Many OODA Loop members have had their nose to the grindstone right through the holiday season attending to the potential impacts of the Log4j and Log4Shell vulnerabilities within their organization. Following is a ‘big picture’ update of CISA press releases, global incidents, and impacts for your review when you come up for air and need to assess more of the strategic challenge ahead with the vulnerability.
CISA Apache Log4j Vulnerability Guidance Webpage Up and Running with Mitigation Guidance from JCDC Partners
Relative to other cyber incidents in the last few months, Log4j is proving severely problematic. If you are in the middle of your impact and mitigation assessment, hands down the most important resource available is the webpage CISA launched yesterday to address the current Log4j activity. Per OODA CEO Matt Devost: “This is a great page and we should highlight that it exists for OODA Loop members. CISA has done a great job here.” Log4j is also the first US-CERT notification to put front and center private sector collaboration through the newly formed DHS CISA Joint Cyber Defense Collaborative (JCDC).
The Transportation Security Administration (TSA) issued two Directives focusing on the cybersecurity of both passenger and freight railroads. These directives are designed to help TSA and CISA feed technical intelligence such as indicators of compromise and vulnerability information back to the rail system customers to bolster their cybersecurity capabilities. At a time when increased cyber-attacks are being conducted against civilian critical infrastructure by both nation-states and cybercriminal actors, railway cybersecurity has gone neglected for far too long, particularly as more noteworthy attacks have occurred against other critical infrastructures.
Transportation Cybersecurity Expert Highlights Vital Role of Planning and Exercising Incident Response
Suzanne Spaulding, a Senior Advisor for the Center for Strategic and International Studies (CSIS), and former Under Secretary for the National Protection and Programs Directorate (NPPD), Department of Homeland Security(DHS), recently testified before a joint session of the House Homeland Security Cybersecurity, Infrastructure Protection, & Innovation Subcommittee and the Transportation & Maritime Security Subcommittee. The NPPD is the precursor to what is now CISA. Spaulding is also a member of the Cyberspace Solarium Commission (CSC) and was involved with the Commission on Cybersecurity during the Obama Administration.
Joint Cybersecurity Advisory Released by CISA, FBI, AUS CSC and UK NCSC Regarding Iranian Government-Sponsored APT
An advanced persistent threat (APT) group since March of 2021, has been exploiting Fortinet vulnerabilities and, since October 2021, a Microsoft Exchange ProxyShell vulnerability “to gain initial access to systems in advance of follow-on operations, which include deploying ransomware.” This joint cybersecurity advisory is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC).
The Joint Cybersecurity Advisory was released this morning at approx. 11 AM EST.