Skip Navigation

Critical Infrastructure News

LYON, France: An operation coordinated by INTERPOL codenamed HAECHI-II saw police arrest more than 1,000 individuals and intercept a total of nearly USD 27 million of illicit funds, underlining the global threat of cyber-enabled financial crime.

Taking place over four months from June to September 2021, Operation HAECHI-II brought together specialized police units from 20 countries, as well as from Hong Kong and Macao, to target specific types of online fraud, such as romance scams, investment fraud and money laundering associated with illegal online gambling.

In total, the operation resulted in the arrest of 1,003 individuals and allowed investigators to close 1,660 cases. In addition 2,350 bank accounts linked to the illicit proceeds of online financial crime were blocked. More than 50 INTERPOL notices were published based on information relating to Operation HAECHI-II and 10 new criminal modus operandi were identified.

Read more: Interpol

Risk management for the EU railways drives the attention of a new report by the European Union Agency for Cybersecurity.

The purpose of the report is to provide European RUs and IMs with applicable methods and practical examples on how to assess and mitigate cyber risks.

The good practices presented are based on feedback from railway stakeholders. They include tools, such as assets and services list, cyber threat scenarios and applicable cybersecurity measures, based on the standards and good practices used in the sector. These resources can be used as a basis for cyber risk management for railway companies. They are therefore intended to be a reference point and to promote collaboration between railway stakeholders across the EU while raising awareness on relevant threats.

The study released today builds on the ENISA Report - Railway Cybersecurity - Security measures produced in November 2020 on cybersecurity in the railway sector. This previous report assessed the level of implementation of cybersecurity measures in the sector.

ENISA and ERA organized a virtual Conference on Rail Cybersecurity on March 2021. The conference took place virtually over two days and brought together more than 600 experts from railway organizations, policy, industry, research, standardization and certification. One of the top topics voted by participants was cyber risk management for railways, and this motivated this study.

The European Union Agency for Cybersecurity supports the development of cybersecurity capabilities of the railway sector by:

  • Issuing guidance and recommendation papers together with the community;
  • Organizing physical and virtual events;
  • Participating in discussions with the Railway community on regulatory matters;
  • Validating activities through dedicated expert group in transport security (TRANSSEC;
  • Contributing to standardization activities.

Read the full report here.

As the holiday travel season commences, Attorney General Merrick B. Garland today directed U.S. Attorneys to prioritize prosecution of federal crimes occurring on commercial aircraft that endanger the safety of passengers, flight crews and flight attendants. Federal law prohibits assaults, intimidation and threats of violence that interfere with flight crews and flight attendants, as well as other enumerated criminal acts that occur during flight.

“Passengers who assault, intimidate or threaten violence against flight crews and flight attendants do more than harm those employees; they prevent the performance of critical duties that help ensure safe air travel,” said Attorney General Garland. “Similarly, when passengers commit violent acts against other passengers in the close confines of a commercial aircraft, the conduct endangers everyone aboard.”

The memorandum also highlights an information-sharing protocol between the Federal Aviation Administration (FAA) and the Justice Department, which helps ensure the department is notified about criminal conduct occurring on commercial aircraft. The protocol has already resulted in the referral of dozens of incidents by the FAA to the FBI for investigation.

“The Department of Justice is committed to using its resources to do its part to prevent violence, intimidation, threats of violence and other criminal behavior that endangers the safety of passengers, flight crews and flight attendants on commercial aircraft,” said Attorney General Garland.

Source: HSToday

Read more: Justice Department

On Dec. 19, 2018, over 100,000 holiday travelers at London’s Gatwick Airport found themselves stranded as 1,000 flights were canceled and aircraft were grounded for three days. The airport closure resulted in millions of dollars in lost revenue to the airport and airlines, as well as almost $500,000 in costs to police. The cause of the chaos? A drone incursion. Over the course of three days, numerous drone sightings were reported across the airport complex, including over a perimeter fence and by the runway. There was a peculiar cadence to these reports; as sightings were reported, the airport shut down the runway to prevent a potential collision. Once the runway was closed, there would be a lull. When the airport was about to reopen the runway, more drone sightings would be reported. This pattern repeated several times. It became increasingly apparent that this may have been the work of someone who knew the airport’s operational procedures, accessed or intercepted its communications systems, and knew how to work around them.[1] Almost three years later, the operator is still at large.

Prior to the Gatwick incident, drones were largely viewed as a benign technology. After all, how much damage could a store-bought quadcopter inflict? Over the past few years, the realities of the impact that drones can have on security has expanded as the technology’s capabilities have advanced. With each generation, drones are becoming more intelligent, compact, foldable, lighter, faster, and able to fly longer and carry heavier payloads. For these reasons, drones have become a valuable addition to critical infrastructure owners, state and local entities, and recreational operators. Critical infrastructure owners are increasingly relying on commercial drones to reduce risk to employees and improve operational efficiency. Likewise, municipalities are leveraging drones to support security, response, and recovery operations. Hobbyist usage of drones has also risen significantly, with over three million drones sold in the United States to date.

Despite these numerous benefits, the Gatwick incident placed an international spotlight on a new reality: the nefarious or careless use of drones poses a significant threat to public safety and national security. The drone threat is a particularly complex advancement due to its cyber-physical nature. A drone is a physical device with cyber capabilities – and consequences.

When analyzing the drone threat environment, it is important to identify the threat actors. The Cybersecurity and Infrastructure Security Agency (CISA) organizes the drone threat environment into three groups of threat actors: the careless and clueless recreational drone user; intentional operators and activists; and terrorists and paramilitary users. Based on CISA’s analysis of drone incident reporting, careless and clueless users represent the most prominent threat actors in the United States. These users generally operate commercial off‐the‐shelf (COTS) multirotor platforms and, as their name suggests, may commit witting or unwitting violations of the national airspace. Among other areas, intentional and activist users are suspected to operate across international borders and prisons. These users also operate COTS drones, but modify them to carry/drop payloads, such as drugs, money, cell phones, and weapons. As with most threats, terrorists and paramilitary users typically have greater resources, more advanced tactics, and intent to harm. Unlike the previous two groups, these users operate customized fixed-wing drones that are larger, faster, longer-range, and can avoid detection through autopilot. Drones are particularly attractive to this user group because they present a low-cost, high-yield method for sending a political message, conducting a standoff attack, or circumventing ground-based force protection measures.

Read more: HSToday

Insider IT threats continue to plague enterprises. An Egress survey found that 94% of organizations experienced an insider data breach last year. Sometimes insider IT security breaches are intentional and malicious, but other times they are accidental. All it takes is one employee to make a simple mistake or to be unaware of security best practices for them to become an unintentional threat. However, intentional or not, the consequences to an organization are often similarly deleterious. This article will break down examples of insider risks that could pose a threat to organizational data and provide best practices for mitigation, with a focus on an under-the-radar honeypot for would-be insider threats: printing and scanning.

Unintentional Breaches

Unintentional security breaches are often the result of simple negligence, inattention or lack of education. Administrator and operator errors are easy, common mistakes to make — and printing, scanning, fax and copying processes are no exception. For example, an employee could accidentally share an email with the incorrect person, giving the recipient access to potentially sensitive data in the process. Or, if a device is not secured, an employee could click on a link sent by a bad actor, putting the entire organization at risk of malware and other types of attacks. Another negligent potential data breach includes leaving a document in a printer or scanning tray. This poses a threat because it opens the door for anyone walking by to remove the document from the device and access the information.

Access to private data can be controlled by physically securing your copy, scan or fax devices and implementing user permissions. For instance, pull printing, which is essentially a two-step verification process, can greatly reduce the threat of data loss. With pull printing capabilities, the print job remains unprinted on the device until the user authenticates their identity at the machine, ensuring that they are right there when their document prints and are able to pick it up immediately. This authentication can be done with NFC-enabled printers using ID cards, physically or through a mobile app. An employee can simply hold their ID badge near a reader and the machine can be pre-programmed to print or scan documents into a records system before sharing them.

While including features like user access controls and pull printing help avert unintentional security breaches, one of the best ways to counter accidental data breaches caused by uninformed employees is to ensure that they’re informed. According to a study conducted by the Ponemon Institute, employees remain a top security risk for organizations. This problem is only intensified as more employees continue to work remotely. To avoid these types of breaches, companies must invest in employee education. This could take any number of forms, from something as simple as regular reminders to bigger investments like training and accreditation.

Intentional breaches

As mentioned above, in a time where many workers are likely to work remotely or in some sort of a hybrid arrangement where working on documents outside of a centralized location is the norm, there is an associated risk of exposure to unauthorized access or dissemination. Home devices do not meet the necessary security capabilities from both a technology and process standpoint. Print and scan devices with Wi-Fi connectivity and hard drives have become hubs for document workflow management and can expose organizations to unnecessary risk.

In addition to permissioned access, Knowledge Management (KM) automation can ensure redaction for sensitive data, which can help lower the risk of a data breach if documents are lost or stolen. Analytics and activity tracking done through automation allows an enterprise to pick out anomalies. If something does happen, it becomes an easier job to pinpoint what happened, who it was and where it occurred. Furthermore, KM also allows for a thorough audit of data access.

An under-the-radar risk for would-be insider threats within the office is data from past print jobs remaining on the printer’s hard drive. To prevent this type of physical data breach, companies should ensure that their printer hard drives have the proper security measures in place or are erased after the machine is no longer in use. Alternatively, organizations can choose devices without hard drives to eliminate the risk altogether.

Whether intentional or not, enterprises must protect themselves from breaches with appropriate security measures. The above are just a few examples of risks that employees or others can perpetrate with access to a company’s physical and cyber infrastructure. This list is by no means exhaustive, so enterprises must continue to be vigilant and stay up-to-date on IT security best practices to protect themselves from data loss. Good cyber hygiene is a must for every organization, inside and out. 

Source: Security Mag