Who'd want to be a CISO?

Challenging job, but increasingly well paid

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

Australian Cybersecurity Outlook

Aussie healthcare scrambles to catch up

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Just keeping its head above water

New Zealand Healthcare steams forward with minimal security

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

Cyberespionage, and the Need for Norms

Harvard Political Review (external link)

How Concerned Should we be about a Russian State Cyberattack against the US?


Russia’s invasion of Ukraine appears to be bogged down if the reports coming out of the country are to be believed. Indeed troops around Kyiv are currently reported to be withdrawing back to Belarus to regroup and re-arm. The surgical Blitzkrieg to take over the country and replace its elected leaders with Putin-friendly surrogates has failed, and now Russia has been forced to re-evaluate its military objectives and to focus on liberating Donbas and Luhansk from Ukraine and the Ukrainian people who live there. The area is one of many across the former Soviet Union seeded by Stalin with Russian diaspora after annihilating much of the indigenous population in one of many genocidal purges of opponents. In this case, it was a mass purge of Ukrainians.
 
Indeed the Holodomor (Ukrainian: Голодомо́р) in which 4 million Ukrainians were purposely starved to death by Stalin between 1932 and 1933 in order to suppress Ukrainian desires for independence, is perhaps one of the reasons why Ukraine has been so vociferous in its defense against Russian invasion.
 

An Invasion Falling Apart

But as casualties mount, and in particular the deaths of a large number of Russian General Officers, Putin’s hold over the military and therefore political power, looks to be increasingly tenuous. Reports in the media of tanks being driven over commanding officers by unhappy starving soldiers who were misled and lied to by their leadership, poorly trained and led troops shooting unarmed civilians indiscriminately, and a growing realization by Russian troops that they are pawns in an illegitimate conflict with neighbors most of whom speak their own language, is drawing into question the abilities of the Russian military and its leadership.
 
As the Russian body bag count continues to rise and a growing number of funerals are announced back home in Russia of all kinds of senior military officers, so the public will increasingly be aware of the costs of Putin’s folly. The closure of most foreign stores, the inability to fly anywhere as planes are grounded, and a Ruble which has structurally lost 40% of its value since February will be sure to reinforce concerns that Putin is engaged in a conflict much bigger than he has led on.

 

But military power is not all that Putin can muster in his battle with the west. As President, Putin has at his disposal the considerable state cyber forces of the Russian FSB and GRU. These are groups with no shortage of highly destructive cyber weapons, many of which have been used against Ukraine since 2015, and some of which date to the cyber-attacks against Georgia, Estonia, Azerbaijan, and Chechnya,  all the way back to the 1990s. 
 
Putin also has access to the considerable forces of Russian organized cybercrime in return for historically turning a blind eye to their lucrative criminal activities. Indeed, some investigators have concluded an even tighter more collaborative relationship between the Russian President and mob bosses. Putin in other words, has many options open to him for direct and indirect cyber-attacks, though few would believe any claims in current times that Russian organized crime totally operates outside of the influence of Putin and the Kremlin.
 

Russia and Cyberwarfare

The west has in fact been in an ongoing cyberwar with Russia since the turn of the millennium when Russian gangs realized that they could operate their craft of cyber theft and extortion with total impunity from within the bounds of the Russian Federation. Putin and the almost ineffective forces of Russian law enforcement simply turned a blind eye to the gangs and their activities. Perhaps the reported back-handers to police officers helped. Perhaps the sheer power of these gangs was enough to intimidate law enforcement officers. Either way, the illicit foreign exchange inflows of untraceable cryptocurrency continues to boost the struggling Russian economy.

 

The connection between Russian organized crime syndicates and the Kremlin in recent months looks to be a lot less deniable, with evidence suggesting that crime gangs are acting on instruction from the Kremlin and perhaps maybe receiving payment for the acquisition of intelligence gained in their attacks. Take for example the SolarWinds Orion attack, which was attributed to ‘Nobelium’, a group reportedly being directed by the Russian intelligence to infiltrate US federal agencies, while another Russian cybercrime group, ‘DarkSide’, was busy at the exact same time with a high profile and distracting ransomware attack against the Colonial Pipeline cutting off fuel supplies to the southeast of the entire United States.
 

Is Putin likely to respond to increasing western military support of Ukraine?

So far at least, Putin appears to have held back his arsenal of cyber weapons. Supposition is that Putin is concerned that any massive cyber-attack against the west would be sure to result in a powerful response from the west against Russian critical infrastructure including the power grid. It would then be almost impossible for Putin to continue to dupe the Russian people with propaganda stories of an almost insignificant special military operation to rid Ukraine of Nazis. The cat would be out of the bag regardless of whether conscript bodies are returned to their mothers or not, and Putin would be facing enemies from within as well as abroad. It was the unpopularity of the wars in Georgia and Chechnya back home that forced a Russian withdrawal, and the unpopularity of the war in Afghanistan that eventually bankrupted and lead to the collapse of the Soviet Union before it.
 
Indeed, this is perhaps what Putin fears most – a popular uprising against his rule by the very lumpenproletariat he claims to represent. So far however, the Kremlin propaganda machine still appears to be working well and Putin can claim wide-scale popular support at home from the babushkas that believe everything they are told by the state media outlets.

 

While Russia may have some devastating cyber weapons up its sleeve, the NSA is widely regarded to have bigger more devastating cyber weaponry in is arsenal. These include weapons able to effectively take Russia back to the nineteenth century and presumably include the capability to turn off Russia’s power grid, its water, oil, and gas systems, its flight control systems, transportation, and a heap of other critical infrastructure. This would deny Russians, and the Russian war machine with the ability to operate at anything other than at minimal levels and could wreak havoc on military resupply and other logistics.
 
The NSA is not alone however, other Five Eyes nations are thought to have comparable cyber capabilities and would no doubt respond as a group if attacked by Russia. The EU is thought to also have some offensive cyber capabilities, while Israel, less involved in the support of Ukraine against Russian invasion, would likely join in to support the USA and its other allies, despite its current free pass from Russia to attack Hezbollah terrorists operating inside Syria in return for staying neutral. Israel is thought to have some very nasty tricks up its sleeves and based upon its past performance, is less inclined to hold back if ever attacked.
 
So with cyber armies lined up against each other, perhaps we have reached the modern day equivalent of Mutually Assured Destruction (MAD). This was a principle that ensured the global peace between totalitarian east and liberal democratic west, around the use of nuclear weapons from the late nineteen forties to the present day. Given the impact to all of us of an all-out cyberwar between Russia and the west, let’s hope that MAD will keep the cyber weapons firmly locked up.

 

Can Healthcare Tackle IoT, Medical Device Security Challenges?

Join SCMedia Editor Jessica Davis and Cylera's Chief Security Strategist Richard Staynings for a FireSide Chat at VIVE2022 -  the new CHIME / HLTH conference in Miami Beach FL, as they explore the challenges of medical device security.




Could Russia orchestrate cyberattacks against the west?

As concerns rise about the likelihood of increased cyberattacks against the west by Russian cyber forces, so the west is attempting to ready itself. Both the UK and US governments have this week issued warnings to citizens of the rising threats of an attack and urged increased diligence.

Many consider a cyber attack almost inevitable given continuing western military support for Ukrainian defense, a growing army of hackers joining forces with Anonymous that have very successfully and daringly taken down or defaced critical Russian web sites including that of the Kremlin, and a proclivity by Putin to use grey or hybrid warfare against those who dare to challenge his supreme authority.

So far however, all we have seen is the usual ransomware and other criminal cyber-extortion activities of Russia's extensive criminal underworld of organized crime syndicates. A proxy army in waiting that Putin can rely upon to act on his instructions, and one that he can claim any involvement with and plausible deniability when their activities are discovered.

Indeed, Putin is now a master of subterfuge being trained by the Soviet KGB in the art of spy craft and disinformation. Putin has very conveniently turned a blind eye to the criminal activities of Russia's organized crime syndicates for many decades, in part because of their usefulness and in part perhaps because of the reported illicit financial and other support Putin receives from these groups.

But should the west be worried and what steps should westerners take to shore up their own cyber defenses? These are questions that were posed by Stephen and Ellie on the UK's GB News Breakfast show this morning.




Impact of the Russian Invasion of Ukraine

The Russian military invasion of Ukraine has unified the free world against acts of aggression by dictators and autocrats who threaten the territorial integrity of their neighbors. 

After years of bullying, threats and intimidation by Putin and Kremlin against what it regards as one of its vassal states, Russian troops were ordered across the Ukrainian border on Thursday February 24th, 2022. This resulted in almost immediate global financial and trade sanctions by the west and the isolation of the Russian economy. This included a closure of the skies to Russian airlines and other aircraft across Europe, Canada and America and the freezing of Russian state and Oligarch assets all around the world and the sequester of many Russian Oligarch assets including some multi-million dollar luxury yachts. It also included agreement to supply defensive weapons to Ukrainian forces from NATO countries and as far away as Australia.

But concerns have risen sharply that such tacit support of Ukraine against Russia could result in cyber attacks against the west and in particular the United States by Russia's considerable arsenal of GRU and FSB cyber weapons, or the letting lose of Russian organized crime syndicates to launch their own cyber attacks.

In the light of such concerns, University of Denver University, College faculty leaders agreed to come together this evening to examine the impact of the Russian invasion of Ukraine. They were joined by other Colorado academics from Colorado State University and the University of Colorado. 

Join moderator Arianna Nowakowski and panelists Jack Buffington, Eric Fattor, and Richard Staynings as they adeptly navigate complex topics pertaining to the short-term and long-term consequences on security, supply chain, media, and globalization.





Cotswold Radio - The need to secure healthcare IoT


Securing Healthcare and the growing complexity of interoperable health IT / IoT systems and medical devices. Richard Staynings discusses this with James Cunningham, CEO of Core To Cloud, based in Cirencester, Engalnd, and Tony Dale host of the evening Cotswolds Radio broadcast.

Listen to a recording of the live broadcast below:




 

Russia ready to launch cyber attacks on the West in retaliation for economic sanctions

Western governments and companies need to be on a “heightened state of preparedness” for the “high probability” of cyber attacks, as economic sanctions on Russia begin to bite, a senior cyber security expert has told GB News. And it is expected Russia will soon step up its campaign against the West with cyber attacks.

Critical national infrastructure and the banking sector could be the main targets of any attack ordered by Vladimir Putin, according to Richard Staynings, chief security strategist at cyber security firm, Cylera.

He said: “I would say there's a fairly high probability, based upon the types of hybrid warfare that Putin and the Kremlin have executed in the past, that cyber attacks will be launched in this conflict.

“In Chechnya in the 90s, Russia launched its cyber weapons against opposing forces. We've seen it in Georgia and South Ossetia. We've seen it in other parts of the World, where Russia has wanted to extend its influence and to coerce and to bully its neighbours or adversaries.

“I think it's a weapon that's being held in reserve right now, but we certainly need to be on a heightened level of preparedness.

“That means we need to make sure that systems are patched. We need to make sure that we've got adequate cyber defences in place to protect our businesses, our schools and universities, our hospitals our power and oil systems and other critical infrastructure across the country.”

Experts warn although the threat from cyber warfare can seem quite abstract, it has potential real world consequences.

Recent attacks on the health service caused significant disruption. The multiple computerised systems within the West’s aviation sector are also vulnerable to attack.
Cyber security teams are already on high alert. Executives at some of the West’s leading banks and financial institutions have expressed their concern about the possibility of Russian attacks on the banking system in retaliation for being kicked out of the Swift international payments system.

Apart from an attack on some of Ukraine’s critical systems in the initial stages of the invasion, there has been no concerted effort by Russia to attack Western infrastructure in recent weeks, according to security sources.

The leadership in Moscow knows that any cyber attack on the West will be met with a significant response from Western Governments, whose offensive cyber capabilities have been significantly enhanced in recent years.

But if Vladimir Putin decides to give the go ahead for technological attacks, he can also utilise a network of organised criminal gangs to hep him out, according to Professor Ciaran Martin, from the University of Oxford.

Professor Martin, who is the former head of the the UK’s National Cyber Security Centre, said that any Russian cyber attack would come on multiple fronts.

“As well as being one of the most formidable cyber powers in terms of government capabilities, Russia also has the largest concentration by far of serious organised cyber criminals on the planet.” He said.

“In 2021, we saw those criminals disrupt petrol supplies in America, healthcare in Ireland, schools in England, food retail in Sweden, the list goes on.

None of that individually is catastrophic. But if the Russian state were to unleash its ransomware capabilities, its cyber criminal capabilities, while not catastrophic, that could get pretty unpleasant.

Although the West’s computer systems are better protected these days, there are still inherent weaknesses and vulnerabilities that adversaries could seek to exploit, according to Richard Staynings.

“There are certainly still weaknesses in the system.” He said.

“Much has been done to shore up a lot of the critical infrastructure across the UK, particularly the NHS since the WannaCry ransomware attack in 2017.

“A lot of older systems have been replaced and we have new regulations that are forcing NHS trusts and NHS digital to move forward in that space.

“The data security protection tool-kit for example is driving enhancements around IOT medical devices which are inherently vulnerable in our health system today and that is forcing health systems to improve their capabilities.

“But there are still gaps in the fabric, there are still chinks in the armour that we need to be aware exist and we need to take precautions in order to ensure that perpetrators can't get through that armour.”

For now, as Russia concentrates on conventional warfare, it is already fighting off multiple attacks from Western computer hackers, who have turned away from their traditional targets of big business and governments at home, focussing their disruptive talents on Moscow instead.

 

Reproduced from GB News. Original post 18 March 2022. https://www.gbnews.uk/news/russia-ready-to-launch-cyber-attacks-on-the-west-in-retaliation-for-economic-sanctions/250614


Ditial Health Rewired - Smart Health In Practice


Digital Health Rewired was full of highly informative presentations and discussions across many areas of healthcare, but perhaps most forward thinking were 2 days of sessions under the banner of Smart Health in Practice at the Smart Health Stage at the front of the show.

I was proud the share the stage with 4 'greats' in the space of smart health innovation: Declan Hadley UK&I Lead for Cisco, Andy Callow, CDIO at University Hospitals of Northamptonshire, Stephen Dobson, CIO at Lancashire Teaching Hospitals, and Matt Dugdale, Head of Clinical & Digital Innovation, North West Ambulance Service NHS Trust. 

Our discussions focused around a presentation provided by Matt on how the North West Ambulance Service team has transformed its ambulances and offices to become 'Smart' using new smart technology to improve efficiency and the patient experience at the same time. 

Smart hospitals are just one of many changes occurring across NHS trusts, as discrete HIT and HIoT digital systems are integrated and made interoperable by advanced new technology from Cisco, Cylera and others. But as these changes are implemented, we run the risk of gap being created between functional IT and secure IT unless cybersecurity is included from the outset. With a growing number of systems and discrete devices now 'connected' to hospital networks, patient safety and cybersecurity have become major areas of concern.

With warnings by the government to batten down the hatches across critical infrastructure industries like healthcare in the light of rising threat of cyber attack from Russia, keeping patients safe and health IT / IoT systems up and running will be a major challenge if we are to avoid another WannaCry.


My thanks also to a great audience which continued to ask questions off-stage well after our allotted time had gone and almost into the next session.

 

Should we be worried about state-sponsored cyber-attacks against hospitals?

Absolutely we should!


For the past decade and a half, the criminal underworld, Russian Mafia and other organized crime syndicates in the former Soviet Union have provided a constant reminder of both the fallibility of modern IT systems and the tenacious expertise of Russian hackers and their cyber-criminal community. In what now seems like background white noise, these highly organized perpetrators have executed a near constant campaign of cybertheft, cyber-extortion, and denial of service attacks. 

Attacks have included a long list of crippling ransomware campaigns that have disabled almost the entirety of national health systems like the Irish HSE and Irish Health System, to the near bankrupting of several large private US health systems, to causing small medical and dental practices to have to close up shop, all in the past year.  This has denied critical medical services to thousands of patients and contributed to increases in patient morbidity and mortality. Yes, Russian cyber criminals have killed innocent people, perhaps not directly or intentionally, but nevertheless their greed and lack of ethical restraint has caused great pain and suffering to thousands. But, the capabilities of these gangs pales into insignificance when compared to the resources and capabilities of nation states.

WannaCry which in 2017 crippled much of UK NHS as well as other providers of health services around the word was a (flawed) cyber weapon created by the DPRK to raise hard currency following international sanctions on Kim Jong Un’s autocratic hermit kingdom. The DPRK’s subsequent cyber weapons have been much less flawed, and have drained many cryptocurrency exchanges and large sums from the Bank of Bangladesh among a long list of other victims. With the exception of its attack against Sony Pictures, Lazarus Group and other DPRK cyber forces operate very similarly to any other criminal enterprise raising cash for the Kim family’s lavish living and to purchase rocket fuel for his pet ICBM and nuclear weapons programs.

Not Petya, a highly destructive wiperware which initially masqueraded itself as a fake ransomware attack, hit the world right on the heels of WannaCry and was quickly attributed to the Russian government, specifically the Sandworm hacking group within the GRU Russian military intelligence organization. Initially designed to target the Ukrainian MeDoc tax accounting application in a software supply chain attack, it quickly spread worldwide to any company and country doing business in Ukraine and took down many of the world’s largest companies including shipping company Maersk, FedEx, pharmaceutical giant Merck, and French firm Saint-Gobain. Each of these organizations spent hundreds of millions of dollars to restore data and systems that NotPetya had encrypted beyond repair. Not Petya destroyed tens of thousands of computer systems and resulted in losses in excess of $10bn USD globally. Already a pariah, the Russian state after this devastating attribution, became synonymous with cybercrime and cyberwarfare across the international community. In a major home goal, NotPetya ended up also wiping a large number of computer systems in Russia for organizations that also conduct business with Ukraine
 
Step forward a few years to 2022 and Russia is up to its old tricks again. A few hours before Russian tanks began rolling into Ukraine, Microsoft raised the alarm warning of a never-before-seen piece of “wiper” malware that appeared aimed at the country’s government ministries and financial institutions. ESET Research Labs, a Slovakia-based cybersecurity company, said it too had discovered a new ‘wiper’ while security experts at Symantec’s threat intelligence team said the malware had affected Ukrainian government contractors in Latvia and Lithuania and a financial institution in Ukraine. ESET has called the malware which renders computers inoperable by disabling rebooting, HermeticWiper, while Microsoft has named it'd discovery FoxBlade.

The trouble with any kind of cyber weapons, no matter how targeted they are, is that these weapons do not recognize national boundaries (just as Putin didn’t recognize Ukraine’s) and so are bound to get out into the global community of interconnected IT systems. Fortunately, and so far at least, the HermeticWiper malware does not appear to be self-propagating, whereas NotPetya was deliberately designed to spread laterally and stealthily. There are no doubt many other offensive cyber weapons being deployed against Ukraine and its allies this week as Putin escalates his attack.

But the real danger is not just in the powerful nation state weapons, but with the semi-professional hackers and organized crime syndicates. Russia has the world’s largest non-state criminal cyber infrastructure employing tens of thousands who are engaged full time in cybercrime, cybertheft, and cyber-extortion. Putin for various reasons has turned a blind eye to their criminal activities for decades allowing these groups to grow and prosper. These criminals are already using the smokescreen of conflict in Ukraine to launch fresh ransomware attacks against the west, and evidence suggests that Putin has recently instructed them to go all-out to help Mother Russia. Putin has organized a personal crusade of military kinetic and cyber offensive capabilities and paired this with an extensive criminal underground in an attempt to overwhelm the west.

On the other side, the call has gone out for Ukrainian cyber gangs to launch an all-out offensive against the institutions of the Russian Federation, and they have been joined by Anonymous and many other international hacktivists. If we are to believe the reports coming out of Russia, then many of the Kremlin’s public systems have been taken down by cyber-attacks. This tit-for-tat action risks serious escalation, and Russia which is widely acclaimed to have invented the concept of cyber-warfare during its two brutal wars against Chechen separatists, is sure to have some very powerful, very devastating cyber weapons in its war chest. Of course so too does the USA, UK, and many other countries. These weapons if ever launched would wreak devastation akin to a nuclear war and wipe out just about anything electronic. Given our reliance upon IT systems today, especially in hospitals this would not end well for patients, resulting in a significant rise in patient morbidity and mortality. The trouble for the west is, that these cyber weapons would cause far greater damage to advanced western institutions than to former Soviet ones in Russia, Belarus, Kazakhstan, and Chechnya supporting Putin where computerization is less prevelent.

We should be taking every precaution to patch all systems, ensuring the legitimacy of patches by examining hash values before deploying, by enforcing multi-factor authentication for all users, and by disconnecting and isolating systems which cannot be properly secured. Staff should be briefed on the need for heightened awareness and told to take extra precautions in their day-to-day activities. 
 
But first however, we need to fully understand what is connected to our networks and who is accessing our systems. In this day and age of heightened threats, we need to understand what is 'normal' so that abnormal or 'anomalous behavior' can be flagged and quickly isolated. The inconvenience of kicking a user off of a system and inconveniencing them, should be far less of a concern than the safety of a patient on life support being kept alive by a collection of connected medical devices.


Podcast: A Career in Cybersecurity

What is 'Cybersecurity', why is it so important today, and why do developed western societies need better cyber protection? Join Denver University Adjunct Professor and Chief Security Strategist for Cylera, Richard Staynings, as he describes the risks, rewards and opportunities for those seeking a career in this rapidly growing field.






Pueblo Community College Cybersecurity Lecture

 

It was great to present to the students and faculty of Pueblo Community College in southern Colorado this past week. The opportunities for those entering the profession from ICT cybersecurity and Healthcare programs like those at PCC are tremendous. My thanks to the faculty for organizing such a great event and to Mike Archuleta, CIO at nearby Mt San Rafael Hospital and fellow Health Informatics and Cybersecurity Luminary who also presented to students.



Challenges for 21st Century Healthcare

Healthcare currently faces many unique challenges. It is an industry currently undergoing the most dramatic transformation in its history. Covid-19 ravaged hospital finances and forced providers to pivot from lucrative consults and elective surgeries to pandemic emergency care. This in turn led to the need for another (long overdue) pivot towards telehealth, telemedicine and remote health services as patients were told to avoid hospitals. And of course, this all happened during an industry-wide move towards digital transformation, interoperability, a massive growth in the number of medical and other healthcare IoT devices, and enhanced adoption and deployment of artificial intelligence across the industry, each bringing its own unique security challenges.

As if these transformational challenges were not enough, healthcare is also one of 16 US Critical Infrastructure Sectors under PPD-21, and therefore a potential target of nation-state cyber-warfare attacks against the United States. Given a long history of such attacks by the Russian GRU against other countries and a proclivity by the Kremlin to give carte blanch to Russian Mafia proxies engaged in cybercrime, risks are high that an imminent attack could be launched against US healthcare.

A cyberattack against healthcare is not just an act of cyber extortion or cyber warfare, it risks the lives and safety of patients. When HIT and HIoT systems are not available because of cyberattack, patient morbidity and mortality rates increase, just as they did under the North Korean 'Wannacry' or Russian GRU 'Not Petya' attacks of 2017.

In 2022, the ability of hospitals and other providers to withstand a devastating ransomware or other cyberattack has improved, but providers are in no way impregnable. The industry lacks the material and people resources necessary to mount a full defense. It is therefore vulnerable and in need of supplementary security services. Services that are perhaps best addressed by managed security services providers (MSSPs) and others with deep security domain expertise.

Clinical, technological and security resourcing across healthcare has been stretched to the limit exacerbated by clinicians leaving the industry en-masse and a global shortage of cybersecurity professionals in which healthcare has found it increasingly hard to compete for scarce resources. There has also been a skills mismatch as re-skilling of staff has not kept up with the adoption and implementation of new technologies. 

Given the growing challenges of securing healthcare and keeping patients safe, I challenged four leading technology and security executives with these problems at the recent Denver Managed Security Services Forum. Hear their thoughts in the video recording below.



Panelists:

Mike Archuleta, Chief Information Officer, Mt San Rafael Hospital
Kevin Coston, Sr. Technical Security Specialist Healthcare, Microsoft
Randall Frietzsche, Enterprise Chief Information Security Officer, Denver Health
Howard Haile, Chief Information Security Officer, SCL Health

Moderator:

Richard Staynings, Chief Security Strategist, Cylera