WWW.ISSA - COS.ORG VOLUME 7 NUMBER 8 AUGUST 2018 Peak Cyber Is Coming Soon! ! olleagues, .gov e-mail address), Academia (with a .edu e-mail address), and ISSA Members. The Our Peak Cyber conference will be fee for industry is $250.00. If you’re not an C here very soon. The Colorado ISSA member, join now and you can attend Springs Chapter is once again for FREE! hosting the 8th Annual Peak Cyber - Cybersecurity Training & Technology Forum Keynote speakers include: (CSTTF). Peak Cyber - CSTTF is set to • COL Robert McVay, Deputy CIO, Missile convene from Wednesday August 22nd to Defense Agency Thursday, August 23rd, 2018 at the • Dr. Meyerrose, President, The DoubleTree by Hilton, Colorado Springs, MeyerRose Group Colorado. Peak Cyber is • Dr. Joseph Mitola III, designed to further Chief Technologist, educate Cybersecurity, ENSCO Aerospace Information Management, Sciences and Engineering Information Technology A Note From Division, Fellow of the and Communications IEEE Professionals by providing • Ron Ross, Fellow, a platform to explore some Our President Computer Security of today's most pressing Division, NIST cybersecurity threats, Aaron Shaha, Director of remediation strategies and Network Defense, Root9b best practices. By Ms. Colleen Murphy • Jeff Snyder, Day one, August 22nd, will consist of President, Jeff Snyder Cyber Recruiting three tracks with Subject Matter Expert & Coaching (SME) speaker sessions and panels. On day two, August 23rd, more SME speaker Training opportunities include: sessions, as well as several in-depth training Three-hour mini-boot camp for the workshops and boot camps will take place PenTest+ certification and the throughout the day. Peak Cyber Sessions Cybersecurity Analyst (CySA+) and the Training sessions and the evening certification. CompTIA staff and partners career networking/social are worth up to 16 will give a glimpse into the world of the CPE/CEU Credits. Attendance is FREE for modern pen tester and security analyst. Military/Government (all those with a .mil or Learn about the latest penetration testing (Continued on page 4) The ISSA Colorado Springs Newsletter incorporates open source news articles in compliance with USC Title 17, Section 107, Paragraph a (slightly truncated to avoid copyright infringement) as a training method to educate readers on security matters . The views expressed in articles obtained from public sources within this newsletter do not neces- sarily reflect those of ISSA, this Chapter or its leadership. Names, products, and services referenced within this document may be the trade names, trade- marks, or service marks of their respective owners. References to commercial vendors and their prod- ucts or services are provided strictly as a convenience to our members, and do not constitute or imply endorsement by ISSA or the Colorado Springs Chapter of ISSA of any entity, event, product, service, or enterprise. P A G E 2 Cyberwar: What happens when a nation-state cyber attack kills? By Danny Palmer, ZDNet, July 24, 2018 program back by years, and is believed to have been a joint cyber operation by the US and The increasing sophistication and power Israel. of state-backed cyber attacks has led some experts to fear that, sooner or However, Stuxnet was designed to be later, by design or by accident, limited in its impact: in the years since, those one of these incidents will result attacking industrial control systems are in somebody getting killed. becoming more reckless. This was demonstrated in December last year when It might sound far-fetched, hackers used malware to disrupt emergency but a former head of the UK's shutdown systems at a critical intelligence agency has already infrastructure firm in the Middle East. warned about the physical threat posed by cyber attacks and the Analysis of the Triton malware potential damage they could do. by researchers at security company FireEye suggests that the shutdown was "Nation-states are getting unintentional and that it was inadvertently more sophisticated and they're getting more caused while preparing the malware to do brazen. They're getting less worried about physical damage. being caught and being named -- and of course that's a feature of geopolitics," said The shutdown came as a result of a fail- Robert Hannigan, who served as director safe mechanism and no physical damage was general of GCHQ from 2014 to 2017. done -- but the unpredictable nature of the malware could have resulted in much worse. "The problem is the risk of miscalculation is huge," he said, speaking at a security "If the intent of the attacking group was to conference in London last month. "If you start make the plant explode, lives lost by cyber to tamper with industrial control systems, if attack could've happened," Jing Xie, senior you start to tamper with health systems and threat intelligence analyst at Venafi, told ZDNet. networks, it feels like it's only a matter of time "I have no doubt it's just a matter of time before somebody gets hurt and somebody is that someday cyber attacks will definitely cause ultimately killed." direct harm to people," she added. The mention of health systems is a So what happens when a cyber attack by reminder perhaps of last year's WannaCry one nation-state leads to loss of life inside ransomware outbreak, which crippled large another country? parts of the UK's National Health Service. “The current Thousands of appointments were cancelled, In 2014, NATO updated its policy so that a causing disruption and inconvenience for serious cyber attack could be covered by Article legal system patients around the country. 5, its collective defence clause. Legal experts have also made it clear that a serious digital which exists No critical systems were hit, but given the attack could be considered to be the equivalent around war isn't nature of WannaCry -- which the US, UK, and of an armed attack. But what would happen in others have blamed on North Korea -- that reality is still uncertain. necessary up to was likely due to luck rather than planning. "It's been a debate in policy circles for over date with this With attacks against hospitals, transport, a decade, if not longer: when does cyber type of power plants, or other critical national activity cross over into a domain which needs a problem.” infrastructure, attackers are playing a kinetic response from a military source?" said dangerous game -- but that hasn't stopped Jon Condra, director of Asia Pacific Research clandestine, targeted campaigns against at Flashpoint. infrastructure. Read the rest here: Perhaps the most famous example is Stuxnet, malware designed to damage https://www.zdnet.com/article/cyberwar-what- Iranian uranium centrifuges which was happens-when-a-nation-state-issued-cyber- uncovered in 2010. The destructive attack on attack-kills/ the industrial systems put Iran's nuclear ISSA - C O S N E W S V O L U M E 7 P A G E 3 Membership Update First, I would like to welcome our new members on behalf of New Members the Chapter! When you’re participating in Chapter activities, July please take a moment to introduce yourself to members of the Jonathan Sneed board, me, and other members. Don’t forget to identify yourself as a Michael Howard new member and feel free to ask for help or information. Thanks for joining the Chapter and don’t forget to look for opportunities to lend your Ty Medler expertise to improve the Chapter. We’re always open to new ideas and Robert Carson suggestions. Russ Sinkola Our membership is holding at ~470 members as of the end of July. As Steven Grogger you’re going about your daily activities, please take the time to engage your Thomas Boone colleagues, ask if they’re ISSA members, and if not take a couple of minutes Joel Kane to convince them of the value of becoming a member of our chapter. Word of Darrell Yakel mouth is our primary method of advertising. If you don’t take the time to tell Karen Perrin people of our organization, folks won’t know all the advantages we bring to Michael Clark their professional life. Renewals are also critical to maintaining our membership. If you are considering not renewing, please talk to me or one of the other board members to help us understand what we can do better to support our membership and retain you as active chapter members. We have the Peak Cyber (Cyber Security Technology and Training Forum) on 22 and 23 Aug. We also have lots of upcoming activities scheduled in the upcoming months—meetings, training and mini-seminars. Please watch the Newsletter, communications and eVites to ensure you stay aware of what’s going on in the chapter. As always, if you have any membership questions don’t hesitate to contact me. Thanks, David Reed Membership Committee Chairman [email protected] P A G E 4 (Continued from page 1) skills needed to determine a network’s resiliency against attacks and use security A Note From analyst skills to identify suspicious behavior. Register and attend for a chance to win one of two FREE PenTest+ or CySA+ exam vouchers. This session will help you increase your red team / blue team knowledge. There is no fee to attend this optional Our President program and attendees can earn 3 CEUs for attending the session. Phoenix TS Strategic Network Security Monitoring with Security Onion. This workshop will cover the collection of threat intelligence using Security Onion, a Linux distribution used for network security monitoring and intrusion detection. You will explore how analysis tools that comprise Security Onion like BRO, Snort, Kibana, Sguil, and more allow an administrator to efficiently work with network data. Whether you are very familiar with Network Security Monitoring or you are new to networking, this session will give you taste of the tools and data types used to detect unauthorized access or misuse of a network resources.