NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

 

In this issue — July 29, 2020

  • U.S. Intelligence Warns of Foreign Election Interference
  • DoD Stresses Anti-Disclosure Policies, Orders Training
  • Singapore Man Admits Being Chinese Spy in U.S.
  • Chinese Consulates Involved in Espionage Scheme, U.S. Officials Say
  • Russia's GRU Hackers Hit U.S. Government and Energy Targets
  • NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug
  • Pentagon Expects 7,500 Companies CMMC Certified by 2021
  • DoD, IC Juggling Telework, Workforce Flexibilities to Accomplish Classified Work
  • Missile Defense Engineer Sentenced for Keeping Classified Documents at Home
  • U.S. Accuses Chinese Nationals of Hacking Spree for COVID-19 Data, Defense Secrets
  • Esper Turns Emphasis at Pentagon to Stopping ‘Countless’ Leaks

U.S. Intelligence Warns of Foreign Election Interference (Gov Info Security, 7/27/20)

With less than 100 days to go before the presidential election, intelligence officials are warning of attempted interference by Russia, China and Iran, according to an update from the Office of the Director of National Intelligence.  William Evanina, the director of the National Counterintelligence and Security Center, published a report Friday that warns nation-states are still attempting to interfere in November's elections through a combination of disinformation and fake news.

"Foreign nations continue to use influence measures in social and traditional media in an effort to sway U.S. voters' preferences and perspectives, to shift U.S. policies, to increase discord and to undermine confidence in our democratic process," Evanina notes.  "The coronavirus pandemic and recent protests, for instance, continue to serve as fodder for foreign influence and disinformation efforts in America."  Evanina notes that while Russia, China and Iran are attempting to interfere, other nation-states eventually could attempt to harm the election process and the U.S. voting infrastructure as well. More

DoD Stresses Anti-Disclosure Policies, Orders Training (Fed Week, 7/27/20)

Defense Secretary Mark Esper has issued a memo reinforcing restrictions against unauthorized disclosures of information—operations security, or “OPSEC” in military lingo—in the process ordering that civilian, military and contractor personnel take an online security training course within the next 60 days.  “Whether poor OPSEC takes the form of careless cyber hygiene, “loose talk” among colleagues, or the willful release of non-public information, the result is the same: unnecessary and increased risk of harm to our fellow Americans and our mission,” the memo says.

“Any transmission or communication of non-public information to the public or an unauthorized recipient is considered an unauthorized disclosure.  Unauthorized disclosures, regardless of purpose or intent, can result in adverse personnel action, including unsatisfactory performance evaluations, records of formal counseling, the loss of security clearances or termination of employment, or even criminal prosecutions,” it says. More


Singapore Man Admits Being Chinese Spy in U.S. (BBC, 7/25/20)

A Singaporean man has pleaded guilty in the U.S. to working as an agent of China, the latest incident in a growing stand-off between Washington and Beijing.  Jun Wei Yeo was charged with using his political consultancy in America as a front to collect information for Chinese intelligence.  Separately, the U.S. said a Chinese researcher accused of hiding her ties to China's military was detained.

China earlier ordered the closure of the U.S. consulate in Chengdu.  The move to shut down the diplomatic mission in the south-western city was in response to the U.S. closing China's consulate in Houston.  Secretary of State Mike Pompeo said the decision was taken because China was stealing intellectual property.  Chinese Foreign Ministry spokesman Wang Wenbin responded by saying that the U.S. move was based on "a hodgepodge of anti-Chinese lies."  More

******************************************************************************************

Security Awareness: Help Your Organization Flatten the Cyber Threat Curve

Hackers have wasted no time figuring out how to exploit the worldwide COVID-19  pandemic.  Their latest target—employees working from home. With increased remote work, there is increased risk of employees accessing data through unsecured and unsafe Wi-Fi networks, falling prey to phishing and ransomware attacks, using personal devices to perform work, and not following security policies established by your organization. This increasing risk curve can be flattened dramatically simply by increasing employee awareness.

In addition to advice about washing our hands, people need to be reminded about practicing good cyber hygiene as well. Now you can take advantage of the service America’s most respected companies have been using to protect their critical information caused by lax employee cyber habits. NSI’s SECURITYsense awareness program gives employees the tools and information they need to make security second nature. Find out how this valuable resource can help protect your employees and ensure they’re part of the solution and not part of the problem. Click here https://www.nsi.org/securitysense/what-is-securitysense.shtml for more information.

******************************************************************************************

Chinese Consulates Involved in Espionage Scheme, U.S. Officials Say (NY Post, 7/24/20)

Chinese consulates in more than two dozen U.S. cities are aiding undercover Communist Party soldiers posing as students to engage in espionage, senior government officials said last week.  The bombshell revelation comes after two Chinese military assets at the Chinese consulate in Houston, Texas, were arrested and charged with trying to steal COVID-19 vaccine research.

“The individuals charged there are a microcosm, we believe, of a broader network of individuals in more than 25 cities,” a senior DOJ official said.  “That network is supported through the consulates here.  Consulates have been giving individuals in that network guidance on how to evade and obstruct our investigation,” he said.  The official said the Houston bust was “merely the tip of the iceberg” and raised the alarm about consulates being exploited for “espionage” because of their sovereign status. More


Russia's GRU Hackers Hit U.S. Government and Energy Targets (Wired, 7/24/20)

Russia’s GRU military intelligence agency has carried out many of the most aggressive acts of hacking in history: destructive worms, blackouts, and—closest to home for Americans—a broad hacking-and-leaking operation designed to influence the outcome of the 2016 U.S. presidential election.  Now it appears the GRU has been hitting U.S. networks again, in a series of previously unreported intrusions that targeted organizations ranging from government agencies to critical infrastructure.

From December 2018 until at least May of this year, the GRU hacker group known as APT28 or Fancy Bear carried out a broad hacking campaign against U.S. targets, according to an FBI notification sent to victims of the breaches in May.  According to the FBI, the GRU hackers primarily attempted to break into victims’ mail servers, Microsoft Office 365 and email accounts, and VPN servers.  Targets included "a wide range of U.S.-based organizations, state and federal government agencies, and educational institutions," the notification states. More


NSA Urgently Warns on Industrial Cyberattacks, Triconex Critical Bug (Threat Post, 7/24/20)

The NSA and CISA have issued an alert warning that adversaries could be targeting critical infrastructure across the U.S.  Separately, ICS-CERT issued an advisory on a critical security bug in the Schneider Electric Triconex TriStation and Tricon Communication Module.

These safety instrumented system controllers are responsible for shutting down plant operations in the event of a problem and act as an automated safety defense for industrial facilities, designed to prevent equipment failure and catastrophic incidents such as explosions or fire.  They’ve been targeted in the past, in the TRITON attack of 2017.  “Over recent months, cyber-actors have demonstrated their continued willingness to conduct malicious cyberactivity against critical infrastructure by exploiting internet-accessible operational technology assets,” said the NSA/CISA advisory. More


Pentagon Expects 7,500 Companies CMMC Certified by 2021 (National Defense, 7/23/20)

The DoD anticipates that by next year 7,500 companies in its industrial base will hold certifications that they meet new cybersecurity requirements, a senior official said.  The Cybersecurity Maturity Model Certification version 1.0 requirements are part of the Pentagon's push to protect industrial base networks and controlled unclassified information from cyberattacks.

CMMC rules will require contractors to be certified by third-party auditors, which will ensure that contractors are adhering to certain standards.  Organizations will be required to meet different levels of security requirements depending on the type of work they are doing, with level 1 being the least burdensome and level 5 the most stringent.  An “estimated 7,500 companies will be certified in 2021,” Katie Arrington, CISO in the office of the undersecretary of defense for acquisition and sustainment, said last week. More


DoD, IC Juggling Telework, Workforce Flexibilities to Accomplish Classified Work (Fed News Network, 7/23/20)

Every agency has struggled with how to adapt to the maximum telework environment the federal government has been operating under since March, but most have had the good fortune not to have to worry about how to handle classified materials.  Those that aren’t so lucky have had to perform a kind of juggling act to ensure their employees’ safety from the coronavirus while also guaranteeing that the work that needs to get done gets done.

At the DoD, only about 5% of the workforce teleworked before the coronavirus pandemic began, according to Peter Ranks, DoD’s deputy CIO for the Information Enterprise.  That translates to between 90,000 and 100,000 people per day – still comparatively a rather large figure.  And very few of those were doing classified work, limited primarily to pilot programs focusing on niche projects.  Now DoD has around 960,000 people on its Commercial Virtual Remote (CVR) collaboration environment.  “That happened remarkably quickly.  And I think we leveraged the urgency of the moment to waive policies where we had to accelerate processes to take advantage of some existing contracts to do it,” Ranks said. More


Missile Defense Engineer Sentenced for Keeping Classified Documents at Home (ABC7 Chicago, 7/23/20)

A Raytheon engineer who "endangered national security" was sentenced last week to 18 months in prison.  Ahmed Serageldin had worked on a radar system used to defend against ballistic missiles and had pleaded guilty to keeping classified national defense documents about that system at his home without authorization.  Serageldin apologized for his behavior in court.

"I was sloppy, but I have always been loyal to my job and to the country," Serageldin said before the sentence was handed down.  Federal prosecutors in Boston had asked for five years in prison.  "He took over 3,100 digital documents," Assistant U.S. Attorney Scott Garland said, adding he also took more than 100 physical documents.  More than 500 of those documents were labeled classified and exposed to anyone who wanted to see them. More

U.S. Accuses Chinese Nationals of Hacking Spree for COVID-19 Data, Defense Secrets (Reuters, 7/21/20)

The DOJ last week indicted two Chinese nationals over their role in what the agency called a decade-long cyber espionage campaign that targeted defense contractors, COVID-19 researchers, and hundreds of other victims worldwide.  Authorities said Li Xiaoyu and Dong Jiazhi stole terabytes of weapons designs, drug information, software source code, and personal data from targets that included dissidents and Chinese opposition figures.  They were contractors for the Chinese government, rather than full-fledged spies.

Assistant Attorney General for National Security John Demers said at a virtual press conference the hackings showed China “is willing to turn a blind eye to prolific criminal hackers operating within its borders. … In this manner, China has now taken its place, alongside Russia, Iran, and North Korea, in that shameful club of nations that provides safe haven for cybercriminals in exchange for those criminals being on call for the benefit of the state.” More


Esper Turns Emphasis at Pentagon to Stopping ‘Countless’ Leaks (Bloomberg, 7/21/20)

Defense Secretary Mark Esper is pressing officials at the Pentagon to crack down more on the “countless examples of unauthorized disclosures” officials say are threatening the safety of personnel and undermining national security.  Esper, marking his first full year in office, said officials need to do a better job protecting classified data and vetting unclassified information destined for public release.

Although the Pentagon “remains committed to transparency to promote accountability and public trust,” Esper wrote in a memo addressed to DoD personnel, it’s “important to emphasize that unclassified information is not publicly releasable until it is approved for release by an appropriate authorizing official.”  Esper, who has sought to expand press access to top officials and has held more briefings for reporters than his predecessors in the Trump administration, raised concerns about leaks during a July 9 House Armed Services Committee hearing.  During his testimony, he said there was already “an investigation that is underway to go after leaks, whether it’s of classified information or unclassified information that is sensitive.” More


Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.

UNSUBSCRIBE:

Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call
508-533-9099.

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org

 

 

Impact 2020 Announcement

*****************************

Help Your Employees Become Cyber Aware

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button