Cyber Weekly Roundup – January 19, 2018

Weekly Roundup

Cyber Weekly Roundup – January 19, 2018

By Colby Proffitt

1.) Cyber-attacks are a top three risk to society, alongside natural disaster and extreme weather (January 17, 2018)

http://www.zdnet.com/article/cyber-attacks-are-a-top-three-risk-to-society-alongside-natural-disaster-and-extreme-weather/

Summary: A report has warned that ransomware, Internet of Things hacks, and industrial attacks could be almost as big a problem as natural disasters and extreme weather.

Why it matters: While the reliance on IT has increased rapidly over the years, the necessary security to effectively protect systems, networks, and data has taken a backseat to the convenience that IT can provide. There’s a huge demand for IoT devices, and usage continues to increase, but manufacturers of IoT devices are not required to build-in security into many of those devices, leaving the networks those devices connect to vulnerable to attack. While many organizations are taking steps to improve their cyber stance, there’s still a long way to go. With the attack surface ever increasing and the volume of attacks also growing rapidly, it’s critical that federal agencies take steps to protect their networks and data.

2.) IoT Is Changing the Cybersecurity Industry (January 16, 2018)

http://www.govtech.com/security/IoT-Is-Changing-the-Cybersecurity-Industry.html

Summary: Despite a less-than-stellar record to this point, the Internet of Things space is forcing companies to think holistically about the security behind their devices.

Why it matters: While legislation has been introduced, it’s going to take time before it becomes law, and it’s going to take even more time for IoT manufacturers to become compliant with that law. As this article points out, hackers operate at a far faster pace than legislation – and, just because legislation may require compliance, being compliant does not guarantee security. What we can hope for is that IoT manufacturers will begin to self-regulate, invest in the security of their products, and users will understand the value of the added security and be willing to pay for a premium product.

3.) House votes to restore State cyber office, bucking Tillerson (January 17, 2018)

http://thehill.com/policy/cybersecurity/369388-house-votes-to-restore-state-cyber-office-bucking-tillerson

Summary: House lawmakers have passed legislation that would restore a State Department office to engage with the international community on cybersecurity policy, in a sign of disapproval to Secretary Rex Tillerson’s reorganization efforts.

Why it matters: This article highlights the number of parties involved and the level of organization required to manage US cyber defenses and strategies. Cyber isn’t just about protecting your systems and networks – it’s important to understand the political and economic impacts of strategic cyber decisions as well as the impact of cyber attacks. It will be interesting to see the long-term impact of the Cyber Diplomacy Act and where some of the decision-making power ultimately resides.

4.) Trisis has the security world spooked, stumped and searching for answers (January 16, 2018)

https://www.cyberscoop.com/trisis-ics-malware-saudi-arabia/

Summary: At first, technicians at multinational energy giant Schneider Electric thought they were looking at the everyday software used to manage equipment inside nuclear and petroleum plants around the world. They had no idea that the code carried the most dangerous industrial malware on the planet.

Why it matters: This article offers a good explanation of the new malware and its potential cyber impact, and it also highlights the challenge of attribution – identifying with 100% certainty the entity responsible. Trisis serves as a reminder that cybersecurity is a shared responsibility – from end users to executives, between government and industry, and amongst individual nations. Hackers rely heavily on the relationships and partnerships between all of those disparate groups, and ultimately leverage them to find weaknesses and entry points into their target networks. Communication, collaboration, and cooperation are key to a strong cyber stance.

5.) Intel’s security patches are causing computers to randomly restart (January 18, 2018)

https://www.cnbc.com/2018/01/18/intel-patches-are-causing-computers-to-randomly-restart.html

Summary: Intel confirms that its patches to fix processors affected by the Spectre and Meltdown security flaws are causing computers to suddenly reboot on their own. Intel originally noted this on Jan. 11 when it said users had reported random reboots on systems that are powered by Intel Broadwell and Haswell processors. Now, Intel says its internal testing confirms the reboots also impacts systems powered by its newer Ivy Bridge, Sandy Bridge, Skylake and Kaby Lake chips.

Why it matters: Like many hacks, bugs, and flaws, the ultimate impact is often hard to fully quantify. While Intel has taken steps to mitigate damages and minimize risks, the series of recent events involving Meltdown and Spectre are a testament to the challenges of cyber – from internal development, to post-deployment attacks. It will be interesting to see the long-term impact on users, as well the steps Intel takes to maintain its reputation.