Who'd want to be a CISO?

Challenging job, but increasingly well paid

Cyber Risk Insurance Won't Save Your Reputation

Be careful what you purchase and for what reason

Security and the Board Need to Speak the Same Language

How security leaders speak to thier C-Suite and Board can make all the difference

Australian Cybersecurity Outlook

Aussie healthcare scrambles to catch up

The Changing Face of the Security Leader

The role is changing, but what does the future hold?

Just keeping its head above water

New Zealand Healthcare steams forward with minimal security

Medical Tourism - Growing in Popularity

Safe, fun, and much, MUCH more cost-effecitive

Cyberespionage, and the Need for Norms

Harvard Political Review (external link)

Could Russia orchestrate cyberattacks against the west?

As concerns rise about the likelihood of increased cyberattacks against the west by Russian cyber forces, so the west is attempting to ready itself. Both the UK and US governments have this week issued warnings to citizens of the rising threats of an attack and urged increased diligence.

Many consider a cyber attack almost inevitable given continuing western military support for Ukrainian defense, a growing army of hackers joining forces with Anonymous that have very successfully and daringly taken down or defaced critical Russian web sites including that of the Kremlin, and a proclivity by Putin to use grey or hybrid warfare against those who dare to challenge his supreme authority.

So far however, all we have seen is the usual ransomware and other criminal cyber-extortion activities of Russia's extensive criminal underworld of organized crime syndicates. A proxy army in waiting that Putin can rely upon to act on his instructions, and one that he can claim any involvement with and plausible deniability when their activities are discovered.

Indeed, Putin is now a master of subterfuge being trained by the Soviet KGB in the art of spy craft and disinformation. Putin has very conveniently turned a blind eye to the criminal activities of Russia's organized crime syndicates for many decades, in part because of their usefulness and in part perhaps because of the reported illicit financial and other support Putin receives from these groups.

But should the west be worried and what steps should westerners take to shore up their own cyber defenses? These are questions that were posed by Stephen and Ellie on the UK's GB News Breakfast show this morning.




Impact of the Russian Invasion of Ukraine

The Russian military invasion of Ukraine has unified the free world against acts of aggression by dictators and autocrats who threaten the territorial integrity of their neighbors. 

After years of bullying, threats and intimidation by Putin and Kremlin against what it regards as one of its vassal states, Russian troops were ordered across the Ukrainian border on Thursday February 24th, 2022. This resulted in almost immediate global financial and trade sanctions by the west and the isolation of the Russian economy. This included a closure of the skies to Russian airlines and other aircraft across Europe, Canada and America and the freezing of Russian state and Oligarch assets all around the world and the sequester of many Russian Oligarch assets including some multi-million dollar luxury yachts. It also included agreement to supply defensive weapons to Ukrainian forces from NATO countries and as far away as Australia.

But concerns have risen sharply that such tacit support of Ukraine against Russia could result in cyber attacks against the west and in particular the United States by Russia's considerable arsenal of GRU and FSB cyber weapons, or the letting lose of Russian organized crime syndicates to launch their own cyber attacks.

In the light of such concerns, University of Denver University, College faculty leaders agreed to come together this evening to examine the impact of the Russian invasion of Ukraine. They were joined by other Colorado academics from Colorado State University and the University of Colorado. 

Join moderator Arianna Nowakowski and panelists Jack Buffington, Eric Fattor, and Richard Staynings as they adeptly navigate complex topics pertaining to the short-term and long-term consequences on security, supply chain, media, and globalization.





Cotswold Radio - The need to secure healthcare IoT


Securing Healthcare and the growing complexity of interoperable health IT / IoT systems and medical devices. Richard Staynings discusses this with James Cunningham, CEO of Core To Cloud, based in Cirencester, Engalnd, and Tony Dale host of the evening Cotswolds Radio broadcast.

Listen to a recording of the live broadcast below:




 

Russia ready to launch cyber attacks on the West in retaliation for economic sanctions

Western governments and companies need to be on a “heightened state of preparedness” for the “high probability” of cyber attacks, as economic sanctions on Russia begin to bite, a senior cyber security expert has told GB News. And it is expected Russia will soon step up its campaign against the West with cyber attacks.

Critical national infrastructure and the banking sector could be the main targets of any attack ordered by Vladimir Putin, according to Richard Staynings, chief security strategist at cyber security firm, Cylera.

He said: “I would say there's a fairly high probability, based upon the types of hybrid warfare that Putin and the Kremlin have executed in the past, that cyber attacks will be launched in this conflict.

“In Chechnya in the 90s, Russia launched its cyber weapons against opposing forces. We've seen it in Georgia and South Ossetia. We've seen it in other parts of the World, where Russia has wanted to extend its influence and to coerce and to bully its neighbours or adversaries.

“I think it's a weapon that's being held in reserve right now, but we certainly need to be on a heightened level of preparedness.

“That means we need to make sure that systems are patched. We need to make sure that we've got adequate cyber defences in place to protect our businesses, our schools and universities, our hospitals our power and oil systems and other critical infrastructure across the country.”

Experts warn although the threat from cyber warfare can seem quite abstract, it has potential real world consequences.

Recent attacks on the health service caused significant disruption. The multiple computerised systems within the West’s aviation sector are also vulnerable to attack.
Cyber security teams are already on high alert. Executives at some of the West’s leading banks and financial institutions have expressed their concern about the possibility of Russian attacks on the banking system in retaliation for being kicked out of the Swift international payments system.

Apart from an attack on some of Ukraine’s critical systems in the initial stages of the invasion, there has been no concerted effort by Russia to attack Western infrastructure in recent weeks, according to security sources.

The leadership in Moscow knows that any cyber attack on the West will be met with a significant response from Western Governments, whose offensive cyber capabilities have been significantly enhanced in recent years.

But if Vladimir Putin decides to give the go ahead for technological attacks, he can also utilise a network of organised criminal gangs to hep him out, according to Professor Ciaran Martin, from the University of Oxford.

Professor Martin, who is the former head of the the UK’s National Cyber Security Centre, said that any Russian cyber attack would come on multiple fronts.

“As well as being one of the most formidable cyber powers in terms of government capabilities, Russia also has the largest concentration by far of serious organised cyber criminals on the planet.” He said.

“In 2021, we saw those criminals disrupt petrol supplies in America, healthcare in Ireland, schools in England, food retail in Sweden, the list goes on.

None of that individually is catastrophic. But if the Russian state were to unleash its ransomware capabilities, its cyber criminal capabilities, while not catastrophic, that could get pretty unpleasant.

Although the West’s computer systems are better protected these days, there are still inherent weaknesses and vulnerabilities that adversaries could seek to exploit, according to Richard Staynings.

“There are certainly still weaknesses in the system.” He said.

“Much has been done to shore up a lot of the critical infrastructure across the UK, particularly the NHS since the WannaCry ransomware attack in 2017.

“A lot of older systems have been replaced and we have new regulations that are forcing NHS trusts and NHS digital to move forward in that space.

“The data security protection tool-kit for example is driving enhancements around IOT medical devices which are inherently vulnerable in our health system today and that is forcing health systems to improve their capabilities.

“But there are still gaps in the fabric, there are still chinks in the armour that we need to be aware exist and we need to take precautions in order to ensure that perpetrators can't get through that armour.”

For now, as Russia concentrates on conventional warfare, it is already fighting off multiple attacks from Western computer hackers, who have turned away from their traditional targets of big business and governments at home, focussing their disruptive talents on Moscow instead.

 

Reproduced from GB News. Original post 18 March 2022. https://www.gbnews.uk/news/russia-ready-to-launch-cyber-attacks-on-the-west-in-retaliation-for-economic-sanctions/250614


Ditial Health Rewired - Smart Health In Practice


Digital Health Rewired was full of highly informative presentations and discussions across many areas of healthcare, but perhaps most forward thinking were 2 days of sessions under the banner of Smart Health in Practice at the Smart Health Stage at the front of the show.

I was proud the share the stage with 4 'greats' in the space of smart health innovation: Declan Hadley UK&I Lead for Cisco, Andy Callow, CDIO at University Hospitals of Northamptonshire, Stephen Dobson, CIO at Lancashire Teaching Hospitals, and Matt Dugdale, Head of Clinical & Digital Innovation, North West Ambulance Service NHS Trust. 

Our discussions focused around a presentation provided by Matt on how the North West Ambulance Service team has transformed its ambulances and offices to become 'Smart' using new smart technology to improve efficiency and the patient experience at the same time. 

Smart hospitals are just one of many changes occurring across NHS trusts, as discrete HIT and HIoT digital systems are integrated and made interoperable by advanced new technology from Cisco, Cylera and others. But as these changes are implemented, we run the risk of gap being created between functional IT and secure IT unless cybersecurity is included from the outset. With a growing number of systems and discrete devices now 'connected' to hospital networks, patient safety and cybersecurity have become major areas of concern.

With warnings by the government to batten down the hatches across critical infrastructure industries like healthcare in the light of rising threat of cyber attack from Russia, keeping patients safe and health IT / IoT systems up and running will be a major challenge if we are to avoid another WannaCry.


My thanks also to a great audience which continued to ask questions off-stage well after our allotted time had gone and almost into the next session.

 

Should we be worried about state-sponsored cyber-attacks against hospitals?

Absolutely we should!


For the past decade and a half, the criminal underworld, Russian Mafia and other organized crime syndicates in the former Soviet Union have provided a constant reminder of both the fallibility of modern IT systems and the tenacious expertise of Russian hackers and their cyber-criminal community. In what now seems like background white noise, these highly organized perpetrators have executed a near constant campaign of cybertheft, cyber-extortion, and denial of service attacks. 

Attacks have included a long list of crippling ransomware campaigns that have disabled almost the entirety of national health systems like the Irish HSE and Irish Health System, to the near bankrupting of several large private US health systems, to causing small medical and dental practices to have to close up shop, all in the past year.  This has denied critical medical services to thousands of patients and contributed to increases in patient morbidity and mortality. Yes, Russian cyber criminals have killed innocent people, perhaps not directly or intentionally, but nevertheless their greed and lack of ethical restraint has caused great pain and suffering to thousands. But, the capabilities of these gangs pales into insignificance when compared to the resources and capabilities of nation states.

WannaCry which in 2017 crippled much of UK NHS as well as other providers of health services around the word was a (flawed) cyber weapon created by the DPRK to raise hard currency following international sanctions on Kim Jong Un’s autocratic hermit kingdom. The DPRK’s subsequent cyber weapons have been much less flawed, and have drained many cryptocurrency exchanges and large sums from the Bank of Bangladesh among a long list of other victims. With the exception of its attack against Sony Pictures, Lazarus Group and other DPRK cyber forces operate very similarly to any other criminal enterprise raising cash for the Kim family’s lavish living and to purchase rocket fuel for his pet ICBM and nuclear weapons programs.

Not Petya, a highly destructive wiperware which initially masqueraded itself as a fake ransomware attack, hit the world right on the heels of WannaCry and was quickly attributed to the Russian government, specifically the Sandworm hacking group within the GRU Russian military intelligence organization. Initially designed to target the Ukrainian MeDoc tax accounting application in a software supply chain attack, it quickly spread worldwide to any company and country doing business in Ukraine and took down many of the world’s largest companies including shipping company Maersk, FedEx, pharmaceutical giant Merck, and French firm Saint-Gobain. Each of these organizations spent hundreds of millions of dollars to restore data and systems that NotPetya had encrypted beyond repair. Not Petya destroyed tens of thousands of computer systems and resulted in losses in excess of $10bn USD globally. Already a pariah, the Russian state after this devastating attribution, became synonymous with cybercrime and cyberwarfare across the international community. In a major home goal, NotPetya ended up also wiping a large number of computer systems in Russia for organizations that also conduct business with Ukraine
 
Step forward a few years to 2022 and Russia is up to its old tricks again. A few hours before Russian tanks began rolling into Ukraine, Microsoft raised the alarm warning of a never-before-seen piece of “wiper” malware that appeared aimed at the country’s government ministries and financial institutions. ESET Research Labs, a Slovakia-based cybersecurity company, said it too had discovered a new ‘wiper’ while security experts at Symantec’s threat intelligence team said the malware had affected Ukrainian government contractors in Latvia and Lithuania and a financial institution in Ukraine. ESET has called the malware which renders computers inoperable by disabling rebooting, HermeticWiper, while Microsoft has named it'd discovery FoxBlade.

The trouble with any kind of cyber weapons, no matter how targeted they are, is that these weapons do not recognize national boundaries (just as Putin didn’t recognize Ukraine’s) and so are bound to get out into the global community of interconnected IT systems. Fortunately, and so far at least, the HermeticWiper malware does not appear to be self-propagating, whereas NotPetya was deliberately designed to spread laterally and stealthily. There are no doubt many other offensive cyber weapons being deployed against Ukraine and its allies this week as Putin escalates his attack.

But the real danger is not just in the powerful nation state weapons, but with the semi-professional hackers and organized crime syndicates. Russia has the world’s largest non-state criminal cyber infrastructure employing tens of thousands who are engaged full time in cybercrime, cybertheft, and cyber-extortion. Putin for various reasons has turned a blind eye to their criminal activities for decades allowing these groups to grow and prosper. These criminals are already using the smokescreen of conflict in Ukraine to launch fresh ransomware attacks against the west, and evidence suggests that Putin has recently instructed them to go all-out to help Mother Russia. Putin has organized a personal crusade of military kinetic and cyber offensive capabilities and paired this with an extensive criminal underground in an attempt to overwhelm the west.

On the other side, the call has gone out for Ukrainian cyber gangs to launch an all-out offensive against the institutions of the Russian Federation, and they have been joined by Anonymous and many other international hacktivists. If we are to believe the reports coming out of Russia, then many of the Kremlin’s public systems have been taken down by cyber-attacks. This tit-for-tat action risks serious escalation, and Russia which is widely acclaimed to have invented the concept of cyber-warfare during its two brutal wars against Chechen separatists, is sure to have some very powerful, very devastating cyber weapons in its war chest. Of course so too does the USA, UK, and many other countries. These weapons if ever launched would wreak devastation akin to a nuclear war and wipe out just about anything electronic. Given our reliance upon IT systems today, especially in hospitals this would not end well for patients, resulting in a significant rise in patient morbidity and mortality. The trouble for the west is, that these cyber weapons would cause far greater damage to advanced western institutions than to former Soviet ones in Russia, Belarus, Kazakhstan, and Chechnya supporting Putin where computerization is less prevelent.

We should be taking every precaution to patch all systems, ensuring the legitimacy of patches by examining hash values before deploying, by enforcing multi-factor authentication for all users, and by disconnecting and isolating systems which cannot be properly secured. Staff should be briefed on the need for heightened awareness and told to take extra precautions in their day-to-day activities. 
 
But first however, we need to fully understand what is connected to our networks and who is accessing our systems. In this day and age of heightened threats, we need to understand what is 'normal' so that abnormal or 'anomalous behavior' can be flagged and quickly isolated. The inconvenience of kicking a user off of a system and inconveniencing them, should be far less of a concern than the safety of a patient on life support being kept alive by a collection of connected medical devices.