Posts

Cyber Security Professionals Must Prevent Attacks or Be Terminated

Published with Permission by:
Lint, James R., “Cyber Security Professionals Must Prevent Attacks or Be Terminated”, In Cyber Defense, 14 June 2017, Web, http://incyberdefense.com/james-lint/cyber-security-professionals-must-prevent-attacks-terminated/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

My recent article, “Cyber Defenders Are Often Not Fired, When Others Would Be” stirred responses from many physical security professionals. The common theme was that there are standards in physical security, but the cyber security problem is too difficult to solve. Cyber defenders, however, know standards and solutions are available.

Cyber Defense Standards Can Be Found

The National Institute of Standards and Technology (NIST) has created a cyber security framework for private sector organizations to assess their ability to prevent, detect and respond to cyberattacks.

The “The Framework, which was created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure.”

Also, on May 11, 2017, the White House released a Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

The United States Computer Emergency Readiness Team, a division of the Department of Homeland Security, (US-CERT) website states that US-CERT “strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.”

The US-CERT website has numerous publications, alerts, tips, and resources. It is updated daily, and has many ways to be contacted.  Any cyber defenders who have not signed up for the alerts and tips email list are missing good professional development and also timely protection information for their organizations.

Comparisons of Physical Security and Cyber Security

Many physical security personnel are not trained in cyber security, just as many cyber security personnel are not trained in physical security. Training helps both.

Physical security specialists are trained for many different sectors such as government security, security for intelligence facilities, shopping centers, banks, and hospitals. No one is an expert in all of those sectors. The security standards for a Top Secret intelligence facility are much different from those of a hospital. In turn, a hospital security is different than that of a bank.  With all the knowledge needed in these sectors, why would some people think they can also be experts in cyber security/defense?

Cyber Defenders Must Install Updates

Companies that do not upgrade their software are as derelict as those companies that leave a door open to thieves.

On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. As many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan, were affected. Thousands of computers were locked by a program that demanded $300 in Bitcoin for each hacked computer. But in March Microsoft had issued the first patch to prevent the WannaCry attack.

That means all those companies and officials who were affected by WannaCry Ransomware could have prevented the attack if they had installed Microsoft’s update and upgrades two months earlier.

Why are boards of directors not firing CIOs and senior IT managers who fail to take steps to prevent cyberattacks?  Why are they not firing CEOs who did not ensure that their CIOs and IT managers implemented the Microsoft update patches? Why do they treat cyber security personnel so cavalierly but do not reprimand or fire physical security personnel who make similar errors?

Visual Comparison of Security Physical Holes and Unpatched or Upgraded Networks

If a company does not repair a large hole in its building for two months, wouldn’t that be cause for termination of its security manager? Would that business’s insurance company continue to insure a firm with a large hole in its building?

If you don’t patch a hole in your fence, people will think you are incompetent or lazy. If you leave a large hole in your building you should be fired for cause. Why do we not hold CIOs to the same standard of responsibility? It really is that simple. There will be new innovative hacks in the future. But any security professional who does not deal with existing vulnerabilities should be fired.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Ransomware Escalates To a Near Nation-State Attack in the UK

Published with Permission by:
Lint, James R., “Ransomware Escalates To a Near Nation-State Attack in the UK”, In Cyber Defense, 15 May 2017, Web, http://incyberdefense.com/james-lint/ransomware-escalates-near-nation-state-attack-uk/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
In Cyber Defense and Contributor, In Homeland Security

On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. The BBC stated, “There have been reports of infections in as many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan. Computers in thousands of locations have apparently been locked by a program that demands $300 in Bitcoin.”

CNET reported, “The ransomware attack that hit 16 National Health Service (NHS) hospitals in the U.K. and also hit up to 52,000 devices across other countries using an exploit called the WanaCrypt0r 2.0 ransomware. The majority of the new malware was targeting Russia, Ukraine and Taiwan, Avast Threat Lab team lead Jakub Kroustek said.”

WanaCryptor 2.0 Attack’s Impact on UK Hospitals

Multiple hospitals in the NHS pushed information via social media to the local population to contact their hospitals before traveling to determine if those hospitals were open for operations. The NHS is the government-run, major medical system in the U.K., so hackers have only one system to breach and install ransomware.

The advantage to the American healthcare system is that we have multiple hospital systems. While there have been major hacks against a few major U.S. hospitals and insurance companies, it is more difficult to penetrate all of these unconnected systems.

If the U.S. healthcare system were to migrate to a single health system like the NHS, the security of our healthcare system would require more safeguards. But these multiple healthcare systems provide some additional security for patient data; the competition provides some additional security.

Ransomware Could Escalate into Strategic Attacks on the US

It is possible that the use of ransomware could escalate and ransomware could be used for strategic attacks against the United States. Imagine the potential of ransomware that attacks an entire sector of a country, such as healthcare and hospitals.

For example, what if there was a ransomware attack that affected both a hospital’s computer system and its interconnected phone system? In the U.K., you must contact the hospital before bringing in a patient for treatment. Patient care would be unnecessarily delayed as the problems with that hospital’s computers and phone system were solved.

Although a hospital’s managers could theoretically shut down uninfected computer and phone systems to prevent ransomware infections, that security measure would be self-defeating and would replicate the impact of a ransomware attack. Without access to phones or health records, hospital employees would have difficulty doing their jobs properly.

Ransomware Attacks Could Impact Strategic Actions and Confidence in Government

Taking major hospital systems offline and causing hospitals to tell their patients not to go to specific hospitals causes a public lack of confidence in government systems. Patients become worried and uneasy when they are told that their health data records are unavailable and “the hospital is not in control of your personal health records at this time.”

In Latin American insurgencies in the 1980s, the goal of insurgents was to destabilize countries and make the population unsure that the government can protect them. The same type of impact could happen with a strategic cyberattack or strategic ransomware.

Potential Solution to the WanaCrypt0r 2.0 Ransomware Attack

Microsoft released a patch in March for the vulnerability that the WanaCrypt0r 2.0 ransomware exploits. Unfortunately, many computer systems have not been updated. This lack of action could leave a legal avenue for customers to sue for damages caused by the company’s negligence in performing software updates.

Long-Term Impact of WanaCryptor 2.0 Ransomware Attack

The WanaCrypt0r 2.0 ransomware attack that impacted so many countries could end in a multitude of ways. As the attack is investigated, we may see that the attack was caused by criminals trying to make money. But if the attack involved a nation-state intent on destroying other countries’ computer systems and holding systems for ransom, this situation could become more serious and potentially lead to war.

The news that some of the ransomware demands payments in small sums of $300 to $600 to restore access indicates this attack is a criminal matter. The scope and impact of the WanaCrypt0r 2.0 attack is wide.

But the WanaCrypt0r 2.0 ransomware attack may have one positive outcome. With the number of countries involved in this latest ransomware attack, there may be an increase of cooperation between law enforcement agencies across the world on cyber crimes.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.