It’s March 15th, 2024, and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today’s point of discussion is around the recent Cybersecurity and Infrastructure Security Agency hack, and it’s suspected perpetrators and implications. We have perspectives from Julie Chatman in Washington, D.C., Katy Craig in San Diego, California, Trac Bannon in Camp Hill, Pennsylvania, and Olimpiu Pop from Transylvania, Romania. We also have a couple of interviews from last month’s, AFCEA cybersecurity conference held in San Diego, California.
We’ll start with Katy Craig.

Katy Craig
Hackers Breach CISA

A significant cybersecurity breach struck the heart of the Cybersecurity and Infrastructure Security Agency, CISA. Through vulnerabilities in Ivanti products, hackers managed to infiltrate CISA’s defenses last month, February 2024. This breach not only exposed critical security gaps, but also led to the theft of highly sensitive vulnerability assessments.

This is Katy Craig in San Diego, California.

Investigations by CISA revealed that Ivanti’s internal and prior external information and communications technology, ICT systems, were not equipped to detect the breach. Through multiple incident response engagements and independent lab research, CISA confirmed the hacker’s ability to maintain root-level persistence on Ivanti devices, even potentially bypassing factory resets.

The breach’s gravity is underscored by the theft of credentials from Ivanti devices, allowing hackers, in certain instances, to compromise entire domains. However, the most alarming revelation is the compromise of the Chemical Security Assessment Tool (CSAT), a repository for the nation’s most sensitive industrial information.

CSAT houses vulnerability assessments critical for the security of high-risk chemical facilities, including the Top Screen Tool, Site Security Plans, and Security Vulnerability Assessments. The breach of this tool not only poses a direct threat to national security, but also exposes these facilities to potential sabotage or terrorist attacks.

The impact of stolen vulnerability assessments cannot be overstated. These documents contain detailed insights into the weaknesses of critical infrastructure, potentially providing a roadmap for adversaries to exploit. The theft raises serious questions about the safeguards of such sensitive information and the measures needed to protect against future breaches.

In response to this incident, CISA and other authoring organizations have strongly advised to reconsider the risks of continuing to use Ivanti Connect Secure and Ivanti Policy Secure gateways. The potential for adversary access and persistence on these devices represents a significant threat to national security.
This is Katy Craig. Stay safe out there.

Julie Chatman
Yes, even CISA can be hacked

I’m Julie Chatman in Washington, D.C. with a point of view on who can be hacked.

First, I’ll share two facts.

Fact number one: Today, digital safety is a common part of life, just like locking your car door or the doors on your home or apartment.
Fact number two: Risk is contagious, just like the common cold or flu.

Both of these facts are important for individual people, as well as businesses and organizations of all sizes.

Now, let’s look more closely at the second fact. Risk is contagious.

I want you to imagine a lush and quiet 30-acre neighborhood, recently built. Nice homes, manicured lawns, a playground, clubhouse, basketball and tennis courts, a pool. Every house in this neighborhood has been sold and all the families have moved in. Too bad there’s a flaw in the lock that the home builder used on all the doors. This is an issue not just for the lock designer, the lock manufacturer, the door manufacturer, or the builder, but also for the homeowners who thought their families and their belongings were safe behind those doors.

My share today is about the hack involving the Cybersecurity and Infrastructure Security Agency, or CISA. The government agency responsible for enhancing our country’s cybersecurity posture, protecting against cyber threats, and ensuring the security and resilience of our critical infrastructure. And Ivanti, which is a company that makes software to help businesses manage and protect their computer systems and data.

The recent CISA-Ivanti hack shows that vulnerabilities in a vendor’s product can lead to security breaches in organizations that rely on their software or services. Just like a flaw in a lock can get passed all the way down from the lock designer to families in their homes.

According to news sources, this hack affected two CISA systems: the Infrastructure Protection Gateway, or the IP Gateway, and the Chemical Security Assessment Tool. I know that second one sounds scary, but fortunately, CISA took immediate action to mitigate any potential damage. They were proactive. They took the affected systems offline, and they issued advisories for Ivanti vulnerabilities.

Still, this is an important reminder that no business or organization, no matter how secure, is immune to cyber threats. The key takeaway here is that anyone can be hacked, and risk can spread because we are all connected now.

This next part is for cyber warriors and technologists. Here are some of the services Ivanti provides:
-Unified endpoint management and asset management
-Patch management
-Identity management and access control solutions for network and data security

The vulnerabilities were server-side request forgery, command injection, and authentication bypass.
If you’re looking for the CVEs, they are 2024-21893, 2024-21887, and 2023-46805. Cyberwarriors, be sure to take a look at those and stay safe out there.

 

Tracy (Trac) Bannon
The Stark Reality of Cybersecurity: No One is Immune

In our current unforgiving landscape of cybersecurity, recent breaches at the U.S. Cybersecurity and Infrastructure Security Agency, CISA, serve as a stark reminder, no fortress is impregnable.

Hello, this is Trac Bannon providing my point of view from Camp Hill, Pennsylvania.

CISA, the sentinel of our nation’s cyber and infrastructure defense, was compromised through vulnerabilities in Ivanti’s products, despite its Vanguard role and security acumen.

The irony twists deep in the narrative of cybersecurity, since Ivanti itself had warned of active exploitation of the flaws and CISA itself recently published an advisory on the vulnerabilities, which includes CVE-2023-46805, CVE-2024-21887 and CVE-2024-21893. The agency that stands guard against digital threats fell victim to one of the many threats it identified. CISA’s ordeal underscores a profound truth- vulnerability is ubiquitous, even among the most vigilant.

This episode is not just a breach, it’s a clarion call. It compels us to confront the reality that in the digital age, complacency spells downfall. But the adversaries are relentless, exploiting every chink in our armor, every lapse in our vigilance.

So what does that mean for us, the architects of the digital world? It’s a mandate to innovate, to reinforce, and to never underestimate the cunning of our digital adversaries. Our designs, our systems, our very ethos must embody resilience, adaptability, and an unyielding commitment to security. The other inevitability that this points out is response.

CISA was able to immediately disconnect the affected systems and mitigate without further compromise because they understand it is not IF a vulnerability will be exploited, but WHEN. And our response will be the happy ending to our story of compromise.

They represent strong role models. What? Yes, strong role models. They have kept in mind the need for cyber resilience. Cyber resilience means an organization’s ability to identify, respond, and recover swiftly from an IT security incident. We are missing some of the details of the CISA breach, and I’m sure there will be more scary details and many lessons learned. So let’s take this incident not just as a lesson, but as a catalyst for a relentless pursuit of security excellence.

In this world of cybersecurity we exist in, the only certainty is the inevitability of being tested.

Something to noodle on.

Olimpiu Pop
AI Sleeper Agents

“The U.S. Cybersecurity and Infrastructure Security Agency got hacked and sources believe that the actors that did it were Chinese hackers. The perpetrators managed to affect two systems that were immediately put offline by the agency, by the agency. The way in was ensured by the Ivanti vulnerability that the agency was pushing companies to fix.

The question to be asked is whether a CISA is actually practicing what it is preaching.

Anyway, this underscores a troubling paradox in our digital defense mechanisms. On one hand, CISA’s breach, particularly of systems crucial for sharing security assessments and protecting chemical facilities, highlights the ever-present vulnerabilities in even the most fortified institutions. The irony is palpable. The very entity responsible for safeguarding our cyber and physical realms fell victim to a cyber attack, underscoring that no organization is impervious to digital threats.

This incident also casts a spotlight on the broader issue of software vulnerabilities with the breach being attributed to flaws in Ivanti’s VPN software. It’s a stark reminder of the cascading risks posed by third-party applications, which can become the Achilles heel of cybersecurity infrastructure. Despite this, CISA’s swift response to mitigate the impact alongside its ongoing efforts to upgrade and modernize its systems sends a reassuring message about the resilience and preparedness of our cybersecurity agencies.
Nevertheless, this breach serves as a critical wake up call. It underscores the need for constant vigilance, the importance of incident response plans, and the ongoing challenge of securing a digital ecosystem perpetually in the crosshairs of sophisticated cyber adversaries. As technology evolves, so must our strategies for defending against the shadow lurking in the cyberspace.

All in all, systems will fail. But having plans to mitigate against the failure will always ensure that we will live to fight another day.
Olimpiu Pop, reported from Transylvania, Romania.

 

AFCEA West 2024 Interview by Katy Craig and Hillary Coover

 

Hillary Coover:

All right. We are at AFCEA West in downtown San Diego, here with the Founder and Marketing and Brand Ninja of Testify Sec. How are you guys liking AFCEA?

-It’s wonderful. The weather in San Diego is absolutely amazing and the people are even better.
And how about you?

-It’s a great place. I’m a long-time AFCEAer and West-er, so it’s a great place to connect with old friends, make new friends, and just have the right conversations.
Wonderful. So you guys are in the open source and cybersecurity space- can you tell me a little bit about what that looks like and what you hope to learn from the AFCEA West conference?

-Yeah, we have two projects, well actually they’re not ours anymore. We donated two projects, they’re Witness and Archivista. Really what this allows us to do is collaborate with industry, which is, the primes, the large cloud providers, and really giving our customers the ability to ensure provenance over all their supply chain data. But you know, the only way you can really do this is by having these open standards and having this open governance, which is really important to solve these really difficult problems.
Thank you, thank you. And as Marketing and Brand Ninja, Mohawk Matt, you’re quite famous, you’ve even got stickers after you.

-That’s right.
So what’s your background?

-My background is bringing people together. So I look at my job as, I’m the inflatable guy in front of a car dealership. I bring the attention, build the brand, build that out, and then bring our engineers, bring the right people to the right people. It’s connecting people. Glad you’re feeling better. Hey, good to see ya. It’s all about relationships and bringing that together. I’ve always just loved, my mom always said that stranger danger didn’t work. And I just, now I get paid for it. There you go.
That was great. And that was perfect. Clearly with people walking by.

-Yeah, it was excellent.
You’re a known entity here. Well, thank you guys for chatting. And I hope you enjoy the rest of the conference.

-Thanks, you too.

Katy Craig:Hi, it’s Katy Craig. I’m here on the floor of AFCEA West with Carl Mills, Regional Vice President, Southwestern Region. Hi, Carl. How are you?
-Hi, Katy, great to see you and I’m glad to be here at AFCEA West- it’s an exciting time. Post-COVID levels of activity- tens of thousands of people.
Yes.

– Excited to share more.
Very exciting. Lots of energy. I’ve loved the panels that I’ve seen so far and all the booths, really nice floor plan and layout. Can you tell our listeners a little bit about AFCEA and what the mission of AFCEA is?

-Absolutely. AFCEA stands for the Armed Forces Communication Electronics Association, truncated down to just AFCEA. Our mission is STEM scholarships. We’re focused 100 percent as a volunteer organization in the communities to generate scholarships for local elementary, high school and college STEM students. From that, we also do events such as AFCEA West to promote our international organization and for those that may not know, AFCEA is an international organization. We represent in the Middle East, Africa, and Europe. So we are not just a U.S.-based entity. We also work to derive STEM scholarships in those countries as well.

– Our 505 Updates listeners are really interested in cybersecurity and open source news. Can you tell us a little bit about open source and the vendors that are here?

-Absolutely. A lot of the vendors that you’ll find here on the exhibit floor are focused on cybersecurity and it’s a broad swath of cybersecurity ranging from offensive cyber to defensive cyber. And in those channels, you’ll find companies that provide subscription services to open source intelligence, training and techniques and procedures for gaining publicly available information, and then artificial intelligence and machine learning to correlate that data and build products to better suit your clients.

-That’s fantastic. Well, if folks want to learn a little bit more about AFCEA and your mission, where should they go?

-This might sound ironic, but you should go to the website, AFCEA.org, and I highly recommend you reach out to your local community and join a chapter. It can’t hurt to become a member. Always Promote membership that gives discounted access to events such as AFCEA West, as well as TechNet Cyber in Baltimore. So we hold events across the country- even in the Midwest and Rocky Mountain Cyber is coming up next week- that’s a big one. And even out TechNet Indo-PACOM in Honolulu in November.

-Ooh, excellent. Thank you so much for your time and enjoy your conference.

Thank you very much. My pleasure.

Hillary Coover: Thanks for listening to Point of View Friday. If you like, what you heard, please subscribe to “It’s 5:05″ on your favorite podcast platform. ” It’s 5:05″ is a Sourced Network Production based in New York City. This is your host, Hillary Coover. Have a great weekend.