April 2017 Digital Edition

Click Here

March 2017 Digital Edition

Click Here

Feb. 2017 Digital Edition

Click Here

Nov/Dec 2016 Digital Edition

Click Here

Oct 2016 Digital Edition

Click Here

Technology Sectors

Market Sectors

Cyber Security

Edgile introduces new solution to address access management for enterprises shifting to clouds

AUSTIN, TX June 14, 2017 (SailPoint Navigate '17) Edgile, the leading cyber risk and compliance consulting firm, today announced the launch of Cloud Jumpstart, a program to address the identity provisioning and governance challenges faced with enterprise-wide shifts to the cloud. Designed to leverage both Microsoft Azure's secure access and SailPoint's identity governance, Edgile's Cloud Jumpstart helps organizations create business-aligned programs to ensure a secure and compliant shift.

"Enterprises moving to the cloud must ensure they maintain an appropriate level of security and account for increasing compliance issues in today's complex digital environment. Risk officers are realizing they need additional dedicated expertise if they want to successfully transform their company with a lasting, issue-free shift to the cloud," said Don Elledge, CEO of Edgile. "Our new Cloud Jumpstart program delivers organizations a customized blueprint for an efficient, secure, and compliant move to the cloud that improves their overall risk profile." 

Award winning expertise with Microsoft and SailPoint

The Cloud Jumpstart program enables enterprise customers to take advantage of Edgile's combination of deep IAM and cloud experience. With multiple EM+S and Azure Active Directory experts honored as Microsoft MVPs, Edgile has a long history of success as a Microsoft Gold Partner. Edgile was recently named a 2017 Microsoft Enterprise Mobility Award Partner of the Year finalist. Based on an outstanding track record as a SailPoint Premiere Partner, Edgile was also named SailPoint Partner of the Year for the Americas.

Through Edgile's new Cloud Jumpstart program, organizations can confidently leverage the cloud with a business-aligned strategy for hybrid access governance. The program defines a clear path to compliance in the cloud—combining SailPoint's identity governance capabilities and extending Azure Active Directory Premium—to cover the most demanding security needs of the modern enterprise.

"We're excited about the innovative new way Edgile's Cloud Jumpstart program helps customers strategically assess and implement Microsoft Azure Active Directory with SailPoint's Identity Governance to protect their entire enterprise," said Alex Simons, Director of Program Management, Identity Division, Microsoft Corp.

"Edgile is a valued strategic consulting partner and we have a long history of working together to help our customers fully leverage the power of our identity governance platform," said Kevin Cunningham, president and co-founder of SailPoint. "Edgile's Cloud Jumpstart program accelerates our joint customers' ability to leverage SailPoint's collaboration with Microsoft and integration with Azure Active Directory. This allows security organizations to quickly evaluate and strategically deploy an integrated SailPoint-Microsoft hybrid solution. This collaboration is a powerful combination. Once deployed, it empowers users with seamless access while ensuring security requirements are met through identity governance."

Supporting Resources: 

Edgile Cloud Risk & Security: We Secure the Cloud SM
The shift to the cloud is accelerating as the agility, reliability, and reduced costs of cloud services rapidly overcome concerns about protected information and regulatory compliance. Edgile provides clients with a secure and compliant path to the cloud by delivering a strategic roadmap while managing risk and modernizing the organizational security model. Our cloud specialists—with deep expertise in IAM, GRC, and cybersecurity—deliver a transformational skill set to successfully lead organizations through enterprise-wide shifts.

About Edgile
Edgile is the trusted security partner to the world's leading organizations, providing consulting, managed services, and regulatory content services. Our mission is to secure the modern enterprise by developing programs that increase business agility and create a competitive advantage for our clients. Our strategy-first model helps organizations achieve their business goals through on-premises and cloud security programs, IAM, GRC, and cybersecurity.

For more information about Edgile: www.edgile.com.
Follow Edgile on Twitter and LinkedIn.

Report: Insider threats fastest growing cybersecurity concern

Crosby

AUSTIN, TX June 14, 2017 Nearly one-third (32%) of businesses have been victims of a major cyber-attack over the past year according to a current survey jointly published by Harvey Nash/KPMG.1 Each year, the corporate world loses $388 billion dealing with, and recovering from, breaches in cybersecurity 2 – the amount spent on remediating computer viruses alone has reached about $55 billion per year.3 While cyber criminals generate considerable attention and news, cybersecurity experts like Spohn Security Solutions (spohnsolutions.com/) indicate that much of the threat comes from within an organization.

The Harvey Nash/KPMG survey of 4,500 CIOs and technology leaders from around the world found that the insider threat is the fastest-growing security risk of all.1 55% of businesses surveyed reported a security breach due to a malicious or negligent employee, though 60% believe their employees are not knowledgeable or have no knowledge of the company’s security risks.4 Alarmingly, 50% of the individuals causing a breach were granted insider IT system access by their organization.5  

OneLogin, a startup in California that helps enterprise companies secure cloud applications, recently failed to protect its own data against a breach, compromising 2,000-plus clients. The error, which was detected May 31, though inadvertent, is causing the company to focus its efforts on trying to restore customers’ trust. Clients include Pinterest, Airbnb, Yelp and Pandora.6

“Employees and contractors pose a great security risk to businesses as they have been provided with access to a company’s network infrastructure,” points out Timothy Crosby, Senior Security Consultant for Spohn Security Solutions. “While some employees may act maliciously against their organization, many cyber security breaches are due to negligence or inadvertent error.”

Businesses who fail to communicate potential risks and how to defend against them are likely to experience non-malicious threats to security due to human error. In fact, 95% of cyber security breaches are due to accidental human error.Such security breaches (spohnsolutions.com/) may include accidentally posting sensitive information on the company’s public-facing website, emailing restricted information to the wrong party or improperly disposing of confidential records.5

To safeguard a network, security experts believe it is imperative to identify potential vulnerabilities through a information security risk assessment. A business must be aware of the intricacies of their own network in order to guard against cyber breaches. Company leaders should have knowledge of what data must be protected, where this data resides on the network and who has access to it. Once vital and sensitive data is identified, access should be restricted and backups created.4

Once weaknesses have been identified through a IT risk assessment (spohnsolutions.com/), an organization should tightly control employee access to network infrastructure and restricted data.1 “Human resources and the IT department need to work together to coordinate access to sensitive systems and information,” adds Crosby. “Until an employee is familiar with security protocols and the proper way to handle sensitive data, they should not be granted full access.”

Crosby additionally recommends using a professional third-party security service to vet new technical employees and contractors before they are given clearance to work within a business’s infrastructure. In addition, it is important to promptly disable access to the system when an employee leaves the company.1

For nearly 20 years Spohn Security Consultants has developed assessment tools, conveyed risks to clients, recommended best practices to mitigate risks, and provided training as a means of staying ahead of the threat waves and helping clients.

About Spohn Consulting:

Spohn Consulting, Inc., an Austin, Texas-based privately held company established in 1998 by Darren L. Spohn, is an authority in navigating fortune 500 companies and medium-to-small businesses through security business challenges of the 21st Century. Spohn Consulting works with organizations to assess the security status of their networks, information, and systems based on Identification and Authorization resources, e.g., people, hardware, software, policies, and capabilities in place to manage the defense of the enterprise and to react as the situation changes. Customized instructor-led training and telecom services round out the key divisions. Utilizing varied scopes of engagement, they deliver recommendations which can be measured against best practice or compliance standards. For more information on Spohn Consulting, Inc., their security status assessments and instructor-led training, visit https://spohnsolutions.com.

 

  1. Verbree, Martijn. "Cybersecurity: Why You Should Fear Insider Threats." Management Today. N.p., 23 May 2017. Web. 09 June 2017.
  2. Albanesius, Chloe. "Cyber Crime Costs $114B Per Year, Mobile Attacks on the Rise." PCMAG. N.p., 07 Sept. 2011. Web. 09 June 2017.
  3. WebpageFX Team on January 13, 2015. "What Is the Real Cost of Computer Viruses? [Infographic]." WebpageFX Blog. N.p., 12 Jan. 2015. Web. 09 June 2017.
  4. Summerfield, Richard. "Dealing with Cyber Breaches in the Supply Chain." FinancierWorldwide. N.p., June 2017. Web. 09 June 2017.
  5. "IBM 2015 CybersSecurity Intelligence Index." IBM, 24 July 2015. Web. 09 June 2017.
  6. “OneLogin Works to Restore Customers’ Trust After Data Break-in” San Francisco Chronicle, 12 June 2017. Web.

Edgile introduces new solution to address access management for enterprises shifting to clouds

AUSTIN, TX June 14, 2017 (SailPoint Navigate '17) Edgile, the leading cyber risk and compliance consulting firm, today announced the launch of Cloud Jumpstart, a program to address the identity provisioning and governance challenges faced with enterprise-wide shifts to the cloud. Designed to leverage both Microsoft Azure's secure access and SailPoint's identity governance, Edgile's Cloud Jumpstart helps organizations create business-aligned programs to ensure a secure and compliant shift.

"Enterprises moving to the cloud must ensure they maintain an appropriate level of security and account for increasing compliance issues in today's complex digital environment. Risk officers are realizing they need additional dedicated expertise if they want to successfully transform their company with a lasting, issue-free shift to the cloud," said Don Elledge, CEO of Edgile. "Our new Cloud Jumpstart program delivers organizations a customized blueprint for an efficient, secure, and compliant move to the cloud that improves their overall risk profile." 

Award winning expertise with Microsoft and SailPoint

The Cloud Jumpstart program enables enterprise customers to take advantage of Edgile's combination of deep IAM and cloud experience. With multiple EM+S and Azure Active Directory experts honored as Microsoft MVPs, Edgile has a long history of success as a Microsoft Gold Partner. Edgile was recently named a 2017 Microsoft Enterprise Mobility Award Partner of the Year finalist. Based on an outstanding track record as a SailPoint Premiere Partner, Edgile was also named SailPoint Partner of the Year for the Americas.

Through Edgile's new Cloud Jumpstart program, organizations can confidently leverage the cloud with a business-aligned strategy for hybrid access governance. The program defines a clear path to compliance in the cloud—combining SailPoint's identity governance capabilities and extending Azure Active Directory Premium—to cover the most demanding security needs of the modern enterprise.

"We're excited about the innovative new way Edgile's Cloud Jumpstart program helps customers strategically assess and implement Microsoft Azure Active Directory with SailPoint's Identity Governance to protect their entire enterprise," said Alex Simons, Director of Program Management, Identity Division, Microsoft Corp.

"Edgile is a valued strategic consulting partner and we have a long history of working together to help our customers fully leverage the power of our identity governance platform," said Kevin Cunningham, president and co-founder of SailPoint. "Edgile's Cloud Jumpstart program accelerates our joint customers' ability to leverage SailPoint's collaboration with Microsoft and integration with Azure Active Directory. This allows security organizations to quickly evaluate and strategically deploy an integrated SailPoint-Microsoft hybrid solution. This collaboration is a powerful combination. Once deployed, it empowers users with seamless access while ensuring security requirements are met through identity governance."

Supporting Resources: 

Edgile Cloud Risk & Security: We Secure the Cloud SM

The shift to the cloud is accelerating as the agility, reliability, and reduced costs of cloud services rapidly overcome concerns about protected information and regulatory compliance. Edgile provides clients with a secure and compliant path to the cloud by delivering a strategic roadmap while managing risk and modernizing the organizational security model. Our cloud specialists—with deep expertise in IAM, GRC, and cybersecurity—deliver a transformational skill set to successfully lead organizations through enterprise-wide shifts.

About Edgile

Edgile is the trusted security partner to the world's leading organizations, providing consulting, managed services, and regulatory content services. Our mission is to secure the modern enterprise by developing programs that increase business agility and create a competitive advantage for our clients. Our strategy-first model helps organizations achieve their business goals through on-premises and cloud security programs, IAM, GRC, and cybersecurity.

For more information about Edgile: www.edgile.com. Follow Edgile on Twitter and LinkedIn.

Waterfall Security adds Azure support to cloud services offerings

ROSH HAAYIN, Israel June 14, 2017 Waterfall Security Solutions, a global leader in cybersecurity technologies for critical infrastructure and industrial control systems, today announced the support of its market-leading, cloud gateway, the Unidirectional CloudConnect, for Microsoft Azure's Internet of Things Cloud platform. This support enables industrial businesses to connect to the cloud, while keeping their industrial control systems (ICS) safe from remote cyberattacks.

In addition to securing the ICS site, Waterfall's Unidirectional CloudConnect gateway enables the rapid adoption of Azure-based Industrial Internet of Things (IIoT) cloud applications by overcoming basic interoperability challenges facing all IIoT deployments. Specifically, the Unidirectional CloudConnect enables Microsoft Azure developers to gather data securely from a variety of SCADA protocols and systems, and translates this data for use in Azure applications.

"Industrial companies see enormous benefits in cloud-based IIoT programs that enable broader use of predictive analytics and information sharing with vendors. Cybersecurity is the key issue constraining adoption of these programs," commented Sid Snitkin, VP & GM Enterprise Advisory Services of ARC Advisory Group. "The extension of Waterfall's Unidirectional CloudConnect to the Microsoft Azure IoT platform provides a much needed, positive solution to a key concern – ensuring that data transfers to the cloud don't open plant perimeters to the cyber wild west of the Internet."   

"Our customers can now deploy Azure-based IIoT solutions and connect to Azure cloud services without posing risks to their industrial systems," said Lior Frenkel, CEO and Co-Founder of Waterfall Security Solutions. "Despite the dramatically expanded attack surface that cloud systems create, our Unidirectional CloudConnect reliably delivers protection from external online attacks, while continuously populating the Microsoft Azure cloud with real-time data from control systems and devices."

The Unidirectional CloudConnect product is based on Waterfall's patented unidirectional gateway technology, which physically prevents cyberattacks from any external network from entering an industrial network.

"As confirmed by many industry experts, the Unidirectional CloudConnect resolves vital cybersecurity and interoperability challenges in the IIoT ecosystem," added Frenkel.

About Waterfall Security Solutions

Waterfall Security Solutions is the global leader in industrial cybersecurity technology. Waterfall products, based on its innovative unidirectional security gateway technology, represent an evolutionary alternative to firewalls. The company's growing list of customers includes national infrastructures, power plants, nuclear plants, off and on shore oil and gas facilities, refineries, manufacturing plants, utility companies, and many more. Deployed throughout North America, Europe, the Middle East and Asia, Waterfall products support the widest range of leading industrial remote monitoring platforms, applications, databases and protocols in the market. For more information, visit www.waterfall-security.com

Rhode & Schwartz, Arkessa partner on launch of multi-level IoT security platform

Rohde & Schwarz Cybersecurity, a leading IT security provider, and Arkessa, a leading M2M managed services provider, today announced the launch of a joint multi-level IoT platform solution. It unlocks the full potential of IoT by enabling secure interactions across digital ecosystems of devices, people and systems.

The Internet of Things (IoT) continues to expand rapidly and poses significant network connectivity and security risks. The unprecedented scale of deployment for connected endpoints and devices creates unique new challenges for the IoT ecosystem, including carriers and network operators.

The joint solution developed by Rohde & Schwarz Cybersecurity and Arkessa offers customers a single platform for managing the security and connectivity of all IoT operations. The service provides three distinct advantages: Customers can manage global IoT deployment scenarios via a single dashboard, gain full – packet by packet – visibility of IoT network traffic and proactively protect IoT networks with advanced OT & IT firewalling functions.

The use cases for this unique IoT solution range from connected vending machines, connected vehicles to critical infrastructure and mobile wireless access points.

“We are thrilled to be working with Rohde & Schwarz Cybersecurity, who develops and produces technologically leading IT security solutions. Together we can offer enterprises a single pane of glass for all connected devices with an unparalleled opportunity to act on security threats. The combination of management, detection and protection capabilities for global IoT operations is critical and powerful,” said Andrew Orrock, CEO of Arkessa.

“We have seen a continued demand for European OT-ready security solutions. At the same time, customers were hesitant to change when traditional solutions were not addressing the risks posed by the thousands of devices connecting back to the core over standard internet connections only. This collaboration with Arkessa provides our customers with a unique opportunity to securely scale their IoT operations globally, with a security layer spanning from the network core to every single asset deployed in the field,” said Henning Ogberg, SVP Sales & Marketing of Rohde & Schwarz Cybersecurity.

Find out more about the multi-level IoT platform solution: https://ipoque.com/news-media/news/iot-platform-solution

About Arkessa

Arkessa is a leading M2M managed services provider making IoT easier and future proof. Arkessa connects Internet of Things (IoT) devices and services regardless of location, network operator or wireless technology. Managed services including multi-network cellular with first time connect capability (global roaming and local networks), reprogrammable eSIMs (eUICC) and secure remote access.

By aggregating multiple global mobile networks and technologies – cellular (2G, 3G, 4G), satellite and the emerging low power wide-area (LPWAN) – into a single service and management platform, Arkessa enables IoT devices to connect out-of-the-box and operate anywhere on the planet. This secure and future-proof service platform is easy to adopt, integrate and scale enabling Enterprises and OEMs to optimise design, manufacturing, logistics and focus on new revenue generating services. www.arkessa.com/euicc

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity is an IT security company that protects companies and public institutions around the world against cyberattacks. The company develops and produces technologically leading solutions for information and network security, including highly secure encryption solutions, next generation firewalls and software for network analysis and endpoint security. The award-winning and certified IT security solutions range from compact, all-in-one products to customized solutions for critical infrastructures. The product portfolio also includes vulnerability scanners and firewalls for business-critical web applications. To prevent cyberattacks proactively, rather than reactively, our trusted IT solutions are developed following the security-by-design approach. Around 450 people are employed at the current locations in Germany, France and Denmark.

Delta Risk lands on GSA Schedule 70, approved for cybersecurity opportunities

Burke

SAN ANTONIO, June 13, 2017 Delta Risk LLC, a global provider of cyber security and risk management services, announced today that the U.S. Government Services Administration (GSA) has awarded the company an IT-70 contract, #GS35F482GA. The award includes six Services Special Item Numbers (SINs), including all four Highly Adaptive Cyber Security Services SINs. Delta Risk is now one of a select group of companies that hold all four specialized cyber security designations.

The award recognizes Delta Risk's expertise in providing specialized cyber security services to help organizations before, during, and after a cyber incident, with particular focus on identifying and mitigating cyber risks and vulnerabilities before they can be exploited. This long-term IT contract adds Delta Risk to a pre-approved list of technology companies for federal purchases, thereby simplifying the procurement process and further ensuring government agencies receive high-quality, cost-effective cyber security services.

GSA awarded Delta Risk the following Cyber SIN awards:

  • Penetration Testing (SIN # 132-45A)
  • Incident Response (SIN # 132-45B)
  • Cyber Hunt (SIN # 132-45C)
  • Risk and Vulnerability (SIN # 132-45D)

GSA also awarded the company two additional SINS:

  • Training Services (SIN # 132-50)
  • Professional Services (SIN # 132-51)

"Delta Risk has focused on expanding our cyber capabilities and services in the past year, as well as our ability to reach federal clients as a prime contractor," said Richard Burke, Vice President of Public Sector at Delta Risk. "With this GSA award, Delta Risk can deliver specialized cyber security services with our cadre of expert cyber professionals." 

"The award makes it much easier for federal agencies to access our team's expertise in vulnerability assessments, penetration testing, cyber hunt and incident response, as well as cyber security governance and training," added Jill White, Director of Contracts for Delta Risk.

The base period of the contract began June 7, 2017, and ends June 6, 2022, with the potential of three five-year options to follow.

ABOUT DELTA RISK LLC

Delta Risk LLC provides tailored, high-impact cyber security and risk management services to government and private sector clients worldwide. Formed in 2007, Delta Risk consists of trusted professionals with expert knowledge around technical security, policy and governance, and infrastructure protection to help clients improve their cyber security operational capability and protect business operations. Delta Risk is a Chertoff Group company. For more information, visit https://www.deltarisk.com.

illusive networks now offers a solution to thwart email-based attacks

Israeli

NOTE: An earlier version of this story included a headline misstating the company's name. We apologize for the error -- SB

 

NEW YORK and TEL AVIV June 12, 2017 illusive networks, the leader in deception-based cybersecurity, today announced the latest member of its Data Deceptions Family: Email Data Deceptions aimed at thwarting attackers who are trying to gather the intel required to execute sophisticated APTs against organizational networks. This breakthrough technology addresses a layer– data level deceptions – described as the most challenging type of deception by leading analysts.

illusive networks Data Deceptions detect attackers’ attempts to use data stolen from files, shares, etc. and now also from emails. Attackers need to gather such organizational intelligence in order to move laterally around a network to execute APTs and reach an organization’s most sensitive and valuable digital assets.

illusive networks’ enticing and very realistic Data Deceptions are invisible to employees while accessible to hackers. As soon as attackers attempt to use the deceptive data, illusive detects and alerts enterprise security teams, providing real-time contextual forensics from the source host that enable informed, targeted and timely incident response operations. illusive’s entire series of deceptions – Network Deceptions, Endpoint Deceptions, Data Deceptions and Application Layer Deceptions - are deployed quickly and agentlessly, causing no disruption to business networks with near-zero false positives generated. This is orchestrated by illusive’s automated Deception Management System™ (DMS), an advanced machine-learning technology based on continuous real-time environment analysis.

Email remains the dominant form of communication across organizations, hosting data that is highly valuable to attackers. Consequently, email systems are one of the most popular targets for hackers to breach. By using tools to discretely collect data that resides within emails, attackers can obtain information that will allow them to seamlessly move laterally across an organization’s network, as though they were legitimate members of the organization. While the headlines have focused largely on email attacks that have led to exposure of embarrassing or highly confidential information, the less discussed yet highly worrisome email attack involves attackers mining and using sensitive data found in email to move laterally within a network in search of an organization’s crown jewels.

This latest series of deceptions demonstrates illusive’s capability and commitment to continually advancing the deception stack across all four layers to make deceptions believable and effective across the entire network. Moreover, their deceptions are orchestrated to constantly change over time, playing an essential role in tricking hackers performing an APT as they learn the environment and perform repeated actions. Continual changing of deceptions also prevents returning attackers from using previously harvested information about the network they are breaching, further delaying their execution to move laterally across the network.

illusive networks’ CEO Ofer Israeli says, “Data collection is essential to executing APTs and deceptions at that level are very difficult to create. Introducing the most challenging type of deceptions at this crucial vector further illustrates illusive’s role at the forefront in the next evolution of cyber defense.”

Alongside illusive’s new Email Deceptions from the Data Deceptions layer, illusive has delivered several cybersecurity industry firsts including: Deception Management System™; Attacker View™, a sophisticated breakthrough technology that exposes hidden cyber attack paths, enabling IT professionals to adapt their security strategy to mitigate advanced attacker's lateral movement; Wire Transfer Guard™, the first cyber deception technology to protect wire transfer banking systems against targeted Advanced Attacks; and Advanced Ransomware Guard™ blocks ransomware activity at the source host before it gains a foothold in the network.

Access Data to host digital forensics lab at Cybersecurity camp for girls at Dakota State University

AccessData Group, a leading provider of integrated digital forensics and e-discovery software, will host hands-on labs to educate students about digital forensics at the 2017 GenCyber: Girls in CybHER Security camp at Dakota State University (DSU).

DSU’s third annual girls camp, which will be held June 25-29, 2017, is the largest residential girls-only camp in the nation, hosting 135 girls in 7th, 8th and 9th grades.

“The girls will learn about programming, networking, security and forensics, from DSU faculty and special guests,” said Dr. Ashley Podhradsky, associate professor of Digital Forensics and Information Assurance.

AccessData, Citi and Google are among the event sponsors who will be providing expert speakers to teach various sessions throughout the camp.

“Digital forensics is an essential component of cybersecurity, so it’s important the students receive some hands-on training in how we collect and process electronic evidence,” said Keith Lockhart, vice president of global training at AccessData. “This camp is a terrific opportunity to not only introduce these young ladies to the possibility of careers in this growing field, but also to help them better understand how to keep themselves safe when using the internet. AccessData is delighted to partner with Dakota State and GenCyber so the students can learn more about our industry and the role of technology as a force of good in our digital world.”

GenCyber is a unique program created by the National Security Agency and the National Science Foundation that consists of camps in locations across the U.S. The GenCyber program is designed to increase interest in cybersecurity careers and diversity in the cybersecurity workforce, help students understand correct and safe on-line behavior, and improve teaching methods for delivering cybersecurity content for K-12 programs. Through grants from the NSA and NSF, along with other sponsors, the camps are free for participants.

Dakota State has a broad national reputation for providing a dynamic, technology-rich learning and research environment for its students, and for others through outreach programs such as the GenCyber camps. They will also be hosting two co-ed cyber camps and a teachers’ cyber camp this summer. For more information on the GenCyber Girls in CybHER Security camp, please go to www.gencybergirls.camp. For more information on Dakota State University’s cyber programs visit dsucyber.com, or dsu.edu.

About AccessData

Whether it’s for investigation, litigation or compliance, AccessData® offers industry-leading solutions that put the power of forensics in your hands.  For 30 years, AccessData has worked with more than 130,000 customers in law enforcement, government agencies, corporations and law firms around the world, providing both stand-alone and enterprise-class solutions that can synergistically work together. The company is backed by Sorenson Capital, a leading private equity firm focused on high-growth portfolios. For more information on AccessData, please go to www.accessdata.com

About Dakota State University

Dakota State University is a public university located in Madison, South Dakota, part of the State of South Dakota Regental system of specialized schools and universities.  Founded in 1881 as a teacher’s college, it maintains that heritage mission, while also carrying out its signature mission of technology-infused and technology-intensive degrees. It has grown rapidly in national recognition as a technology-forward school, and has significant partnerships with the U.S. National Security Agency and the Department of Homeland Security, among others, for DSU’s cyber security-related programs.  For more information, please contact Jane Utecht, Strategic Communications Coordinator at [email protected], 605-256-5027. The DSU website is http://www.dsu.edu.

###

WashPost: Russia has developed a cyber security weapon that can disrupt power grids, according to new research

By Ellen Nakashima -
Hackers allied with the Russian government have devised a cyberweapon that has the potential to be the most disruptive yet against electric systems that Americans depend on for daily life, according to U.S. researchers.

The malware, which researchers have dubbed CrashOverride, is known to have disrupted only one energy system — in Ukraine in December. In that incident, the hackers briefly shut down one-fifth of the electric power generated in Kiev.

[Russian hackers suspected in attack that blacked out parts of Ukraine]

But with modifications, it could be deployed against U.S. electric transmission and distribution systems to devastating effect, said Sergio Caltagirone, director of threat intelligence for Dragos, a cybersecurity firm that studied the malware and issued a report on Monday.

And Russian government hackers have already shown their interest in targeting U.S. energy and other utility systems, researchers said.

ADVERTISING

“It’s the culmination of over a decade of theory and attack scenarios,” Caltagirone warned. “It’s a game changer.”

The revelation comes as the U.S. government is investigating a wide-ranging, ambitious effort by the Russian government last year to disrupt the U.S. presidential election and influence its outcome. That campaign employed a variety of methods, including hacking hundreds of political and other organizations, and leveraging social media, U.S. officials said.

Dragos has named the group that created the new malware Electrum, and has determined with high confidence that it used the same computer systems as the hackers who attacked the Ukraine electric grid in 2015. That attack, which left 225,000 customers without power, was carried out by Russian government hackers, other U.S. researchers concluded. U.S. government officials have not officially attributed that attack to the Russian government, but some privately say they concur with the private sector analysis.

[Russian hackers used ‘zero-day’ to hack NATO, Ukraine in cyber-spy campaign]

“The same Russian group that targeted U.S. [industrial control] systems in 2014 turned out the lights in Ukraine in 2015,” said John Hultquist, who analyzed both sets of incidents while at iSight Partners, a cyber-intelligence firm now owned by FireEye, where he is director of intelligence analysis. Hultquist’s team had dubbed the group Sandworm.

“We believe that Sandworm is tied in some way to the Russian government — whether they’re contractors or actual government officials, we’re not sure,” he said. “We believe they are linked to the security services.”

Sandworm and Electrum may be the same group or two separate groups working within the same organization, but the forensic evidence shows they are related, said Robert M. Lee, chief executive of Dragos.

The Department of Homeland Security, which works with the owners of the nation’s critical infrastructure systems, did not respond to a request for comment Sunday.

Energy-sector experts said that the new malware is cause for concern, but that the industry is seeking to develop ways to disrupt attackers who breach their systems.

“U.S. utilities have been enhancing their cybersecurity, but attacker tools like this one pose a very real risk to reliable operation of power systems,” said Michael J. Assante, who worked at Idaho National Labs and is former chief security officer of the North American Electric Reliability Corporation, where he oversaw the rollout of industry cybersecurity standards.

CrashOverride is only the second instance of malware specifically tailored to disrupt or destroy industrial control systems. Stuxnet, the worm created by the United States and Israel to disrupt Iran’s nuclear capability, was an advanced military-grade weapon designed to affect centrifuges that enrich uranium.

In 2015, the Russians used malware to gain access to the power supply network in western Ukraine, but it was hackers at the keyboards who remotely manipulated the control systems to cause the blackout — not the malware itself, Hultquist said.

With CrashOverride, “what is particularly alarming . . . is that it is all part of a larger framework,” said Dan Gunter, a senior threat hunter for Dragos.

The malware is like a Swiss Army knife, where you flip open the tool you need, and where different tools can be added to achieve different effects, Gunter said.

Theoretically, the malware can be modified to attack different types of industrial control systems, such as water and gas. However, the adversary has not demonstrated that level of sophistication, Lee said.

Still, the attackers probably had experts and resources available not only to develop the framework but also to test it, Gunter said. “This speaks to a larger effort often associated with nation-state or highly funded team operations.”

[Declassified report says Putin ‘ordered’ effort to undermine faith in U.S. election and help Trump]

One of the most insidious tools in CrashOverride manipulates the settings on electric power control systems. It scans for critical components that operate circuit breakers and opens the circuit breakers, which stops the flow of electricity. It continues to keep them open even if a grid operator tries to close them, creating a sustained power outage.

Checkpoint newsletter

Military, defense and security at home and abroad.

The malware also has a “wiper” component that erases the software on the computer system that controls the circuit breakers, forcing the grid operator to revert to manual operations, which means driving to the substation to restore power.

With this malware, the attacker can target multiple locations with a “time bomb” functionality and set the malware to trigger simultaneously, Lee said. That could create outages in different areas at the same time.

The outages would last a few hours and probably not more than a couple of days, Lee said. That is because the U.S. electric industry has trained its operators to handle disruptions caused by large storms. “They’re used to having to restore power with manual operations,” he said.

So although the malware is “a significant leap forward in tradecraft, it’s also not a doomsday scenario,” he said.

The malware samples were first obtained by ESET, a Slovakian research firm, which shared some of them with Dragos. ESET has dubbed the malware Industroyer.

188

Comments

Published by GSN with permission from The Washington Post


###

Milestone fuels the coming business video revolution

Milestone Systems, the globally leading open platform company in networked video management software (VMS), has released XProtect Essential+ as a free entry product to the company’s portfolio.

“XProtect Essential+ is a game changer for our open platform community. Essential+ allows anyone to start right. Any user can now benefit from the power of add-on solutions from our partners,” says Bjørn Skou Eilertsen, Chief Technical Officer, Milestone Systems.

“Developers can use our rich programming environment now to create tomorrow’s add-on solutions to XProtect. They can install Essential+ and get our Software Development Kit for free. Add cameras and you are good to go. It’s that simple to start developing solutions for this rapidly growing business segment.”    

Developers benefit from true open platform
By including the Milestone open platform programming environment in the free Essential+, Milestone is handing over the keys to future innovation to developers. The software and SDK can be downloaded at no cost from the Milestone website. Documentation, eLearning courses and an online developer forum are just some of the resources to which open platform software developers gain free access.

XProtect VMS products are built on Microsoft and other industry standards, so any Microsoft-certified developer can start developing value-adding business video solutions right away.

Milestone also offers marketing support for developers, as solutions can be entered in the online Milestone Solution Finder that showcases the integrations to a global audience. The Milestone alliance partner team also offers certification of solutions with testing and documentation. 

Users gain from top-end features
Making XProtect Essential+ a free offering gives thousands of new users the chance to take advantage of Milestone’s award-winning software for use in businesses, organizations and at home. XProtect Essential+ is designed to provide a professional-grade security experience as a stand-alone video business solution. Users have access to their system from anywhere via three easy-to-use clients.

Highlights of the free XProtect Essential+ 2017 R2:

  • Supports up to 8 cameras from more than 6,000 supported devices. This enables the user to freely pick and mix the perfect camera models and brands for their needs.
     

  • All Milestone clients are supported with full functionality: XProtect Smart Client, XProtect Web Client and Milestone Mobile. 
     

  • The software supports hardware acceleration: processor-intensive video decoding can be offloaded to the graphics card. This can save up to 80% in processing power.
     

  • The full Milestone programming environment (MIP SDK and advanced rules engine) are supported. This includes metadata handling for advanced analytics. 
     

  • Upon installation, the users of the free XProtect Essential+ will gain access to the Milestone online support community dedicated to XProtect Essential+ at no cost.
     

XProtect Essential+ can easily be upgraded to XProtect Express+ or other advanced XProtect products if the need arises for extra functionality for interconnecting systems, encrypting video recordings or simply more advanced features.

XProtect 2017 R2 Essential+ is available for download now.

Watch the launch video here.

Pages

 

Recent Videos

HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...
PureTech Systems is a technology leader in the use of geospatial video, focusing on perimeter security.  When combining geospatial capabilities with video analytics and PTZ camera control, managers of critical facilities can benefit by allowing the video management system to aid them in the process...