UK launches National Protective Security Authority

The UK has established a new intelligence agency called the National Protective Security Authority (NPSA) to ‘help businesses and organisations defend themselves against national security threats‘.

The new agency operates as part of MI5 and has absorbed the responsibilities of the Centre for the Protection of National Infrastructure, but with a broader remit. NPSA will work together with the National Cyber Security Centre (NCSC) and UK National Authority for Counter Eavesdropping (UK NACE) to build resilience to national security threats.

Overall, the agency will work to ‘provide expert advice, research, and development to support countering terrorism, countering state threats, and protecting the public’. Goals include protecting UK’s critical infrastructure, as well as the country’s economy and its science and technological advantage.

NATO defence ministers discuss critical undersea infrastructure protection

NATO Defence Ministers met in Brussels on 14–15 February 2023 to discuss to how “to strengthen the Alliance’s deterrence and defence”. One topic on the meeting’s agenda was related to modalities to improve the protection of critical undersea infrastructure.

Following the meeting, NATO’s Secretary General Jens Stoltenberg announced the establishment of a Critical Undersea Infrastructure Coordination Cell at the NATO headquarters, which will ‘facilitate engagement with industry and bring key military and civilian stakeholders together’.

NoName057(16) hacktivist group found to target Czech presidential elections

NoName057(16), a hacktivist group described as pro-Russian, is reportedly targeting websites of candidates in the 2023 Czech presidential elections. According to SentinelLabs, the action is part of a distributed-denial-of-service (DDoS) attacks campaign that the group has been conducting against government organisations and critical infrastructures in Ukraine and NATO member states since the start of the war in Ukraine. Some of the most recent targets are said to include Denmark’s financial sector and organisations and businesses in Poland and Lithuania.

The organisation allegedly carried out these attacks utilising open Telegram channels, a DDoS payment program run by volunteers, a multi-OS supported toolkit, and GitHub.

Upcoming US national strategy to call for more regulations

The Biden administration is reportedly pushing for a US national cybersecurity strategy that calls for more cybersecurity regulations, including in relation to the US critical infrastructure. The strategy, expected to be signed in the coming weeks, would require that regulations are developed by consulting industry actors as a means to ensure that the rules advance security without being unworkable or unduly burdensome. As Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies argues, ‘the strategy reflects the hard lessons we’ve learned from SolarWinds to Colonial Pipeline — that our supply chain and our critical infrastructures are under duress,’ and the key part will be translating all of this into action.

Iran prevents cyberattack on central bank

Iran’s Infrastructure Communications Company announced on 6 January 2023 that it had prevented a cyberattack on the country’s central bank. Amir Mohammadzadeh Lajevardi, head of the company, was quoted by local media as saying that the bank was targeted by a distributed denial of service (DDoS) attack. In October, Anonymous and other global hacking groups threatened to launch cyberattacks against Iranian institutions and officials in support of anti-government protests and to thwart internet censorship in Iran.

Callisto group hackers targeted three US nuclear research labs, according to Reuters

A report by Reuters indicates that Russian hackers affiliated with the Callisto (Cold River) group targeted three US nuclear research laboratories during the summer of 2022.

The hacking team targeted the Brookhaven, Argonne, and Lawrence Livermore National Laboratories, created fake login pages for each lab, and then emailed scientists with the intent of stealing their passwords.

Reuters did not determine why the three labs were targeted or if the attempted intrusions were successful. Neither of the three labs responded to requests for comments.

New Agenda ransomware variant targeting critical infrastructure

A new variant of the Agenda ransomware, a ransomware targeting healthcare and education entities, has been identified. Agenda uses the practice of partial or intermittent encryption and configures parameters that are used to determine the percentage of the file content to be encrypted. The new variant is also able to disable user account control – which otherwise could help mitigate the impact of malware by requiring administrative access to launch a program or a task.

US government launches Digital Transformation with Africa initiative

The US government has launched a Digital Transformation with Africa (DTA) initiative dedicated to ‘expand[ing] digital access and literacy and strengthen[ing] digital enabling environments across the continent’. The USA plans to dedicate over US$350 million to this initiative, which is expected to support the implementation of both the African Union’s Digital Transformation Strategy and the US Strategy Towards Sub-Saharan Africa. DTA’s objectives revolve around three pillars:

  1. Digital economy and infrastructure: (a) expanding access to an open, interoperable, reliable, and secure internet; (b) expanding access to key enabling digital technologies, platforms, and services and scale the African technology and innovation ecosystem; (c) facilitating investment, trade, and partnerships in Africa’s digital economy.
  2. Human capital development: (a) facilitating inclusive access to digital skills and literacy, particularly for youth and women; (b) fostering inclusive participation in the digital economy; (c) strengthening the capacity of public sector employees to deliver digital services.
  3. Digital enabling environment: (a) strengthening the capacities of authorities and regulators to develop, implement, and enforce sound policies and regulations; (b) supporting policies and regulations that promote competition, innovation, and investment; (c) promoting governance that strengthens and sustains an open, interoperable, reliable, and secure digital ecosystem.

Microsoft’s Cyber Signals report highlights a rise in cyber risks to critical infrastructure

The third edition of Cyber Signals, a yearly report which highlights security trends and insights from Microsoft’s 8,500 security experts and 43 trillion daily security signals, was recently launched. In this edition, experts present new information on broader threats to critical infrastructure posed by converging information technologies, the Internet of Things (IoT), and operational technology (OT) systems. 

Some of the report’s highlights include:

  • Unpatched, high-security vulnerabilities identified in 75% of the most common industrial controllers in customer OT networks.
  • Over one million connected devices publicly visible on the internet running Boa, an outdated and unsupported software widely used in IoT devices and software development kits.
  • An 78% increase in disclosures of high-severity vulnerabilities from 2020 to 2022 in industrial control equipment produced by popular vendors.