Napolitano says ensuring nation's security will take more than work of the agency and its IT team
BY TECHWEBNEWS.COM
via NewsEdge Corporation
Updated: 03-17-2011 8:59 am
The Department of Homeland Security (DHS) is seeking help from the private sector -- including experts from the engineering and science fields -- to help it solve a series of problems related to cybersecurity and the immense flow of information the department deals on an every-day basis.
Speaking at the Massachusetts Institute of Technology (MIT) this week, DHS Secretary Janet Napolitano said that it will take more than the work of the department and its IT team to solve the problems of the varied work the DHS is doing to secure borders and U.S. critical infrastructure, among other tasks. Her remarks are available online.
"At DHS, we are constantly asking and trying to answer some important questions: How do we keep travel and trade flowing across borders while at the same time enhancing security? How do we secure our nation's critical infrastructure when the vast majority of it is in private hands?" she said. "The answers to many of these questions involve harnessing science and technology to better meet our homeland security needs."
Perhaps more than any other agency, the DHS must work with myriad partners in both local and state governments as well as the private sector to accomplish its mission.
Particularly in the area of cybersecurity, the agency has set up partnerships through a series of fusion centers and joint terrorism task forces around the country to share intelligence information to protect critical infrastructure. The work includes collaborating with both private and public organizations.
Citing this "long tradition in our country of creating problem-solving partnerships between government and our research and development enterprise," Napolitano described some of the challenges the DHS hopes experts in a variety of fields will help it solve.
One key security challenge the DHS faces is what she called the "big data" problem. Being the linchpin for national security, the department receives data from a number of agencies -- such as the Federal Aviation Administration, the Transportation Safety Administration, the FBI, and the CIA -- about possible threats, both cyber and otherwise, and must disseminate that information quickly and efficiently to come up with a plan of action.
Napolitano said that the agency is always looking for better ways to extract meaningful information from "billions" of data points, and is seeking input on how to do that from experts across different fields.
"We therefore cannot overstate the need for software engineers and information systems designers. We need communications and data security experts," she said. "And we need this kind of talent working together to find new and faster ways to identify and separate relevant data."
Napolitano also mentioned the recent earthquake and subsequent tsunami in Japan to launch a discussion about how the DHS can improve emergency response in case of a similar disaster in the United States.
She said that FEMA Administrator Craig Fugate is exploring ways to use social media to achieve several crucial tasks during a disaster, such as reaching people during an emergency, locating necessary supplies, and moving them to the people and places that need them most. The federal government used the Web, including Twitter feeds, to share information with people who might be in need of help as part of its response to the recent disaster.
Napolitano also said that the DHS will seek help from scientists and engineers to create more resilient building materials that can withstand major earthquakes by engaging in nanotechnology research and getting that technology into widespread commercial use. Technology to detect nuclear radiation and to improve healthcare response to pandemics also is of interest to the department, she added.
Military blocks access to popular video websites
Officials say demand to see footage from Japan earthquake is eating up bandwidth
By The Associated Press
Updated: 03-17-2011 9:43 am
WASHINGTON
--
The Pentagon's Cyber Command has shut down Defense Department workers' access to popular streaming video websites including YouTube, Amazon, and Googlevideo.
Officials say the tremendous demand to see the Japan earthquake is eating up bandwidth already weakened by Internet problems in that part of the world.
Cyber Command has directed the Defense Information Systems Agency to temporarily restrict access to the websites. Most employees see the message "Website Blocked" in bright red letters when they go to one of the sites.
Cyber Command says the restrictions are no reflection on the websites. The command says the sites have been blocked at the request of U.S. Pacific Command to help meet the needs of the military because its networks and circuits in the region are facing extreme demands.
RSA customers fear fallout from targeted attack
Concerns mount over what information attackers were able to get
BY TECHWEBNEWS.COM
via NewsEdge Corporation
Updated: 03-21-2011 10:31 am
Word of the attack, which RSA categorized as an advanced persistent threat (APT)-type breach, came via a an open letter posted by RSA executive chairman Art Coviello on RSA's Web site as well as via a Securities and Exchange Commission (SEC) filing. RSA provided little detail on exactly what was taken or how, but the vendor did provide a list of recommendations for its customers that ranged from hardening their social media application security, using least privilege for administrators, and reiterating with employees to avoid suspicious emails and phone calls to ratcheting up security in their "active directories" and closely monitoring their SIEM systems.
Of major concern is just what the attackers actually got their hands on from databases storing RSA's SecurID information. The uncertainty and lack of specifics from RSA has left some RSA customers frustrated and unsure just how to respond internally. A security officer at one large enterprise that uses SecurID, and who requested anonymity, says RSA's announcement of such a critical security breach should have come with more "actionable" recommendations than the general ones the company offered.
"My chief concern is we don't know what they [the attackers] got," he says. "What RSA is saying, and what they are not saying. is that whatever [the attackers] got, [with] some other information they could socially engineer from a user would let them be able to pretend they have a token by duplicating it somehow."
One worry is that the attackers gained the serial numbers from SecurID customers' tokens and other information that would give them the ability to clone the tokens and then use social engineering to gain additional information in order to use the SecurID authentication to in turn target large RSA customers of the technology.
The security officer says he's now stuck trying to figure out how to assess the risk to his organization, but he doesn't have enough details or information to provide an assessment to his senior executives. He says RSA contacted his company, but only offered up the same recommendations and information the company has put online about the breach. "They've mostly been dark since yesterday," he says.
Recommendations such as the one that advises customers to "pay special attention to security around their active directories" is the equivalent of telling the user to check the engine light on his car, the SecurID customer says. "The engine is there. Be more specific," he says. "I understand that they don't want to provide a recipe [for an attacker] to break in . . . But we are relying on their product to protect that infrastructure. They should be able to relay some of the details . . . and what to do."
Meanwhile, security consultants and researchers warn customers not to panic and note that even if the bad guys got hold of the six-digit key, they would still need the PIN code to use it, for example. Don Gray, chief security strategist for Solutionary, says organizations should educate users to take care with their SecurID tokens and to watch out for social engineering and phishing attacks that take advantage of the news surrounding the attack and offer to "reset" or "validate" a SecurID token.
Nick Percoco, senior vice president at Trustwave's SpiderLabs says waging a targeted attack using stolen SecurID tokens for authentication would be difficult for an attacker, but not impossible. "If we presume the attackers gained access to the token 'seed' files or the algorithm used to generate them, they would then need to identify a system that uses this type of authentication to target," Percoco says.
Take an online brokerage, with its customer portal as the main target, he says: "The attacker would then need to be able to map specific RSA tokens back to specific individuals. This assumes that the serial numbers on the tokens can be used to generate or lookup 'seed' values from the data stolen by the attackers from RSA. Once that is accomplished and the attackers can predict the token codes for a specific token, they would then need to guess the end user's PIN," Percoco says.
That step would entail getting the token's serial number and the PIN, which could be grabbed via a phishing attack taking advantage of the RSA breach, for example. "Once they have both the ability to predict the token codes and the end user's PIN, they can access the accounts on the online brokerage system," he says.
Just how widely deployed is SecurID? David Schuetz, a security consultant with The Intrepidus Group, noted in a blog post Friday that SecurID has more than 25,000 customers and that there are around 40 million physical SecurID tokens in circulation, plus 250 million software-based ones. "Many of these are used for secure authentication to corporate websites and email, and they've seen increasing use in online banking. A 'reduction in effectiveness' could have very serious, and wide-ranging, consequences," he blogged, referring to RSA's warning that the hack could have compromised the SecurID technology's effectiveness.
SecurID basically generates random numbers in a sequence known only to the authentication server--those numbers are then used by the person holding the token to log into a system, Schuetz explained. "To keep the tokens unique, each is pre-loaded with a seed that initializes the sequence for each token. The resulting 6-digit numbers, or 'tokencodes,' are therefore produced in a sequence specific and unique to each token."
Meanwhile, RSA exec Coviello's open letter raises plenty of questions. "While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA SecurID customers, this information could potentially be used to reduce the effectiveness of a current two-factor authentication implementation as part of a broader attack. We are very actively communicating this situation to RSA customers and providing immediate steps for them to take to strengthen their SecurID implementations," he said in the letter.
"We have no evidence that customer security related to other RSA products has been similarly impacted. We are also confident that no other EMC products were impacted by this attack," he said, and that RSA plans to provide SecurID customers "tools, processes and support" to shore up security in the wake of the breach.
No one knows for sure as yet whether the attack was an isolated one or part of a broader APT-type attack. But APT-type attacks, which typically originate out of China, are notoriously stealthy, long-term, and often difficult to detect.
"It's hard to say, but I don't think this is an isolated attack. If anything, hackers are incredibly persistent and now they might also have your SecurID in their back pocket," says Frank Kenney, vice president, global strategy and product management at Ipswitch File Transfer. "If this is an advanced persistent threat attack, then we can expect to see additional attempts on RSA, and on owners of compromised SecurID's. Businesses and agencies need to be especially diligent in keeping tabs on how employees are sharing information, who they are sharing it with, and ensure that they are not using personal email for business communications--especially in the government."
Study: Hackers increasingly targeting business secrets
Cyber criminals looking for trade secrets, marketing plans, R&D reports, and source code
BY PRESS TRUST OF INDIA
via NewsEdge Corporation
Updated: 03-30-2011 3:20 pm
Some hackers are starting to specialise in data stolen
from corporate networks, according to research compiled by
security firm McAfee
McAfee said deals were being done for trade secrets,
marketing plans, R&D reports and source code
It urged companies to know who looks after their data
as it moves into the cloud or third-party hosting centres
"Cyber criminals are targeting this information based
on what their clients are asking for," BBC quoted Raj Samani,
chief technology officer in Europe for McAfee as saying
He said some business data had always been scooped up
when net thieves compromised PCs using viruses and trojans in
a search for logins or credit card details
The difference now was that there exists a ready
market for the data they are finding
In some cases, said Samani, thieves were running
campaigns to get at particular companies or certain types of
information
The McAfee report mentioned cases in Germany, Brazil
and Italy in which trade secrets were either stolen by an
insider or cyber thieves tried to get hold of via a concerted
attack
In some cases, said the McAfee report, companies made
the job of the criminals easier because they did little to
censor useful information about a corporate's culture or
structure revealed in e-mails and other messages
Such information could prove key for thieves mounting
a "social engineering" in which they pose as employees to
penetrate networks
The report detailed efforts by firms to watch casual
and contract employees and the use of behavioural analysis
software to spot anomalous activity on a corporate network
Thefts of intellectual property or key documents could
be hard to detect, Samani said
"You may not even know it's stolen because they just
take a copy of it," he said
Defending against these threats was getting harder, he
said, because key workers with access to the most valuable
information were out and about using mobile devices far from
the defences surrounding a corporate HQ
"Smartphones and laptops have crossed the perimeter,"
Samani said
The warning comes in the wake of a series of incidents
which reveal how cyber criminals are branching out from their
traditional territory of spam and viruses.
<
0 comments:
Post a Comment