NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — June 19, 2019

  • Senator Says U.S. Needs a Better Plan to Confront Supply Chain Threat from China
  • DHS Joins NSA in Warning of ‘BlueKeep’ Vulnerability
  • Prosecutors: CIA Leaker Tried to Start ‘Information War’ While Behind Bars
  • How NBIB Slashed the Clearance Backlog by 300,000 in a Year
  • Human error still the cause of many data breaches
  • U.S. Escalates Online Attacks on Russia’s Power Grid
  • Hackers that Took Down Saudi Oil Site Probing U.S. Power Grid
  • GAO Finds Critical Security Risks in ‘Decades Old’ Federal IT Systems
  • DHS Cyber Incident Response Team Gets House Approval
  • Bolton: U.S. Ramping Up Offensive Cyber Measures to Stop Economic Attacks  

Senator Says U.S. Needs a Better Plan to Confront Supply Chain Threat from China (FCW, 6/17/19)
Sen. Mark Warner (D-Va.) warned in a speech June 17 that while U.S. policymakers have slowly come to recognize the long-term threat that China poses to a range of technology and cybersecurity issues, they currently lack a cohesive strategy to effectively confront Beijing over the next few years.  "Here I think we need a lot of work, and frankly I've seen very little articulate development from the administration on that short-term strategy," said Warner.  "I will acknowledge that the Trump administration has done the right thing vis-a-vis China in saying the status quo was not working, but if the status quo is not working, [the president's] got to offer an alternative."
National security officials like FBI Director Christopher Wray have accused China's government of using all elements of national power to "steal its way up the economic ladder" at the expense of other countries, implementing policies like forced technology transfer and foreign investment while also incentivizing state-aligned companies and hackers to pilfer intellectual property and trade secrets from competitors.  More

DHS Joins NSA in Warning of ‘BlueKeep’ Vulnerability (Cyber Scoop, 6/17/19)
The Department of Homeland Security has added its voice to a chorus of government and corporate cybersecurity professionals urging users to patch their systems for BlueKeep, a critical vulnerability recently reported in old Microsoft Windows operating systems.  DHS’s Cybersecurity and Infrastructure Security Agency said it had used the BlueKeep vulnerability to execute remote code on a test machine operating Windows 2000.
The agency released an advisory reiterating that, like the famed WannaCry ransomware, BlueKeep is “wormable,” in that malware exploiting the vulnerability could spread to other systems.  The BlueKeep vulnerability, for which Microsoft published an advisory on May 14, could allow a hacker to abuse the popular Remote Desktop Protocol, which grants remote access to computers for administrative purposes, to delete data or install new programs on a system.  When it was disclosed, security experts immediately warned of BlueKeep’s severity, and as of last week, close to 1 million internet-exposed machines were still vulnerable to the flaw. More

Prosecutors: CIA Leaker Tried to Start ‘Information War’ While Behind Bars (NY Post, 6/17/19)
A former CIA technician charged with handing over classified documents to Wikileaks smuggled cellphones into a Manhattan correctional facility to wage an “information war” against the government, prosecutors allege.  In new filings submitted on Monday, prosecutors say that Joshua Adam Schulte, who was first arrested in August 2017 and is being held in solitary confinement in the Manhattan Correctional Center, used the phones to create secret email and social media accounts to disseminate both classified and misleading information from behind bars in an attempt to obstruct the case against him.
Prosecutors say that Schulte conscripted fellow inmates to aid in his war and that, according to journals found in his cell, he planned to shake the government down for $50 billion in restitution.  “I will look to breakup diplomatic relationships, close embassies, and U.S. occupation around the world & finally reverse U.S. jingoism,” Schulte wrote, according to court papers.  Schulte managed to use the phones to post messages on the social media accounts he created — including one in which he said the government planted child porn on his computer.  More


Help Your Employees Avoid Security Amnesia

People are the weak link in any organization, opening attachments, downloading sensitive information onto thumb drives or sharing documents that they shouldn’t.  In most cases, employees receive some information security training when they join a company, but typically that isn’t repeated on a timely basis.  Just like computers, people must be patched at least every month.  Continuous security awareness solutions from NSI can help solve this problem and ensure everyone in your organization is up to speed on the latest security threats.

A more security-aware workforce can mean the difference between an employee preventing the next data breach, and becoming the next breach.  Protect yourself today with SECURITYsense, the premier information security awareness service from NSI.  It keeps your employees up to date on current threats and tells them how to protect against them — easily and cost effectively. To know more, click here https://www.nsi.org/securitysense/what-is-securitysense.shtml


How NBIB Slashed the Clearance Backlog by 300,000 in a Year (Fed News Network, 6/17/19)
The security clearance backlog, at a historically high peak of 725,000 in April 2018, is now at its lowest point in three to four years.  The investigative inventory jumped from roughly 328,000 in late 2015 to 573,000 cases the next year, according to Performance.gov data.  From there, it kept climbing.  But a new embrace of technology and a concerted effort to hire more investigators has, in little more than a year, helped slash a once perilously high backlog into one that’s much more manageable.
Today, the inventory sits at 424,000 pending investigative cases, which NBIB Director Charlie Phalen said extends across all case types for both government and industry.  NBIB, which is preparing to transfer its employees and contracts, as well as the security clearance backlog itself, to the DoD by Oct. 1, sees a goal of 200,000 pending cases as within reach.  In an interview, Phalen said investigators are closing more cases each week than they were a year ago, despite a weekly intake that’s roughly 6,000 cases higher this year compared to 2018. More

Human error still the cause of many data breaches (HelpNet Security, 6/17/19)

With the incidence of reported data breaches on the rise, more than half of all C-suite executives (C-Suites) (53%) and nearly three in 10 Small Business Owners (SBOs) (28%) who suffered a breach reveal that human error or accidental loss by an external vendor/source was the cause of the data breach, according to a Shred-it survey conducted by Ipsos. When assessing additional causes of data breaches, the report found that nearly half of all C-Suites (47%) and one in three SBOs (31%) say human error or accidental loss by an employee/insider was the cause. 

What’s more, one in five C-Suites (21%) and nearly one in three SBOs (28%) admit deliberate theft or sabotage by an employee/insider was the cause of the data breach, compared to two in five C-Suites (43%) and one in three SBOs (31%) who say deliberate theft or sabotage by an external vendor/source caused their organization to suffer a data breach. More

U.S. Escalates Online Attacks on Russia’s Power Grid (MSN, 6/15/19)
The United States is stepping up digital incursions into Russia’s electric power grid in a warning to President Vladimir V. Putin and a demonstration of how the Trump administration is using new authorities to deploy cyber tools more aggressively, current and former government officials said.  In interviews over the past three months, the officials described the previously unreported deployment of American computer code inside Russia’s grid and other targets as a classified companion to more publicly discussed action directed at Moscow’s disinformation and hacking units around the 2018 midterm elections.
Advocates of the more aggressive strategy said it was long overdue, after years of public warnings from DHS and the FBI that Russia has inserted malware that could sabotage American power plants, oil and gas pipelines, or water supplies in any future conflict with the United States.  But it also carries significant risk of escalating the daily digital Cold War between Washington and Moscow. More

Hackers that Took Down Saudi Oil Site Probing U.S. Power Grid (Bloomberg, 6/14/19)
A group of hackers that shut down a Saudi Arabian oil and natural gas facility in 2017 is now targeting electric utilities, according to the cybersecurity company Dragos Inc.  The group, Xenotime, has been probing utilities in the U.S. and Asia-Pacific regions since late 2018, Hanover, Maryland-based Dragos said last week.  They’ve focused mostly on electronic control systems that manage the operations at industrial sites, Dragos said.
U.S. officials have long warned grids are acutely vulnerable to cyberattacks.  Disrupting a region’s electrical infrastructure could cause widespread chaos, triggering blackouts and crippling financial markets, transportation systems and more.  “While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern,” Dragos said in its post.  The attackers appear to be probing for weaknesses in the U.S power systems -- a step to be considered far less serious than an actual attack -- and there is so far no evidence of “a known, successful intrusion.” More

GAO Finds Critical Security Risks in ‘Decades Old’ Federal IT Systems (Homeland Security Today, 6/12/19)
The U.S. government plans to spend over $90 billion this fiscal year on information technology.  Most of that will be used to operate and maintain existing systems, including legacy systems, which can be more costly to maintain and vulnerable to hackers.  A GAO report analyzed 65 federal legacy systems and identified the 10 most critical at 10 agencies.  The systems were 8 to 51 years old.
Among the 10 most critical legacy systems that GAO identified as in need of modernization, several use outdated languages, have unsupported hardware and software, and are operating with known security vulnerabilities.  For example, the selected legacy system at the Department of Education runs on COBOL—a programming language that has a dwindling number of people available with the skills needed to support it.  In addition, the Department of the Interior’s system contains obsolete hardware that is not supported by the manufacturers.  Regarding cybersecurity, DHS’s system had a large number of reported vulnerabilities, of which 168 were considered high or critical risk to the network as of September 2018.  More

DHS Cyber Incident Response Team Gets House Approval (NextGov, 6/11/19)
House lawmakers last week approved a bill that would stand up a crack team of government cyber defenders who could parachute in when networks come under attack.  The act would create a permanent group of security specialists that agencies and industry could call on when their IT infrastructure gets compromised.  The teams, housed within the Cybersecurity and Infrastructure Security Agency, would assist victims in containing the damage and restoring networks after digital attacks.
“When cyberattacks occur, immediate expertise is needed to mitigate damage and ensure organizations are restored,” Rep. Michael McCaul, R-Texas, the legislation’s sponsor and former House Homeland Security Committee chairman, said in a statement.  “[The bill] ensures that the Department of Homeland Security can foster collaboration between the public and private sector to ensure our nation can continue to adapt to the constant changes in the cyber landscape.”  A previous version of the legislation passed the House in 2018 but never received a vote in the Senate. More

Bolton: U.S. Ramping Up Offensive Cyber Measures to Stop Economic Attacks (Cyber Scoop, 6/11/19)
The U.S. is beginning use offensive cyber measures in response to commercial espionage, President Trump’s national security adviser, John Bolton, said last week.  “We’re now looking at — beyond the electoral context — a whole range of other activities to prevent this other kind of cyber interference … in the economic space, as well,” Bolton said.
The U.S. faces many digital economic threats, including a particularly aggressive salvo from Beijing, which continues to steal intellectual property and conduct other cyber-espionage activities, according to the latest Pentagon assessment on Chinese military operations.  The U.S. government traditionally has carried out offensive cyber-operations in the electoral context, such as a 2018 Cyber Command operation that interrupted the internet access of a Russian organization that spread political disinformation on social media.  Now, according to Bolton, American focus is expanding to deter the theft of IP. More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org



Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button