cyber – GTS Coalition

Electric Grid Interdependencies: To the Left & Right of Boom November 16

Kristina Tanasichuk — Sat, 29 Oct 2016 14:04:39 +0000

Attacking the Grid: Left and Right of Boom
November 16, 2016 | Tysons Corner, VA | 9:00 am – 6:00 pm

The mission of NCISRM is to bring critical infrastructure stakeholders from the public and private sector together to explore and share best practices to prevent and mitigate the consequences of a major attack on the nation’s critical infrastructure. Since January of 2016, a steadfast group of infrastructure stakeholders have joined forces to evolve the U.S. Department of Homeland Security’s NCISRM in November as one month devoted to assuring the other eleven months proceed without incident. For 2016, stakeholders have focused on taking an in-depth look at a physical and cyber attack resulting in a major power outage in the United States.

This year’s NCISRM event will provide four things: 1) the most recent, accurate threat assessments from the FBI and ODNI; 2) an in-depth look at the December 2015 cyberattack on the electric grid in Ukraine and an analysis of the implications of a similar attack in the United States; 3) scenario-based facilitated breakout sessions with stakeholders across critical infrastructure sectors to discuss best practices for preventing, detecting, responding, and recovering from a large power outage; and 4) a closing keynote panel with executives from DHS, DOE, and NERC.

AGENDA

Welcome and Introduction
Kristina Tanasichuk, President, InfraGardNCR and President & CEO, Government Technology & Services Coalition (GTSC)
FBI & ODNI Threat Assessments
Scenario: The Ukraine Attack — What if it Occurred in the United States
Marc Sachs, senior vice president and chief security officer, North American Electric Reliability Corporation (NERC)
Facilitated Discussion Part I: Left of Boom
1. Specific scenarios will be discussed in four separate groups (four critical infrastructure sectors per group) to discuss the following:
  - What would be early indicators of a large, imminent attack on the electric grid?
  - What are the key prevention and detection actions organizations should take in advance of such an attack?
  - What are the key interdependencies among critical infrastructure sectors?
    
    Facilitators: Martin Kessler (AES), Bill Lawrence (E-ISAC)
    Breakouts:
    Energy, critical manufacturing, emergency services, healthcare
    Water, government facilities, transportation, IT
    Nuclear, financial services, defense industrial base, food and agriculture
    Commercial facilities, communications, dams, chemical
NETWORKING LUNCHEON
Facilitated Discussion Part 2 – “Right of Boom”
1. Our four critical infrastructure sectors groups will discuss the following:
  1. “Hotwash”
    - In the event of such an attack, what are the key response and recovery actions organizations will take?
    - What are the key interdependencies among critical infrastructure sectors?
Closing Keynote Panel
Networking Reception

Special thanks to EY for their founding partnership in NCISRM. Learn more about the month at: www.NCISRM.org

Sorting out the ODNI’s World Threat Assessment

Kristina Tanasichuk — Tue, 23 Feb 2016 19:43:25 +0000

DNI James Clapper has delivered the Intelligence Community’s annual Worldwide Threat Assessment to Congress. In downbeat opening remarks, he reeled off a depressing set of numbers: 60 million people around the world are reckoned to have been displaced; central government authority has collapsed in seven countries; violent extremists are operationally active in 40 countries; and 59 countries face a significant risk of instability. Clapper called instability the “new normal.”

The threat assessment itself was as usual divided into GLOBAL and REGIONAL sections. Both displayed a high proportion of bad news to good.

IC’s View Of Global Threats

Cyber

Not surprisingly, CYBER took pole position on the list of GLOBAL threats, with new concerns relating to the Internet of Things and the deployment of Artificial Intelligence technologies. While the list of bad actors still includes Russia, China, Iran, North Korea, and terrorists generally, new vulnerabilities are anticipated from augmented reality and virtual reality systems. Referencing the Juniper Networks hack, Clapper noted that, in the cyber realm, the trend away from crude denial-of-service to sophisticated attacks designed to undermine data integrity has continued.

Terrorism

The global threat from TERRORISM has undergone a significant change over the last 12 months. According to the Assessment, Al-Qaeda has been “severely degraded.” ISIL’s emergence as the pre-eminent threat has increased concerns about both “terrorist travel” and home-grown violent extremists (HVEs) in the U.S, with other terror groups including Boko Haram and al-Shabaab discussed primarily in terms of their relation to ISIL. Finally, the Assessment notes that the difficulties experienced by host nations in relation to massive population displacements may make refugees targets for terrorist recruiters.

Weapons of Mass Destruction

The IC’s perception of the threat presented by WMD has been little modified since the 2015 Assessment, with continuing concerns about North Korea, China and Russia. The picture in Iran is more complex. While the diplomatic initiatives culminating in the State Department’s Joint Comprehensive Plan of Action (JCPOA) have provided the international community with improved oversight of the country’s nuclear program, it is still concerned with enhancing its security, prestige, and regional influence. Widespread reports about ISIL’s use of mustard gas have resulted in Iraq joining Syria as a potential site for chemical weapon deployments.

Lastly, the increasing availability of genetic technology has led to GENOME EDITING appearing on the WMD list.

Outer Space

IC’s assessment of threats in SPACE shows a substantial increase in the number of potential actors, with some 80 nations now participating. Russia and China have developed new COUNTERSPACE capabilities. Russia, which has touted its use of satellite capabilities in support of its Syrian campaign, likely considers countering the U.S. space advantage to be a critical component of warfighting.

Counterintelligence

The COUNTERINTELLIGENCE threat environment remains complex, with Russia and China still heading up a long list of potential state and non-state actors who would seek to penetrate and influence U.S. national decision making. Increasingly sophisticated IT is now the primary vehicle for their actions.

Organized Crime

IC’s assessment of the threat from ORGANIZED CRIME has shifted to place additional emphasis on drug trafficking, but human and wildlife trafficking, and the role of crime in promoting corruption are still referenced.

Human Security

In HUMAN SECURITY, atrocities, global displacement, and climate change have joined extreme weather and infectious disease as significant threats. The growing global consensus on climate change is viewed as cause for optimism, but the health threat presented by the Zika virus is taken as indicative of the potential risks of entirely new diseases arising from human encroachment into animal habitats.

IC’s View Of Regional Threats

IC takes the view that, while great power competition is increasing, the geopolitical environment continues to offer opportunities for the U.S. to co-operate with other nations. However, an international environment defined by such a mix of competition and cooperation will likely undermine existing international institutions.

In the MIDDLE EAST, SYRIA continues to dominate the agenda because of the four million refugees displaced by conflict into Turkey, Lebanon, Jordan, Iraq. IC assesses that the country’s government will be able to make gains against ISIL, but won’t be able to fundamentally alter its battlespace. Conditions in IRAQ are considered to be improving as ISIL rule falters and sectarian strife is reduced. However, the Iraqi Sunni population’s fearfulness of the Shia-dominated government in Baghdad may hinder efforts at uniting against ISIL.

IRAN presents an enduring threat despite its adoption of the JCPOA and release of 10 U.S. sailors because of its support for regional terrorism and for the Assad regime. In LIBYA, the conflict between two governments in Tripoli and Tobruk has hardened divisions within the country, and damaged the economy, leaving a power vacuum that has been exploited by terror groups. YEMEN’s conflict also remains stalemated, but all sides — plus international backers like IRAN — have expressed willingness to participate in peace talks. LEBANON continues to struggle with spillover from SYRIA. EGYPT faces persistent threats from domestic terrorists directed primarily against state security forces. TUNISIA also faces an ongoing terror threat and high unemployment, but its year-old democratic government gives some hope for the future.

TURKEY, still key to U.S. objectives in the region, is dealing with renewed concerns about the actions of its Kurdish minority, now being courted by Russia in relation to its Syria campaign. It is also dealing with a substantial refugee problem arising from the conflict in SYRIA.

In EURASIA, Russia continues to reassert its status as a great power, using its expanded role and continuing military success in Syria for leverage. Putin’s standing remains at a record high two years after the land grab he orchestrated in Ukraine, despite its negative impact on Russia’s steadily contracting economy. UKRAINE, MOLDOVA and BELARUS are seeking equilibrium with their increasingly strident neighbor. Regional tensions between GEORGIA and RUSSIA and between ARMENIA and AZERBAIJAN remain high, and it seems likely that RUSSIA will seek to increase its influence in the area because of its concerns about terrorist instability.

CHINA continues to dominate the entire context of ASIA, extending its influence on the world stage while conducting an ongoing program of ambitious economic and legal reforms. In NORTH KOREA, Kim Jong Un has strengthened his unitary power and renewed focus on the country’s military program via provocative and threatening behaviors including this year’s missile launches and underground nuclear tests. The new bloc presented by the ASEAN community of Asian nations may curtail CHINA’s ambitions, but the cohesiveness of the group is undercut by the different developmental levels of its member states. Elites run everything and corruption is normal.

In SOUTH ASIA, AFGHANISTAN remains unstable, with a deteriorating security situation that is likely to result in yet more fighting this year. ISIL’s new Khorasan branch will remain quiescent, but Taliban forces under the leadership of Mullah Akhtar Mohammad Mansur present a renewed threat. Tensions between INDIA and PAKISTAN remain at an elevated level. In PAKISTAN, Sheikh Hasina’s continuing efforts to undermine the political opposition will provide openings for terror groups like ISIL, which has already claimed responsibility for a series of attacks on foreigners.

IC no longer considers SUB SAHARAN AFRICA’s stability to be badly compromised by the Lords Resistance Army or Al-Qa‘ida in the Lands of the Islamic Maghreb (AQIM), and the threat from Ebola has for the moment abated. However, NIGERIA’s government must still faces a significant challenge from Boko Haram. Long-running political disputes continue in SUDAN and SOUTH SUDAN, and DRC, BURUNDI and CENTRAL AFRICAN REPUBLIC are all dealing tensions arising from broken democratic processes. In SOMALIA, the elected government is reliant on African Union support to exert its authority over al-Shabaab forces in regions of the country outside the capital.

In LATIN AMERICA, droughts, gang violence and political instability are all driving migration to the U.S. The Assessment notes that the exodus from CUBA to the U.S. grew by 76 per cent in 2015, driven by the slow pace of economic reform in the country and fears of a U.S. repeal of the 1966 Cuban Adjustment Act. VENEZUELA and BRAZIL both face economically-driven political instability.

The full assessment is here: http://www.dni.gov/files/documents/Unclassified_2015_ATA_SFR_-_SASC_FINAL.pdf

Kristina Tanasichuk is CEO & Founder of the Government Technology & Services Coalition, a non-profit, non-partisan organization of small and imd-sized companies working in homeland and national security. She is also the president of InfraGardNCR, a public private partnership between the private sector and the FBI to shari information to protect our nation’s critical infrastructure, and the president and founder of Women in Homeland Security.

Cyber Security Compliance for Government Contractors

Kristina Tanasichuk — Sun, 09 Nov 2014 17:41:42 +0000

In honor of National Cyber Security Awareness Month, join GTSC and Strategic Partner Dickstein Shapiro for a look at what you need to do today to be cyber compliant with government requirements. Also learn what compliance issues may be ahead with several important initiatives from NIST and GSA-DOD.

“Cyber Security Compliance for Government contractors: What You Need to Know to Stay Ahead of the Curve”

SPEAKERS:

Justin Chiarodo, Partner

Andrew Smith, Associate

Click here to hear this important Webinar.

Beating the Cyber Security Drum

Kristina Tanasichuk — Wed, 01 Oct 2014 19:36:24 +0000

Every year, the Government Technology & Services Coalition beats the drum of cyber security – particularly during October’s Cyber Security Awareness Month.

We pull out the cute little monster virus icons, we parade a series of sessions, webinars and blogs about the perils of ignoring cyber security, and try to provide some tangible steps for small firms – or really ALL firms — to implement to be responsible partners to their Federal clients.

There is still quite a bit of complacency — but the threat – to our nation and to our assets is very real. Most recently, the Senate Armed Services Committee found that Chinese government hackers have repeatedly infiltrated the computer systems of major U.S. companies including government contracting firms of all sizes – to find out about the movement of U.S. troops and military equipment.

U.S. Transportation Command, or Transcom, was aware of only two of the intrusions. Gaps in reporting requirements and a lack of information sharing left the U.S. military largely unaware of the computer compromises of its contractors.

What the Senate Armed Services Committee really found – is that cyber security, information sharing, defending our systems MATTERS NOW. And that protecting “our systems” is protecting a complex ecosystem of both public and private entities enmeshed through so many access points it is virtually impossible to untangle them all. Detecting the patterns of attack requires a complex collaboration between government and industry.

Although efforts to address cyber security are still “in process” – for contractors the writing is on the wall.

Currently – cyber security is still “voluntary.” To satisfy President Obama’s Executive Order on Improving Critical Infrastructure Cyber security – this year we saw the release of two reports that map out the future of cyber in procurement: The DOD- GSA report on Improving Cybersecurity and resilience through acquisition and the NIST’s Cyber Security Framework — a description of what should be in a cyber security program.

The “mandatory” is coming: late last year, DOD required companies handling ‘unclassified controlled technical information’ to implement security controls and report incidents within 72 hours of discovery. This is only the beginning.

Lawmakers are using the tools at their disposal to tighten up security through procurement — a provision was added to the annual National Defense Authorization Act to tighten requirements for defense contractors to report cyber attacks by known or suspected government actors.

So, everyone is – or should be — preparing. But there are still important questions like, “when are my systems ‘secure’? what happens when I am the victim of an attack? What if I’ve done all the right things?”

To find some answers, most contractors are watching the examples. USIS – a government contracting firm that performed background investigations for the government – is currently front page news. After detecting a breach, the company reported it to the Department of Homeland Security. Subsequently their contracts pertaining to background checks with both DHS and OPM were suspended.

At first blush, that sends an ominous message. However, the reality of “cyber” is that every company is vulnerable and every company from Lockheed Martin to the much smaller USIS have fallen victim to hackers, breaches, attacks of one kind or another.

What we are learning every day is that partnerships – BEFORE an attack – will make or break our success. And that “waiting” is not a strategy.

So you’re probably thinking, well that’s all well and good Kristina. What does it mean for me?

It means that if you are working with Federal clients, this is that moment when you look up from the weeds to see the trees:

FIRST: Join the FBI’s InfraGard – or have your CISO join. The public private partnership’s mission is to protect the critical infrastructure of the United States and its roots rest squarely in cyber – protecting our digital infrastructure. They provide invaluable alerts, lots of training and information to assure you are ahead of the curve and know who to call, when.

SECOND: Join an organization, network, information sharing exchange that will educate you about the cyber requirements coming down the pike. Learn what is required – and build your cyber security practices beyond that. Cyber security is a new cost of doing business with the Federal government and you need to be ahead of the curve.

THIRD: Use the free resources available to you to develop your cyber plan and educate your employees. GTSC has a slate of resources available to help small and mid-sized companies educate their employees and the FCC has developed a free cyber security planner for business. StaySafeOnline.org has the resources and information to educate your workforce are there – you just need to use them.

Kristina Tanasichuk is CEO and founder of the Government Technology & Services Coalition. She is also President and founder of Women in Homeland Security and Executive Vice President of the InfraGard National Capital Members Alliance. She has worked in homeland security and domestic infrastructure for nearly 20 years.

OIG: Contractor Increases Vulnerabilities in Medicaid Processing System

Kristina Tanasichuk — Sun, 10 Aug 2014 21:06:49 +0000

The Office of the Inspector General (OIG) released a report entitled “Weaknesses in Molina Medicaid Solutions’ Information System General Controls Over Idaho’s Medicaid Claims Processing System Increase Vulnerabilities”. The OIG inspection of the Idaho Department of Health Welfare Medicaid in the spring has extended to one of its contractors, Molina Medicaid Solutions. OIG highlighted 19 weaknesses in different parts of the Idaho Department of Health and Welfare Medicaid Solution claims processing system this April. Similar to the Idaho audit, OIG found 21 weaknesses in the Molina system controls and distributed 6 consolidated findings into 3 categories: access controls, configuration management and security management.

In terms of access controls, OIG found issue with user authentication for remote network access, inadequate password history policy, and inadequate encryption of network passwords. In response to the OIG report Molina said that it had proper authentication methods but would focus on encrypting passwords. OIG found Molina’s policy and protocols for network access and configuration for devices appeared to be deficient. The OIG identified a total of 9 weaknesses in the configuration management department, so Molina decided to review its device and network configurations as well as patch management procedures

The report exposes and reports that Molina does not have a system for taking portable device inventory. Molina will now have employee security education/training updates, and change background check policies as well. While OIG does not think that the addressed weaknesses have been exploited at this point, such weaknesses could lead to compromised patient data within the Medicaid system at some point if the issues are not resolved. OIG made 6 recommendations that Idaho must impress upon Molina. These recommendations were:

Implement stronger user authentication for remote network access, strengthen password history policy, and use a secure method to store encrypted network passwords
Implement secure configuration settings for network devices
Implement policies and procedures to secure Medicaid claims database
Implement policies for its patch management program
Implement policies and procedures to periodically review and account for inventory of all portable devices and identify the custodian of the devices
Implement policies and procedures for annual security awareness training and adequate policies and procedures for terminated and transferred employees and for background checks of employees

Read the full report here.

Contributing Author

Gabriella Miroglio is the GTSC Government Affairs intern. Gabriella studied at the University of California, Santa Barbara,w here she earned a B.A. in Political Science with an emphasis in Comparative Politics. During college she interned with Boxer and Gerson LLP and volunteered with Phi Alpha Delta, the pre-law fraternity. In addition to internships, she has also worked for UCSB’s Annual Fund and the Disabled Students Program. Gabriella was also a National Honors Scholar in high school, and completed over 100 hours of community service.

Comments on DOD-GSA Cyber Resilience Rules Needed!

Kristina Tanasichuk — Mon, 17 Mar 2014 11:41:17 +0000

On Wednesday, March 12, 2014, the Department of Defense (DOD) and General Services Administration (GSA) Joint Working Group on Improving Cybersecurity and Resilience Through Acquisition (Working Group) requested public comments on its draft implementation plan (draft plan) for federal cybersecurity acquisition. See 79 Fed. Reg. 14042 (Mar. 12, 2014). The draft plan is the first of several steps toward implementing the recommendations outlined in the Working Group’s recently finalized report on Improving Cybersecurity and Resilience Through Acquisition (see our previous blog post for a summary).

As comments are due on April 28, 2014, federal contractors and other stakeholders should act quickly to submit their views on what will have a significant and lasting impact on federal cybersecurity acquisition practices.

The draft plan proposes a repeatable, scalable, and flexible framework for addressing cyber risk in federal acquisitions, and by design, it will affect nearly all contracting entities. The draft plan proposes a “taxonomy” for categorizing procurements so that the government can effectively prioritize those in need of additional resources, attention, and safeguards. As proposed, the taxonomy is modeled on Federal Information and Communications Technology (ICT) acquisitions—though the Working Group has asked whether this framework is a workable model for the categorization of all acquisitions. The Working Group would use the ICT framework to categorize all acquisitions that present cyber risk, after which it would separately assess the risks within each category. Categories that present greater cybersecurity risk (based on threats, vulnerabilities, and impacts) would receive more and faster attention in acquisitions. The taxonomy is, in our view, the most significant new development in the draft plan, as it will serve as the principal basis for categorizing the extent of cyber regulations for procurements. This aspect of the plan accordingly warrants particularly close attention.

The Working Group seeks comments in many areas, including whether:

(a) the approach is workable;

(b) the process will obtain sufficient stakeholder input;

(d) the approach will satisfy the goals of Recommendation IV of the final report, i.e., whether it creates a repeatable, scalable, and flexible framework for addressing cyber risk in federal acquisitions;

(e) the major tasks and sub-tasks are appropriate and, if implemented, will achieve the identified outputs/completion criteria;

(f) the taxonomy and category definitions can be used to develop overlays (a fully specified set of security requirements and supplemental guidance that allow for the specific tailoring of security requirements;

(g) factors can be developed to assess each measure of cybersecurity risk (i.e., threat, vulnerability and impact);

(h) other aspects (e.g., annual spending) should be considered in category prioritization; and

(i) in addition to information security controls derived from the cybersecurity framework and other relevant NIST guidance and international standards, other procedural or technical safeguards that address business cyber risk should be included (e.g., source selection and pricing methodology, source selection evaluation criteria minimum weighting and evaluation methodology, etc).

Submit comments here or contact GTSC to provide input to the Coalition’s response.

Brian Finch, a partner in Dickstein Shapiro’s Washington, DC office, is head of the firm’s Global Security Practice. Named by Washingtonian magazine in 2011 as one of the top 40 federal lobbyists under the age of 40, Brian is a recognized authority on global security matters who counsels clients on regulatory and government affairs issues involving the Department of Homeland Security, Congress, the Department of Defense, and other federal agencies. Dickstein Shapiro is a Strategic Partner of the Government Technology & Services Coalition. You can reach Brian at finch@dicksteinshapiro.com (202)420-4823.

Justin Chiarodo represents clients in all aspects of federal, state, and local procurement law. Named by Law360 in 2013 as a “Rising Star” in Government Contracts, Justin has extensive experience in government contracts litigation, compliance, and regulatory matters, with particular expertise in the defense, health care, technology, and professional services sectors.

Daniel Broderick is a Washington, DC-based associate in Dickstein Shapiro’s Energy Practice. He focuses on regulatory and project development matters affecting clients in the electricity industry, including electric market design, municipalization, compliance, certification, and power purchase agreements.