Tag: critical infrastructure

Episode 204: Josh Corman of CISA on securing the Vaccine Supply Chain

Posted on by BeAware4lways

Podcast: Play in new window | Download (Duration: 32:32 — 44.7MB) | Embed

Subscribe: Google Podcasts | Email |

In this episode of the podcast (#204) we’re joined by Josh Corman of CISA, the Cybersecurity and Infrastructure Security Agency, to talk about how that agency is working to secure the healthcare sector, in particular vaccine supply chains that have come under attack by nations like Russia, China and North Korea.

Incidents like the Solar Winds hack have focused our attention on the threat posed by nation states like Russia and China, as they look to steal sensitive government and private sector secrets. But in the vital healthcare sector, nation state actors are just one among many threats to the safety and security of networks, data, employees and patients.

Joshua Corman is the Chief Strategist for Healthcare and COVID on the CISA COVID Task Force.
Joshua Corman is the Chief Strategist for Healthcare and COVID on the CISA COVID Task Force.

In recent years, China has made a habit of targeting large health insurers and healthcare providers as it seeks to build what some have described as a “data lake” of U.S. residents that it can mine for intelligence. Criminal ransomware groups have released their malicious wares on the networks of hospitals, crippling their ability to deliver vital services to patients and – more recently – nation state actors like North Korea, China and Russia have gone phishing – with a “ph” – for information on cutting edge vaccine research related to COVID 19.

How is the U.S. government responding to this array of threats? In this episode of the podcast, we’re bringing you an exclusive interview with Josh Corman, the Chief Strategist for Healthcare and COVID for the COVID Task Force at CISA, Cybersecurity and Infrastructure Security Agency.

Cryptocurrency Exchanges, Students Targets of North Korea Hackers

In this interview, Josh and I talk about the scramble within CISA to secure a global vaccine supply chain in the midst of a global pandemic. Among other things, Josh talks about the work CISA has done in the last year to identify and shore up the cyber security of vital vaccine supply chain partners – from small biotech firms that produce discrete but vital components needed to produce vaccines to dry ice manufacturers whose product is needed to transport and store vaccines.

Episode 194: What Happened To All The Election Hacks?

To start off I asked Josh to talk about CISA’s unique role in securing vaccines and how the Federal Government’s newest agency works with other stake holders from the FBI to the FDA to address widespread cyber threats.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

Episode 203: Don’t Hack The Water and Black Girls Hack Founder Tennisha Martin

Posted on by BeAware4lways

Podcast: Play in new window | Download (Duration: 56:40 — 77.8MB) | Embed

Subscribe: Google Podcasts | Email |

In this episode of the Security Ledger Podcast (#203) we talk about the apparent hack of a water treatment plant in Oldsmar Florida with Frank Downs of the firm BlueVoyant. In our second segment: is infosec’s lack of diversity a bug or a feature? Tennisha Martin of Black Girls Hack joins us to talk about the many obstacles that black women face as they try to enter the information security field.

Part 1: Don’t Hack the Water!

An obscure water treatment facility in Oldsmar Florida became ground zero for the United States concerns about foreign adversaries ability to access and control critical infrastructure last week, after local officials revealed in a news conference that an unknown assailant had remotely accessed the facility’s SCADA system and attempted to raise levels of the poisonous chemical sodium hydroxide in the drinking water by a factor of more than 100. 

Frank Downs is the Director of Proactive Services at Bluevoyant.

The attack failed after a worker at the treatment plant saw it play out on his terminal in real time, and adjusted the sodium hydroxide levels back to normal. Nor would it have worked, officials assured a worried public: sensors elsewhere in the water distribution system would almost certainly have caught the abrupt increase in the dangerous chemical. 

But closies do count when it comes to critical infrastructure hacks, and the Oldsmar incident set off a federal investigations and a flurry of warnings and editorial hand-wringing about the risks facing critical infrastructure systems. That’s especially true with so many workers accessing them remotely during the pandemic, leaving sensitive systems exposed. 

Episode 202: The Byte Stops Here – Biden’s Cyber Agenda

In our first segment this week, Frank Downs of the firm BlueVoyant joins us in the Security Ledger studio to discuss the water system hack and why critical infrastructure firms continue to struggle to protect their environments. 

Can Infosec Walk the Talk on Diversity?

For years professionals have decried the lack of diversity in the information security field which, even more than high tech in general, is dominated by white men. At infosec conferences, concerted effort has been made giving more visibility and voice to women and minorities. The dreaded “MANels” – panels made up entirely of men – have been targeted and, in many cases, banished. But down in the trenches – where information hiring takes place and information work is done – there is little evidence of change. 

Tennisha Martin Black Girls Hack
Tennisha Martin is the Executive Director of Black Girls Hack.

The lack of progress, despite a crushing shortage of infosec workers and the stated intentions of infosec leaders and executives, might get you wondering whether cyber’s lack of diversity is a bug or a feature of the system. 

Episode 200: Sakura Samurai Wants To Make Hacking Groups Cool Again. And: Automating Our Way Out of PKI Chaos

Our next guest suggests that it may be a feature indeed. Tennisha Martin is the founder of Black Girls Hack, a group that looks to promote women of color in cyber security. In this conversation, Tennisha and I talk about the many large and small obstacles that keep women like herself from pursuing cyber security careers: from inequalities in K-12 education to pricey certifications and acronym-stuffed job requirements. Solving those problems, Tennisha says, is going to take more than kind words and promises from Infosec leaders. 

Tenniesha Martin is the founder of Black Girls Hack, a non profit organization that promotes women of color in the information security field. 

Episode 194: What Happened To All The Election Hacks?

Posted on by BeAware4lways

Podcast: Play in new window | Download (Duration: 33:24 — 45.9MB) | Embed

Subscribe: Android | Email | Google Podcasts |

Today marks two weeks since Election Day 2020 in the U.S., when tens of millions went to the polls on top of the tens of millions who had voted early or by mail in the weeks leading up to November 3.

The whole affair was expected to be a hot mess of suffrage, what with a closely divided public and access to the world’s most powerful office hung on the outcome of voting in a few, key districts sprinkled across a handful of states. Election attacks seemed a foregone conclusion.

Election Attack, Anyone?

Memories of the 2016 Presidential contest are still fresh in the minds of U.S. voters. During that contest, stealthy disinformation operations linked to Russia’s Internet Research Agency are believed to have swayed the vote in a few, key states, helping to hand the election to GOP upstart Donald Trump by a few thousands of votes spread across four states.

Listen: Russian Hacking and the Future of Cyber Conflict

Adam Meyers CrowdStrike
Adam Meyers is the Vice President of Threat intelligence at the firm Crowdstrike.

In 2020, with social media networks like Facebook more powerful than ever and the geopolitical fortunes of global powers like China and Russia hanging in the balance, it was a foregone conclusion that this year’s U.S. election would see one or more cyber incidents grab headlines and – just maybe- play a part in the final outcome.  

But two weeks and more than 140 million votes later, wild conspiracy theories about vote tampering are rampant in right wing media. But predictions of cyber attacks on the U.S. presidential election have fallen flat.

From Russia with…Indifference?

So what happened? Did Russia, China and Iran decide to sit this one our, or were planned attacks stopped in their tracks? And what about the expected plague of ransomware? Did budget and talent constrained local governments manage to do just enough right to keep cyber criminals and nation state actors at bay? 

Allan Liska is a Threat Intelligence Analyst at the firm Recorded Future,

To find out we invited two experts who have been following election security closely into the Security Ledger studios to talk.

Allan Liska is a Threat Intelligence Analyst at the firm Recorded Future, which has been monitoring the cyber underground for threats to elections systems.

Joining Allan is a frequent Security Ledger podcast guest: Adam Meyers the Senior Vice President of Threat Intelligence at the firm Crowdstrike back into the studio as well. Crowdstrike investigated the 2016 attack on the Hillary Clinton presidential campaign and closely monitors a wide range of cyber criminal and nation state groups that have been linked to attacks on campaigns and elections infrastructure. 

To start out I asked both guests – given the anticipation of hacks targeting the US election – what happened – or didn’t happen – in 2020. 

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted. 

Episode 192: It’s Showtime! Are Local Governments Ready To Turn Back Election Hacks?

Posted on by BeAware4lways

Podcast: Play in new window | Download (Duration: 27:57 — 38.4MB) | Embed

Subscribe: Android | Email | Google Podcasts |

The 2020 election in the U.S. is less than a week away and warnings about cyber threats to the vote are coming out with about the regularity as polls of the presidential contest between Joe Biden and Donald Trump. 

Public Sector Mega-Vendor Tyler Technologies Says It Was Hacked

On October 9, for example, the FBI and DHS warned that so called “Advanced Threat” actors were chaining together multiple vulnerabilities in an attempt to compromise federal, state and local government networks and elections organizations.

Rob Bathurst is the Chief Technology Officer at Digitalware.

Also this month, an outbreak of the Dopplepaymer ransomware affected elections infrastructure in Hall County, Georgia, disabling a database used to verify voter signatures in the authentication of absentee ballots. 

Which leads us to ask: despite years of warnings, are state and local governments ready for what Russia, Iran or any number of ransomware gangs have in store for them? 

To help answer that question, we invited Rob Bathurst into the studio. Rob is the Chief Technology Officer at Digitalware, a Denver area company that specializes in risk analysis  and risk management with Federal, state and local government and F500 companies. 

Episode 96: State Elections Officials on Front Line against Russian Hackers

In this conversation, Rob and I talk about what the biggest cyber risks are to state and local governments and how worried we should be about warnings about cyber threats to elections systems are. 

Vulnerabilities are just a reality in government networks, Rob says. The key is to avoid being surprised by attacks and also to ensure that you can keep voting systems and other critical systems available even if they are the target of an attack. 

Episode 175: Campaign Security lags. Also: securing Digital Identities in the age of the DeepFake

In this conversation, Rob  and I talk about the bigger picture of cyber risk for federal state and local governments. We also talk about incidents like the recent hack of government ERP provider Tyler Technologies. 

Rob Bathurst is the Chief Technology Officer at the firm Digitalware. he was here talking to us about cyber risks in local governments and the risk to elections systems. 

Public Sector Mega-Vendor Tyler Technologies Says It Was Hacked

Posted on by BeAware4lways
Keyboard to the internet

Tyler Technologies, the U.S.’s largest provider of software and services to the public sector said on Wednesday that it was hacked by unknown assailants, who gained “unauthorized access” to the company’s IT and phone systems.

Tyler, which sells software that supports a wide range of public sector functions such as permitting, inspections, 311 systems and utility billing said that it has hired independent IT experts to investigate the incident. The company’s MUNIS ERP (enterprise resource planning) technology is widely used by local governments across the U.S.

“We are treating this matter with the highest priority and working with independent IT experts to conduct a thorough investigation and response,” wrote Matt Bieri, the company’s Chief Information Officer in an email obtained by The Security Ledger. Tyler is also working with law enforcement.

The company’s web page displayed a message saying it was “temporarily unavailable” Wednesday evening.

In the email message to customers, Bieri said that the company discovered the intrusion Wednesday morning after the intruder “disrupted access to some of our internal systems” – a possible reference to ransomware.

Bieri told customers the intrusion was “limited to our internal network and phone systems” and that the company has “no reason to believe that any client data, client servers, or hosted systems were affected.”

However, security experts said those assurances weren’t worth much. The average dwell time for adversaries on compromised networks was 56 days in 2019, according to data from the firm FireEye.

“If that amount of time goes by, there’s plenty of time to look around for passwords,” said Michael Hamilton, the CISO of CI Security and a former Vice-Chair for the DHS State, Local, Tribal and Territorial Government Coordinating Council.

Tyler Technologies displayed a message that its web page was unavailable Wednesday following a cyber attack.

Hamilton worries that Tyler’s deep connections to local governments could have provided sophisticated adversaries with credentials needed to get a foothold on municipal networks – a particularly worrying prospect with a national election just over a month away in the U.S. and heightened concerns about cyber attacks on elections systems designed to sow chaos.

Michael Hamilton is the CISO of CI Security

Hamilton said clients he has consulted with who use MUNIS have complained that it does not support multi-factor authentication, and that Tyler technicians have a habit of accessing customer systems for maintenance “when they feel its necessary” – a practice that might complicate efforts to establish whether there have been suspicious patterns of activity related to Tyler systems.

Municipalities that use MUNIS or other Tyler systems should do a force reset of any passwords as a precaution, Hamilton advises. Also, IT security teams should review access logs related to Tyler support accounts to look for suspicious behavior including unusual session times or logins from unusual locations. That’s especially true for municipalities who are at increased risk of election-related tampering.

Spotlight Podcast: Taking a Risk-Based Approach to Election Security

Posted on by BeAware4lways
Binary Check Ad Blocker Security News

Podcast: Play in new window | Download (Duration: 41:36 — 57.2MB) | Embed

Subscribe: Android | Email | Google Podcasts |

In this Spotlight Podcast, sponsored by RSA, we take on the question of securing the 2020 Presidential election. Given the magnitude of the problem, could taking a more risk-based approach to security pay off? We’re joined by two information security professionals: Rob Carey is the Vice President and General Manager of Global Public Sector Solutions at RSA. Also joining us: Sam Curry, the CSO of Cybereason.

With just over two months until the 2020 presidential election in the United States, campaigns are entering the final stretch as states and local governments prepare for the novel challenge of holding a national election amidst a global pandemic. 

As Election Threats Mount, Voting Machine Hacks are a Distraction

Lurking in the background: the specter of interference and manipulation of the election by targeted, disinformation campaigns like those Russia used during the 2016 campaign – or by outright attacks on election infrastructure. A report by the Senate Intelligence Committee warns that the Russian government is preparing to try to influence the 2020 vote, as well.

A Risk Eye on the Election Guy

Securing an election that takes place over weeks or even months across tens of thousands cities and towns – each using a different mix of technology and process – may be an impossible task. But that’s not necessarily what’s called for either.

Robert Carey RSA Security
Robert J. Carey is the  Vice President and GM of Global Public Sector Solutions at RSA.

Like large organizations who must contend with a myriad of threats, security experts say that elections officials would do well to adopt a risk-based approach to election security: focusing staff and resources in the communities and on the systems that are most critical to the outcome of the election. 

What does such an approach look like? To find out, we invited two, seasoned security professionals with deep experience in cyber threats targeting the public sector. 

Robert J. Carey is the  Vice President and GM of Global Public Sector Solutions at RSA.

Feds, Facebook Join Forces to Prevent Mid-Term Election Fraud

Rob retired from the Department of Defense in 2014 after over 31 years of distinguished public service after serving a 3½ years as DoD Principal Deputy Chief Information Officer.

Sam Curry, CISO Cybereason
Sam Curry is the CISO at Cybereason

Also with us is this week is Sam Curry, Chief Security Officer of the firm Cybereason. Sam has a long career in information security including work as CTO and CISO for Arbor Networks (NetScout)  CSO and SVP R&D at Microstrategy in addition to senior security roles at McAfee and CA. He spent seven years at RSA variously as CSO, CTO and SVP of Product and as Head of RSA Labs. 

Voting Machine Maker Defends Refusal of White-Hat Hacker Testing at DEF-CON

To start off our conversation: with a November election staring us in the face,  I asked Rob and Sam what they imagined the next few weeks would bring us in terms of election security. 

Like Last Time – But Worse

Both Rob and Sam said that the window has closed for major new voting security initiatives ahead of the 2020 vote. “This election…we’re rounding third base. Whatever we’ve done, we have to put the final touches on,” said Carey.

Like any other security program, election security needs baselines, said Curry. Elections officials need to “game out” various threat, hacking scenarios and contingencies. Election officials need to figure out how they would respond and how communications with the public will be handled in the event of a disruption, Curry said.

“The result we need is an election with integrity and the notion that the people have been heard. So let’s make that happen,” Curry said.

Spotlight Podcast: As Attacks Mount, ERP Security Still Lags

Carey said that – despite concerns – little progress had been made on election security. “The elections process has not really moved forward much. We had hanging chads and then we went to digital voting and then cyber came out and now we’re back to paper,” he said.

Going forward into the future, both agree that there is ample room for improvement in election security – whether that is through digital voting or more secure processes and technologies for in person voting. Carey said that the government does a good job securing classified networks and a similar level of seriousness needs to be brought to securing voting sessions.

“Is there something that enables a secure digital vote?” Carey said. “I’m pretty sure our classified networks are tight. I know we’re not in that space here, but I know we need that kind of confidence in that result to make this evidence of democracy stick,” he said.  

(*) Disclosure: This podcast and blog post were sponsored by RSA Security for more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.

As always,  you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloudStitcherRadio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.