DOCSLIB.ORG

Peak Cyber Is Coming Soon!!

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Peak Cyber Is Coming Soon!! WWW.ISSA - COS.ORG VOLUME 7 NUMBER 8 AUGUST 2018 Peak Cyber Is Coming Soon! ! olleagues, .gov e-mail address), Academia (with a .edu e-mail address), and ISSA Members. The Our Peak Cyber conference will be fee for industry is $250.00. If you’re not an C here very soon. The Colorado ISSA member, join now and you can attend Springs Chapter is once again for FREE! hosting the 8th Annual Peak Cyber - Cybersecurity Training & Technology Forum Keynote speakers include: (CSTTF). Peak Cyber - CSTTF is set to • COL Robert McVay, Deputy CIO, Missile convene from Wednesday August 22nd to Defense Agency Thursday, August 23rd, 2018 at the • Dr. Meyerrose, President, The DoubleTree by Hilton, Colorado Springs, MeyerRose Group Colorado. Peak Cyber is • Dr. Joseph Mitola III, designed to further Chief Technologist, educate Cybersecurity, ENSCO Aerospace Information Management, Sciences and Engineering Information Technology A Note From Division, Fellow of the and Communications IEEE Professionals by providing • Ron Ross, Fellow, a platform to explore some Our President Computer Security of today's most pressing Division, NIST cybersecurity threats, Aaron Shaha, Director of remediation strategies and Network Defense, Root9b best practices. By Ms. Colleen Murphy • Jeff Snyder, Day one, August 22nd, will consist of President, Jeff Snyder Cyber Recruiting three tracks with Subject Matter Expert & Coaching (SME) speaker sessions and panels. On day two, August 23rd, more SME speaker Training opportunities include: sessions, as well as several in-depth training Three-hour mini-boot camp for the workshops and boot camps will take place PenTest+ certification and the throughout the day. Peak Cyber Sessions Cybersecurity Analyst (CySA+) and the Training sessions and the evening certification. CompTIA staff and partners career networking/social are worth up to 16 will give a glimpse into the world of the CPE/CEU Credits. Attendance is FREE for modern pen tester and security analyst. Military/Government (all those with a .mil or Learn about the latest penetration testing (Continued on page 4) The ISSA Colorado Springs Newsletter incorporates open source news articles in compliance with USC Title 17, Section 107, Paragraph a (slightly truncated to avoid copyright infringement) as a training method to educate readers on security matters . The views expressed in articles obtained from public sources within this newsletter do not neces- sarily reflect those of ISSA, this Chapter or its leadership. Names, products, and services referenced within this document may be the trade names, trade- marks, or service marks of their respective owners. References to commercial vendors and their prod- ucts or services are provided strictly as a convenience to our members, and do not constitute or imply endorsement by ISSA or the Colorado Springs Chapter of ISSA of any entity, event, product, service, or enterprise. P A G E 2 Cyberwar: What happens when a nation-state cyber attack kills? By Danny Palmer, ZDNet, July 24, 2018 program back by years, and is believed to have been a joint cyber operation by the US and The increasing sophistication and power Israel. of state-backed cyber attacks has led some experts to fear that, sooner or However, Stuxnet was designed to be later, by design or by accident, limited in its impact: in the years since, those one of these incidents will result attacking industrial control systems are in somebody getting killed. becoming more reckless. This was demonstrated in December last year when It might sound far-fetched, hackers used malware to disrupt emergency but a former head of the UK's shutdown systems at a critical intelligence agency has already infrastructure firm in the Middle East. warned about the physical threat posed by cyber attacks and the Analysis of the Triton malware potential damage they could do. by researchers at security company FireEye suggests that the shutdown was "Nation-states are getting unintentional and that it was inadvertently more sophisticated and they're getting more caused while preparing the malware to do brazen. They're getting less worried about physical damage. being caught and being named -- and of course that's a feature of geopolitics," said The shutdown came as a result of a fail- Robert Hannigan, who served as director safe mechanism and no physical damage was general of GCHQ from 2014 to 2017. done -- but the unpredictable nature of the malware could have resulted in much worse. "The problem is the risk of miscalculation is huge," he said, speaking at a security "If the intent of the attacking group was to conference in London last month. "If you start make the plant explode, lives lost by cyber to tamper with industrial control systems, if attack could've happened," Jing Xie, senior you start to tamper with health systems and threat intelligence analyst at Venafi, told ZDNet. networks, it feels like it's only a matter of time "I have no doubt it's just a matter of time before somebody gets hurt and somebody is that someday cyber attacks will definitely cause ultimately killed." direct harm to people," she added. The mention of health systems is a So what happens when a cyber attack by reminder perhaps of last year's WannaCry one nation-state leads to loss of life inside ransomware outbreak, which crippled large another country? parts of the UK's National Health Service. “The current Thousands of appointments were cancelled, In 2014, NATO updated its policy so that a causing disruption and inconvenience for serious cyber attack could be covered by Article legal system patients around the country. 5, its collective defence clause. Legal experts have also made it clear that a serious digital which exists No critical systems were hit, but given the attack could be considered to be the equivalent around war isn't nature of WannaCry -- which the US, UK, and of an armed attack. But what would happen in others have blamed on North Korea -- that reality is still uncertain. necessary up to was likely due to luck rather than planning. "It's been a debate in policy circles for over date with this With attacks against hospitals, transport, a decade, if not longer: when does cyber type of power plants, or other critical national activity cross over into a domain which needs a problem.” infrastructure, attackers are playing a kinetic response from a military source?" said dangerous game -- but that hasn't stopped Jon Condra, director of Asia Pacific Research clandestine, targeted campaigns against at Flashpoint. infrastructure. Read the rest here: Perhaps the most famous example is Stuxnet, malware designed to damage https://www.zdnet.com/article/cyberwar-what- Iranian uranium centrifuges which was happens-when-a-nation-state-issued-cyber- uncovered in 2010. The destructive attack on attack-kills/ the industrial systems put Iran's nuclear ISSA - C O S N E W S V O L U M E 7 P A G E 3 Membership Update First, I would like to welcome our new members on behalf of New Members the Chapter! When you’re participating in Chapter activities, July please take a moment to introduce yourself to members of the Jonathan Sneed board, me, and other members. Don’t forget to identify yourself as a Michael Howard new member and feel free to ask for help or information. Thanks for joining the Chapter and don’t forget to look for opportunities to lend your Ty Medler expertise to improve the Chapter. We’re always open to new ideas and Robert Carson suggestions. Russ Sinkola Our membership is holding at ~470 members as of the end of July. As Steven Grogger you’re going about your daily activities, please take the time to engage your Thomas Boone colleagues, ask if they’re ISSA members, and if not take a couple of minutes Joel Kane to convince them of the value of becoming a member of our chapter. Word of Darrell Yakel mouth is our primary method of advertising. If you don’t take the time to tell Karen Perrin people of our organization, folks won’t know all the advantages we bring to Michael Clark their professional life. Renewals are also critical to maintaining our membership. If you are considering not renewing, please talk to me or one of the other board members to help us understand what we can do better to support our membership and retain you as active chapter members. We have the Peak Cyber (Cyber Security Technology and Training Forum) on 22 and 23 Aug. We also have lots of upcoming activities scheduled in the upcoming months—meetings, training and mini-seminars. Please watch the Newsletter, communications and eVites to ensure you stay aware of what’s going on in the chapter. As always, if you have any membership questions don’t hesitate to contact me. Thanks, David Reed Membership Committee Chairman [email protected] P A G E 4 (Continued from page 1) skills needed to determine a network’s resiliency against attacks and use security A Note From analyst skills to identify suspicious behavior. Register and attend for a chance to win one of two FREE PenTest+ or CySA+ exam vouchers. This session will help you increase your red team / blue team knowledge. There is no fee to attend this optional Our President program and attendees can earn 3 CEUs for attending the session. Phoenix TS Strategic Network Security Monitoring with Security Onion. This workshop will cover the collection of threat intelligence using Security Onion, a Linux distribution used for network security monitoring and intrusion detection. You will explore how analysis tools that comprise Security Onion like BRO, Snort, Kibana, Sguil, and more allow an administrator to efficiently work with network data. Whether you are very familiar with Network Security Monitoring or you are new to networking, this session will give you taste of the tools and data types used to detect unauthorized access or misuse of a network resources.
Load more

Recommended publications
  • Master Thesis
    GIVE ME (NEO)LIBERTY OR GIVE ME DEATH A CRITICAL READING OF THE EU’S EXTERNAL BORDER REGIME AS DERIVED FROM GREECE’S GOLDEN VISAS V. ASYLUM PROCEDURE by Dianna Kasen Ritchie S2148994 [email protected] MA Thesis In partial fulfilment of MA International Relations: Global Conflict in the Modern Era FEbruary ’18 intake FaCulty of HumanitiEs LEiden University Supervisor: John-HarmEn Valk, Ph.D. Second reader: Eugenio Cusumano, Ph.D. 30 August 2019 RQ: In what ways does the Comparison of GreECE’s Golden Visa program and asylum procEss in the contExt of neoliberalism shine neW light into the in/Exclusion ‘paradox’ of the liberal statE? ABSTRACT: This thesis sEEks to reCtify the paradox of liberal statE inclusion by assessing the impaCt of neoliberalism on the CritEria for statE inclusion, and thus the values that underpin Europeanness. This shall be done through a Comparative study of the poliCiEs and praxis in GreECE governing migrants on the tWo polar Ends of the socioeConomiC speCtrum: asylum sEEkers migrating Without statE authorisation v. investor migrants passing through so-CallEd ‘Golden Visa’ programmEs. The formEr group is ComprisEd of individuals forcEd to flEE to survive, yet unablE to migratE laWfully to a region Where they may apply for asylum due to an absEncE of safe, lEgal Channels. The lattEr, though they CErtainly may have non-EConomiC incEntives to migratE, ultimatEly purchasE statE inclusion as an assEt WhiCh suits their neEds. This Comparison juxtaposEs thE readiness of the statE to grant inclusion on humanitarian grounds against its willingness to grant inclusion as a function of the market.
    [Show full text]
  • Page 01 Aug 09.Indd
    ISO 9001:2008 CERTIFIED NEWSPAPER Friday 9 August 2013 2 Shawwal 1434 - Volume 18 Number 5786 Price: QR2 European Nadal stocks holds off rebound Janowicz Business | 15 Sport | 22 www.thepeninsulaqatar.com [email protected] | [email protected] Editorial: 4455 7741 | Advertising: 4455 7837 / 4455 7780 Three-day Eid Emir performs Eid prayers holiday not for many workers Extra payment under law also denied DOHA: Not many low-income companies,” said a Nepalese workers, particularly from the worker, giving only his first name constructions sector, get three as Ramesh. days off for Eid Al Fitr, as pro- An Arab national said he had vided for by the country’s labour been working with transportation law. companies for the past several Several workers, especially years and changing jobs. from smaller contracting compa- “Now, I work in Ras Laffan,” nies, said their past experiences he said, declining to identify him- suggested they would be working self for fear of reprisal from his The Emir H H Sheikh Tamim bin Hamad Al Thani and the Father Emir H H Sheikh Hamad bin Khalifa Al Thani performed Eid prayers at Al Wajbah on the second and third days of employers. prayer grounds yesterday. H H Sheikh Jassim bin Hamad Al Thani, H H Sheikh Abdullah bin Khalifa Al Thani and H H Sheikh Mohamed bin Khalifa Eid without being paid extra. About Eid holidays, he said Al Thani joined the prayers, along with several of their excellencies sheikhs, ministers and citizens. See also page 3 However, this year the second they depended from company to day of Eid being a Friday, many company.
    [Show full text]
  • Environmental and Energy Division Newsletter 7 Dec
    ENVIRONMENTAL AND ENERGY DIVISION NEWSLETTER 7 DEC. 2015 If you need older URLs contact George at [email protected]. Please Note: “This newsletter contains articles that offer differing points of view regarding climate change, energy and other environmental issues. Any opinions expressed in this publication are the responses of the editor alone and do not represent the positions of the Environmental and Energy Engineering Division or the ASME.” George Holliday A. ENVIRONMENT 1. WASHINGTON STATE JUDGE: CONSTITUTIONAL OBLIGATION TO ACT ON GLOBAL WARMING Guest essay by Eric Worrall A Washington State Judge has found in favor of petitioners demanding action on Climate Change. According to The Blaze; In what environmentalists are calling a “groundbreaking” ruling, a Washington state judge has ruled that state lawmakers have a “constitutional obligation” to the youth of the state to take action on… http://wattsupwiththat.com/2015/11/20/washington-state-judge-constitutional-obligation-to-act-on- global-warming/ 2. EXPOSING THE WELL FUNDED & MANUFACTURED CAMPAIGN OF BLAME ON THE ‘EXXON KNEW CLIMATE CHANGE WOULD BE DANGEROUS’ FIASCO New Disclosures Help Pull Back Curtain on Who’s Funding Manufactured Climate Investigation by Steve Everley energyindepth.org , Dallas, Tex. A letter reportedly being circulated among a handful of Democrats this week in the U.S. House of Representatives, calling for an investigation into energy companies’ opinions on climate change, references news reports that the letter’s authors… http://wattsupwiththat.com/2015/11/20/exposing-the-well-funded-manufactured-campaign-of-blame- on-the-exxon-knew-climate-change-would-be-dangerous-fiasco/ 3. TERRORISM AND A COLD WINTER REFUGEE CRISIS A brutal cold spell could kill refugees.
    [Show full text]
  • Is Selling Malware a Federal Crime?
    40737-nyu_93-5 Sheet No. 132 Side A 11/09/2018 11:36:55 \\jciprod01\productn\N\NYU\93-5\NYU507.txt unknown Seq: 1 7-NOV-18 17:04 IS SELLING MALWARE A FEDERAL CRIME? MARCELO TRIANA* Congress enacted the Computer Fraud and Abuse Act (CFAA) to impose criminal penalties for a variety of computer misuse offenses. One provision, 18 U.S.C. § 1030(a)(5)(A), criminalizes hacking and the use of malicious software (“malware”) by making it a crime to transmit code (i.e., malware) with “intent to cause damage.” Today, § 1030(a)(5)(A) fails to adequately police the black market for malware. The United States Department of Justice has recently used the statute to combat these markets by prosecuting hackers who sold malware. This Note argues that § 1030(a)(5)(A) is ill suited to combat the sale of malware for two rea- sons. First, certain types of malware do not fit under the CFAA’s definition of “damage.” Second, selling malware does not necessarily satisfy the statute’s “intent” element. Ultimately, the black market for malware needs to be policed, and Congress must amend the CFAA’s outdated elements to deal with the dangers of malware attacks on our increasingly connected society. INTRODUCTION ................................................. 1312 R I. THE EVOLUTION OF FEDERAL COMPUTER MISUSE CRIMES ADDRESSING MALWARE ....................... 1316 R A. Early Attempts to Address Cybercrime .............. 1316 R B. The Computer Fraud and Abuse Act (CFAA) ...... 1319 R 1. The Violent Crime Control and Law Enforcement Act of 1994........................ 1321 R 2. The National Information Infrastructure Protection Act of 1996 .........................
    [Show full text]
  • Understanding Accountability for Torture: the Domestic Enforcement of International Human Rights Treaties
    Understanding Accountability for Torture: The Domestic Enforcement of International Human Rights Treaties Prepared by Professor Deborah M. Weissman Christina Anderson Tyler Buckner Jessica Green Siya Hegde Beth Kapopoulos Rhian Mayhew Susanna Wagar UNC School of Law Human Rights Policy Lab 2016-2017 http://www.law.unc.edu/documents/academics/humanrights/understanding-accountability-for-torture.pdf TABLE OF CONTENTS INTRODUCTION .....................................................................................................................................1 CHAPTER ONE .........................................................................................................................................5 AN OVERVIEW OF INTERNATIONAL LAW AND THE IMPLEMENTATION OF HUMAN RIGHTS TREATIES .................................................................................................................................5 I. What is International Law? ....................................................................................................................................... 5 A. CUSTOMARY INTERNATIONAL LAW ................................................................................... 6 B. WHAT IS INTERNATIONAL TREATY LAW? ........................................................................... 8 C. WHAT IS AN INTERNATIONAL HUMAN RIGHTS TREATY? .................................................... 9 II. What Do International Human Rights Treaties Say? ..................................................................................
    [Show full text]
  • Interior Minister Under Fire Over Israeli Contract
    SUBSCRIPTION WEDNESDAY, AUGUST 14, 2013 SHAWWAL 7, 1434 AH www.kuwaittimes.net Bahrain activists Stosur, Venus to test demo ban advance to 2nd at US embassy7 round20 in Ohio Interior Minister under Max 48º fire over Israeli contract Min 28º High Tide 03:48 & 16:50 Lawmakers warn premier over electoral law Low Tide 10:48 & 22:44 40 PAGES NO: 15897 150 FILS By B Izzak KUWAIT: MP Faisal Al-Duwaisan said yesterday he would grill new Interior Minister Sheikh Mohammad Al-Khaled Al-Sabah if he does not terminate an alleged contract signed by the ministry with an Israeli company. Duwaisan had raised the issue in the previous National Assembly, alleging that the Interior Ministry has pur- chased a security system for the borders with Iraq from a Kuwaiti company which acquired it from a Canada- based firm that is a subsidiary of an Israeli company. Duwaisan had even filed a request to grill the former Interior Minister over the issue but the grilling was post- poned for several months by the National Assembly. The debate of the grilling was supposed to take place in the term starting in October but the Constitutional Court nullified the election process in a key ruling in June. The Interior Ministry has repeatedly denied the alle- gations and insisted that there have been no dealings with any Israeli company and the former Interior Minister said he was prepared to face the grilling. But Duwaisan renewed his allegations following last month’s general elections and yesterday he warned the new Interior Minister that if he did not scrap the contract he will file to question him.
    [Show full text]