November 2, 2017
U.S. Ports Lack Key Cyber Tools – United States
U.S. seaports are missing two crucial things when it comes to cybersecurity: constructive information-sharing with private companies at risk for attack and a robust network to handle it. That's what the executive director of the Port of Los Angeles, Eugene D. Seroka, said during his testimony before the House Homeland Committee Monday at a field hearing held in San Pedro, Calif., the site of the busy Port of Los Angeles. "[We need] the ability to formally bring in private sector interests…share best practices, alert other partners of vulnerabilities, and have a systematic way of processing that information through expertise and the movement of data. That would be the number one ask," Seroka said when asked what the government should be investing in right now for port security. The second thing, Seroka said, is funds to expand the Port of Los Angeles cybersecurity center fiber ring so it can "envelop the ports' entity in its whole" 7,500 acres of facilities and act as "another firewall to those private sector entities that are facing commerce every day and potential threats." In theory, the private entities could also access the fiber ring to enhance information sharing.
North Korea Hacked Daewoo Shipbuilding and Took Warship Blueprints – North Korea and South Korea
South Korea has alleged that North Korea hacked its Daewoo Shipbuilding & Marine Engineering Co Ltd and stole warship blueprints and unspecified submarines in April 2016. The investigative team hasn’t revealed whether the hacked data was sensitive and classified in nature. On October 31, Kyung Dae-soo of the main opposition Liberty Korea Party told Reuters “we are almost 100 percent certain that North Korean hackers were behind the hacking and stole the company’s sensitive documents.” South Korean newspaper Dong-A Ilbo reported “About 60 classified military documents were among the 40,000 hacked from the world’s biggest shipbuilder. The leaked documents contained information on construction technology, blueprints, weapons systems, and evaluations of the ships and submarines.” A division under South Korea’s Ministry of Defense that monitors cybercrime-related activities uncovered the hacking incident after receiving a briefing about the investigation. Meanwhile, Daewoo Shipbuilding is verifying the details of Kyung’s remarks. Recently, North Korean hackers carried out a cyber attack in Taiwan and targeted the global SWIFT messaging system. Earlier this month, South Korean lawmaker Rhee Cheol Hee had alleged that North Korean hackers had broken into the South’s military network in September 2016, which contained a vast cache of highly classified military documents and sensitive data.
New York Water System Audit Finds Cyberattack Risks – New York, United States
An audit by New York state found that the water and wastewater systems in the city of Glen Falls may be vulnerable to cyber attacks. “City officials were faulted for not requiring more complex passwords and mandating that they be changed every 90 days. They also were using software that is no longer updated and did not stay current on new security threats, according to a report from the state Comptroller’s Office,” the Glen Falls Post-Star reported. The audit occurred as part of a random review of municipalities. Among the problems cited in the audit, which reviewed practices between 2015 and 2017: Employees are not trained on cybersecurity issues and computers connected to water and wastewater networks are used for personal reasons, according to the report. “In addition, the audit faulted the city for not adopting a policy that prohibits its information technology and wastewater vendors from disclosing city system information on the internet or to prospective clients. Auditors were able to search the internet for system details, which left the city vulnerable to potential attackers,” the report said. Mayor Jack Diamond said the city responded with a draft plan for addressing the issue. Officials said the city has already scheduled new training to address some of the issues.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, as well as regular intelligence and risk updates and news, click here to subscribe!