Critical Infrastructure Security In A Hostile World

Posted on 2018-03-212018-05-01 by Phil Barrows

At MEI Security we frequently cover the Ukrainian power grid attack in our work with clients. This successful attack clearly demonstrates vulnerabilities in critical infrastructure. Whether it is electrical power, water treatment and delivery or communications including telephones and internet service, reliable functionality of infrastructure is critical to the smooth function of our society. This infrastructure is managed through Industrial Control Systems (ICS) and Supervisory Control And Data Acquisition (SCADA) systems. The Ukrainian power grid attack took advantage of well-known weaknesses in humans and in ICS & SCADA hardware to succeed. Once in, the attackers planned to disrupt the system and simultaneously increase the difficulty of recovery.

The attack began with spear phishing email campaign to administrators. The malicious traffic exploited a well known feature of Microsoft Word to deliver malware and gain an initial foothold in the target network. With this foothold the attackers pivoted to other systems, spending months exploring the network environment and harvesting credentials undetected. Among these credentials were those used by staff to connect remotely by VPN to the SCADA networks. Once in the SCADA networks, the attackers were able to overwrite control system firmware making recovery much more difficult when the trap was finally sprung. This attack even included a denial of service phase which flooded telephone lines with bogus calls, thus impeding swift, cohesive incident response. Based on the scope and sophistication of the attack, many security professionals suspect the attackers were at least aided by (if not fully supported and directed by) a hostile nation state.

There are lessons to be learned from this and other attacks. As our environments become more and more digital, as our infrastructure controls become more networked, they are simultaneously exposed to additional risk. While private industry is often quick to adjust their budgeting, Federal, State and Municipal organizations often exhibit a more measured approach to change. A recent story in SC Magazine¹ highlighting the failure of the US Department of the Interior’s to comply with respected industry standards illustrates the point. Regardless of this example, it is clear that we have a long way to go to achieve a more robust and resilient cyber security posture – especially for our critical infrastructure.

1https://www.scmagazine.com/us-department-of-interior-cio-office-fails-ig-cybersecurity-inspection/article/757547/

MEI Security’s InfoSec Industry Certification Study Group

Posted on 2018-02-272018-02-27 by Phil Barrows

Information Security
Industry Certification Study Group

Who: MEI Security and You
What: InfoSec Industry Cert Study Group
When: Thursday, 3/1/2018, 6-8PM
Where: 5 Cabot Place, 2nd Floor, Stoughton, MA 02072 USA
Why: “The U.S. Bureau of Labor Statistics estimates the number of IT security jobs is expected to have increased 18% by 2024, but as (ISC)2 has discovered, there will be nowhere near enough skilled candidates to fill those jobs… Meanwhile, cyber threats get progressively worse, becoming more frequent and damaging. Studies suggest many organizations need to better prepare to address the cybersecurity challenge. For instance, a Crowd Research Partners study released in early 2017 shows 62% of respondents had moderate to no confidence in their security measures.”

• The path to a career in cyber security can vary greatly… Industry certifications are a means of increasing earning potential and are well recognized by employers. All working in or interested in information technology and information security are welcome to attend. The material covered is a benefit to the attendee’s professional and personal life. 18+ please – sorry, it’s an insurance thing.
• The focus is CompTIA’s Security+. A soft copy of the latest study guide can be had via Amazon for ~$10. Local libraries also have study materials available. All material will be projected onto a screen, having an individual copy of the study guide is recommended.
• The prior session covering Chapter 1: Mastering Security Basics will be quickly reviewed. The session will proceed into Chapter 2: Understanding Identity and Access Management.
• An industry certification holder is scheduled to attend each session. Real world examples are provided to add context to concepts. Discussion and Q&A are encouraged.
• The building is handicapped accessible via a ramp at the rear of the building, take the elevator to the 2nd floor. Snacks and beverages are provided. These sessions are offered at no charge, the setting is informal.

For questions, additional information or to RSVP please call 617-544-7233, option 1, or email pbarrows@meisecurity.com

MEI’s Capture The Flag @ BASC 2017 recap

Posted on 2017-10-162017-10-17 by Phil Barrows

MEI’s Vik Solem as Chief Arena Officer, at the helm

In recognition of October being National Cyber Security Awareness Month MEI Security supported an Attack & Defend CTF at OWASP Boston’s BASC at Microsoft in Burlington (MA) Saturday, 10/14/17. We fielded 7 Defender workstations with multiple VM’s and IoT devices on the network as additional targets courtesy of Pwnie Express. Attacking Teams brought their own laptops and attack tools to infiltrate the Defender network resources.

The day began with a participant briefing at 9am. Competing teams were given descriptions of the network, scoring methodology and the active VM schedule. Defending Teams were given credentials for the stations and resources they were to defend. Scoring went live at 10am and continued until 4pm. Early in the session Team Skadi jumped out to lead in both Defensive & Offensive points, leads which they built upon throughout the challenge. The middle of the day was briefly marred by failure of a formerly trusty switch – but MEI quickly tracked down the root cause and deployed a replacement. Along the way, MEI issued advisories to simulate real-world information breaches, requiring adjustments by both Defenders & Attackers. In the last hour of live scoring, Attacking & Defending Teams came together and shared their strategies & experiences making for a productive and fun conclusion for all participants. At 4pm, Scoring was halted and Team Skadi claimed the Best Defender & Best Attacker crowns.

Thanks are due MEI’s volunteers & many others for providing guidance & support along the way. Without their thoughtful & generous contributions of time & materials, this successful workshop event would not have been possible. Cheers to OWASP Boston for sponsoring the annual Boston Application Security Conference and for providing a cadre of highly skilled & eager volunteers. Thanks also to Microsoft for their courteous staff and use of their facility. #OWASPBOSTON #NCSAM #CyberAware

CTF Event @ BASC 2017

Posted on 2017-09-302017-10-16 by Phil Barrows

MEI Security (Stoughton, MA) will support a Cyber “Capture The Flag” Workshop at the Boston Application Security Conference in Burlington, MA, October 14th. The conference is free of charge.

MEI’s Arena workshop is an Attack/Defend Information Security challenge where teams of competitors defend their own services (web services and others) and launch attacks against competing teams. Teams may choose to attack or defend (or both). Additional challenges include recovering after attacks, handling common InfoSec tasks like investigations, advisories, requirements to spin up new services, and gaining control of IoT devices which may be available on the network. It’s like running your own IT Security team (in a relatively safe and relatively isolated, fictional network environment) but – you CAN’T get fired for a breach and you CAN attack your adversaries!!

Capture the Flag exercises are useful tools to help individuals and organizations harden their information security postures, reduce attack surfaces, and burnish penetration testing skills, to decrease risk to organizations and individuals in our ever-changing threatscape.

The Boston Application Security Conference is held courtesy of OWASP Boston. October is National Cyber Security Awareness Month coordinated and led by the National Cyber Security Alliance (NCSA) and the U.S. Department of Homeland Security (DHS). MEI Security is pleased be an NCSAM Champion and to partner with these organizations and programs. @OWASPBOSTON @BASConf @StaySafeOnline #NCSAM #CyberAware

Conference tickets and tickets to the workshop are found here. Workshop participants must first have a conference ticket and present ID to gain access to the host facility, then an additional ticket for the workshop. All tickets are free of charge. A participant briefing describing the arena and rules of engagement will be held at 9am. The challenge will commence at 10am, scoring will conclude at 4pm. As Defender seats and resources are limited, please do not register for a Defender ticket if your team is not committed to defending provided resources throughout the challenge.

For more information contact MEI Security at 617-544-7233, info@meisecurity.com, @meisecurity

MEI Security address change

Posted on 2017-08-312017-08-31 by Phil Barrows

Effective 9/1/17, MEI Security has relocated to 5 Cabot Place, Stoughton, MA, 02072

Source Boston 2017 Presentation Slides

Posted on 2017-07-142017-07-14 by Phil Barrows

Lessons From Infosec, Martial Arts, Firearms, and Parenthood

Hard work, Hard thoughts, Tough decisions, Immense Rewards

Presented by Vik Solem at Source Boston 2017

Data Breach, Vulnerability Data on Track to Set New Records in 2017

Posted on 2017-06-152017-06-15 by Phil Barrows

Breach statistics continue to climb and that’s a group none of us want to be in. “The numbers are sobering and suggest that 2017 is well on its way to becoming the worst year on record for data breaches and software vulnerabilities.” Call MEI Security for all your cyber security consulting needs, we can help.

Hiring Announcement

Posted on 2017-05-182017-05-18 by Phil Barrows

FOR IMMEDIATE RELEASE

Contact: Vik Solem
MEI Security, Inc.
630 Park Street
Stoughton, MA 02072
Phone: 617-544-7233
E-mail: vsolem@meisecurity.com

Stoughton, MA – May 18, 2017 – MEI Security, a specialist in Cyber Security and Physical Security Consulting for small and medium sized businesses and institutions today announces the hiring of Phil Barrows as Vice President of Business Development. Phil will be responsible for managing all customer business interactions and for enhancing MEI’s performance in the Cyber Security and Physical Security consulting sectors. “We are very pleased to have someone of Phil’s background and expertise come on board,” said Vik Solem, President of MEI Security. “Phil’s extensive experience managing technology-focused organizations makes him an ideal fit at MEI Security as we devote our attention to addressing the urgent and growing needs for improving cyber security, physical security, and the critical areas where the two intersect. Phil’s addition to the team enables us to help more customers understand and increase their level of security both at the office and at home.” said Mr. Solem.

For more information on MEI Security’s skill sets and capabilities please contact Phil Barrows by telephone at 617-544-7233 or via email to pbarrows@meisecurity.com