TLP White: Semèn sa a, Hacking Healthcare gade anons US Cybersecurity and Infrastructure Security Agency ("CISA") anons yon nouvo estrateji pou pwoteje Endistriyèl Kontwòl Systems ("ICS") nan sektè enfrastrikti kritik kont cyberatack. Apre sa, nou dekonpoze rechèch menas ki sot pase yo ki montre jis ki jan byen vit baz done move konfigirasyon nan anviwònman nwaj yo ka jwenn ak eksplwate pa aktè move, men poukisa sa pa ta dwe dekouraje òganizasyon swen sante yo soti nan aplike yo. Anfen, nou gade yon pwojè ki te sipòte pa US National Science Foundation ("NSF") pou sekirize done pasyan ki gen rapò ak rechèch COVID-19 epi eksplore enplikasyon li yo.
Kòm yon rapèl, sa a se vèsyon an piblik nan Hacking Healthcare blog la. Pou plis analiz apwofondi ak opinyon, vin yon manm H-ISAC epi resevwa vèsyon TLP Amber nan blog sa a (ki disponib nan Portal Manm yo.)
Byenveni tounen nan Hacking Swen Sante.
1. CISA pran angajman pou nouvo estrateji sekirite ICS.
Semèn pase a, Direktè CISA a, Chris Krebs, te anonse yon nouvo estrateji pou pwoteje ICS nan sektè enfrastrikti enpòtan yo kont atak sibè.[1] Nouvo estrateji a mete aksan sou itilizasyon analiz done, bay fòmasyon amelyore, ak deplwaye nouvo solisyon teknolojik.[2] Krebs elabore lè li di, "Nou pral devlope kapasite done pwofon pou analize ak bay enfòmasyon kominote a ka itilize pou deranje chèn touye ICS la."[3] Anons sa a te fèt pandan yon reyinyon vityèl ICS Joint Working Group ("ICSJWG"), ki se yon efò piblik-prive, kolaborasyon, pataje enfòmasyon ki santre sou sekirite ak diminye risk pou ICS.[4]
Sa a se pa sèlman dènye devlopman sou ICS cybersecurity ki soti nan CISA. Sa gen yon ti kras mwens pase yon mwa, CISA, Depatman Enèji ("DOE"), ak National Cyber Security Center ("NCSC") UK a te pibliye yon dokiman ansanm ki rele Pratik Cybersecurity Rekòmande pou Sistèm Kontwòl Endistriyèl yo.[5] Enfo-grafik de paj la dekri yon fason pwòp epi konsèkte divès kalite konsiderasyon, risk, enpak, ak etap pwoaktif pou pwopriyetè ak operatè ICS pou amelyore preparasyon pou sibèsekirite yo.
Pou moun ki pa abitye ak ICS, li se yon tèm laj ki kouvri yon seri de sistèm kontwòl ki anjeneral yo jwenn nan sektè endistriyèl ak enfrastrikti kritik. Jan Enstiti Nasyonal Estanda ak Teknoloji Ameriken an ("NIST") fè remake, "Sistèm kontwòl sa yo enpòtan anpil pou operasyon enfrastrikti enpòtan Etazini yo ki souvan trè konekte ak sistèm depandan mityèlman."[6] Nan sektè swen sante a, ICS ka jwenn nan divès kalite manifakti, pwodui chimik ak pwosesis pharmaceutique.
Analiz & Aksyon
* Manm H-ISAC obligatwa *
2. Ki jan rapidman yo konpwomèt baz done ki mal konfiguré?
Li pa estraòdinè pou w wè nouvèl sou chèchè sekirite yo ki jwenn baz done ki pa gen sekirite plen ak enfòmasyon pèsonèl oswa biznis sansib. Souvan, li ka pran jou oswa semèn pou chèchè yo kontakte pwopriyetè yon baz done ki pa an sekirite yo nan lòd yo an sekirite li. Pandan ke pi fò nan tan sa yo baz done san sekirite yo se yon pwodwi nan move konfigirasyon aksidan, jis konbyen vit yo ta ka konpwomèt pa aktè move si yo pa gen sekirite? Kòm li vire soti, trè vit, dapre rechèch ki soti nan Comparitech.
Soti 11 me rive 22 me, Comparitech te konstwi yon baz done enbesil sou yon sèvè nwaj epi kite li san sekirite. Comparitech te enterese nan chèche konnen egzakteman konbyen tan ou ta ka gen pou ranje yon bagay tankou yon erè konfigirasyon anvan done sansib yo te gen anpil chans wè, vòlè, oswa modifye.[7] Malgre imansite Entènèt la, ak potansyèl pou yon baz done relativman nondescript dwe pase sou, Comparitech rapòte ke premye demann lan san otorizasyon te vini sèlman 8 èdtan ak 35 minit apre baz done a fo te deplwaye.[8]
Pandan 11 jou kap vini yo, Comparitech te anrejistre 175 demann san otorizasyon ki soti nan adrès IP nan plizyè peyi tankou Etazini, Woumani, Lachin ak Netherlands.[9] Li enpòtan pou remake ke baz done a pa te okòmansman endis sou motè rechèch popilè tankou Shodan jouk 16 la.th nan Me. Lè yo te endèks, baz done a te resevwa premye nan dosye yon sèl jou a nan 22 demann san otorizasyon nan 1 minit apre yo te nan lis la.[10] Anplis de sa, yon semèn apre rechèch la te konkli, baz done a te atake, kontni li yo te efase, epi yo te kite yon mesaj ranson.
Aksyon & Analiz
* Manm H-ISAC obligatwa *
3. Zouti Fon NSF pou ede pwoteje done pasyan yo itilize pou rechèch.
Nan sikonstans nòmal, apwòch vijilan sektè swen sante a pou pwoteje done pasyan yo ka irite moun ki santi ke vi prive san nesesite ak pwoteksyon sekirite anpeche kapasite yo pou fè rechèch medikal. Nan yon epòk kote tout moun vle montre pouvwa transfòmasyon gwo done, resous cloud computing, ak entèoperabilite, tansyon egziste ant divès moun ki gen enterè ki enplike nan pwosesis rechèch la sou fason pou asire ke done pasyan yo trete ak konfidansyalite ak sekirite yo. mande. Tansyon sa a te ogmante pandan yon pandemi mondyal kote fè done yo plis disponib pou rechèch oswa pou pataje kapab potansyèlman bay pwogrè enpòtan nan konpreyansyon nou sou COVID-19.
Nan yon tantativ pou adrese yon pati nan pwoblèm sa a, NSF te akòde $200,000 nan sibvansyon finansman bay syantis òdinatè nan University of Texas nan Dallas ak Vanderbilt University Medical Center.[11] Objektif la se kreye "yon zouti lojisyèl sous louvri pou ede moun k ap fè politik yo ak founisè swen sante yo pran [desizyon konsènan kantite enfòmasyon founisè sante yo ka divilge bay chèchè san yo pa vyole vi prive pasyan yo]."[12] Ekip konbine Inivèsite Texas ak Vanderbilt la ap "[konsantre] sou risk yo idantifye yon moun lè done pasyan yo pibliye pou rezon rechèch," epi li fè efò pou yo pi konplè nan karakteristik yo evalye yo pase sa yo ki egzamine anba ki egziste deja. zouti.[13]
Aksyon & Analiz
* Manm H-ISAC obligatwa *
Kongrè a -
Madi, jen 16th:
– Pa gen odyans ki enpòtan
Mèkredi 17 jen:
– Sena – Komite Sante, Edikasyon, Travay, ak Pansyon: Odyans pou egzamine telesante, ki konsantre sou leson yo aprann nan pandemi COVID-19 la.
Jedi, Jen 18th:
– Sena – Komite Relasyon Etranjè: Odyans pou egzamine COVID-19 ak preparasyon, prevansyon, ak repons pou pandemi entènasyonal yo.
– House – Komite Seleksyon Pèmanan sou Entèlijans: Odyans sou tandans kap parèt nan operasyon Enfliyans Etranje sou Entènèt: Medya Sosyal, COVID-19, ak Sekirite Eleksyon
Entènasyonal Odyans/Reyinyon -
– Pa gen odyans ki enpòtan
INYON EWOPEYEN -
Konferans, webinars, ak somè -
— Tès pratik ak ratrapaj pozisyon pou yon mendèv elwaye pa Safebreach – Webinar (6/16/2020)
https://h-isac.org/hisacevents/safebreach-navi-webinar/
–Ki jan atak Otantifikasyon menase anviwònman swen sante ou pa Qomplx – Webinar (6/17/2020)
https://h-isac.org/hisacevents/authentication-attacks-qomplx/
–Tab wonn CISO – Tan san parèy pa Forescout – Webinar (6/18/2020)
https://h-isac.org/hisacevents/ciso-roundtable-unprecedented-times-forescout/
– Risk Insider: Balanse Teknoloji, Konpòtman ak Done pa Booz Allen Hamilton – webinar (6/23/2020)
— Sekirize Menas IoT nan Swen Sante pa Palo Alto Networks – Webinar (6/24/2020)
https://h-isac.org/hisacevents/palo-alto-networks-navigator-webinar/
— GRF Summit Digital Series – Egzèsis ultim nan preparasyon pou repons pou ensidan an: Èske w pare? – Webinar (6/25/2020)
Brèf chak mwa H-ISAC sou menas pou manm – Webinar (6/30/2020)
https://h-isac.org/hisacevents/h-isac-monthly-member-threat-briefing-9/
–Foròm Sibèsekirite Swen Sante – Mid-Atlantic – Philadelphia, PA (7/17/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426497
–Foròm Sibèsekirite Swen Sante – Rocky Mountain – Denver, CO (7/20/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426499
–H-ISAC Virtual Security Workshop – Virtuel (7/29/2020)
https://h-isac.org/hisacevents/nz-virtual-workshop/
–Foròm Sibèsekirite Swen Sante – Sidès – Nashville, TN (9/9/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/426517
–Foròm Sibèsekirite Swen Sante – Nòdès – Boston, MA (9/22/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/427126
–H-ISAC Cyber Threat Intel Training – Titusville, FL (9/22/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-titusville-fl/
–H-ISAC Sekirite Atelye – Forchheim, Almay
https://h-isac.org/hisacevents/h-isac-security-workshop-forchheim-germany/
–Somè sou Sekirite ak Risk Twazyèm Pati – National Harbor, MD (9/28/2020-9/30/2020)
GRF Summit sou Sekirite ak Risk Twazyèm Pati Seri Digital
–Foròm Sibèsekirite Swen Sante – Texas – Houston, TX (10/8/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/428840
–CYSEC 2020 – Dibrovnik, Kwoasi (10/27/2020 – 10/28/2020)
https://h-isac.org/hisacevents/cysec-2020-croatia/
–H-ISAC Sekirite Atelye – Mounds View, MN (10/27/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-buffalo-ny/
–Foròm Sibèsekirite Swen Sante – Nòdwès Pasifik – Seattle, WA (10/28/2020)
https://endeavor.swoogo.com/2020_healthcare_innovation_cybersecurity_forums/428886
–Atelye Sekirite H-ISAC – Seattle, WA – (10/29/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-seattle-wa-2/
–Foròm Sibèsekirite Swen Sante – Kalifòni – Los Angeles, CA (11/12/2020)
– Atelye Sekirite H-ISAC – Pari, Frans (11/18/2020)
https://h-isac.org/hisacevents/h-isac-security-workshop-paris-france/
Divers -
-Piye kle kripto nan ultrasecure SGX voye Intel brouillage ankò
–Hackers vyole A1 Telekom, pi gwo ISP Otrich la
https://www.zdnet.com/article/hackers-breached-a1-telekom-austrias-largest-isp/
– "Dezòd" rezo òdinatè fòse Honda anile kèk pwodiksyon
https://www.cyberscoop.com/honda-ransomware-snake-ekans/
Kontakte nou: swiv @HealthISAC, epi voye yon imèl nan contact@h-isac.org
[1] https://www.cyberscoop.com/dhs-cisa-industrial-control-system-security-strategy/
[2] https://www.cyberscoop.com/dhs-cisa-industrial-control-system-security-strategy/
[3] https://www.cyberscoop.com/dhs-cisa-industrial-control-system-security-strategy/
[4] https://www.us-cert.gov/ics/Industrial-Control-Systems-Joint-Working-Group-ICSJWG
[5]https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
[6] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-82r2.pdf
[7] https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/
[8] https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/
[9] https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/
[10] https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/
[11] https://www.healthcareitnews.com/news/nsf-funds-software-safeguard-patient-data-during-covid-19-research
[12] https://www.utdallas.edu/news/science-technology/patient-privacy-covid-19-2020/
[13] https://www.utdallas.edu/news/science-technology/patient-privacy-covid-19-2020/
- Resous ki gen rapò ak nouvèl