5 emerging weapons that aircraft carriers will have to defend against

Navy aircraft carrier Gerald Ford during shock trials
US Navy aircraft carrier USS Gerald R. Ford during shock trials in the Atlantic Ocean, June 18, 2021.

  • The aircraft carrier has served as a flexible and imposing naval platform for nearly 100 years.
  • Modern carriers have a variety of ways to shield themselves from attack.
  • But emerging weapons will pose a new challenge to the next generation of aircraft-carrier designers.

We know how to kill aircraft carriers — or at least we know how best to try to kill aircraft carriers.

Submarine-launched torpedoes, cruise missiles fired from a variety of platforms and ballistic missiles can all give an aircraft carrier a very bad day.

Of course, modern carriers have ways of defending themselves from all of these avenues of attack, and we don’t yet have any good evidence of the real balance between offensive and defensive systems.

But what of the future? How will we plan to kill carriers 30 years from now? Here are five problems that the next generation of aircraft-carrier architects will need to worry about.

Undersea unmanned vehicles

British Royal Navy Astute-class submarine with HMS Queen Elizabeth aircraft carrier
A British Royal Navy Astute-class submarine on the surface with HMS Queen Elizabeth, June 13, 2021.

Submarines have long posed the deadliest threat to aircraft carriers. In World War II, every major carrier fleet suffered losses to submarines; in the Cold War, the US Navy viewed Soviet subs as a critical problem.

Against modern antisubmarine warfare capabilities, the biggest difficulties faced by a submarine involve finding a carrier, then getting into firing position (with either missiles or torpedoes) before the carrier’s aircraft and escorts can detect and kill the sub. If the boat’s commander isn’t suicidal, finding a potential avenue for escape is also an issue.

Unmanned submarines solve several of these problems. They can wait indefinitely along the likely avenues of approach, only moving to attack after they detect the carrier. And robot submarines don’t worry too much about how their families will manage once they’re gone.

Armed with only a few weapons, undersea unmanned vehicles, operating autonomously under preset conditions, could give future aircraft carriers a very serious headache.

Cyberattacks

Navy aircraft carrier Gerald R. Ford
An air intercept controller stands watch in USS Gerald R. Ford’s Combat Direction Center during an exercise, July 30, 2020.

Aircraft carriers already consist of a terrifyingly complex system of systems, from the ship itself to the air group to the escort task force. The Ford-class CVs will expand this even farther, operating as part of a system of weapons and sensors that can span across hundreds, even thousands, of miles.

The digital linkages of this network will be well protected, but hardly impermeable; it is likely that any foe will take steps to attempt to disrupt and compromise the computer systems that allow the Fords to have the greatest effect.

The impact of cyberattacks against carriers could vary widely; at a minimum, they could effectively blind the carrier, making it more difficult for the ship and its aircraft to carry out their mission. It could also reveal the carrier’s location, making the ship vulnerable to a variety of attacks, including missiles and submarines.

At the extreme, a cyberattack could disable key systems, making it impossible for the ship to defend itself.

Unmanned aerial vehicles

MQ-25 unmanned aircraft drone aircraft carrier
Sailors and Boeing team members move an MQ-25 unmanned aircraft into the hangar bay aboard the aircraft carrier USS George H.W. Bush, November 30, 2021.

In Peter Singer and August Cole’s “Ghost Fleet,” American UAVs destroy two carriers (the Russian Kuznetsov and the Chinese Shandong) at the end of a carrier battle in the North Pacific.

In some sense, of course, drones represent nothing new; on the one hand, cruise missiles are little more than suicidal drones, and on the other hand, planes have been sinking aircraft carriers since the 1940s.

But modern, manned aircraft seeking to hit an aircraft carrier face near insurmountable obstacles; modern air defenses make a conventional approach suicidal. Cruise missiles help extend the range, but face the same problem in penetrating air defenses.

Autonomous UAVs, capable of using both stand-off and close-range weapons, have the flexibility to overwhelm air-defense networks, especially when they don’t need to worry about the survival of their pilots. They can dispatch weapons at various ranges, then close with the target and use themselves to inflict fatal damage on the carrier.

There’s nothing in the world more dangerous than a robot with nothing left to lose.

Hypersonic weapons

Russia navy frigate Zircon hypersonic missile SS-N-33
Russian navy frigate Admiral Groshkov launches Zircon hypersonic cruise missile in the White Sea, October 7, 2020.

China, Russia and the United States have all devoted extensive attention to hypersonics, which pose a threat in many ways similar to that of ballistic missiles.

Unlike ballistic missiles, however, hypersonics can approach a target from a trajectory that makes them extremely difficult to target with defensive weaponry. They combine the most lethal aspects of both ballistic missiles and cruise missiles, and with inertia alone can cause enough damage to a carrier to kill a mission, if not the entire ship.

And hypersonics may become more politically palatable than ballistic missiles, largely because of the association of the latter with the delivery of nuclear warheads.

Orbital bombardment

Project Thor kinetic space weapon

Aircraft carriers are inherently unstealthy; they cannot be made invisible to sensors in the same way that a plane, submarine, or even surface ship can be rendered effectively invisible. However, aircraft carriers have always derived a certain degree of their usefulness from their mobility.

The disadvantage of a static airbase is that the enemy always knows where it is; the tactical problem becomes a simple question of offensive versus defensive weapons. Aircraft carriers can use their mobility to take advantage of the difference between seers (surveillance systems) and shooters (stand-off weapon systems).

Orbital bombardment systems (nicknamed “Rods from God“) can solve that problem. Satellites equipped with tungsten rods, or really any other kind of kinetic weapon, can simultaneously identify aircraft carriers and attack them, without messy problems associated with networked communications.

The Rods from God, using kinetic energy alone, could deliver a tremendous blow to a surface target, either sinking a carrier or rendering it useless.

Can the carrier endure?

aircraft carrier
Sailors watch the aircraft carrier USS John C. Stennis sail alongside the aircraft carrier USS Ronald Reagan in the Pacific Ocean, May 5, 2015.

Aircraft carriers are instruments of geopolitical influence. As long as they serve usefully in that role, nations will seek means to neutralize them.

The aircraft-carrier form has proven remarkably flexibly, serving in one way or another for nearly 100 years. From the USS Forrestal on, the US Navy supercarrier has existed in basically the same form since the 1950s, and is expected to continue operating into the latter half of the 21st century.

At some point, the game will be up; carriers will no longer pack the offensive punch necessary to justify their vulnerability. It’s not obvious when that day will come, however; we may only find out after the destruction of one of the Navy’s prize possessions.

Robert Farley is author of “The Battleship Book.” He serves as a Senior Lecturer at the Patterson School of Diplomacy and International Commerce at the University of Kentucky. His work includes military doctrine, national security, and maritime affairs. He blogs at Lawyers, Guns and Money and Information Dissemination and The Diplomat.

Read the original article on Business Insider

Hillary Clinton says cryptocurrency has the potential to destabilize nations and traditional currencies

Former Secretary of State Hillary Clinton speaks to reporters after meeting with members of the small business community in a roundtable discussion at Bike Tech in Cedar Falls, Iowa, Tuesday, May 19, 2015.
Hillary Clinton.

  • Hillary Clinton addressed the mining and trading of cryptocurrency at a Bloomberg economic panel.
  • She warned about the rise of new crypto technologies amid complex relations between the US, China, and Russia.
  • A cybersecurity expert told Insider her worries about the destabilizing potential of cryptocurrency are valid.

Hillary Clinton isn’t a fan of cryptocurrency, and she thinks its widespread adoption could undermine traditional currencies, including the dollar, and destabilize nations, big and small. 

The former Democratic presidential candidate and secretary of state made the comments via webcast during a panel discussion at the Bloomberg New Economy Forum in Singapore on Friday.

“What looks like a very interesting and somewhat exotic effort to literally mine new coins in order to trade with them has the potential for undermining currencies, for undermining the role of the dollar as the reserve currency, for destabilizing nations, perhaps starting with small ones but going much larger,” she said.

Clinton’s comments come as countries grapple with both the adoption and the regulation of cryptocurrencies. China has banned the private use of cryptocurrencies, making all cryptocurrency-related business activities illegal. The recently passed $1 trillion US infrastructure bill brings tougher rules on crypto-trading taxes. Meantime, some developing nations are embracing crypto.El Salvador adopted bitcoin as legal tender in September with the hope of bettering its economy and Zimbabwe is considering doing the same. 

The biggest companies in the world are already using blockchain, the technology that powers cryptocurrency, including Amazon, Cargill, CVS, IBM, Seagate, and Visa. CEOs including Elon Musk, Richard Branson, and Jack Dorsey, and government officials such as Miami Mayor Francis Suarez and incoming New York Mayor Eric Adams, have all voiced support for cryptocurrency and its wider adoption.

Meantime, North America has become the world’s biggest victim of ransomware attacks – paying a hefty $131 million in cryptocurrency to criminals in just one year amid the rapid rise of cryptocurrency adoption, a new study by Chainalysis showed.

Most of the crypto-based attacks were associated with Russia-based cybercriminal groups, the study added.

Clinton’s concerns about crypto were “spot-on,” economic regulations expert John Reed Stark, who spent 11 years as the chief of the SEC’s Office of Internet Enforcement, told Insider. 

“The investment in cryptocurrency goes against every basic rule of investor protection,” Stark told Insider. “Bitcoin and other cryptocurrencies trade on platforms that don’t have any of the safety mechanisms that traditional exchanges have.” 

Clinton also addressed the topic of cybersecurity during the panel in relation to foreign disinformation campaigns and cyberwarfare that continue to pose challenges to the US and other Western states.

Read the original article on Business Insider

Supply-chain vulnerabilities and 4 other threats to the US that the FBI director is worried about

christopher wray
FBI Director Christopher Wray testifies before the Senate Judiciary Committee, March 2, 2021.

  • At a hearing in September, the FBI director described what the agency sees as the top four threats to the US.
  • The threats come from both state and non-state actors, with China and Russia behind some of them.

During a Senate hearing in September, the FBI director described what the agency sees as the top four threats facing the US.

FBI Director Christopher Wray told the Senate Committee on Homeland Security and Governmental Affairs that foreign terrorist organizations, homegrown violent extremists, cyberattacks, and malign foreign influence present the biggest threats to the US.

In addition to the four threats the FBI has identified, the wider intelligence community and the Department of Defense have also highlighted that supply-chain vulnerabilities pose an additional threat to US national security and private industry.

The threats come from both state and non-state actors, with China and Russia behind some of the challenges.

Homegrown violent extremists

Oklahoma City bombing
An Oklahoma City police car near the Alfred P. Murrah Federal Building in Oklahoma City, April 24, 1995.

Domestic terrorists are high on the FBI’s threat list.

The FBI categorizes Domestic Violent Extremists (DVEs) as individuals who commit violent criminal acts to further socio-political goals and who have been influenced by domestic factors, including racial, ethnic, anti-government, or anti-authority views.

On the other hand, individuals who believe themselves to be participating in a global jihad – or holy war – but aren’t members of a foreign terrorist organization, such as Al Qaeda or ISIS, fall under the Homegrown Violent Extremist (HVE) category.

According to the FBI, there are several similar characteristics between international and domestic terrorists. The most important of those is the danger that “lone wolves” and small cells of terrorists pose.

Because such individuals or cells are often radicalized online and take precautions to hide their activity and thinking, the FBI can’t act to stop them before they commit acts of terror. As a result, these terrorists are almost invisible to the intelligence community and law enforcement.

Further, small cells or “lone wolf” terrorists tend to go after soft targets, such as concerts, supermarkets, festivals, or places of worship, where dozens if not hundreds of people gather and can be targeted.

“Both of these threats, which together form the most significant terrorism danger to our country, are located primarily in the United States and typically radicalize and mobilize to violence on their own,” Wray said, adding that those actors’ ability to quickly mobilize without any indications, often due to their use of encrypted communications such as Signal and ProtonMail, “pose significant challenges to our ability to proactively identify and disrupt them.”

Foreign terrorist organizations

Members of ISIS-K in Afghanistan.
Members of ISIS-K in front of their weapons during their surrender to the government in Jalalabad, Afghanistan, November 17, 2019.

Twenty years after the September 11, 2001, terrorist attacks, terrorist groups still pose a threat to the US.

According to the FBI, Al Qaeda and ISIS are actively planning attacks on the US and against US interests abroad, as well as against other Western countries.

The difference between the two terrorist groups has to do with their approaches. Al Qaeda seeks to conduct large-scale attacks that will kill lots of people and draw international attention. ISIS seeks to influence and motivate individuals and small cells of radicalized people to perform “lone wolf” attacks.

Iran, acting through its Islamic Revolution Guard Corps’ Quds Force, and its proxy forces are also actively plotting attacks against US targets stateside and in the Middle East.

Cyber

Air Force cyberattack cyber-defense cyber
A cyber-defense supervisor launches cyberattacks during an exercise at the US Air Forces in Europe Regional Training Center at Ramstein Air Base in Germany, March 8, 2019.

Unsurprisingly, cyberattacks also pose a grave threat to US national security and the US economy.

Russia and China have been hacking their way to US national, economic, and technological secrets for years now.

Despite the creation of a specific cyber center to coordinate and address these attacks, Moscow and Beijing keep at it, causing grave damage. The National Counterintelligence and Security Center has calculated that Beijing steals between $200 billion and $600 billion worth of economic secrets a year.

Theft at that scale can have profound impact – industrial espionage, for instance, has boosted China’s military modernization efforts.

Foreign malign influence

vladimir putin donald trump
President Donald Trump with Russian President Vladimir Putin at the G20 summit in Osaka, Japan, June 28, 2019.

Malicious foreign influence is probably the least detectable of the major threats facing the US.

The FBI and the rest of the intelligence community assess that foreign states are trying to influence US national politics and public opinions, with the goal of sowing division.

In 2016, the Russian intelligence agencies sought to influence the US presidential election, interfering “in sweeping and systematic fashion,” though they don’t appear to have altered votes and it’s not clear that they affected the election results.

Foreign influence operations include subversive, undeclared, coercive, and criminal activities to influence political sentiment and public discourse.

Although such influence operations aren’t anything new, the pervasiveness of social media and the ability of artificial intelligence to imitate human activity on social media has made them much harder to defend against.

According to the FBI, adversaries such as China and Russia are “hoping to reach a wide swath of Americans covertly from outside the United States” by fabricating fake identities on social media in order to “discredit US individuals and institutions.”

Supply chains

Navy aircraft carrier Gerald R. Ford shock trials
US Navy aircraft carrier USS Gerald R. Ford during full ship shock trials, in the Atlantic Ocean, August 8, 2021.

In addition to the four threats the FBI identified, vulnerabilities in the supply chain are also a source of major concern.

For example, if the USS Gerald R. Ford, the Navy’s new $13 billion aircraft carrier, requires a small auxiliary part that’s made overseas and a trade war or conflict breaks out, the US wouldn’t be able to replace that part.

That’s a hypothetical scenario to highlight the importance of a robust supply chain, but those vulnerabilities have been put on display.

Early in the COVID-19 pandemic, demand for masks and other personal protective equipment skyrocketed, and most of the supply came from China. More recently, economies have been affected by ongoing delays and shortages of important industrial components, especially of semiconductors, most of which are made in East Asia. Deteriorating relations, or outright conflict, could create even worse problems.

Despite the many challenges on many fronts, Wray said the FBI continues to work with its partners to thwart plots and threats.

“No matter which threats have dominated the landscape over the last 20 years, the FBI has remained focused on prevention and disruption – sharing intelligence and making arrests before criminals and terrorists can act,” Wray said.

Stavros Atlamazoglou is a defense journalist specializing in special operations, a Hellenic Army veteran (national service with the 575th Marine Battalion and Army HQ), and a Johns Hopkins University graduate.

Read the original article on Business Insider

How tackling cybersecurity training from a companywide lens leads to better preparedness

Female students learning from a computer
  • Cybersecurity training is needed for all employees, including senior management.
  • Consider a variety of training techniques to match employees’ learning styles.
  • Continuous formal and informal training can be more effective than annual cram sessions.
  • This article is part of the “Cybersecurity Briefing” series focused on the country’s state of readiness, and what company IT leaders think are the top policy priorities.

If you ask a corporate chief security officer or chief information officer about the best defense against a cyberattack, you’ll likely hear about employee training. While this answer might sound like a platitude, it is surprisingly accurate. What is not so clear, however, is what information your staffers should know, how to train them, who exactly to train, and how to ensure they remember their training.

According to Infosec Resources, at least 55 federal and state cybersecurity regulations require employee security awareness and training. Training is no longer just an HR function – it is a corporate imperative.

Cyber training used to be conducted during onboarding: New employees often sat in classrooms and were given a ton of information that they were expected to memorize. This approach, training experts say, is not conducive to effective learning.

Training strategies are like diets: There is no “one size fits all” method. While some approaches work better with certain people, others need different teaching stimuli.

Trainers who specialize in cybersecurity recommend a hybrid approach that includes training in classrooms, on-demand videos, gamification-based lessons, and one-on-one specialized training. Cybersecurity professionals also suggest companywide exercises that use emails simulating a phishing attack.

Experts say that training should be provided in bite-sized lessons on a regular basis so that trainees can always be incorporating their knowledge. While formal training might be conducted quarterly, informal and on-demand training can be available whenever time permits.

Companies need to provide time and incentives for employees to partake in continuous training and use a range of teaching tactics to match employees’ learning styles.

Who should be trained

Experts say that junior-level managers and corporate staffers are most targeted because they often have little hands-on training and are likely to click on fake attachments. Middle-level managers and staff are also targeted because they have access to confidential data.

Senior executives and board members need cybersecurity training because they have direct access to the most valuable corporate data. But they often are the most resistant to training because of their schedules and because many rely too heavily on the IT department’s ability to protect their network. In fact, there is an attack vector – or a path that an attacker takes to access cybersecurity vulnerabilities – called whaling that’s specifically for these high-value corporate executives.

Each staff level might receive different explanations and training based on the data they are expected to protect and the types of attacks that would target their information. For example, human-resources employees could have training that includes how to check résumés before introducing them to corporate databases. Finance staff could get advanced training on recognizing potentially invalid invoices or payment instructions.

Through ongoing training and practice, employees and managers gain the muscle memory to spot a possible threat and report it. While training has a financial cost, it’s less expensive than recovering from a breach or paying a multimillion-dollar ransom.

The best way to accomplish these goals is to provide effective training not only to staff and line managers but to corporate executives.

“Cybersecurity is a responsibility for everyone in an organization – from the head of the board of directors to newly hired employees and interns,” says Leo Simonovich, the vice president and global head of industrial cybersecurity at Siemens Energy. “Every employee, vendor, and customer has a role to play.”

Read the original article on Business Insider

By identifying and halting incoming cyberattacks, threat intelligence can give companies – and their data – the upper hand

Businesswoman working on laptop by males coworker at workplace
  • Assessing potential cyberattacks, or threat intelligence, is important to defend against breaches.
  • Threat-intel platforms are available in various structures, including commercial and boutique feeds.
  • Some customized feeds can be specific to location, industry, or attack.
  • This article is part of the “Cybersecurity Briefing” series focused on the country’s state of readiness, and what company IT leaders think are the top policy priorities.

Richard Clarke, the cybersecurity czar under President Barack Obama, often started his speeches asking his audience how many knew there was a data breach happening now.

After only a few audience members raised their hands, he then asked how many people had been aware of a past data breach. A few more hands went into the air. Later, Clarke would ask the rest of the audience to raise their hands because, in reality, everyone had experienced a breach at some point – whether or not they were aware of it.

The fact is, potential hackers are probably in your company’s network right now. So what should you do to ensure that, at the very least, you can identify the threat and start the remediation process?

To stop a cyberattack, it’s important to look at a key part of the identification process: threat intelligence. At its core, this step can be broken down into two categories: internal and external.

Looking outward considers, in part, whether the attack is conducted by a lone financial criminal, state-sponsored attacker, or a more benign attacker, such as someone trying to gain credibility by proving they can successfully breach a network or cloud service provider. External threat intelligence also asks whether the breach is targeting your company specifically or others in your industry. This knowledge is useful in defending against attacks.

Looking inward seeks information about corporate-security operations and controls. This includes studying existing security policies and procedures, as well as potential threats within the company. But internal threat intelligence also looks for data stolen by attackers or even posted by employees – and while the latter isn’t always malicious, the data might still be considered confidential. By searching the internet for internal data, a company can identify possible unknown breaches and see what’s stolen or posted for sale to other cybercriminals on the dark web. Both can negatively affect a company’s reputation or put the company at risk of violating compliance or privacy laws.

Internally, a security team might conduct proactive “threat hunting,” which means looking at its own operations for undetected threats. This action can find threats that might have bypassed the company’s existing security defenses.

Understanding the different types of threat feeds

There are two primary approaches to threat intelligence. The first is purchasing a data feed through a threat-intelligence platform, which is often accessed through a third-party vendor. These can help determine whether the company’s network contains malicious data, such as malware or ransomware. Threat intelligence can support the security team to identify potential threats. If a breach occurs, the security team can identify and stop the attack before it begins.

Using these commercial data feeds is like using a large net to catch fish. With commercial feeds, your company will end up with a lot of data about attacks, but it will take time to filter what is most important.

Data-capture techniques aren’t always generic; some “boutique” threat-intelligence firms provide focused, industry-specific feeds that reduce a lot of the white noise. While these are often more expensive than generic feeds, they can be customized by location, industry, and type of attack, which gives companies a quicker and more efficient analysis.

A second approach to getting insight about potential threats, or perhaps stolen data, is called open-source threat intelligence. This method finds data that is freely available on websites, social media, the dark web, and other networks. This might contain stolen corporate data, such as lists of customer credit cards, employees’ Social Security numbers and other personally identifiable information, or even confidential corporate data about an unannounced product or a corporate acquisition.

Open-source threat intelligence can also be more benign. For example, an employee might post a selfie in a company conference room that accidentally shows the Wi-Fi password or technical designs for a new product.

Obtaining open-source threat intelligence often requires complex tools and highly skilled security analysts who are trained to navigate the dark web. Those who are inexperienced can easily run into conflict with the law or inadvertently anger a member of a criminal organization by accessing or downloading questionable data. If a company plans to hunt for threats on the dark web, it should consider hiring a professional threat hunter.

“If you’re looking to find a needle in a haystack, better bring a strong magnet,” said John Young, founder of Young Cyber Security and a former cybersecurity defense expert at IBM.

“Open-source threat intelligence is that magnet. A company’s information is out there for hackers and the rest of the world to see.”

Read the original article on Business Insider

A closer look at the changing landscape of cyberattacks and what they mean for worldwide security

cyber security
U.S. Department of Homeland Security employees work during a guided media tour inside the National Cybersecurity and Communications Integration Center in Arlington, Virginia June 26, 2014. Picture taken June 26, 2014.

  • President Joseph Biden’s executive order emphasizes good cybersecurity hygiene for federal contractors.
  • The executive order could increase the cost of becoming a federal contractor, pricing out small companies.
  • Third-party and supply-chain risks are increasing across enterprises, healthcare facilities, agencies, and other organizations worldwide.
  • This article is part of the “Cybersecurity Briefing” series focused on the country’s state of readiness, and what company IT leaders think are the top policy priorities.

Cybercrime means the future of international conflicts may be stealthier and quieter than battles of the past.

State-sponsored cyberattacks can take out critical infrastructure facilities and cause massive computer systems failures to information or operational technology networks. They can simply create financial chaos by deploying ransomware and encrypting data without anyone knowing about it until it is too late.

In the first seven months of 2021 alone, the Center for Strategic & International Studies, a Washington DC-based think tank, identified 87 state-sponsored attacks worldwide. That said, some major cyberattacks are not state-sponsored. The Colonial Pipeline attack is believed to be a criminal ransomware attack designed simply to extort money – $4.4 million – by the DarkSide hacking group in Eastern Europe rather than a politically motivated incident.

President Joseph Biden’s executive order on improving the nation’s cybersecurity addresses many of the key concerns federal agencies and corporate America face today. The order requires agencies to address vulnerabilities in software and networks, and guidelines to remediating those issues. Specifically, the address calls out enhancing supply chain security – a major issue that not only influences national and corporate security but can also affect the economy.

The Biden executive order expands information sharing currently banned or restricted by contracts to agencies including the Cybersecurity and Infrastructure Security Agency, FBI, parts of the intelligence community, as well as cloud service providers and other enterprises and agencies.

In contrast, President Barack Obama’s 2013 executive order on cybersecurity was much less comprehensive and focused mainly on critical infrastructure. Obama’s key takeaway was an order for the National Institute of Science and Technology to create a Cybersecurity Framework. Like Biden’s order, these security controls are voluntary.

That said, this action appears to only be the first warning for government contractors. “There was a lot of good intention put into the presidential executive order of May 12, 2021,” John Young, founder of Young Cyber Security and a former cybersecurity defense expert at IBM, said.

He cautions that this order could price smaller and potential new companies out of the government contractor market. “The added costs for new contractors to comply with the order could tip the balance to those that already have a compliance infrastructure,” he said. “Most government contracts are granted to the lowest bidder.”

Changing landscape

The changing landscape of cyber threats makes it imperative for companies to understand their own cyber risks. One cannot fully understand the vulnerabilities without a complete audit of their data – what it is, where it exists, how it is protected, and the data’s value in relation to other corporate data.

A full assessment of all data assets is essential before a company can begin to build defenses against different risks, whether they be criminals out to sell your data, ransomware attackers, political or social actors bent on damaging or destroying data, state-sponsored attackers, or simply newbie attackers out to make a name for themselves.

As the Biden executive order indicates, third-party risk management is becoming much more of a threat. The most recent example of a major third-party breach was SolarWinds, where a trusted third party’s software was corrupted and ultimately attacked companies, healthcare facilities, and government agencies worldwide.

In order to ensure that enterprises, healthcare facilities, agencies, and other organizations are protected from a supply chain or a business partner, security teams should perform a baseline analysis of their network and all network traffic. Then, they should immediately begin remediating the most serious potential threats identified by that analysis. Neglecting to do so could be a violation of governance and compliance regulations.

Young recommends companies conduct regular compliance and device evaluations, along with internal auditing, to ensure that potential attackers are not entering networks through third parties and supply-chain partners. “Each server will have its own data collection in a repository, and when it’s examined, will reveal if they’re compliant; if not, a close investigation will also reveal when, where, why, and how deviations occurred,” he said.

“An audit will reveal if the cybersecurity team has followed company policy. For each data point a server could fail on – and there are hundreds of them – that’s an exposure hackers could exploit if they were able to penetrate the network.”

Read the original article on Business Insider

UK ministers are tempting Russian hackers to strike again by using shoddy email security, former natsec official warns

vladimir putin russia
Russian President Vladimir Putin in Moscow, Russia March 17, 2021.

  • UK ministers using private emails are vulnerable to email hacking, a former security official said.
  • At least 2 former ministers recently admitted to using private emails for government business.
  • Suspected Russian hackers stole the entire inbox of a former UK cabinet minister in 2019.
  • See more stories on Insider’s business page.

Poor email security among senior UK ministers is making them prime targets for hackers, a former national security official has warned.

The official suggested that ministers had not adequately protected themselves in the two years since suspected Russian cyber-attackers stole the entire contents of a former Cabinet minister’s email account.

Secretive trade documents leaked on Reddit were used during the 2019 general election campaign by former Labour leader Jeremy Corbyn as evidence the ruling Conservative party was plotting to sell off Britain’s much-loved National Health Service.

The National Crime Agency launched a criminal investigation into the hack and Reuters reported that the documents were stolen by a “phishing attack” from an email account belonging to Liam Fox, the former trade secretary, who confirmed the documents were genuine.

More than a year after the National Crime Agency launched a criminal investigation into the suspected Russian hacking, however, a spokesperson for the organization told Insider that the inquiry was still “ongoing.”

Sources told Reuters that the operation bore the hallmarks of a state-backed cyberattack, but that remains unconfirmed.

Some ministers have also continued to use private emails accounts to conduct government business, with former Health Secretary Matt Hancock and former junior health minister James Bethell both confirmed to have used personal email addresses to conduct government business relating to sensitive issues including vaccine contracts.

Hancock has been ordered to hand over his personal emails and WhatsApp communications as part of a court case by the Good Law Project into contracts awarded during the pandemic.

A former senior UK national security official, who asked not to be named in order to speak candidly, told Insider that poor email security from ministers remained a concern. The official said that using private accounts increases the risk of hacking by foreign intelligence services.

“On more sensitive issues that might be of interest to foreign intelligence services – vaccines and so forth – forwarding things to your personal email address is most unwise,” the former official said.

“It takes you off departmental protection. Prominent politicians, unlike the rest of us, will have their personal emails targeted. Gmail, for example, is reasonably secure. But it’s not secure if the phone or laptop you’re working off has been compromised.

“For most people, that’s not an issue. The Russians don’t target most people. But they are interested in Cabinet ministers.”

Jack Stubbs, director of investigations at social media analytics firm Graphika, said the hack of Fox’s emails showed the danger of Russian hacking.

It was, he said, the closest a suspected Russian cyber-attack had actually come to influencing the outcome of a UK general election.

“The United Kingdom dodged a bullet in 2019,” he told Insider.

“The hack-and-leak operation targeting that year’s general election is one of the most direct examples of suspected Russian attempts to meddle in British politics.

“If the vote had been more closely contested, or even gone the other way, there would have been serious and difficult questions to answer about the impact those leaked documents had on the final election result.”

The former security official said that it was unsurprising that the investigation into Fox’s hacking had “dragged on” for over a year because the purpose of announcing an investigation was to embarrass Russia, rather than to bring criminal charges against individuals.

The official said the practice of high-profile investigations was inspired by the US, where a more politicized Justice Department made it easier to bring high-profile indictments against Russian actors.

Asked by Insider if the government was confident that private communications were secure, the Prime Minister’s spokesperson said ministers “use a range of modern forms of communication for discussions, obviously sensitive discussions would be done in the way that is set out under protocol.”

The spokesperson declined to expand on the specifics of the protocols.

“We don’t get into specifics of security matters but there are appropriate arrangements and guidance in place for the management of electronic communication and Ministers are given advice on their security,” he said.

He did not address instances, like with Hancock and Bethell, where ministers ignored the guidance to use private emails anyway.

The most recent document published by the government on ministers’ use of private emails was issued by the Cabinet Office in June 2013. It makes almost no mention of security.

Read the original article on Business Insider

Jamie Dimon defends seeking full control of JPMorgan’s securities business in China, says he’s a ‘patriot way before’ CEO

Jamie Dimon, CEO of JPMorgan Chase, speaks about investing in Detroit during a panel discussion at the Kennedy School of Government at Harvard University in Cambridge, Massachusetts, U.S., April 11, 2018.
JPMorgan CEO Jamie Dimon

  • Dimon responded to concerns about the company’s Chinese expansion on a Sunday morning talk show.
  • JP Morgan’s regulatory approval may signal China’s willingness to open up its capital markets to American companies.
  • Dimon says he intends to operate in China according to US foreign policy and will plainly stop expansion if US policy dictates.
  • See more stories on Insider’s business page.

JPMorgan Chase CEO Jamie Dimon on Sunday defended his company’s move to gain full control of its securities business in China, saying the expansion will serve both the investment bank and other US companies.

Dimon appeared on Fox New’s Sunday Morning Futures to discuss becoming the first international firm to be granted permission from China to take full control of a securities business there.

“When we do something in a foreign country who follow American foreign policy, you may not believe this, but American foreign policy wants a JP Morgan to properly expand, to serve American companies, other companies,” he said.

The company’s expansion in China comes at a time of heightened US tensions between Washington and Beijing and brought up concerns about national security, especially data privacy.

When host Maria Bartiromo asked if he was worried about the national security implications of the expansion, Dimon responded, “I’m a patriot way before I worry about any money or anything like that, or about JP Morgan per se.”

Cybercriminals behind a Microsoft email hack in March are thought to have connections to the Chinese government. Dimon made it clear that though data sharing issues are complex, the company does not intend to share its data with the Chinese government.

“I am not as worried about the Chinese as everybody else,” Dimon added.

Though China loosened market restrictions in this case with JP Morgan, it has also tightened regulations domestically across industries. China also faces financial meltdown, which has led them to sell $800 billion worth in stocks and bonds worldwide and may be driving US companies like JP Morgan to do business with them.

When asked if China’s accordance to US accounting standards affected the development of this deal, Dimon said, “when we sign a contract, different rules apply. We know what the rules are in China. That does not mean I liked them. We just signed with our eyes open.”

During his time on the show, Dimon also discussed US foreign economic policy, data privacy, and global trade practices.

Insider reached out to JP Morgan for further comment following Dimon’s interview, but the company did not respond by publication.

Read the original article on Business Insider

Cyberattacks have hit at least 17 targets in the US since March, from local governments and schools to major meat and oil suppliers. Here’s the full list.

Out of service gas pump
The Capitol Hill Exxon station temporarily ran out of low and medium grade gasoline on Thursday, May 13, 2021, following the shutdown of the Colonial fuel pipeline.

  • Businesses, local governments, and other organizations in the US have been victims of cyberattacks this year.
  • The largest attacks occurred on gas provider Colonial Pipeline and meat producer JBS.
  • President Biden is expected to address cyberattacks with Russian President Vladimir Putin during their meeting Wednesday.
  • See more stories on Insider’s business page.

A growing number of cyberattacks have occurred on US businesses, local governments, and public systems since the start of 2021.

These attacks usually originate from outside the US, in countries like Russia and China, experts who spoke to Insider earlier in June said. Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, said there were three kinds of major cyber attacks: ransomware attacks, espionage attacks, and email compromise attacks.

“There was a big increase in ransomware attacks in 2020 that continued in 2021,” Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future, previously told Insider.

“What I think we’re starting to see is ransomware attacks that have more of an impact on a broad swath of consumers,” he said.

President Joe Biden earlier this year placed sanctions on Russia for its involvement in the attack on SolarWinds, which was reported last year. Biden is also expected to address cybercrime when he meets with Russian President Vladimir Putin in Geneva on Wednesday.

These are the cyberattacks that US companies, agencies, and institutions have faced so far this year.

CNA Financial Group

CNA Financial Group announced in May it had been the victim of a ransomware attack in March, Bloomberg reported. According to the report, the Chicago-based insurance company paid hackers $40 million to regain control of its IT systems. The company said it did not believe data was stolen in the attack.

Microsoft’s Exchange Server email software

At least 30,000 victims that included small businesses and local governments were hacked by an organization in March that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft’s Exchange Server email software, according to Krebs on Security.

A Maryland drug-treatment clinic

Turning Point Clinic, the largest drug-treatment clinic in Baltimore, Maryland, was the victim of a cyberattack in April, according to the Baltimore Sun. The hackers may have accessed and copied patient’s personal information, officials said, according to the report.

An Iowa school district

The Union Community Schools District in Cedar Rapids, Iowa, was the victim of a cyberattack in April, school officials announced in June, according to KCRG. The breach briefly took the school’s website down, and school officials said the hackers may have accessed the school district’s documents.

New York’s metro authority

Also in April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.

An Alaska court system

The Alaska court system said it was the victim of a malware attack in April, according to the Associated Press. The court system took its systems offline and was working to make them stronger to avoid future attacks, according to the report. It said it did not believe personal information was stolen as a result of the breach.

Alaska’s Department of Health and Human Services

The Alaska Department of Health and Human Services was the victim of a malware attack in May, it said, taking some of its online services offline, according to Alaska Public Media. The department said it wasn’t clear if personal information was accessed during the hack, according to the report.

America’s largest fuel pipeline

Ransomware organization DarkSide, which is believed to be tied to Russia, in May targeted Colonial Pipeline, the operator of the largest fuel pipeline in the US. The shutdown caused gasoline shortages and price hikes for about a week across the East Coast, leading governors in several states to declare states of emergency, as Insider reported.

The world’s largest meat supplier

JBS USA, the world’s largest meat supplier, announced in May it too had been the victim of an attack by cybercriminals. The company temporarily suspended operations at around 10 of its global plants due to the attack, according to a report from Bloomberg. It paid hackers $11 million, according to NBC News.

The government of an Illinois county

The government in St. Clair County, Illinois, was the victim of a cyberattack at the end of May that caused weekslong disruptions, according to Government Technology. The hack prevented residents from using online systems to access court records or pay taxes, according to the report. A ransomware group named Grief took responsibility for the attack, according to the report.

Tulsa’s computer systems

Hackers in May breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.

A truck and military vehicle manufacturer

Navistar, a US truck and military vehicle manufacturer, said it was the victim of a cyberattack in May. The company said that data had been stolen from its IT system. It said the IT system remained fully functional. It’s unclear what data was stolen, Insider previously reported.

San Diego health system

San Diego health system Scripps Health reported it fell victim to ransomware attack May 1, according to Fox 5 San Diego. As a result, the system took its system offline for a month, leading to missed appointments and patients’ inability to access their medical records. It’s unclear if hackers accessed private patient data, according to the report.

Puerto Rico’s main power provider

Luma Energy LLC, the main power provider in Puerto Rico experienced a denial-of-service attack on June 10, according to The Wall Street Journal. A denial-of-service attack occurs when hackers overwhelm a system with requests in an attempt to bring it down. Shortly after the attack, a fire at the facility broke out, causing 900,000 people to lose power. The cause of the fire has not yet been determined, according to the report.

McDonald’s

McDonald’s announced on June 11 it had been hit by a cyberattack in the US, South Korea, and Taiwan. The hack exposed employee information, and information about some of its restaurants, but the company said no customer information was leaked as a result of the hack, The Wall Street Journal reported.

Massachusetts ferry service

The Steamship Authority of Massachusetts was the victim of a ransomware attack in June, NBC Boston reported. While ships continued to operate normally during the attack, customers were unable to book or change their tickets online or by phone for a week.

An Iowa community college

Both in-person and online classes were canceled in June at the Des Moines Area Community College in Iowa after a cyberattack took down its computer systems, Fox Business reported. In-person classes have resumed, while online courses remained canceled as of June 14, according to the college. The school said it didn’t believe that student or faculty data had been leaked due to the breach, according to Fox Business.

NYC’s law department

New York City officials confirmed in June they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee’s personnel information at risk.

Television stations

In June, at least three US television stations owned by Cox Media Group were hit with a reported cyberattack, according to a report from NBC News. Cox Media Group did not return Insider’s request for comment and has not publicly spoken about the hack.

Video game developer

Hackers in June stole data from game developer Electronic Arts (EA), according to Vice. In an online forum, hackers claimed to have stolen data about the company’s upcoming games, including “FIFA 21,” the report said. Hackers reportedly used Slack to breach the company. In total, the hackers claimed to have stolen 780 GB of data, according to Vice. The company told Vice no customer data had been extracted in the hack.

Read the original article on Business Insider

Major cyberattacks have rocked the US, and there are ‘a lot of different ways that ransomware actors can disrupt everyone’s lives,’ experts say

Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack
Out of service fuel nozzles are covered in plastic on a gas pump at a gas station in Waynesville, North Carolina, after a gasoline supply crunch caused by the Colonial Pipeline hack

  • A number of prominent cyberattacks on US institutions have made headlines so far in 2021.
  • Hackers targeted a major gas provider in April and the world’s largest meat producer in May.
  • Sometimes, experts say, hackers are after ransom, but in other cases intended to steal information.
  • See more stories on Insider’s business page.

A slew of cyberattacks against US agencies, institutions, and companies have dominated headlines so far this year, and cybersecurity experts say that these types of damaging attacks are on the rise and can have impacts that “spillover” across supply chains.

Cybercriminals, believed to be tied to Russia, in May targeted Colonial Pipeline, the operator of the largest fuel pipeline in the US. When the hackers, from a ransomware group called DarkSide, infiltrated its system, the company quickly shuttered the pipeline to prevent the ransomware from spreading.

The shutdown caused gasoline shortages and price hikes for about a week across the East Coast, leading governors in several states to declare states of emergency.

At the end of May, JBS USA, the world’s largest meat supplier, announced it too had been the victim of an attack by cybercriminals. The company temporarily suspended operations at around 10of its global plants due to the attack, according to a report from Bloomberg.

Cyberattacks can be categorized in three ways, Tyler Moore, a professor of cybersecurity and information at the University of Tulsa, told Insider.

These include the headline-making attacks where criminals exploit systems seeking ransom, such as the attacks on JBS and Colonial Pipeline.

Another type, he said, is an espionage attack where foreign criminals breach a system intending to steal information.

There’s also a third and more common type category called “email compromise,” where a hacker targets a business or organization using an email phishing scam. Business email compromise scams cost US companies a combined $1.8 billion last year, according to a March 2021 report from IC3, the FBI’s Internet Crime Complaint Center. There were 791,730 complaints of suspected internet crime in 2020, about 300,000 more than were reported in 2019.

In total, these cyberattacks resulted in a loss of more than $4 billion in the US last year, according to the report.

In the past, Moore said ransomware hackers often targeted smaller institutions, like local hospitals. These localized attacks rarely garnered national attention, he said.

The growing threat is not just the initial hack but the “spillover harm” it causes, Moore said.

The more recent attacks, like those on Colonial Pipeline and JBS, are cause for concern because they create problems on a larger scale, he said. And, he added, these companies and their systems have long been vulnerable to these types of attacks.

“It becomes more of sentient threat – more of a threat that we’re aware of,” Moore said of the recent ransomware hacks.

“They’re not trying to necessarily shut down a pipeline,” Moore added of ransomware hackers. “They’re just trying to make money through ransomware, but they’re still having this effect of disrupting our critical infrastructures.”

DarkSide claimed it didn’t mean to cause any disruption to society. The ransomware group later claimed it would be disbanding following the incident.

“We’re seeing more of this spillover harm,” Moore added. “We’re seeing this harm that spreads far beyond what the original attack was trying to do. And that, that seems to be a growing concern.”

“These companies have technology supply chains and different pieces of those supply chains are being attacked, which can cause widespread damage across many other companies,” Moore said.

Ransomware attackers have also evolved. Historically, victims of a ransomware attack could avoid paying the ransom if they maintained regular system backups and restored their systems to them after they had been compromised.

Now, hackers expect this and will download data and threaten to release it publicly if the ransom is not paid, Moore added.

In the case of Colonial Pipeline, the company quickly paid the hackers $4.4 million in ransom. Officials at the Department of Justice said this week they were able to recover most of the $4.4 million paid to the hackers.

This year alone, cybercriminals have taken out large and small targets

It’s not just a perception or an increase in coverage – cyberattacks in the US are both growing and evolving, experts said.

“There was a big increase in ransomware attacks in 2020 that continued in 2021,” said Allan Liska, who works on the computer security incident response (CSIRT) at the cybersecurity company Recorded Future.

“What I think we’re starting to see is ransomware attacks that have more of an impact on a broad swath of consumers,” he added.

  • New York City officials confirmed this week they were investigating a hack on its Law Department. According to a report from the New York Daily News, the breach left lawyers unable to access documents and may have made put employee’s personnel information at risk.
  • Earlier in June, at least three US television stations owned by Cox Media Group were hit with a reported cyberattack, according to a report from NBC News. Cox Media Group did not return Insider’s request for comment.
  • Hackers last month breached computer systems in the city of Tulsa, Oklahoma, prompting officials to quickly shut them down, according to the Associated Press. City residents were left unable to use online systems to pay their water bills. A spokesperson for the city of Tulsa said the hack was stopped before any information could be leaked, according to the AP.
  • In April, the Metropolitan Transportation Authority, the New York state agency that operates public transit in New York City was targeted by cybercriminals. Officials said hackers did little damage to its systems and did not access train controls, according to a report from NBC New York.
  • And in March, at least 30,000 victims that included small businesses and local governments were hacked by an organization that is thought to have ties to China. The hackers exploited four vulnerabilities with Microsoft’s Exchange Server email software, according to Krebs on Security.

“That was an attack where they were not trying to disrupt anything, but the purpose really was to gain access to information,” Moore said of the March attack.

“Essentially, you’ve got the internal corporate email of many, many companies,” he added. “This is something that is very valuable to a nation-state adversary like China.”

Cyberattacks entered a new era with the attack on the information technology firm SolarWinds, which was first reported late last year. The breach impacted private companies like cybersecurity firm FireEye and the Department of Homeland Security and the Treasury Department, as Insider previously reported.

Top US officials say they believe the SolarWinds hackers were foreign actors from Russia.

This type of cybercrime almost always originates from outside the US, experts said.

“When we say Russia, China or, Iran – all of which have had ransomware actors operate out of their borders – we’re generally talking about financially motivated actors that are not necessarily working for the government. But they operate with a tacet approval from the government,” Liska said in regard to ransom seekers, like those from DarkSide.

There are reasons for Americans to be concerned about future attacks, Liska said. But there’s also room for optimism.

But he added his fears had been assuaged slightly due to recent actions from the US government.

“The Biden administration has had a very aggressive response to these ransomware attacks. And a lot of ransomware actors are rethinking who they want to target,” Liska said.

Biden in April slapped sanctions on Russia following its accused involvement in the SolarWinds attack.

“The Biden administration has been clear that the United States desires a relationship with Russia that is stable and predictable,” the White House said in April. “We do not think that we need to continue on a negative trajectory. However, we have also been clear – publicly and privately – that we will defend our national interests and impose costs for Russian Government actions that seek to harm us.”

The Department of Justice also, in April, established the Ransomware and Digital Extortion Task Force to investigate ransomware hackers. Paul M. Abbate, the deputy director of the FBI, said the agency currently has more than 100 investigations into operations like DarkSide, Insider previously reported.

FBI Director Christopher Wray this month told The Wall Street Journal there were “a lot of parallels” between the September 11, 2001, terrorist attacks and the current state of cyberattacks in the US.

“Part of the persona of these ransomware actors is they’re bold and audacious,” Liska said. “They issue press releases talking about their exploits and how they’re not afraid of anybody and they’ll go after anybody. It’s really easy to do that until the president calls you out by name.”

Liska said it wouldn’t be impossible for cybercriminals to target something like the power grid or water treatment facilities (the latter happened in Florida earlier this year). But with growing scrutiny from the US government, criminals might be less likely to set their sights on big targets, he said.

“There are still a lot of different ways that ransomware actors can disrupt everyone’s lives without necessarily taking the power grid offline,” Liska said.

“We need to invest more heavily in our critical infrastructure,” he added.

Read the original article on Business Insider