Regulatory Growth as of July 2017

Last month, Compliance & Risks* published its quarterly regulatory growth charts for July 2017.   The overall growth in the number of regulations in the past 15 years has climbed from just over 2,000 to just under 16,000.  This constitutes a total increase of over 700%!

Regulatory Growth by Subject

The first chart depicts regulatory growth by subject, including Batteries, Climate Change, Packaging, Product Safety, Energy, Waste, and Substances.  Results show the highest number of regulations in the area of Substances, at just over 6,000, with regulations concerning Batteries having the lowest count, at approximately 1,000. 

Regulatory Growth by Region

The second chart depicts regulatory growth by region, including International Organizations; Latin America with the Caribbean; Asia Pacific; the United States and Canada; and Europe, the Middle East, and Africa, with Central Asia (EMEA).  Results show the highest growth in Latin America with the Caribbean, and the EMEA regions, at approximately 500% each!  Asia Pacific regulations have climbed approximately 300% over the past 15 years, and the United States and Canada have multiplied regulations by approximately 340%!

Recent RoHS regulatory additions that impact Information Technology are Taiwan RoHS (already in force for certain products), Singapore RoHS (already in force for certain products), and UAE (United Arab Emirates) RoHS, which has its first enforcement date on January 1, 2018, for certain products. 

Over the past few years, we have seen additional legislative changes and new legislation in various regions, including the following:

  • Mercury ban in Canada;
  • China RoHS 2;
  • The G mark in the Gulf Cooperation Council and Yemen;
  • Changes from C-Tick and A-Tick in Australia to RCM;
  • Change from GOST-R in the Russian Federation to EAC in the Eurasian Customs Union;
  • K-Reach in Korea;
  • Changes in the European Union’s directives and standards in the areas of Low Voltage and EMC;
  • Numerous additions to the European Union’s Substances of Very High Concern list (REACH).

FoxGuard tracks pending new legislation, as well as upcoming changes to existing legislation, and works closely with our supplier network to ensure continued compliance of systems and components.

* http://www.complianceandrisks.com/c2p/

 

WANT TO LEARN MORE ABOUT FOXGUARD’S SIMULATION CAPABILITIES?

FoxGuard has 35+ years’ experience configuring computer solutions, integrating racks, developing images, securing licenses, and ensuring hardware, software and OS compatibility to free up your resources to pursue growth. We can configure and ship a turnkey solution to your designated solution.

LEARN MORE

Government calls it “Hidden Cobra”.

As military tensions rise between the US and North Korea, so too do tensions rise on the battlefield of the twenty first century. This is, of course, in the cyber realm. The FBI and Homeland Security are currently monitoring denial of service capabilities in North Korea and targeted at US businesses including critical infrastructure. The malicious activity is being referred to by the US government as “Hidden Cobra” and leverages a malware known as “DeltaCharlie.” DeltaCharlie is a DDoS bot that is being used to by the North Korean government to control its botnet. A botnet is a network of infected machines that can be used to flood a targeted system with requests, which overloads the targeted system and causes legitimate requests for resources on that system to be denied. It is capable of launching attacks using the Domain Name System (DNS), Network Time Protocol (NTP), and Character Generation Protocol (CHARGEN). The malware is capable of updating itself, updating its configuration, downloading additional executables, terminating itself, and launching/stopping a DDoS attack. Although no new DDoS attacks have been discovered that can be attributed to this malware, the US Computer Emergency Readiness Team has warned to be on the lookout for suspicious network and computer behavior that may be indicative of an attack. If users or administrators detect anything the appears to be from Hidden Cobra, they are encouraged to report it immediately to the Department of Homeland Security Cybersecurity Communications and Integration Center, or the FBI Cyber Watch and begin best practices for mitigation. In addition to using DeltaCharlie for the botnet, it is also believed Hidden Cobra actors are using keyloggers, remote access Trojans, and wiper malware including tools such as Destover, Wild Positron, and Hangman. The DHS and FBI have identified IP addresses used in the botnet and are distributing them so that administrators can take the proper steps to mitigate the possibility of an attack. 

 Additionally, known vulnerabilities exploited by Hidden Cobra include:

   • CVE-2015-6585: Hangul Word Processor Vulnerability
   • CVE-2015-8651: Adobe Flash Player 18.0.0.324 and 19.x Vulnerability
   • CVE-2016-0034: Microsoft Silverlight 5.1.41212.0 Vulnerability
   • CVE-2016-1019: Adobe Flash Player 21.0.0.197 Vulnerability
   • CVE-2016-4117: Adobe Flash Player 21.0.0.226 Vulnerability

Hidden Cobra commonly targets systems running older operating systems and outdated software. As always, FoxGuard recommends keeping you system up to date with the latest security patches to help eliminate vulnerabilities and prevent attacks.

More information, including the list of IP’s associated with this warning, can be found on the us-cert.gov site (links below).
https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity
http://mashable.com/2017/06/14/north-korea-hidden-cobra-cybersecurity-hack/#Tis4eU_ejOqg
http://www.securityweek.com/us-warns-north-koreas-hidden-cobra-attacks

Patching Device Drivers

THE DANGERS OF OVERLOOKING DEVICE DRIVERS IN PATCH MANAGEMENT

Drivers are software that can contain vulnerabilities. As such, it is just as important to monitor them in the same way and with the same diligence that we patch every other aspect of our systems.

 

FOXGUARD SOLUTIONS PROTECTS NATION’S POWER GRID

FoxGuard Solutions, Inc. and partner TDi Technologies unveil joint solution for
U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems

CHRISTIANSBURG, Va. July 13, 2017 – FoxGuard Solutions, Inc. and partner TDi Technologies recently completed a multi-year project to create a safer national power grid by simplifying the process of patching and updating energy delivery control system devices. The solution is the result of a $4.3 million Cooperative Agreement awarded in 2013 from the U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems (CEDS) division.

“This is exactly why FoxGuard Solutions exists and this is where our team excels,” FoxGuard President & CEO, Marty Muscatello, said. “The solution developed comprises several elements that can each stand alone to improve security posture and, when integrated, provide a comprehensive solution to meet energy sector patch and update needs.”

Believing the nation’s security, economic prosperity, and the well-being of its citizens depends on reliable energy infrastructure, the DOE solicited FoxGuard Solution’s expertise to develop the patch and update management project for energy delivery systems. The energy sector places an emphasis on the availability and reliability of energy delivery operations. While best practice avoids the connection of energy delivery system devices to external networks, their increasing interconnectivity poses greater risk to cyber vulnerabilities, making proper and timely patches and updates critically important to maintaining system cybersecurity.

FoxGuard Solutions was tasked with researching, developing, and demonstrating technology and techniques to identify and verify the integrity of updates and patches for energy delivery systems software, hardware and firmware, while also facilitating the deployment of those updates.

Key Elements:
• Patch & Update Data Aggregator & Web Portal
• Patch & Update Authentication
• Validation Techniques
• Query Engine

The Patch and Update Management Program simplifies the process of understanding what patches are available for energy delivery industrial control system devices for both end users and equipment vendors, while also simplifying a utilities adherence to NERC CIP v6 requirements involving patching, ultimately leading to a safer grid.

About FoxGuard Solutions, Inc.
FoxGuard Solutions develops custom cyber security, compliance and industrial computing solutions. FoxGuard provides reliable, secure and configurable patch management reporting services, which include availability reporting and applicability analysis for information technology (IT) and operational technology (OT) assets used in critical infrastructure environments. Visit foxguardsolutions.com to learn more.

About TDi Technologies
TDi Technologies, based in Plano, TX, is the first solution provider to offer a unified system for cybersecurity/operation. Their patented technology provides flexibility, automation, optimization, control and management capabilities that dramatically improve the ability to meet operation and security demands. Visit tditechnologies.com to learn more.

About U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems
In today’s highly interconnected world, reliable energy delivery requires cyber-resilient energy delivery systems. In fact, the nation’s security, economic prosperity, and the well-being of our citizens depends on reliable energy infrastructure. As such, a top priority for the Office of Electricity Delivery and Energy Reliability (OE) is to make the nation’s electric power grid and oil and natural gas infrastructure resilient to cyber threats. Visit energy.gov to learn more.

###

National Newswire Release:
https://www.prnewswire.com/news-releases/cybersecurity-solutions-provider-foxguard-protects-nations-power-grid-300487539.html

Local News Coverage:
https://www.wdbj7.com/content/news/Christiansburg-Cyber-434177403.html
https://www.virginiafirst.com/news/local-news/nrv-business-working-to-protect-the-grid/764147053

Open House Blog:
https://foxguardsolutions.com/2017/07/17/foxguard-opens-doors/

Media Contact
Marcie Killen
Marketing Manager
p. 540.382.4234 x152

Guard The GAP

PATCH GAP ANALYSIS – SECURING CRITICAL INFRASTRUCTURE

There is a moment when even the most seasoned IT professional’s heart stops. After a new patch or a new update is installed on some critical piece of hardware he reaches out, flips the reset switch, and waits with bated breath. There is a moment of darkness and then, the lights come on, the disk spins up, and the spell is broken. Usually.

Validating Change

VALIDATION TECHNIQUES AND GUIDELINES FOR ICS

Validation is not an indefinite stamp of approval; it is “proof that something is based on truth or fact, or is acceptable.” However, a time limit is attached to any proclamation of validation and this time limit has ended when a change has occurred. When something changes, such as software/firmware revisions, operating system, host hardware or peripherals, the validation life cycle must be reentered.

Patch Management: Ten Lessons Learned

PATCH MANAGEMENT
TEN LESSONS LEARNED

FoxGuard Solutions has been providing patch management solutions for industrial control systems via original equipment vendors (OEMs), as well as directly to energy utilities for many years. We have a long history of doing this work which provides us with a unique perspective, as well as gives us extensive knowledge of the patching burden. As such, we want to share our insight and some “lessons learned” along the way.

 

PARTNERING WITH BOHEMIA INTERACTIVE SOLUTIONS

Bohemia Interactive Simulations built a demo room to showcase their flagship simulation products VBS3 and VBS Blue in Orlando, FL.  This demo room is located in the Central Florida Research Park, along with tenants such as Program Executive Office for Simulation and Training (PEO STRI) and PM TRASYS.  Bohemia is a global simulation software company and its flagship product, VBS3, is operated by the U.S. Army for its Games for Training Program.

The demo room Bohemia built blazes the trail in terms of setting an industry standard for game-based military simulation.  The room allows for a VR Apache helicopter, F/A-18 Fighter Jet, Spotter, and an administrator to all work together to complete a predefined mission.  The administrator can observe on a large overhead projector the status of his team while providing instruction and coaching along the way.  The ability of all these training systems to be linked together is part of the ongoing mission of the Army.  At TSIS in June, MG Maria R. Gervais, Deputy Commanding General, Combined Arms Center – Training, noted that, “The Army requires integrated training capabilities that can adapt to emerging technologies.”

To support this demo room, Bohemia and FoxGuard collaborated on the build of high-end workstation computers that would optimize the training scenarios utilized during customer simulations.  Customers such as the Army, Navy, and Air Force require a vast and varied generation terrain and VBS3 supports that demand with a content rich library of thousands of vehicles, weapons, people, and objects.

Introducing the High-End FoxGuard Workstation Computer, the SimITAR Flex that supports live synchronized training missions that utilize VBS3 and VBS Blue. 

Technical Specs:

  • Motherboard: High-end ASUS Prime Z270 Motherboard
  • Processor: i7-7700K Kaby Lake, 4.2GHz base, 4.5 GHz turbo, Quad Core
  • RAM: 32GB DDR4-3200 Over clockable memory
  • Power Supply: 750 Watt
  • Storage: 512 GB – Pcle 3.0×4, NVMe 1.2 – 3,500 MB/s Read, 2,100 MB/s Write
  • Graphics: NVIDIA Quadro P5000

 

WANT TO LEARN MORE ABOUT FOXGUARD’S SIMULATION CAPABILITIES?

FoxGuard has 35+ years’ experience configuring computer solutions, integrating racks, developing images, securing licenses, and ensuring hardware, software and OS compatibility to free up your resources to pursue growth. We can configure and ship a turnkey solution to your designated solution.

LEARN MORE

FOXGUARD OPENS ITS DOORS

Last week we did something special and unusual – we opened our doors to show off what we have been working on.

FoxGuard Solutions along with our partner TDi Technologies came together and unveiled our joint solution for U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems. The solution is a result of a $4.3 million Cooperative Agreement awarded in 2013 from the U.S. Department of Energy’s Cybersecurity for Energy Delivery Systems (CEDS) division.

Believing the nation’s security, economic prosperity, and the well-being of its citizens depends on reliable energy infrastructure, the DOE solicited our expertise to develop the patch and update management project (PUMP) for energy delivery systems. The energy sector places an emphasis on the availability and reliability of energy delivery operations. While best practice avoids the connection of energy delivery system devices to external networks, their increasing interconnectivity poses greater risk to cyber vulnerabilities, making proper and timely patches and updates critically important to maintaining system cybersecurity.

 

As part of the unveiling FoxGuard hosted an open house that was attended by government officials, Mayor Michael Barber and Delegate Nick Rush, as well as representatives from NRG Energy, US Department of Energy, University of Arkansas, Arkansas Electric Cooperative Corporation, Argonne National Laboratory, and Virginia Tech.

Our team had a lot of fun showing off our research and development lab. Our team is using a model train, which has equipment representative of an ICS energy environment, to demonstrate what can happen when patches are not properly validated prior to being introduced into production.

During this event, we demonstrated technology and techniques to identify and verify the integrity of updates and patches for energy
delivery systems software, hardware and firmware, while also 
facilitating the deployment of those updates.

KEY ELEMENTS:
• Patch & Update Data Aggregator & Web Portal
• Patch & Update Authentication
• Validation Techniques
• Query Engine

      

The PUMP program simplifies the process of understanding what patches are available for energy delivery industrial control system devices for both end users and equipment vendors, while also simplifying a utilities adherence to NERC CIP v6 requirements involving patching, ultimately leading to a safer grid.

FEEDBACK FROM OUR DEMONSTRATION HAS BEEN EXTREMELY POSITIVE:

“Excellent materials and presentations. I really like the way each of the program element presentations, including the demo, had a brief overview describing the problem statement, why it matters and how your R&D work addressed it. The Q&A and discussion was great and it made the participants, especially the utility folks, think about and understand how the PUMP program will help them.” – US Department of Energy

“Very Impressive! Look forward to more results from you!!!” – University of Arkansas

“Wonderful tool set.” – NRG Energy

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT

RECENT ATTACK IDENTIFIED AS PETYA.2017-EXPETRA

After further investigation on the recent attack, FoxGuard can confirm that this attack was not actually PetrWrap as recently believed, but yet another variant now being called Petya.2017 or ExPetr.

The initial infection appears to have been targeted at Ukraine by setting up a watering hole attack by compromising Ukrainian news agencies websites, as well as corrupting an update for the ME DOC tax software. After the initial infection, the malware reboots and starts to encrypt the MFT table, and overwrites the MBR with a fake bootloader. During the encryption process, the malware displays a screen similar to the “Check Disk” dialogue for windows, after encryption is leaves a ransom message. It also attempts to move laterally using a variant of mimikatz to steal credentials, and then execute using the stolen credentials and PSExec and WMIC. It also spreads across networks using the Eternal Blue and Eternal Romance exploits.

This malware IS NOT a ransomware, but rather a malware designed to wipe data, and masquerade itself as a ransomware to throw off researchers. For starters, this malware uses only one bitcoin wallet, which is not what we normally see in ransomwares, but rather a separate bitcoin wallet for each victim to prove payment was sent/received. Secondly, in a regular ransomware, an installation key is generated which contains crucial information to generate a recovery key. After a victim gives this ID to the attacker, the attacker can then extract the decryption key. That decryption key would then be used to decrypt the data on the drive and restore the MBR to that the boot process is restored. ExPetr, however, did not implement an actual installation key system, but rather generates random characters to display on the screen to make it look like an installation key is being provided. This is just a random string of characters, and cannot actually be used to generate a recovery key. The malware also writes to disc sectors in such a way that permanent damage is done to the disc and recovery is impossible. This indicates that the attackers had no intention to decrypt any data all along, and were not interested in the monetary gains from their endeavor, but rather performed the attack simply to cause harm. Lastly, the attackers setup only one email account, which has already been shutdown. Therefore, even if there WAS a way to recover the data, there is no way to get in touch with the attackers.
FoxGuard recommends taking the below mitigation strategies:
     •  Offline backups
            o  Shadow volumes can be deleted and connected backups can be accessed by the 
                malware, it is therefore crucial that backups be kept completely offline and disconnected.
     •  SMB
            o Disable SMBv1 if it is unneeded
            o Apply the Microsoft SMB patch (MS17-010)
     •  Secure Active Directory
            o Filter user privileges, password policy, etc
     •  Secure Boot 
            o UEFI ignores MBR, so machines with secure boot enabled are not affected by the MBR overwrite
     •  Network
            o If possible, block incoming traffic on TCP port 445 (Used by the Eternal Romance exploit)

For more information on some of the technologies used in the attack, see the below links:
     Psexec: https://technet.microsoft.com/en-us/sysinternals/bb897553.aspx
     WMIC: https://msdn.microsoft.com/en-us/library/bb742610.aspx
     Mimikatz: https://www.offensive-security.com/metasploit-unleashed/mimikatz/
     MBR: https://technet.microsoft.com/en-us/library/cc976786.aspx

For newer information regarding this attack, see the links below:
     https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/
     https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b
     https://securelist.com/schroedingers-petya/78870/

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT