Cyber News Roundup: China Hacking Keeps Us Up At Night

Editor’s Note: This is your cyber news roundup with the latest cybersecurity news and tips from the Cyber Oregon team to help you and your organization stay safe online and protect your digital assets. We examine cybersecurity news and developments from across the Northwest and the Nation that are important to all Oregonians including individuals, businesses, non-profit organizations, government entities, and educational institutions. Sign up to receive ongoing updates here.

The United States Department of Homeland Security Secretary Kirstjen Nielsen is extremely concerned about cyber threats, “The rate at which threats and risks are emerging is outpacing our ability to identify, assess and address them.”

Threats to our systems and information are everywhere — from insiders to the factory floor to China. At the recent RSA Conference 2019 in San Francisco, U.S. officials emphasized that China is our biggest cybersecurity threat. Just when we thought it was Russia, it’s something else. According to The Washington Post article by Joseph Marks, “it’s China hacking that keeps us up at night.” Collectively, the unified message from the National Security Agency, FBI and United States Department of Homeland Security (DHS) officials is they are laser-focused on the digital security threat that China poses to the United States.

Chris Krebs, director of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) voiced his concern, “China’s trying to manipulate the system to its ultimate long-term advantage.” Combating Chinese digital espionage will be one of four major focus areas for CISA during the next 18 months, according to the article.

Two Cyber Oregon sponsors were quoted in this article, CrowdStrike and Palo Alto Networks.  Shawn Henry, president of Crowdstrike, agrees that China is the greatest threat to U.S. financial cybersecurity but warns that a cyberattack from Russia – which has a track record of destroying systems and data rather than just stealing them – could produce far broader damage. “The theft of data will have a significant economic impact. A destructive attack can have a significant threat to life.”

Ryan Gillis, vice president for cybersecurity strategy at Palo Alto Networks, contends that the messaging campaign about Chinese hacking may have an impact on Chinese leaders. “China does want to be a leader in the international community, so that pressure and the unity of the message is an important thing right now.”

Factories are at risk

If it’s not hackers in China, it’s hackers eyeing the factory floor. The latest risks to factories and manufacturers of consumer goods — including cars, refrigerators, and washing machines — are the Internet-connected sensors, monitors, and other devices that operate manufacturing operations. This equipment is posing new cybersecurity risks, according to an article in Roll Call.

According to the article, these devices typically monitor and gather information on the performance of machines, allowing operators to control a large factory floor or infrastructure spread out over an extended area such as a pipeline network or a utility grid. Devices include programmable logic controllers, remote terminal units and human-machine interface equipment that have been in use for nearly half a century “The thing that has changed over the last 20 years is Internet connectivity, with the devices being connected first to an organization’s internal network and then to the internet,” says Sean Peasley, a partner at Deloitte who specializes in Internet of Things and cybersecurity.

Collaboration is key

With threats hitting in all directions,  Nielsen, secretary of the DHS, urged private companies to do more to help the federal government identify new cyber threats. In The Hill article, Nielsen says the administration is unable to do it alone and encouraged companies to collaborate. “We need our great minds to really help us spot the patterns and know what’s coming at us,” she continued. Nielsen reiterated the need to have partnerships between private companies who are dealing with new cyberattacks and DHS.

Help is on the way

Help is on the way…or is it? The latest research from industry association ISACA indicates that finding and hiring qualified cybersecurity pros is taking a long time. Nearly one third of organizations say filling a position takes up to six months. According to the Dark Reading article, as the demand for cybersecurity professionals continues to rise, organizations are looking at unconventional ways to staff up and train their workforce.

“There’s a drought of technical people, and it’s been compounding over the years,” says Frank Downs, director of ISACA’s cybersecurity practice. “There aren’t enough cybersecurity pros, period.” Ralph Sita, co-founder and CEO of online training firm Cybrary, says cybersecurity education and training doesn’t necessarily need to follow the traditional academic trajectory.

There are 313,735 cybersecurity job openings across the United States, with 2,911 opening in Oregon alone, according to CyberSeek.

“Cybersecurity is one of today’s hottest technical fields,” according to Charlie Kawasaki, co-founder of NW Cyber Camp, vice chair of the Oregon Cybersecurity Advisory Council (OCAC) and chief technical officer of PacStar. “The latest research indicates that it takes an average of three to six months to fill a cybersecurity job. We are working on the pipeline problem – we are working to get more people interested in cybersecurity at an earlier age, and more people trained.” NW Cyber Camp inspires and empowers high school students to learn about cybersecurity, opening up the possibility of a career in the field.

Cyber Oregon partner blog of interest

• Zscaler: The Challenge of IOT Security