Rep. Adam Schiff recalls 'painful' Robert Mueller testimony | General Promises US 'Surge' Against Foreign Cyberattacks | Nations reveal ransomware pain at US-led summit | WHO announces committee to probe COVID-19 pandemic origins
Robert M. Brzenchek: Thanks for having me, Wes. As you know, in this world, there are increasingly capable hackers that are funded by nation-states such as China and Russia and massive spending in the United States on the internet of things (IoT) and 5G. We have advanced sentinels. We have data centers that will be everywhere. However, we can’t catch everything. And so that’s an issue.
With the capabilities of Russia and China, especially on the heels of the Colonial Pipeline and SolarWinds attack, we have nation-state actors from Russia make their way through business and government systems. And so what we need to focus on is what our vulnerabilities are in our critical infrastructure. And trust me, there are many.
"Mueller Report" - Google News
Max (Ryan Eggold) gets introduced to his replacement, Dr. Veronica Fuentes (Michelle Forbes), and realizes he may not be leaving the hospital in good hands.
#NBC #NewAmsterdam #RyanEggold
» Subscribe for More: http://bit.ly/NBCSub
» Stream Now: https://pck.tv/3gr5z83
NBC ON SOCIAL:
YouTube: http://www.youtube.com/nbc
Twitter: http://Twitter.com/NBC
Facebook: http://Facebook.com/NBC
Instagram: http://instagram.com/nbc
Find NBC trailers, full episode highlights, previews, promos, clips, and digital exclusives here.
A New Doctor is About to Make Changes at the Hospital | New Amsterdam
https://youtu.be/X_TmtqUODw8
NBC on YouTube
http://www.youtube.com/user/nbc
Voice of America
FOX News
Featured Image: Cybersecurity expert, Navy veteran, and AMU graduate Robert M. Brzenchek
By Wes O’Donnell
Managing Editor, Edge
Our nation faces substantial cybersecurity challenges in the years ahead of us. Adversaries like Russia and China are consistently probing for weaknesses and carrying out attacks that threaten to destabilize America’s infrastructure and our very way of life.
According to Harvard Business Review, China is quickly closing the once-formidable lead the U.S. maintained on artificial intelligence (AI) research. Meanwhile, in Russia, state-sponsored criminal hacking organizations are encouraged to attack the West. DarkSide, a Russian hacking group, has been accused of being behind the ransomware attack that shut down the Colonial Pipeline.
Urgent Action Needs to Be Taken – America Is Falling Behind in Its Cybersecurity
According to some U.S. experts, America is falling woefully behind in this new front of offensive and defensive cyber operations. In a recent poll, only 9% of Millennials said they are interested in pursuing a cybersecurity career. The numbers are even worse for Gen Z.
Most surprisingly, these jobs have pay scales that are beyond competitive. On the surface, these salaries should make cybersecurity not only essential but also extremely attractive to younger, tech-savvy generations.
We need to take urgent action. It feels like September 10, 2001, except we know an attack is coming this time.
An Expert’s View on the Current State of US Cybersecurity
I recently had the good fortune of speaking with published author, Navy veteran, and cybersecurity expert Robert M. Brzenchek about his take on the state of America’s cybersecurity posture. Mr. Brzenchek has worked with dozens of national agencies, governments, and international organizations in the use of advanced technologies and information sharing to detect violations of international laws.
His book, “Transnational Organized Crime and Gangs: Intervention, Prevention, and Suppression of Cybersecurity,” provides several first-person examples of the mentality present in today’s transnational organized crime groups. It also features a holistic approach towards cyberattack prevention and intervention in the cybersecurity space.
Wes O’Donnell: Robert, thanks so much for taking time out of your busy schedule to chat. I joined the military before 9/11, but I spent most of my time in the military after 9/11. What was funny is that we were focused, in basic training, on Russia and China – these large nation-state adversaries.
After 9/11, I had a front-row seat watching the military slowly retool to counter insurgencies and terrorism. As a nation, we’re finally pivoting our defense posture back to large countries. So how vulnerable is the nation’s infrastructure to cyberattacks from China or Russia today?
Robert M. Brzenchek: Thanks for having me, Wes. As you know, in this world, there are increasingly capable hackers that are funded by nation-states such as China and Russia and massive spending in the United States on the internet of things (IoT) and 5G. We have advanced sentinels. We have data centers that will be everywhere. However, we can’t catch everything. And so that’s an issue.
With the capabilities of Russia and China, especially on the heels of the Colonial Pipeline and SolarWinds attack, we have nation-state actors from Russia make their way through business and government systems. And so what we need to focus on is what our vulnerabilities are in our critical infrastructure. And trust me, there are many.
When you think back to pre- 9/11, this [cybersecurity] wasn’t really on the tips of anybody’s tongue. Now, this is the new front. This is our new 9/11. And unfortunately, I predict that our next 9/11 will be on the cybersecurity front. We are absolutely vulnerable to threats from the capabilities of the hackers from China, Russia, and others.
For example, getting back to SolarWinds, that was a huge vulnerability that exposed U.S. defenses and it’s a reminder of what we already know. The federal government and private enterprise have struggled for decades to build a deeper relationship on cybersecurity to stay ahead of the accelerating, more advanced threat to come from both China and Russia and points beyond.
Take Colonial Pipeline, for example. That ransomware attack hit our critical national energy infrastructure.
That’s a new level of ransomware that we have not seen before. And you and I were both in the military; we both know in the intel world that nothing comes out of Russia that Putin does not sanction. And so I take pause with the Biden administration saying that it was not an act of war, because it was a clear and present danger to our sovereignty.
In Russia, they are training the next generation of hackers by having them do esports-style competitions for who can hack into different cities in the U.S. Now, our critical infrastructure here for cyber is pretty vulnerable, because if you’re attacked every minute of every second of every day, at some point an intrusion will get through.
And so when you asked the question, “How vulnerable are we?”, I think that we have banded together too late. Is it recoverable? Absolutely, because as Americans, that’s what we do. We’re going to do what we need to get done.
However, is it too late? Are the enemy capabilities beyond what we’re doing right now? I say we are vulnerable.
Wes: That’s scary stuff. It feels like I’m speaking with someone who knew we were about to be attacked the day before 9/11, and no one paid attention.
Robert: I get the fact that we should not go to war with Russia. However, let’s call it what it is.
Wes: So, if you have a corporation like Colonial Pipeline or really anybody that wants to bring you on board to have a look at their vulnerabilities, how do you go about assessing risks?
Robert: Well, let’s walk back to what a risk is. The risk assessment process is a simple way to plan what you’re doing and to minimize the chances of anybody getting hurt, whether it’s in cyberspace or beyond.
It’s a way to identify sensible measures to control the risks in your workplace. I harken back to my days of me being an intel specialist in the Navy: We learned that Threat x Vulnerability = Risk.
What is your threat? What’s your vulnerability to that threat? And what are your acceptable risks? And I tell you right now, no loss of life is an acceptable risk.
When you’re looking at different things in the risk assessment process, these are things that as a security expert that you need to keep in mind. How are you going to be able to identify what the hazards are and what are you planning to do to mitigate those hazards?
And when I say, ‘mitigate,’ what are you going to do to prevent them from happening? You also need to look at your team. Do you have a cyber security team to do a red and blue exercise? Do you have the capabilities to counter anyone?
Wes: That’s great information. If you were to pick one major cybersecurity threat, who’s at the top of the threat board? Is it a criminal organization? Is it a nation-state?
Robert: They work hand-in-hand. As we saw in the Colonial Pipeline, Russia utilized an organized crime group. At the top of the board, obviously, the nation-state because they have the capital, and they have the resources. But they utilize these criminal organizations to do the dirty work.
Wes: I just learned about the existence of cybersecurity insurance. And I don’t know why it took me by surprise because it seems completely logical, now that I think about it.
But if you’re a medium- to a large-size organization and you’re a thoughtful CEO who’s thinking about risk, you’re probably already thinking about the day that you have your data encrypted and locked behind a ransom wall. Is cybersecurity insurance something that you recommend?
Robert: Well, I recommend doing a risk assessment and doing a process such as ISO 27001 first, because if you do not have those processes in place, all the insurance in the world is not going to help
Note: ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization and the International Electrotechnical Commission in 2005 and then revised in 2013. Some organizations choose to implement the standard to benefit from the best practice it contains, while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.
Now, if you have a robust process in place, and you feel that you’ve exercised it, then absolutely, insurance should be there for you to utilize. But I would advocate for cyber insurance if – and only if – you understand what your vulnerabilities are.
Wes: Robert, this has been a ton of great information. I appreciate your taking the time to talk.
Robert: It was my pleasure.
Edge
In an official message to mark the opening of the Russian Energy Week international forum on 13-15 October in Moscow, Russian President Vladimir Putin stressed that there are numerous issues on the agenda related to current trends in the global energy market, including improvements to industry infrastructure and the introduction of modern digital technologies into its operation.
“The efficiency of energy production and consumption is the most important factor in the growth of national economies and has a significant impact on people’s quality of life. Many countries have already adopted policies to accelerate the development of clean energy technologies,” he wrote in the message to guest and participants.
“The forum business programme is therefore set to look in detail at the possibility of developing green energy based on renewable sources and the transition to new, more environmentally friendly fuels. I am confident that the events of the Russian Energy Week will allow you to learn more about the achievements of the country’s fuel and energy sector, and that your initiatives will be put into practice,” Putin said.
Leaders of foreign states have also sent greetings to the participants and guests. For instance, President of the Republic of Angola João Manuel Gonçalves Lourenço, Prime Minister of Vietnam Pham Minh Chinh, Crown Prince of Abu Dhabi Armed Forces Mohamed bin Zayed bin Sultan Al Nahyan, and Vice Premier of the State Council of China Han Zheng.
In their greetings, it generally noted the importance of the topics to be discussed at the forum as well as the need to build an international dialogue and consolidate efforts to achieve the sustainable development goals, including as regards climate change.
The programme covers a wide range of issues of transformation and development in the global energy market. In the context of energy transition, the issues of energy development are inextricably linked with the introduction of new technologies, and the transformation aimed at reducing greenhouse gas emissions into the atmosphere. Climate protection is a task that cannot be solved by one country; it is a global goal, which can be achieved through building dialogue and cooperation between countries. The participants in the discussion will answer the question: Is the world ready to give up hydrocarbons?
In addition, during the panel session, the participants will discuss whether oil, gas and coal are really losing ground in the global energy sector; whether the infrastructure will have time to readjust for new energy sources; how long will there be enough hydrocarbons from the field projects that are being implemented; and whether an energy transition using fossil fuels is possible.
The international climate agenda is forcing many countries to reform their carbon-based energy systems. For Russia, which holds a leading position in the global hydrocarbon markets, the transition to development with low greenhouse gas emissions presents a serious challenge, but at the same time it opens up new opportunities for economic growth based on renewable energy, hydrogen technologies, advanced processing of raw materials and implementing green projects.
The Climate Agenda included sessions dedicated to the operation of the Russian fuel and energy sector in the context of energy transition, the impact of the European green pivot on the cooperation between Russia and Europe, as well as the session titled ‘The Future of Coal in a World Shaped by the Climate Agenda: The End, or a New Beginning?’
Sessions of the ‘New Scenarios for the Economy and the Market’ track are dedicated to the global challenges and opportunities of the electric power industry; the impact of ESG on the Russian fuel and energy sector; the potential for the renewable energy sources; and other issues of the future of energy.
The Russian Energy Agency under the Ministry of Energy brings together experts from key international analytical organizations to discuss the future of world energy during the session titled International Energy Organization Dialogue: Predicting the Development of Energy and Global Markets. The Human Resource Potential of the Fuel and Energy Sector, participating experts will discuss the prospects for developing the professional qualification system, and a session titled Bringing the Woman’s Dimension to the Fuel and Energy Sector. Optimizing regulation in the energy sector and organizing the certification and exchange of carbon credits in Russia are the basis of the Regulatory Advances in Energy.
Anton Kobyakov, Advisor to the Russian President and Executive Secretary of the Russian Energy Week 2021 Organizing Committee, said “the level of various formats of international participation testifies to the importance of the agenda and Russia’s significant role in the global energy sector. We are a reliable strategic partner that advocates for building international cooperation based on the principles of transparency and openness. With the period of major changes in the industry, it is particularly important to engage in a dialogue and work together to achieve both national and global goals.”
The forum, organized by the Roscongress Foundation, the Russian Ministry of Energy, and the Moscow Government, brought together many local and foreign energy and energy-related enterprises. The speakers attending included Exxon Mobil Corporation Chairman of the Board of Directors and CEO Darren Woods, Daimler AG and Mercedes-Benz AG Chairman of the Board Ola Kallenius, BP CEO Bernard Looney, and TotalEnergies Chairman and CEO Patrick Pouyanné.
Eurasia Review
The decision to authorize (or not) an information system to operate within an organization is the result of an on-going project that needs to be dealt effectively to be successful and prevent your business from being exposed to unwanted threats. As NIST highlights, authorization to operate (ATO) is a “management decision to explicitly accept the risks” from operating an information system.
An authorizing officer needs not only have executive buy-in to fulfill their project, but they need to possess the foundational knowledge required to avoid project scope creep. An (ISC)² Certified Authorization Professional (CAP) is the practitioner who can exercise sound security risk management in pursuit of information system authorization to support an organization’s operations in accordance with legal and regulatory requirements. A CAP possesses the expertise to compile the authorization package, determine the amount of risk associated with operating the system, develop responses to address the remaining risk, and finally decide whether to authorize or not the information system. What is more, the (ISC)² CAP certification meets the requirements of Directive 8570.1 for IAM Level I and IAM Level II positions.
The post The Importance of Correctly Scoping Your Information Systems appeared first on Cybersecurity Insiders.
Comments
Post a Comment