Mediaboss Marketing

FORT MEADE, MARYLAND The U.S. government has yet to learn the full extent of a massive Chinese espionage campaign that targeted American critical infrastructure, according to a senior National Security Agency official.

Federal agencies are not done with efforts to uncover or eradicate the threats created by the Chinese hacking group known as Volt Typhoon, said Rob Joyce, the outgoing director of the NSAs Cybersecurity Directorate, during a roundtable with reporters on Friday.

Investigators are still finding victims and making sure to clear out intrusions tied to the sweeping operation, which Western nations first disclosed nearly a year ago, he said.

Joyce also acknowledged for the first time that the government used artificial intelligence to discover some of the breaches made during the campaign, noting that Volt Typhoon activity was difficult to initially identify because the group steals or generates legitimate credentials and doesnt bring additional malware into a system.

Conversely, Joyce said he has seen no examples of them using AI to date. Instead, the prolific, state-sponsored outfit relies on bulk vulnerability scans to sniff out and exploit known weaknesses.

Joyce declined to comment on just how much of the operation the federal government has unearthed to date.

The new insights come a few weeks after some of the countrys top cybersecurity leaders issued stark warnings about the ability of Volt Typhoon and other Chinese hackers to compromise U.S. networks should a conflict with Beijing arise.

"Unfortunately, the technology underpinning our critical infrastructure is inherently insecure because of decades of software developers not being held liable for defective technology," Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency (CISA) told the House Select Committee on China.

"That has led to incentives where features and speed to market have been prioritized against security, leaving our nation vulnerable to cyber invasion, she said during the January 31 hearing.

That same day, the Justice Department announced it had disrupted an effort by Volt Typhoon to infiltrate hundreds of insecure U.S. home routers and gain access to critical infrastructure.

The U.S. and its allies revealed the groups actions last May when analysts at Microsoft found it had targeted systems ranging from U.S. telecommunication networks and transportation hubs to the military installation on the island territory of Guam.

Since then, the Biden administration has published over six digital security adversaries warning of the Volt Typhoons tactics and techniques.

From the beginning, its been a broad campaign, said Joyce, who noted targets included airlines as well as energy and pipeline organizations.

The intent really goes back to inspiring societal panic, he said.

That would, in turn, force the U.S. to turn inward and prevent the nation from being able to mobilize and support a conflict in the South Pacific, he told reporters, adding the view of the activity changed as we expanded our knowledge about it

That said, officials believe it would be a pretty high bar for Beijing to activate the groups pre-positioning in Western networks, according to Joyce.

He told reporters he hoped Chinese officials would be thoughtful following the national anger at the discovery of Beijings high-altitude balloon campaign last year.

Chinas military sorely underestimated the countrys response to that event, an anger that would only grow if state-backed hackers struck water and transportation systems, he predicted.

Joyce, who was the NSAs initial pick to be its latest No. 2, instead will retire at the end of the month.

He will be replaced by Dave Luber, who has held various posts at U.S. Cyber Command and has served as the Cybersecurity Directorates deputy chief for almost the last four years.

Recorded Future

Intelligence Cloud.

No previous article

No new articles

Martin Matishak

is the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more than five years at Politico, where he covered digital and national security developments across Capitol Hill, the Pentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group and Inside Washington Publishers.

The rest is here:
US is still chasing down pieces of Chinese hacking operation, NSA official says - The Record from Recorded Future News

Tags:

The reality of cybersecurity for companies is that adversaries compromise systems and networks all the time, and even well-managed breach-prevention programs often have to deal with attackers inside their perimeters.

On March 5, the National Security Agency continued its best-practice recommendation to federal agencies, publishing its latest Cybersecurity Information Sheet (CIS) on the Network and Environment pillar of its zero-trust framework. The NSA document recommends that organizations segment their networks to limit unauthorized users from accessing sensitive information though segmentation. That's because strong cybersecurity measures can stop compromises from turning into full-blown breaches by limiting all users' access to areas of the network in which they have no legitimate role.

The guidance from the NSA also allows security teams to make a stronger business cases to management for security protections, but CISOs need to set expectations because implementation is a tiered and complex process.

While the document targets defense-related government organizations and industries, the wider business world can benefit from zero-trust guidance, says Steve Winterfeld, advisory CISO at Internet services giant Akamai.

"The reality is not [whether] you have unauthorized access incidents, it's if you can catch them before they become breaches," he says. "The key is 'visibility with context' that microsegmentation can provide, backed up with the ability to rapidly isolate malicious behavior."

Companies have embarked on zero-trust initiatives to make their data, systems, and networks harder to compromise and, when they are compromised, to slow attackers down. The framework is a solid set of guidelines for how to proceed, but implementing it is not easy, says Mike Mestrovich, CISO at Rubrik, a data security and zero-trust provider.

"Most networks have evolved over time and it is very difficult to go back and rearchitect them while keeping the business running," he says. "It is doable, but it can be costly both in terms of time and money."

Here are six takeaways from the NSA guidance.

The latest document from the National Security Agency dives into the fifth pillar of the seven pillars of zero trust: the network and environment. Yet the other six pillars are equally important and show "how wide-ranging and transformational a zero-trust strategy has to be to be successful," says Ashley Leonard, CEO at Syxsense, an automated endpoint and vulnerability management firm.

"Network and environment" is the fifth pillar in the National Security Agency's Seven Pillars of Zero Trust. Source: NSA

"For companies looking to get started with zero trust, I'd highly encourage them to review the NSA information sheets on the user and device pillars the first and second pillars of zero trust, respectively," he says. "If a company is just getting started, looking at this networking and environment pillar is a bit like putting the cart before the horse."

The network and environment pillar of the NSA's zero-trust plan is all about trying to stop attackers from expanding a breach after they have already compromised a system. The NSA guidelines point to the Target breach of 2013 without explicitly naming the company because the attackers entered via a vulnerability in the company's third-party HVAC system, but then were able to move through the network and infect point-of-sale devices with malware.

Companies should assume they will be compromised and find ways to limit or slow down attackers, NSA Cybersecurity Director Rob Joyce said in a statement announcing the release of the NSA document.

"Organizations need to operate with a mindset that threats exist within the boundaries of their systems," he said. "This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture."

The NSA guidance is a tiered model, where companies should start with the basics: mapping data flows in their networks to understand who is accessing what. While other zero-trust approached have been documented, such as NIST's SP 800-207 Zero Trust Architecture, the NSA's pillars provide a way for organizations to think about their security controls, Akamai's Winterfeld says.

"Understanding data flow primarily provides situational awareness of where and what the potential risks are," he says. "Remember, you cant protect what you dont know about."

After tackling any other fundamental pillars, companies should look kick off their foray into the Network and Environment pillar by segmenting their networks perhaps broadly at first, but with increasing granularity. Major functional areas include business-to-business (B2B) segments, consumer-facing (B2C) segments, operational technology such as IoT, point-of-sale networks, and development networks.

After segmenting the network at a high level, companies should aim to further refine the segments, Rubrik's Mestrovich says.

"If you can define these functional areas of operation, then you can begin to segment the network so that authenticated entities in any one of these areas don't have access without going through additional authentication exercises to any other areas," he says. "In many regards, you will find that it is highly likely that users, devices, and workloads that operate in one area don't actually need any rights to operate or resources in other areas."

Zero-trust networking requires companies to have the ability to quickly react to potential attacks, making software-defined networking (SDN) a key approach to not only pursuing microsegmentation but also to lock down the network during a potential compromise.

However, SDN is not the only approach, Akamai's Winterfeld says.

"SDN is more around governance of operations but depending on your infrastructure might not be the optimal solution," he says. "That said, you do need the types of benefits that SDN provides regardless of how you architect your environment."

Finally, any zero-trust initiative is not a one-time project but an ongoing initiative. Not only do organizations need to have patience and persistence in deploying the technology, but security teams need to revisit the plan and modify it as they face and overcome challenges.

"When thinking about starting on the zero-trust journey their guidance on starting with mapping data flows then segmenting them is spot on," Winterfeld says, "but I would add that is often iterative as you will have a period of discovery that will require updating the plan."

Read the original here:
6 CISO Takeaways from the NSA's Zero-Trust Guidance - Dark Reading

Tags:

March 18, 2024

St. Johns Universitys Master of Science (M.S.) degree program in Cyber and Information Security has received Program of Study validation from the National Security Agency (NSA), recognizing it among the industrys most highly regarded advanced-degree programs.

Representatives of the NSA joined a committee of academic peers in recognizing the masters program offered by The Lesley H. and William L. Collins College of Professional Studies. Program of Study validation acknowledges the St. Johns program is helping to ensure a highly skilled cybersecurity workforce that creates a strategic national advantage, according to the National Centers of Academic Excellence in Cybersecurity (NCAE-C), which is managed by the NSA and oversees its educational programs.

According to Cybercrime Magazine, more than 170 colleges or universities offered cybersecurity-related masters degrees in 2023. Not all have earned Program of Study validation. St. Johns validation extends through the 2029 academic year and promises to enhance the professional prospects of University graduates entering a high-demand career field.

For students interested in pursuing a masters degree in Cyber and Information Security, validation offers assurance that the curriculum, facilities, and synergy between faculty and students meet the high standards of the US Department of Homeland Security (DHS) and the NSA, said Erald Troja, Ph.D., Assistant Professor, Division of Computer Science, Mathematics, and Science, and Acting Program Coordinator for the Cyber Security Systems program in the Collins College of Professional Studies.

For faculty and administrators, Dr. Troja continued, it offers the opportunity to pursue well-funded research and service-related grant opportunities that are exclusively available to programs validated by DHS and NSA.

The Program of Study validation is the culmination of a process that began before the first class of St. Johns graduate students enrolled in 2020. A minimum of three years of graduates was required before the University could apply. Courses needed to align with validation requirements, including a program-wide emphasis on community leadership in the field and demonstrated engagement in developing solutions to challenges in cybersecurity education.

Once the first class of students graduated in May 2023, a team led by Joan E. DeBello, Ph.D., Associate Professor, Mathematics and Computer Science, and Chair, Division of Computer Science, Mathematics, and Science, and Luca Iandoli, Ph.D., Dean, the Collins College of Professional Studies, and Professor, Division of Computer Science, Mathematics, and Science, applied for approval.

Approval came from the NCAE-C in mid-February.

Having this designation puts St. Johns at a high standard for continually improving the curriculum and provides a competitive edge with peer institutions who may not have this validation, Dr. DeBello said.

According to Suzanna Schmeelk, Ed.D., D.P.S., Assistant Professor of Cybersecurity, and Director, M.S. in Cyber and Information Security program, validation ensures the continued growth of the 30-credit M.S. in Cyber and Information Security program.

The future of this program is developing rapidly, Dr. Schmeelk said. Validation supports future initiatives, including international research and preparing students for strong cyber skill leadership in the industry, rooted in ethical and equitable values.

Program of Study validation continues the Universitys commitment to providing its cybersecurity students with state-of-the-art classroom and experiential-learning opportunities in an industry that is rapidly expanding. According to the information technology network Spiceworks, more than 2.7 million cybersecurity job vacancies existed globally in 2022.

St. Johns students in bachelors and masters degree programs have access to the Universitys Sanford Family Cyber Security Lab, where they can employ classroom-taught techniques for intrusion detection, vulnerability identification and mitigation, malware analysis, and more. The Sanford Family lab is the main conduit of St. Johns Center of Academic Excellence in Cybersecurity Defense research.

Spiceworks recently ranked St. Johns among the top 10 of all cybersecurity colleges in the United States.

The NSA designation is a key asset in our strategy to consolidate St. Johns leadership and reputation in cybersecurity, Dean Iandoli said. NSA designation attests that our graduate curriculum is based on the industry gold standard, defined through identifying critical knowledge and competencies. Such design ensures our students will be fully prepared to be technology leaders in this developing field.

Read more here:
St. John's M.S. in Cyber and Information Security Earns Key NSA Validation - St John's University News

Tags:

Published 2:50 pm Saturday, March 16, 2024

The match was not as close as the score suggests. NSA led 14-8 heading into the final period Friday before eventually defeating First Flight 14-11.

The rain did not hamper the Lady Saints scoring, as four players recorded hat tricks, led by Haley Price and Izzy Rose, who both contributed two assists to go along with their three goals each. Paige Dowd and Taylor Bradshaw also logged three goals each. Sarah Carson also scored twice and recorded three assists.

For First Flight, Mer Lige had led all scorers with four goals. Kellen Morris and Carly Gardill each also added three goals each.

The girls lacrosse team moves to 1-0 and will host St. Gertrude on Monday, March 18, at 4:30 p.m.

See the original post here:
NSA girls lacrosse unleash the offense in defeat of First Flight - The Suffolk News-Herald - Suffolk News-Herald

Tags:

Three Things to Know About an NSA Career in 2024  ClearanceJobs

Continue reading here:
Three Things to Know About an NSA Career in 2024 - ClearanceJobs

Tags: