Category Archives: Industry Jobs Oil Economics

After Ukraine, DHS Warns Domestic Utility Companies

Posted on by

Feds advise utilities to pull plug on Internet after Ukraine attack

WashingtonExaminer: The Department of Homeland Security advised electric utilities Thursday that they may need to stop using the Internet altogether, after the agency found that a cyberattack that brought down Ukraine’s power grid in December could have been far more devastating than reported.

The Dec. 23 cyberattack forced U.S. regulators to place utilities on alert after unknown attackers caused thousands of Ukrainian residents to lose power for hours by installing malicious software, or malware, on utility computers. But the Department of Homeland Security said Thursday that the attack may have been directed at more than just the country’s electricity sector, suggesting the attackers were looking to cause more harm than was reported.

In response, federal investigators are recommending that U.S. utilities and other industries “take defensive measures.” To start with, they need to best practices “to minimize the risk from similar malicious cyber activity,” according to an investigative report issued Thursday by Homeland Security’s Industrial Control Systems Cyber Emergency Response Team.

But the team is also recommending more drastic action, such as keep control-system computers away from the Internet.

“Organizations should isolate [industrial control system] networks from any untrusted networks, especially the Internet,” the report says. “All unused ports should be locked down and all unused services turned off. If a defined business requirement or control function exists, only allow real-time connectivity to external networks. If one-way communication can accomplish a task, use optical separation.”

The findings show that the power outages were caused by three attacks using cyberintrusion software to attack electric power distribution companies, affecting about 225,000 customers. It also reveals that once power was restored, the utilities continued “to run under constrained operations,” implying that the damage to grid control systems was profound.

The team also learned that “three other organizations, some from other critical infrastructure sectors, were also intruded upon but did not experience operational impacts.” That suggests the attackers were going after more than just the power grid, and may have been planning a much more economy-wide attack. The team does not disclose what other sectors of the country were targeted.

The team said the attack was well-planned, “probably following extensive reconnaissance of the victim networks,” the report says. “According to company personnel, the cyberattacks at each company occurred within 30 minutes of each other and impacted multiple central and regional facilities.”

The attackers were attempting to make the damage permanent. The report says the attackers installed “KillDisk” malware onto company computers that would erase data necessary to reboot operations after a cyberattack.

There is also a mystery to the attackers’ actions.

“Each company also reported that they had been infected with BlackEnergy malware; however, we do not know whether the malware played a role in the cyberattacks,” the report says. The malware was delivered using an email embedded hacking technique known as “spear phishing” that contained a number of malicious Microsoft Office attachments.

“It is suspected that BlackEnergy may have been used as an initial access vector to acquire legitimate credentials; however, this information is still being evaluated,” the team says.

The investigation was done with Ukraine authorities and involved the FBI, Department of Energy and the North American Electric Reliability Corporation.

*** 

New research is shining a light on the ongoing evolution of the BlackEnergy malware, which has been spotted recently targeting government institutions in the Ukraine.

Security researchers at ESET and F-Secure each have dived into the malware’s evolution. BlackEnergy was first identified several years ago. Originally a DDoS Trojan, it has since morphed into “a sophisticated piece of malware with a modular architecture, making it a suitable tool for sending spam and for online bank fraud,” blogged ESET’s Robert Lipovsky.

“The targeted attacks recently discovered are proof that the Trojan is still alive and kicking in 2014,” wrote Lipovsky, a malware researcher at ESET.

ESET has nicknamed the BlackEnergy modifications first spotted at the beginning of the year ‘BlackEnergyLite’ due to the lack of a kernel-mode driver component. It also featured less support for plug-ins and a lighter overall footprint.

“The omission of the kernel mode driver may appear as a step back in terms of malware complexity: however it is a growing trend in the malware landscape nowadays,” he blogged. “The threats that were among the highest-ranked malware in terms of technical sophistication (e.g., rootkits and bootkits, such as Rustock, Olmarik/TDL4, Rovnix, and others) a few years back are no longer as common.”

The malware variants ESET has tracked in 2014 – both of BlackEnergy and of BlackEnergy Lite – have been used in targeted attacks. This was underscored by the presence of plugins meant for network discovery, remote code execution and data collection, Lipovsky noted.

“We have observed over a hundred individual victims of these campaigns during our monitoring of the botnets,” he blogged. “Approximately half of these victims are situated in Ukraine and half in Poland, and include a number of state organizations, various businesses, as well as targets which we were unable to identify. The spreading campaigns that we have observed have used either technical infection methods through exploitation of software vulnerabilities, social engineering through spear-phishing emails and decoy documents, or a combination of both.”

In a whitepaper, researchers at F-Secure noted that in the summer of 2014, the firm saw samples of BlackEnergy targeting Ukrainian government organizations for the purposes of stealing information. These samples were nicknamed BlackEnergy 3 by F-Secure and identified as the work of a group the company refers to as “Quedagh.” According to F-Secure, the group is suspected to have been involved in cyber-attacks launched against Georgia during that country’s conflict with Russia in 2008.

“The Quedagh-related customizations to the BlackEnergy malware include support for proxy servers and use of techniques to bypass User Account Control and driver signing features in 64-bit Windows systems,” according to the F-Secure whitepaper. “While monitoring BlackEnergy samples, we also uncovered a new variant used by this group. We named this new variant BlackEnergy 3.”

Only Quedagh is believed to be using BlackEnergy 3, and it is not available for sale on the open market, noted Sean Sullivan, security advisor at F-Secure.

“The name [of the group] is based on a ship taken by Captain Kidd, an infamous privateer,” he said. “It is our working theory that the group has previous crimeware experience. Its goals appear to be political but they operate like a crimeware gang. There have been several cases this year of which BlackEnergy is the latest. The trend is one of off-the-shelf malware being used in an APT [advanced persistent threat] kind of way. The tech isn’t currently worthy of being called APT, but its evolving and scaling in that direction.”

Within a month of Windows 8.1’s release, the group added support for 64-bit systems. They also used a technique to bypass the driver-signing requirement on 64-bit Windows systems.

In the case of BlackEnergy 3, the malware will only attempt to infect a system if the current user is a member of the local administration group. If not, it will re-launch itself as Administrator on Vista. This will trigger a User Account Control (UAC) prompt. However, on Windows 7 and later, the malware will look to bypass the default UAC settings.  

“The use of BlackEnergy for a politically-oriented attack is an intriguing convergence of criminal activity and espionage,” F-Secure notes in the paper. “As the kit is being used by multiple groups, it provides a greater measure of plausible deniability than is afforded by a custom-made piece of code.”

In 2014 from the Department of Interior and DHS:

Summary: Investigation of NPS-GCNP SCADA SYSTEM

Report Date: August 7, 2014

OIG investigated allegations that the Supervisory Control and Data Acquisition (SCADA) system at Grand Canyon National Park (Park) may be obsolete and prone to failure. In addition, it was alleged only one Park employee controlled the system, increasing the potential for the system to fail or become unusable.

The SCADA system is a private utilities network that monitors and controls critical infrastructure elements at the Park. Failure of the system could pose a health and safety risk to millions of Park visitors. Due to potential risks that system failure posed, we consulted with the U.S. Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) and asked that they assess the overall architecture and cybersecurity of the Park’s SCADA system.

ICS-CERT conducted an onsite review and issued a report outlining the weaknesses it found at the Park’s SCADA system, including obsolete hardware and software, inadequate system documentation and policies, insufficient logging and data retention. We provided a copy of ICS-CERT’s assessment report to the National Park Service for review and action.

 

 

Genocide Label for ISIS? Kerry Unsure

Posted on by

What happened to Bashir al Assad and the genocide happening to Syrians?

Kerry weighs ‘genocide’ label for Islamic State

Secretary of State John Kerry signaled today that he plans to decide soon whether to formally accuse the Islamic State of genocide amid what sources describe as an intense debate within the Obama administration about how such a declaration should be worded and what it might mean for U.S. strategy against the terrorist group.

“None of us have ever seen anything like it in our lifetimes,” Kerry said during a House subcommittee hearing Wednesday about beheadings and atrocities committed by the Islamic State.

But in response to questioning by Rep. Jeff Fortenberry, a Nebraska Republican who has been spearheading a resolution in Congress demanding the administration invoke an international treaty against genocide, Kerry was careful not to tip his hand on what has turned into a thorny internal legal debate with political and potentially military consequences.

Saying the department was reviewing “very carefully the legal standards and precedents” for a declaration of genocide against the Islamic State, Kerry added that he had received “initial recommendations” on the issue but had then asked for “further evaluations.”

In his first public comments on the issue, Kerry said he “will make a decision on this” as soon as he receives those evaluations. He didn’t elaborate on when that might occur.

The administration’s plans to invoke the powerfully evocative genocide label — an extremely rare move — was first reported by Yahoo News last November. But at the time, the State Department was focused on restricting the designation to the Islamic State’s mass killings, beheadings and enslavement of the Yazidis — a relatively small minority group of about 500,000 in northern Iraq that the terrorist group has vowed to wipe out on the grounds they are “devil worshipers.”

The disclosure set off a strong backlash among members of Congress and Christian groups who argued that Islamic State atrocities against Iraqi and Syrian Christians and other smaller minority groups also deserved the genocide label. Some conservatives even chastised the administration for displaying a “politically correct bias that views Christians … never as victims but always as Inquisition-style oppressors.”

The issue has since made its way into the presidential campaign; Sen. Marco Rubio has signed a Senate version of a House resolution, co-sponsored by Fortenberry and Rep. Anna Eshoo, for a broader genocide designation that incorporates Christians, Turkmen, Kurds and other groups. Hillary Clinton has also endorsed such as move. In response to a question from a voter at a New Hampshire town hall last December about whether she believes Christians as well as Yazidis should be declared victims of genocide, she said, “I will, because we now have enough evidence.”

A Iraqi Yazidi woman and her children took refuge at the Bajid Kandala camp in Dohuk, Iraq, after fleeing Islamic State jihadists. (Photo: Ahmad Al-Rubaye/AFP)

But administration sources and others intimately familiar with the internal debate say the issue has proven more complicated. While ISIS has openly declared its intention of destroying the Yazidis, they argue, the terrorist group’s leaders have not made equally explicit statements about Christians even while committing killings, kidnappings, forced removals and the confiscation and destruction of churches aimed at Christian groups. As a result, administration officials and State Department lawyers have weighed labeling those acts “crimes against humanity” — a step that critics have said doesn’t go far enough. “We’ve been trying to tell them, crimes against humanity are not a bronze medal,” said one administration official, contending that it should not be viewed as a less serious designation.

Kerry seemed to hint as much in his responses to Fortenberry at Wednesday’s hearing, noting that Christians in Syria “and other places” have been forcibly removed from their homes. “There have been increased, forced evacuations,” he said. “No, its not — they are killing them in that case — but it’s a removal and a cleansing, ethnically and religiously, that is equally disturbing.”

At the same time, two sources familiar with the debate said, Pentagon officials have expressed concerns that a genocide designation would morally obligate the U.S. military to take steps — such as protecting endangered populations or using drones to identify enslaved women — that could divert resources from the campaign to defeat the Islamic State. (An administration official told Yahoo News Wednesday that any such concerns have not been raised in “interagency” discussions over the genocide issue. “There is no resource issue,” the official said.)

In fact, many legal scholars say, there is considerable debate about just what practical impact a genocide designation would have. It would be made under a loosely worded 1948 international treaty that compels signatory nations, including the United States, “to prevent and to punish” the “odious scourge” of genocide defined as acts “committed with intent to destroy, in whole or in part, a national, ethnical (sic), racial or religious group.” As documented by Samantha Power, now the U.S. ambassador to the United Nations, in her 2002 book, “A Problem from Hell,” President Clinton’s Secretary of State Warren Christopher, resisted labeling the mass murder of the Tutsis in Rwanda in 1994 as genocide for fear, as one State Department memo put it at the time, “it could commit [the U.S. government] to actually do something.”

But 10 years later, Secretary of State Colin Powell declared the killings of non-Arab people in Darfur to be genocide — the first time the U.S. invoked such a declaration during an ongoing conflict. But he did so only after receiving a secret State Department memo concluding the designation “has no immediate legal — as opposed to moral, political or policy consequences for the United States.”

Administration officials have argued they are already taking extraordinary steps to protect threatened minorities in Iraq, pointing to, for example, the 2014 evacuation of Yazidis from Mount Sinjar — and that a genocide designation wouldn’t change that. White House press secretary Josh Earnest said as much when he was pressed on the issue during a recent White House briefing during which he said a genocide designation is “an open question that continues to be considered by administration lawyers.”

“The decision to apply this term to this situation is an important one,” Earnest said during a Feb. 4 briefing. “It has significant consequences, and it matters for a whole variety of reasons, both legal and moral. But it doesn’t change our response. And the fact is that this administration has been aggressive, even though that term has not been applied, in trying to protect religious minorities who are victims or potential victims of violence.”

Undocumented Teachers in Your Child’s Classroom

Posted on by

So, no U.S. citizens with teaching certificates? Perhaps the mission is to lower payroll costs and meet quotas? Or join unions and teach selected history…

Is there a state left that can define what citizenship is? Is there a state that is protecting ‘the pursuit of happiness’? Apparently teaching, a noble profession, or at least used to be is no longer noble.

For reference, Tashfeen Malik, the female San Bernardino killer could have been a teacher in your child’s classroom, she came into the United States under false documents…no documents? What is the difference?

NY to let undocumented workers become teachers

ALBANY — Undocumented immigrants in New York will be able to apply for teacher certifications and professional licenses, according to the state Board of Regents.

The board that oversees education policies in New York voted Wednesday to allow people who can’t get legal residency because of their parents’ immigration status to seek teacher certifications. They also will be able to apply for a license from among the 53 professions overseen by the state Education Department, including a variety of medical professions.

“These are young people who came to the U.S. as children,” state Education Commissioner MaryEllen Elia said in a statement. “They are American in every way but immigration status. They’ve done everything right.  They’ve worked hard in school, some have even served in the military, but when it’s time to apply for a license, they’re told ‘Stop. That’s far enough.’ We shouldn’t close the door on their dreams.”

The Board of Regents pointed to a June 2012 policy by the Obama administration called the Deferred Action for Childhood Arrivals that allows individuals who came to the U.S. as children and meet certain guidelines to request consideration of “deferred immigration action” for two years that can be renewed.

The federal policy, the board said, applies to young people who usually get their immigration status from their parents, many of whom are undocumented.

“As a result, most of these individuals have no current mechanism to obtain legal residency, even if they have lived most of their lives in the U.S.” the Board of Regents said in a statement.

But people in the system are prohibited from obtaining teaching certification and licenses in certain professions, the board said, including pharmacy, dentistry and engineering.

The regulation by the Board of Regents will be finalized after a public-comment period.

Sen. Terrence Murphy, R-Yorktown, Westchester County, ripped the policy.

“Allowing lawbreakers to teach, or practice medicine, says a lot about how backwards our priorities truly are in New York,” Murphy said in a statement. “This is another example of why rule-making by unelected bureaucrats is what is ruining New York state. Will they next unilaterally enact free college tuition for illegal immigrants?”

He said New York doesn’t allow a military spouse with an equivalent license in another state to teach in New York, so “Elia should be focusing on reciprocity and interstate licensure for those who have earned it, instead of doing further harm to our already broken immigration system and rewarding lawbreakers.”

Gov. Andrew Cuomo said he has yet to review the new education policy to determine its legality.

“It depends on how they write the policy, as to whether or not it’s legal and constitutional, and I haven’t seen anything,” Cuomo said when asked about the policy by reporters Thursday in Albany.

Democratic lawmakers praised the action. Democrats have been pushing for the Dream Act in New York, which would allow immigrants in the country illegally to access state financial aid for college. Republicans have opposed the measure.

“This is a tremendous win for New York’s students,” Assembly Speaker Carl Heastie, D-Bronx, said in a statement. “The Assembly majority has always led the charge to expand opportunities for every student, and we have championed issues like the DREAM Act and greater investment in higher education to show our commitment to all of the families who have made New York their home.”

 

216heppcd1

DHS: 12 Years, $180 Million, Not Close to Complete

Posted on by

Same personnel as those that did the Obamacare website? Is there a single agency that works?

DHS excoriated for mismanaged HR IT system

An ambitious program begun by the Department of Homeland Security in 2003 to consolidate all of its component agencies’ HR systems, from payroll to timesheets and beyond, isn’t near completion after more than 12 years of work. Many in Congress are not pleased.

A Government Accountability Office study on the DHS HRIT investment released for a Feb. 25 House Homeland Security Oversight and Management Efficiency subcommittee hearing said 400 of the agency’s human capital systems that were to have been consolidated under the program are unaccounted for.  The program has cost millions, GAO found, but DHS did not keep track of exact costs.

Carol Cha, GAO’s director of IT acquisition management issues, testified at the hearing that the HRIT has been on her agency’s list of high-risk IT projects for some time.

“That’s breathtaking,” said subcommittee Chairman Scott Perry (R-Pa.). More than a dozen years and $180 million later, he said, DHS is “no closer” to completing the project than it was in 2003.  The exact cost to date, said Perry,  because of the inadequate record-keeping.

“This is a poster child of inept management,” he said, declaring the lack of cost tracking “reprehensible, unacceptable.”

DHS, Rep. Bonnie Watson Coleman (D-N.J) said, “has shown a tremendous lack of commitment” to the project.

Later in the hearing, Perry’s irritation with DHS’ handling of the sprawling project flared again and again. “For the love of God Mr. Fulghum, [the money] has been pissed away,” he snarled at Chip Fulghum, DHS’ deputy undersecretary for management.

Fulghum was in the hot seat to defend the agency’s work on the project. “We don’t care if it’s hard to do,” Perry said, later adding, “you’re the heavies, get it done.”

 

Although Fulghum said DHS agreed with the GAO’s 14 recommendations to address HRIT’s poor progress and ineffective management, he pointed to the agency’s work on the consolidated performance management and learning system called PALMS as evidence that DHS can execute on enterprise-wide IT consolidation. He said the agency’s component agencies are close to signing off on PALMS’ use.

Fulghum also said DHS is working aggressively to strengthen the program’s oversight and direction. He said the agency had also appointed Angela Bailey as chief human capital officer a few months ago to coordinate the project.

Bailey, who also testified at the hearing, assured the panel that her agency has stepped up oversight meetings with an executive review councils and boards to spur progress. “Clearly we have work to do,” she said.

Amid the admonitions from the congressional panel, Rep. Cedric Richmond (D-La.) threw something of a life preserver to Fulghum in the middle of the hearing, asking the DHS executive if the agency has considered shared services to handle some of the HR functions that HRIT would do.

Richmond noted that the Agriculture Department’s National Finance Center provides payroll and other financial management services, as well as human resources management services. “At the end of the day, we just want things to work,” said Richmond, whose Louisiana district is home to the NFC. “You should talk to the director of the National Finance Center. They say they can solve the problem.”

Fulghum said he supported shared services and that “we’re absolutely interested” in exploring such opportunities.

At the end of the hearing, Flughum pledged to spur progress on the program in the coming months. He said the oversight panel would receive a concrete plan by early May that contains hard deadlines and a blueprint for moving ahead.

European Union: 10 Days to Collapse, $1.4 Trillion Euros

Posted on by

EU has 10 days to see progress on migrant crisis or Schengen unravels: EU commissioner

BRUSSELS (Reuters) – European Union has 10 more days to see significantly lower inflows of migrants and refugees from Turkey “or else there is risk the whole system will completely break down”, EU Migration Commissioner Dimitris Avramopoulos said on Thursday.

Avramopoulos was speaking after the bloc’s justice and home affairs ministers met in Brussels on Thursday in an effort to put a European solution to the crisis in place. A growing number of EU states are resorting to unilateral border tightening, unraveling the continent’s free-travel Schengen zone.

The study estimated that under a worst case scenario, in which the reintroduction of controls at EU borders pushed import prices up three percent, the costs to the bloc’s largest economy Germany could be as much as 235 billion euros between 2016 and 2025, and those to France up to 244 billion.

At a minimum, with import prices rising one percent, the study showed that a breakdown of Schengen would cost the EU roughly 470 billion euros over the next decade.

The cost would climb to 1.4 trillion euros, or roughly 10 percent of annual gross domestic product (GDP) in the 28-member EU bloc, under the more dire scenario.

“If border controls are reinstated within Europe, already weak growth will come under additional pressure,” said Aart De Geus, president of Bertelsmann.

Schengen was established over 30 years ago and now counts 26 members, 22 of which are EU members. But the system of passport-free travel has come under severe pressure over the past half year due to a flood of migrants entering Europe, mainly from the Middle East and Africa.

To stem the tide and to ensure they have an overview of who is entering their territory, many countries within Schengen have reintroduced border controls in recent months, leading to fears the whole system could collapse.

Underscoring the urgency of the issue, Germany’s Interior Minister Thomas de Maiziere told public broadcaster ARD on Sunday that EU member states, which have been squabbling for months over how to tackle the migrant crisis, must agree a common approach within two weeks if they wanted to avoid such a fate.

In addition to being a devastating symbolic setback for Europe, a collapse of Schengen would increase the amount of time it takes for goods to be transported across European borders, raising costs for companies and consumers.

The Bertelsmann study, conducted by Prognos AG, estimated that the minimum costs to Germany and France would be 77 billion euros and 80.5 billion euros, respectively, over the period to 2025.

A collapse of Schengen would also increase costs for countries outside the zone, with the combined burden on the United States and China over the next decade estimated at between 91 billion and 280 billion euros, according to the study.

More here.

*** EU’s migration system close to ‘complete breakdown’

EuroNews: The EU’s migration system is on the point of complete breakdown, according to a top European Commission official.

Dimitris Avramopoulos, the European Commissioner for migration, issued the stark warning after a meeting between EU interior ministers on Thursday.

inRead invented by Teads

“In the next ten days, we need tangible and clear results on the ground, otherwise there is a danger, there is a risk that the whole system will completely break down. There is no time for uncoordinated actions,” he told reporters in Brussels.

A number of EU countries have introduced border checks amid disagreements over how to best handle the huge influx of refugees and migrants into Europe.

Austria irked some EU officials by calling a mini summit with Western Balkan nations – without inviting Greece or Germany

The Austrian government has also set a daily cap on how migrants per day are allowed to enter the country, ignoring a warning from European Commission lawyers

“We have to recover our ability to act – and that will only be possible when the European external border is protected,” said Johanna Mikl-Leitner, the Austrian interior minister.

“If Greece stresses over and over again that it is not possible to protect the Greek border…we have to ask the question if it’s possible that the external border of the Schengen area stays in Greece.”

The Schengen area is a passport-free travel zone including 26 countries, of which 22 are EU member states.

But the migration crisis, which saw more than a million people reach Europe last year, has left some observers to question whether the whole system may be at risk.

The influx of migrants has exposed divisions between EU governments, which are trading accusations of blame and resulting beggar-thy-neighbour policies to tighten border controls.

Belgium became the seventh Schengen member on Wednesday to introduce border checks as it became clear that a court in Lille would order the partial demolition of the infamous Calais ‘Jungle’ refugee camp.