MathCraft Newsletter Issue Q2 2022 – Associate Member of NCMS
Braving the Coming Cyberwar
We’re just a few months into 2022, and war has broken out in Europe: in response, America’s federal agencies are scrambling to enforce cybersecurity laws, while Congress is hard at work passing new ones.
These are perilous times indeed for FSOs, CSOs and other security professionals working in the heart of America’s most sensitive facilities: here at MathCraft, we offer our steadfast support, bringing you the latest national security news along with the industry standard for enterprise security software.
- The U.S. warns companies to stay on guard for possible Russian cyberattacks – during Russia’s ongoing invasion of Ukraine, the White House cites “evolving intelligence” as evidence that the foreign adversary is “exploring options for potential cyberattacks” against U.S critical infrastructure. Read more.
- Congress approves cyber incident reporting for critical infrastructure – both houses of Congress have finally approved legal mandates that require critical infrastructure companies to report security incidents in a timely manner – within 72 hours of a cyberattack, and within 24 hours of making a payment to ransomware attackers. Read more.
- Iran-Linked Hackers Conducting Operations Against Government Networks, Intel Agencies Warn – in February, U.S and international intelligence agencies warned that Iranian hackers operating under the moniker “MuddyWater” are targeting critical industries across the public and private sector in North America, including telecommunications, oil and natural gas. Read more.
- NIST seeks information on updating its Cybersecurity Framework – with many concerned about the state of federal cybersecurity, NIST is seeking to revamp its Cybersecurity Framework (CSF) which was last updated in 2018; it has published a request for information with specific questions for industry feedback. Read more.
- NIST Releases Guidance for Assessing Compliance with Cybersecurity Publication – in March, the National Institute for Standards and Technology (NIST) issued a supplement to its special publication (SP) 800-171, providing guidance for government organizations to assess their protection of controlled unclassified information (CUI). Read more.
- Federal Agencies Take Mitigating Steps to Protect Internet Infrastructure – in a report commissioned by Congress, researchers from the Government Accountability Office (GAO) have identified key weaknesses within U.S Internet infrastructure, including the domain name routing and broader gateway protocol. Read more.
- Fixing The Security Clearance Process Has Not Been Forgotten – while continuous vetting and early progress towards Trusted Workforce 2.0 has solved many issues with the government’s security clearance process, there is still a way to go, and the GAO isn’t finished yet. Read more.
- White House reminds agencies to adopt NIST’s software supply chain security framework – after software supply chain vulnerabilities were highlighted in last year’s executive order on cybersecurity, the Office of Management and Budget (OMB) is urging federal agencies to adopt NIST’s Secure Software Development Framework. Read more.
Cyberwar with Russia?
During Russia’s very real war with its neighbor, hackers within Ukraine and outside it have been gearing up for cyberwar. Now – following U.S sanctions against Russia – many have worried about the possibility of direct attacks on America’s critical infrastructure with the White House warning that the adversary has explored “options for potential cyberattacks” based on “evolving intelligence”.
So far, however, malicious cyberactivity has been conspicuously absent from Russia’s tactics, and some wonder if the country is holding back: it certainly has the capabilities to mount a cyber assault against NATO and NATO-aligned countries, based on previous attacks of suspected Russian origin, including the SolarWinds hack.
While the conflict carries on – and while talks of peace fail to materialize – FSOs should be prepared for every possible outcome. From the consensus of U.S intelligence officials, it is more likely than not that cyber tactics will eventually play a part in this conflict, and that cleared organizations will be caught in the crossfire.
The Evolution of Insider Threats
With experts estimating that two out of every three data breaches are caused by insiders, insider threats remain a major concern for cleared organizations, demanding constant vigilance and alertness from FSOs and other security officers. According to a recent report from Ponemon Institute, the average cost of insider threat events has climbed 34% since 2020, reaching a new height of $15.38 million in 2022.
While the majority of insider threat events are caused by accidental misuse of data or employee negligence, malicious insiders incur higher costs per incident – and alarmingly, insiders are increasingly recruited by outside actors. Recently, the Lapsus$ ransomware gang – responsible for hacking Samsung – has been openly recruiting insiders from major tech companies like Microsoft via its public communication channels.
This level of open recruitment for trusted insiders is unprecedented, suggesting that the practice is becoming more common and effective with time.
To learn more, check out How Insider Threats Are Evolving in 2022.
Defending Against Cyberattacks
Preventing and responding to cyberattacks requires the cooperation of everyone in your cleared facility, and there are many ways that FSOs can start playing their part right now:
- Gain cyber literacy – FSOs don’t have to become cybersecurity experts to protect their organization, but they should stay up to date on evolving risks and attack vectors. Subscribe to cybersecurity publications like Dark Reading, ThreatPost and others. Review the latest publications from NIST, such as special publication (SP) 800-172A. When possible, attend conferences and have conversations with experts to fill gaps in your knowledge.
- Implement training programs – it’s hard to overemphasize the importance of employee training. A single workshop can help personnel to recognize a spear phishing attempt that would otherwise cause them to divulge critical information to cyber actors. Provide basic training in digital hygiene to new employees with ongoing courses that cover emerging risks on a yearly or semi-yearly basis.
- Work with your CSO/CISO – build a working relationship with CSO, CISO and other cybersecurity personnel in your organization. Share data and impact reports to help them understand the problems you are dealing with and leverage cross-departmental insights to create a culture of cybersecurity throughout your organization.
To learn more, check out Defending Against Cyberattacks: The FSO’s Perspective.
An Early Start on CMMC
The rulemaking process for the Cybersecurity Maturity Model Certification (CMMC) is expected to last for another 9-24 months – but due to the imminent need for increased security, the DoD is considering incentives to boost the number of early adopters. Consequently, organizations who are certified in 2022 may see their deadline for re-assessment expanded to four years instead of the usual three.
Whether this happens or not, cleared contractors are well-advised to consider early adoption of CMMC and schedule their third-party assessment accordingly: aside from potential incentives, it will bring added protection and early eligibility for CMMC-based contracts. For further information and resources, visit the DoD’s official CMMC website.
To learn more, check out What’s New in 2022? Security Predictions for Cleared Facilities.
Our Latest Blogs
How Insider Threats are Evolving in 2022
In the midst of a rising cybersecurity crisis, it’s worth keeping one thing in mind: the best way to infiltrate an organization is from the inside. With experts estimating that two out of every three data breaches are caused by insiders, insider threats remain a major concern for cleared organizations, demanding constant vigilance and alertness from facility security officers (FSOs). Read More
The Log4Shell Exploit in Retrospect: 3 Takeaways for FSOs
The holiday seasons have become a perilous time for government agencies and cleared facilities: while everyone else is wrapping gifts, cyber actors are ramping up their malicious activities – and the 2021 holiday season was no exception. Read More
What’s New in 2022? Security Predictions for Cleared Facilities
2021 was an eventful year for cleared facilities, bringing new federal security legislation driven by changing trends in technology and the workforce. With rising cybersecurity threats and international conflict on the horizon, 2022 is shaping up to be just as disruptive, and FSOs must be prepared. Read More
MathCraft Security Technologies, Inc. is the leading provider of innovative software and technologies for Industrial Security professionals. Our tools are compliant with 32 CFR Part 117, NISPOM Rule and are available on-premises or in the cloud. Contact us today to see how our products can transform your security operations!
NCMS Endorsement/Disclaimer: References to commercial products, processes, or services do not necessarily constitute an endorsement by NCMS Inc. The opinions and views expressed on this email and on any linked web sites do not necessarily reflect those of NCMS.