NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — February 6, 2019

  • Huawei Sting Offers Rare Glimpse of the U.S. Targeting a Chinese Giant
  • The Navy Needs 2 Tons of Storage Devices Burned to Ash
  • U.S. Intelligence Warns China Is Using Student Spies to Steal Secrets
  • How to Comply With the DSS Risk Management Framework
  • Putin Orders Up a National AI Strategy
  • Pay the Ransom? Corporate Lawyers Say Meeting Some Hackers' Demands May Be Worth It
  • Intel Chiefs Expect More Cyberattacks Against U.S.
  • Report: Shutdown Had ‘Minimal’ Effects on Government Cybersecurity
  • DOJ Moves to Take Down Botnet Operated by North Korean State Hackers
  • Experts: Cyber Threat Being Met with Same Apathy as Terrorism Before It
  • Apple Engineer Accused of Stealing Autonomous Vehicle Trade Secrets for China   

Huawei Sting Offers Rare Glimpse of the U.S. Targeting a Chinese Giant (Bloomberg, 2/4/19)
The sample looked like an ordinary piece of glass, 4 inches square and transparent on both sides.  It’d been packed like the precious specimen its inventor, Adam Khan, believed it to be—placed on wax paper, nestled in a tray lined with silicon gel, enclosed in a plastic case, surrounded by air bags, sealed in a cardboard box—and then sent for testing to a laboratory in San Diego owned by Huawei Technologies.  But when the sample came back last August, months late and badly damaged, Khan knew something was terribly wrong.  Was the Chinese company trying to steal his technology?
Like all inventors, Khan was paranoid about knockoffs.  Even so, he was caught by surprise when Huawei, a potential customer, began to behave suspiciously after receiving the meticulously packed sample.  Khan was more surprised when the FBI drafted him and Akhan’s chief operations officer, Carl Shurboff, as participants in its investigation of Huawei.  The FBI asked them to travel to Las Vegas and conduct a meeting with Huawei representatives at last month’s Consumer Electronics Show.  Shurboff was outfitted with surveillance devices and recorded the conversation while a Bloomberg Businessweek reporter watched from safe distance. More

The Navy Needs 2 Tons of Storage Devices Burned to Ash (NextGov, 2/4/19)
The Naval Surface Warfare Center at the White Sands Missile Range in New Mexico has—literally—tons of IT hardware and equipment used for classified programs that need to be destroyed by the most secure and irreversible means.  While White Sands Missile Range is an Army facility, NAVSEA researchers have a detachment there working on “land-based weapons system testing, directed energy weapons testing”—lasers—"and research rocket launch support,” according to their webpage.
Those researchers have on hand some 4,000 pounds of IT equipment, including magnetic, optical and solid-state storage devices with highly sensitive, classified data.  The center issued a solicitation for destruction services that specifically calls for all designated equipment to be burned “to ash.”  The information stored on these devices is highly sensitive, as evidenced by the physical security requirements set forth in the solicitation.  The incineration facility must have “at the minimum, secure entry, 24-hour armed guards and 24/7 camera surveillance with recordable date and time capabilities.” More

U.S. Intelligence Warns China Is Using Student Spies to Steal Secrets (CNN, 2/1/19)
In August 2015, an electrical engineering student in Chicago sent an email to a Chinese national titled "Midterm test questions."  More than two years later, the email would turn up in an FBI probe in the Southern District of Ohio involving a suspected Chinese intelligence officer who authorities believed was trying to acquire technical information from a defense contractor.  Investigators took note.  They identified the email's writer as Ji Chaoqun, a Chinese student who would go on to enlist in the U.S. Army Reserve.  His email, they say, had nothing to do with exams.
Instead, at the direction of a high-level Chinese intelligence official, Ji allegedly attached background reports on eight U.S.-based individuals who Beijing could target for potential recruitment as spies, according to a federal criminal complaint.  The eight, naturalized U.S. citizens originally from Taiwan or China, had worked in science and technology.  Seven had worked for or recently retired from defense contractors.  The complaint says all of them were perceived as rich targets for a new form of espionage that China has been aggressively pursuing to win a silent war against the U.S. for information and global influence.  More

How to Comply With the DSS Risk Management Framework (NSI.org, 2/1/19)

The Risk Management Framework is a significant undertaking for most organizations and all defense contractors with classified information systems must comply with the six-step RMF process in order to receive or maintain their system authorization. This new accreditation process provides a complex challenge to industry through new approaches to system categorization, assessment and continuous monitoring. Understanding these requirements along with the RMF process is key to getting your information systems approved. Navigating the complex Risk Management Framework requirements can be daunting.  Join Karl Hellmann, DSS Assistant Deputy Director, NISP Authorization Office at the upcoming NSI IMPACT ’19 Forum where you’ll learn best practices and gain a better understanding of RMF.

For more information and to register, go to https://www.nsi.org/impact-registration.html


Want to Ace Your Next Security Inspection? Awareness Is Key

Protecting classified information depends, today more than ever, on the security awareness of employees.   They can literally make or break your security program.  And the stakes have been raised even higher with the DSS Security Rating Matrix, which puts heightened emphasis on employee education and awareness.  In fact, one of the top three deficiencies cited by IS Reps around the country is a “weak security education program.”

So, how can you achieve a “Superior” inspection rating and avoid having to answer for negligent employee behavior?  The secret lies in just three little words: EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next security audit.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve “superior” inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: https://nsi.org/es-connection.html


Putin Orders Up a National AI Strategy (Defense One, 1/31/19)
Russian President Vladimir Putin has instructed his government to create a national strategy for research into and development of artificial intelligence, state media reports.  The order follows a year of various efforts to better coordinate Russian government, academic, and private-sector work on AI.  Delivered last week in a list of instructions approved by Putin following a Jan. 15 meeting of the supervisory board of the Agency for Strategic Initiatives, the order sets a delivery deadline of Feb. 25.
“The Government of the Russian Federation, with the participation of Sberbank of Russia and other interested organizations, should develop approaches to the national strategy for the development of artificial intelligence and submit appropriate proposals,” the instruction says.  This official call for the national AI strategy follows several initiatives launched in 2018 to unify national efforts in the private and public sectors towards the development of artificial intelligence in the country.  While the private sector in Russia has achieved success in image and speech recognition, the military has been pursuing its own AI development for a variety of weapons such as aircraft, missiles, electronic warfare, radars and unmanned systems. More

Pay the Ransom? Corporate Lawyers Say Meeting Some Hackers' Demands May Be Worth It (Cyber Scoop, 1/31/19)
Conventional wisdom says ransomware victims shouldn’t pay their attackers, but a panel of legal experts suggested last week that standing firm might not always be the smartest play in the real world.  FBI officials, corporate bigwigs, and public-sector security bosses in recent years all have advised their colleagues to keep their wallets closed when ransomware hits.  There’s no honor among thieves, the logic goes, and even if you pay hackers to buzz off, who’s to say they will follow through on promises to unlock encrypted data?
But there are scenarios in which businesses should carefully consider their decision, Mark Knepshield and Matthew Todd said during a panel discussion at the Legalweek conference in New York.  “I would say, if it’s a small amount, pay it,” said Knepshield, a senior vice president at insurer McGriff, Seibels and Williams.  “It’s likely just be the easiest way out of your situation.”  In a poll surveying Legalweek attendees, 86% said they would not pay a ransom if attackers threatened to publish stolen material online within 24 hours.  That follows the traditional legal advice, with the FBI encouraging hacked businesses not to pay. More

Intel Chiefs Expect More Cyberattacks Against U.S. (GovInfoSecurity, 1/30/19)
The top nation-state threats facing the United States are posed by China, Russia, Iran, and North Korea, U.S. Director of National Intelligence Dan Coats warned the Senate Intelligence Committee last week.  Appearing alongside five of the nation's other top intelligence officials, Coats was first to testify, and he warned that "the big four" countries remain a significant threat to both the U.S. government and private sector.  He also said their efforts are "likely to further intensify this year."
In the face of myriad threats, knowing which defenses to prioritize remains challenging because attackers' tactics continue to change, Coats said.  But some of the dominant threat vectors he highlighted include cyber operations; online influence operations and election interference; weapons of mass destruction and proliferation; terrorism; counterintelligence; space and transnational organized crime; as well as threats of a more regional nature.  Coats began his threat assessment overview by focusing on election security.  He said that after Russia's attempt to interfere in 2016 elections, efforts to safeguard the 2018 midterms were successful despite efforts by "unidentified actors." More

Report: Shutdown Had ‘Minimal’ Effects on Government Cybersecurity (NextGov, 1/30/19)
The 35-day government shutdown had “very minimal” immediate effects on the cybersecurity of federal agencies, according to security researchers.  While lawmakers and cyber wonks warned the longest government shutdown in history would leave agencies vulnerable to cyberattacks, researchers at Security Scorecard determined those fears were largely unfounded.  In fact, they said keeping hundreds of thousands of feds away from computers and network-connected devices may have had short-term benefits for the government’s cyber posture.
In a report published last week, researchers assessed 128 federal agencies in three categories related to their overall cyber posture: network security, patching cadence, and endpoint security.  While network security scores dipped slightly during the shutdown, agencies improved their grades in the other two categories while much of the government was shuttered.  Researchers attributed the drop in network security to a spike in expired SSL certificates.  Feds must consistently renew the protocols, which enable web browsers to securely connect to the internet, but they were unable to do so when agencies were shuttered.  More

DOJ Moves to Take Down Botnet Operated by North Korean State Hackers (ZD Net, 1/30/19)
The Department of Justice announced last week an effort to take down Joanap, a botnet built and operated by North Korea's elite hacker units.  Efforts to disrupt the botnet have been underway for several months already, based on a court order and search warrant the DOJ obtained in October 2018.
Based on these court documents, the FBI's Los Angeles Field Office and the U.S. Air Force Office of Special Investigations have been operating servers mimicking infected computers part of the botnet, and silently mapping other infected hosts.  This was possible because of the way the Joanap botnet was built, relying on a peer-to-peer communications system where infected hosts relay commands introduced in the botnet's network from one to another, instead of reporting to one central command-and-control server.  More

Experts: Cyber Threat Being Met with Same Apathy as Terrorism Before It (Media Line, 1/29/19)
Western countries are ignoring the severity of the threat posed by cyberattacks in the same way they initially failed to tackle the scourge of terrorism, according to experts that descended on Tel Aviv last week for the Cybertech 2019 conference.  The refusal to adequately address the issue, largely the byproduct of a desire to “save face,” has thrown a wrench in government-to-government cooperation which, in turn, is contributing to the problem.
Founders and CEOs of the world’s top data and cyber risk management firms—including Checkpoint, IBM and Microsoft—highlighted the resulting difficulty of neutralizing a huge volume of daily attacks across multiple platforms, and called for the highest level of collaboration if nations are to stay secure amid lightning-quick changes in the digital realm.  Haim Tomer, a former officer in Israel’s Mossad spy agency, said, “cybersecurity cooperation on the national level very much resembles the beginning of modern terrorism in the West in the 1970s, when the issue was dealt with privately so as not to admit vulnerability.” More

Apple Engineer Accused of Stealing Autonomous Vehicle Trade Secrets for China (NBC, 1/29/19)
For the second time in six months, the FBI is accusing a Chinese national working for Apple of attempting to steal trade secrets related to the company’s secret autonomous vehicle program.  Apple began investigating Jizhong Chen when another employee reported seeing the hardware developer engineer taking photographs in a sensitive work space, according to a federal criminal complaint unsealed this week.
Chen, according to the complaint, allowed Apple Global Security employees to search his personal computer, where they found thousands of files containing Apple’s intellectual property, including manuals, schematics, and diagrams.  Security personnel also found on the computer about a hundred photographs taken inside an Apple building.  Apple learned Chen recently applied for a job at a China-based autonomous vehicle company that is a direct competitor of Apple’s project, according to the complaint.  A photo found on Chen’s computer, which Apple provided to the FBI, showed an assembly drawing of an Apple-designed wiring harness for an autonomous vehicle. More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org




Impact 2019 Banner

Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button