Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

President Biden’s Executive Order to Bolster Cybersecurity “A Great Start.”  Following the ransomware attack against Colonial Pipeline, which shut down an estimated 45% of fuel delivery to the East Coast, President Biden signed an executive order on Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government. The New York Times reports: “For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. Although the companies would have to “self-certify,” violators would be removed from federal procurement lists, which could kill their chances of selling their products on the commercial market.” The article quotes Amit Yoran, Chief Executive of Tenable and a former cybersecurity official in the Department of Homeland Security, as saying the big question is whether the executive order could stop the next Colonial Pipeline or SolarWinds attacks. Yoran said: “No one policy, government initiative or technology can do that. But this is a great start.”

Bringing Market Forces and Power of the Purse to Increase Security. CSO Online reporting on President Biden’s executive order, quotes Michael Hamilton, the former Vice Chair for the Department of Homeland Security Coordinating Council, and Chief Information Security Officer of incident response firm CI Security, as saying many sections in the order are “extremely straightforward and just make all the sense in the world.” Hamilton especially praised the way the executive order uses financial leverage: “The federal government, because they spend so much money, can do whatever they please in terms of creating requirements for products and vendors, who, if they want the gig, are going to have to step up. That’s why this is different. This is purely using economic means, market forces, the power of the purse, competitive differentiation to get what you want in cybersecurity, instead of ‘here’s all the requirements you’re going to have to meet.'”

Vulnerabilities in America’s Energy Grid “An Existential Threat.” CNET carries an article on how the Colonial Pipeline attack, following February’s winter storm in Texas reveal deep vulnerabilities in the U.S. energy infrastructure—making it susceptible to both natural and criminal events. The article quotes Joe Weiss, Managing Partner of Applied Control Solutions, a Cupertino, California, consultancy focused on automation systems. Addressing the criminal risks, Weiss says the crux of the issue is that infrastructure control equipment was designed to do specific things: “run a motor, open a valve, run an assembly line. … The concept that anybody would maliciously want to do something just wasn’t there.” The article notes Weiss has documented over 1,300 incidents of electrical system power failure caused by cyberattacks going back several decades. Weiss said the vulnerabilities in America’s energy grid are “an existential threat. … This is a problem that’s 30 to 40 years in the making. This can take you back to the 1850s. And we are not addressing what needs to be done, we can’t keep ignoring it — the bad guys [certainly] aren’t.”

Did Someone Hack the Hackers? That’s the question that comes to mind with the Krebs on Security headline “DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized.” The article reads, in part, “The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.” The article includes quotes attributed to DarkSide claiming its funds were “withdrawn to an unknown address.”

“Possibly the Most Significant Cybercrime Attack on the Irish State.”  That’s how an Irish government minister described the ransomware attack against the Irish Health Service, according to an article in The Irish Times, which reports the government has asserted that the bitcoin ransom won’t be paid. The Guardian reports: “Several hospitals canceled outpatient visits or urged patients with appointments not to attend. The Rotunda, a Dublin maternity hospital, said it was experiencing a ‘critical emergency’ and canceled all outpatients visits except for women who were more than 35 weeks pregnant. The oncology department at Cork University Hospital was reportedly paralyzed. The child and family agency Tusla said its IT systems, including email, internal systems and the portal through which child protection referrals are made, were not working.”

“Ransomware’s New Swindle: Triple Extortion.” Threatpost carries that headline about findings in Check Point’s latest ransomware report that bad actors have demanded ransom from a breached organization’s partners and customers to not expose their data. The article reads: “Researchers said the first case of triple extortion they observed in the wild was in October, when a Finnish psychotherapy clinic was breached. Even after the clinic paid the ransom, the attackers threatened patients of the clinic with releasing their therapy session notes unless they too paid up.” The article notes that the Check Point report found “Healthcare organizations are most likely to be attacked by ransomware groups and globally the sector is on the receiving end of an average of 109 attempts every week, followed by utilities and the legal and insurance sectors.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. He is a member of the Florida Police Chiefs Association, and advises law enforcement agencies on cyber security. Pownall serves on several boards and committees and has a strong affiliation with various arts and education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He’s served as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.