The Compliance Monitoring and Enforcement Program Technology project is a suite of tools to integrate and share data. The project will better align the business processes of the ERO Enterprise by improving documentation, sharing and analysis of compliance work activities and by making CMEP activities more efficient and effective across the ERO Enterprise.

In other action, the Board adopted Reliability Standard TPL-007-2 – Geomagnetic Disturbance Mitigation, which establishes requirements for performing GMD vulnerability assessments using a modified GMD event. It also modifies established requirements pertaining to transformer thermal impact assessments, requires the collection of GMD-related data and deadlines for Corrective Action Plans and GMD mitigation actions.
The Board also accepted NERC’s Special Assessment: Potential Bulk Power System Impacts Due to Severe Disruptions on the Natural Gas System, which analyzed potential reliability impacts of natural gas disruptions. The growth of natural gas, wind and solar resources and the growing interdependence of the natural gas and electric infrastructure have resulted in new operational and planning reliability challenges. The assessment, which will be released next week, found that the impacts from natural gas facility disruptions vary depending on the location and infrastructure density and that mitigation strategies can reduce potential impacts.
Attendees were encouraged to participate in NERC’s grid security exercise – GridEx, which takes place November 15–16. Board presentations may be found by clicking here. The next Board of Trustees meeting is February 8 in Ft. Lauderdale, Fla.

Poland eyes cybersecurity in skies

Poland on Wednesday agreed to test a cybersecurity pilot programme for the aviation sector as Europe's EASA civil aviation authority tackles the potential threats posed by hackers to air traffic.
"We want to have a single point in the air transport sector that will coordinate all cybersecurity activities... for airlines, airports and air traffic," Piotr Samson, head of Poland's ULC civil aviation authority, said in Krakow, southern Poland, at a two-day conference co-hosted with the EASA.
While insisting that air travel is currently safe from cyber attacks, EASA executive director Patrick Ky told AFP it was incumbent on aviation authorities to take preventative measures to mitigate potential cyber-threats.
Polish officials attending the "Cybersecurity in Civil Aviation" conference also announced the creation of a "rapid reaction unit" for cybersecurity incidents.
Despite the assurances of experts in the field, computer systems failures triggered by hackers or accident have caused flight chaos in recent years.
Poland's flagship carrier LOT was briefly forced to suspend operations in June 2015 after a hack attack.
The airline's spokesman described the incident as the "first attack of its kind".
Thousands of British Airways passengers faced chaos in May as the airline was forced to cancel more than a hundred flights from London's Heathrow Airport following an IT system failure.
BA officials ruled out a cyber-attack, pointing instead to a power supply issue.
 Explore further: IT failure may have triggered Polish airline meltdown

Coop Employs Cognito from Vectra to Protect its Retail Operations from Cyber attacks and Augment its Security Operations Team

Vectra®, the leader in automating the hunt for in-progress cyber attacks, today announced a multi-year agreement to provide its Cognito™ AI threat hunting platform to Coop Group, one of Switzerland's largest retail and wholesale companies. Coop selected the Cognito AI platform from Vectra as an innovative approach to increasing cybersecurity operational efficiency and efficacy.

With 2,476 sales outlets and over 85,000 employees, Coop is a large and highly distributed organisation. With the retail industry being a significant target for cybercriminals*, Coop decided that perimeter defences alone are insufficient to safeguard customer information, internal systems and point of sale systems. As a result, Coop set out to find technology that would enable them to detect and respond to cyber attacks in real time and prevent or significantly mitigate the impact of a data breach.

Coop identified significant economic and security gains resulting from the introduction of AI security automation. After evaluating multiple solutions, it turned to Vectra and its Cognito AI platform to help them detect cyber attacks in real time and speed response by augmenting their security operations team.

Cognito detects both known and unknown threats through the analysis of malicious attacker behaviours, rather than simple signature profiling of exiting threats. It will augment the Coop cybersecurity analysts by rapidly detecting, triaging and correlating threats to uncover in-progress cyber attacks before they become critical security incidents. Cognito detects threats created by malware, ransomware, advanced attackers abusing credentials and rogue insiders, regardless of the device or software used, and at a speed and scale humans alone cannot match.

"Enterprises like Coop are under immense pressure to reduce the time to detect and respond to attacks," said Gerard Bauer, vice president of EMEA at Vectra. "Security teams are overwhelmed with the manual task of triaging and correlating security events and struggle to fill open cybersecurity jobs. The Cognito AI platform automates threat hunting, triage and correlation for the Coop security team, and prioritises threats based on risk level so they can respond immediately. Cognito has reduced the security operations workload for enterprises by 168x**, shortening incident response from days to minutes."

To learn more about the Cognito platform, and how it combines machine learning and behavioural analytics to hunt ongoing threats, visit https://vectra.ai/cognito.

About Vectra
Vectra® is transforming cybersecurity with AI. Its Cognito platform automates cyber attack detection and response from data centre and cloud workloads to user and IoT devices. Cognito correlates threats, prioritises hosts based on risk and provides rich context to empower response with existing security systems, reducing security operations workload by 168x. Vectra was named "Most Innovative Emerging Company" in the Dark Reading Best of Black Hat Awards. InformationWeek also named Vectra one of the Top 125 companies to watch in 2016. Vectra has been issued 5 U.S. patents with 14 additional patents pending for cybersecurity applications of machine learning and artificial intelligence. Vectra investors include Khosla Ventures, Accel Partners, IA Ventures, AME Cloud Ventures and DAG Ventures. The company is headquartered in San Jose, Calif. and has European regional headquarters in Zurich, Switzerland. For more information, visit https://vectra.ai.

Vectra, the Vectra Networks logo and 'Security that thinks' are registered trademarks, and Cognito, the Vectra Threat Labs and the Threat Certainty Index are trademarks of Vectra Networks. Other brand, product and service names are trademarks, registered trademarks or service marks of their respective holders.

Pages

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...