Signals & Space Monthly Cyber Security Briefing

June 2017

Prepared by the CyberWire (Friday, June 2, 2017)—May saw continued tension between the US and North Korea over Pyongyang's missile research, development, test, and evaluation. It also saw publication of the long-awaited Executive Order on cybersecurity, developments in US military space organization and budgeting, and advances in spacecraft security, particularly with respect to GPS hardening. And a late-month outbreak of a ransomworm has some relatively little-noticed implications for industrial control system security.

North Korea's Missile Program

On May 14, 2017, the Democratic Peoples Republic of Korea successfully tested a Hwasong-12 intermediate range ballistic missile. The test is noteworthy for several reasons. First, it represents a milestone on the path toward a reliable long-range nuclear delivery system—the Hwasong-12 is said to have traveled 787 kilometers. Its trajectory's maximum ordinate was 2111.5 kilometers. The performance was such that observers concluded the missile could reach targets as far away as Guam (with Japan relatively speaking a hop, skip, and a jump away). Second, the system reportedly used cold launch technology, another step toward reliability, and launch system hardening and reusability. Finally, the successful flight came after numerous failures in previous months.

What has this to do with cybersecurity? At least two things: The successful test underlined the likelihood that earlier flight failures were simple failures, and not induced (as many reports out of the United Kingdom had hopefully suggested) by US cyberattack on launch or flight systems. And perseverance in the program underlined the commitment in scarce resources North Korea is prepared to make on behalf of its missile and weapons-of-mass-destruction programs. The nuclear program in particular has induced formerly tolerant countries like China to sanction trade with North Korea, and there are strong indications that the Kim regime is turning to large-scale cybercrime to make up its revenue shortfalls.

The US has responded to North Korean missile tests by increasing the intelligence resources devoted to collecting against the DPRK. Coincidentally, a new Joint Staff publication outlines doctrine for air and missile defense: Joint Publication 3-01 prominently links cyber operations to air defense.

Ransomware, Revenue, and the Industrial IoT

At mid-month, on May 12th, a large-scale ransomware attack began with the workday in China and moved west across Russia into Europe. It was much attenuated by the time it reached North America, but its effects were felt globally. The ransomware, a hitherto obscure strain called "WannaCry," affected older and unpatched systems based on beyond-end-of-life versions of Windows. Windows 7 and Windows XP machines were particularly susceptible to infection.

The exploits used to deliver the ransomware payload were reported to be "EternalBlue," whose code was dumped in March by the ShadowBrokers hacking unit. The ShadowBrokers claim EternalBlue is a set of Equation Group tools obtained illicitly from the US National Security Agency. This has prompted a debate over the US Intelligence Community's Vulnerability Equities Process.

Symantec has attributed WannaCry with high confidence to North Korea. It resembles criminal campaigns undertaken over the past two years by the Lazarus Group, which is generally believed to be run by the North Korean government. Their attribution has been controversial, as such inevitably circumstantial conclusions are, but whoever was behind WannaCry set their payment system up in a fumbling, ineffectual way. The criminals are thought to have received just a bit more than $70,000 in ransom, which is very small change in comparison to the scope of the infection. As a revenue center for Pyongyang, the ransomware must be judged an annoying fizzle.

WannaCry also infected industrial control systems (ICS) based on embedded Windows versions modified by major industrial control system vendors like Siemens, Emerson, and Honeywell. It is known to have disrupted production at some European automobile plants, and it clearly has the potential to do so in other sectors as well. ICS and other IoT vendors are looking to their patching, an inherently more difficult task than simply patching Windows in an ordinary IT environment. All OT operators should pay close attention to their patching.

Executive Order on Cybersecurity

On May 11, 2017, President Trump issued his long-awaited Executive Order on cybersecurity. Its sections address "Cybersecurity of Federal Networks," "Cybersecurity of Critical Infrastructure," and "Cybersecurity for the Nation." The Federal-Government-centric order was generally well-received, and many observers remarked on how it represented continuity with existing national policy as opposed to the break many had foretold. Its recurring themes are IT modernization and rationalization (including more shared services and use of the cloud), an emphasis on resilience, and an assertion that henceforth agency heads will be held accountable for the security of the organizations they lead. It places a strong emphasis on implementing sound risk management practices. It also calls for increased cyber deterrent capability, and it mandates use of the NIST Framework across the Federal Government.

Military Space and Cyber Developments

US Cyber Command seems to be on a clear, which is to say appropriations, path toward independent status as a combatant command. The US Air Force declines to establish a separate space corps, but both space and cybersecurity receive increased resources in the Service's Presidential Budget.

The US Army is interested in GPS security and is soliciting research into the problem. 

Industry Notes

Raytheon saw its GEO 6 satellite reach orbit—the system promises improved GPS performance. Raytheon also received a contract for research and development toward DoD operational cyber capabilities. Design Knowledge received a $7.5 million contract to develop a user-defined operational picture of the the Joint Space Operations Center. Harris won a US Air Force crypto contract whose total value could reach $875 million. Vencore earned a prime spot in a National Geospatial Agency IDIQ worth up to $980 million, and General Dynamics will provide cyber support to the US Navy's Meteorological and Oceanographic Command.

And a former Boeing engineer has pled guilty to spying for China.

[958]

 

Today's edition of the CyberWire reports events affecting China, Japan, the Democratic Peoples Republic of Korea, and the United States.

Selected Reading

Cyber Attacks, Threats, and Vulnerabilities (14)

Marketplace (6)

Products, Services, and Solutions (3)

Technologies, Techniques, and Standards (10)

Research and Development (7)

Legislation, Policy, and Regulation (15)

Litigation, Investigation, and Law Enforcement (1)

Cyber Events (25)

Cyber Attacks, Threats, and Vulnerabilities

US Intelligence Takes Increased North Korean Saber-Rattling Seriously (VOA) Top officials, who once described Pyongyang as 'second tier' adversary with more intent than capability, now refer to it as 'increasingly grave' threat bent on demonstrating that US will soon be within military reach

North Korea, if left unchecked, on 'inevitable' path to nuclear ICBM: U.S. (Reuters) North Korea, if left unchecked, is on an "inevitable" path to obtaining a nuclear-armed missile capable of striking the United States, Defense Intelligence Agency Director Lieutenant General Vincent Stewart told a Senate hearing on Tuesday.

How NGA is evaluating the North Korea threat (C4ISRNET) The National Geospatial-Intelligence Agency is playing a critical role in understanding what Kim Jong Un is up to.

North Korea Fires Medium-Range Ballistic Missile (New York Times) The missile took off from a location near Pukchang, northeast of Pyongyang, and fell into the Sea of Japan.

North Korea’s latest launch heralds mass production of “cold launch” missiles (Ars Technica) The Pukguksong-2's “cold launch” mobile launcher reduces warning time for strike.

North Korea says new, longer-range missile can carry 'large' nuclear warhead (The Japan Times) North Korea’s apparently successful test-firing of an intermediate-range ballistic missile points to a significant advance in its goal to create a missile capable of hitting the U.S.

North Korea's latest missile launch suggests progress toward ICBM: experts (Reuters) North Korea's successful missile test-launch signals major advances in developing an intercontinental ballistic missile, such as mastery of re-entry technology and better engine performance key to targeting the United States, experts say.

Are Cyber Crooks Funding North Korea’s Nukes? (The Daily Beast) How does Kim Jong Un come up with the billions to pay for his nuclear tests? Increasingly successful online bank heists provide at least some of the cash, experts say.

China tried to hack THAAD system: CNN (Korea Times) “China uses cyber espionage pretty regularly when Chinese interests are at stake to better understand facts on the ground,” John Hultquist, the director of cyber espionage analysis at FireEye, told CNN. “We have evidence that they targeted at least one party that has been associated with the missile placements.”

The WannaCry Ransomware Pandemic: Week One and the Weeks to Come. (The CyberWire) WannaCry is closing out its first week in the wild. To summarize, China and Russia have been hardest hit, with the largest number of infections striking unpatched Windows 7 machines. Those behind the attack may have failed to make big money, certainly not nearly as big as the scope of the pandemic might suggest, but they have succeeded in large-scale business disruption, and in drawing odium toward the US National Security Agency. We wrap up this round of our coverage with a look at what WannaCry accomplished and failed to accomplish, what you can do to protect yourself, and what we might look for in the future.

The WannaCry Ransomware Pandemic: Implications for the Vulnerability Equities Process. (The CyberWire) NSA is now believed to have warned Microsoft of the possibility that EternalBlue vulnerabilities were likely to be exploited in the wild. Indeed, NSA was right, as the arrival of WannaCry and now BlueDoom have shown. The agency has come in for considerable criticism internationally, more for what people are calling the "stockpiling" of vulnerabilities than for failure to secure those vulnerabilities. Disclosure of bugs NSA discovers is governed by the Vulnerability Equities Process. A bill introduced this week in the US Senate would take that process out of the Intelligence Community's hands, interposing an oversight body. What are the likely implications of the WannaCry pandemic for vulnerability disclosure?

The WannaCry Ransomware Pandemic: Sloppy but Dangerous. What about ICS? And Sequelae Include the Usual Fraud. (The CyberWire) Inevitably, successful attacks have aftershocks in the form of fraudulent remediation. In this case, the WannaCry quake's reverberations include a wave of fraudulent mobile apps promising protection from the ransomware. Easy Solutions warns against the dangers of the adware being served up. Version lacking the fortunate kill switch have appeared as circumstantial and provisional attribution continues to point toward Pyongyang. Analysts look at the ransomware and see sloppy work (which in some ways increases the danger, or at least the nuisance). And why, if you run industrial control systems, you should cut your sysadmins some slack: their patching challenge is inherently tougher than someone running IT in a regular business or agency.

The WannaCry Ransomware Pandemic: Attribution, Kill Switches, Crimes, and Torts (The CyberWire) Organizations continue their recovery from the WannaCry ransomware pandemic amid warnings that the first wave is unlikely to be the last. Enterprises that failed to protect themselves against the known vulnerabilities that enabled the worm to spread the crypto ransomware are thought by legal observers to bear considerable risk of civil litigation. There are also some preliminary gestures toward attribution, with some seeing the hand of the Lazarus Group (associated with North Korea's government) behind the campaign.

The WannaCry Ransomware Pandemic: Perspective, Reactions, and Prospects (The CyberWire) WannaCry ransomware hit hard late last week, and enterprises worldwide are bracing for further waves of infestation. The hitherto obscure strain of ransomware propagated in wormlike fashion against systems running older Microsoft software. It exploited the vulnerability the Shadow Brokers leaked last month as the weaponized EternalBlue tool. The rate of infection has been very high, temporarily slowed by discovery and activation of a "kill switch," but most observers expect renewed attack as the unknown controllers upgrade the malware.

Marketplace

Air Force awards $7.5M space ops contract (C4ISRNET) The Design Knowledge Company will support Joint Space Operations Center Mission System user-defined operational picture development.

Harris Corp. wins Air Force cryptographic contract (C4ISRNET) The contract has a maximum value of $875 million.

Vencore wins NGA contract (C4ISRNET) The contract has a maximum value of $980 million.

General Dynamics to Provide IT, Cyber Support to Naval Meteorology & Oceanography Command (GovCon Wire) A General Dynamics (NYSE: GD) business unit will provide cybersecurity ...

Harris Gets $35Mln Contract to Help Ensure US Space Systems Superiority (Sputnik News) The US Department of Defense has awarded Harris Corporation $35 million to increase sustainment services for space superiority systems.

Electromagnetics, cyber warfare systems contract awarded to Raytheon (UPI) Raytheon has been awarded a $10 million contract by the Department of Defense for high power electromagnetics systems and cyber electronic warfare systems.

Products, Services, and Solutions

Northrop Grumman Navigation System Enables Latest Cassini Milestone (Northrop Grumman Newsroom) Northrop Grumman Corporation’s (NYSE: NOC) navigation system has provided critical capabilities for the attitude control of NASA’s Cassini spacecraft throughout its unprecedented journey to Saturn, including the...

Unisys to Provide Raytheon with Upgraded ClearPath Forward™ Software for Global Patriot™ Solutions for Missile Defense (PRNewswire) Unisys Corporation (NYSE: UIS) today announced that Raytheon Company has...

Raytheon Improves GPS Accuracy for Safer, Efficient Air Travel (Multi-Video) (American Security Today) Raytheon has launched its GEO 6 satellite payload into orbit for its 12 year mission.

Technologies, Techniques, and Standards

SpaceX set to join rare company by re-flying an orbital spacecraft (Ars Technica) Only two spacecraft, besides the space shuttle, have flown into orbit more than once.

MUOS-5 satellite back in operation (C4ISRNET) The satellite, initially launched in June 2016, experienced an orbital malfunction.

Air Force migrates, consolidates top-secret network (C4ISRNET) The Air Force says it is nearing completion of consolidating all legacy Joint Worldwide Intelligence Communications Systems across the force and National Guard.

RCO: Electronic warfare capability hits European soil (C4ISRNET) The Army’s Rapid Capabilities Office has sent its near-term electronic warfare capability solution to Europe, and soldiers there will get a chance to put it to the test this summer, said RCO Director Doug Wiltsie.

Electronic warfare emerging in Army arsenal (C4ISRNET) The Army continues to evaluate and integrate electronic warfare capabilities into its tool set.

Navy: Cyber resilience also means having a plan to operate without a network (C4ISRNET) Defending the Navy’s networks in cyberspace isn’t always about leveraging the latest innovative technology.

Crisis response: Battling through a degraded network (C4ISRNET) The military is increasingly reliant on the network for operations. So what happens when the quality is degraded? Return to the basics, said a panel of leaders from the various services.

A typical day of attack or ‘an episode’: How DISA battles cyberthreats (C4ISRNET) DISA Director Lt. Gen. Alan Lynn distinguishes between the never-ending responsibility of coordinating cyber defense for the agency, a typical day of attack and a major incident.

Elite 6 Cyber Winner: Training a force to operate in cyberspace (C4ISRNET) Training a force to operate in cyberspace, a significantly more complex and dynamic environment than other domains, has caused substantial changes in how the Army views traditional training models.

Threat Modeling the Internet of Things (Security Week) In 1969, Apollo 11 landed men on the moon, marking the first time in human history that people walked on a surface other than Planet Earth.

Research and Development

Pentagon successfully tests missile defense system amid rising concerns about North Korea (Los Angeles Times) A much-anticipated test of the nation’s homeland missile defense system succeeded Tuesday.

Northrop Grumman Directs Engagement in First-Ever ICBM Target Intercept Test (Northrop Grumman Newsroom) During today’s flight test of the Ground-based Midcourse Defense (GMD) system, Northrop Grumman Corporation’s (NYSE: NOC) advanced battle management and launch control capabilities successfully guided the kill vehicle...

Don’t Read Too Much Into That Successful Missile Defense Test (WIRED) It helps to see this test for what it is: a good step down a long, uncertain path.

Minuteman III test-fired from California coastal base (Air Force Times) An unarmed missile capable of sending a nuclear bomb across the world was launched Wednesday from California amid rising tensions between the U.S. and North Korea.

What is the Army doing to assure GPS and navigation? (C4ISRNET) All domains of war will be contested. This is the notion of multi-domain battle. And it includes the GPS signals that the military and the commercial world — think everyday navigation for ride-hailing app Uber — are so reliant upon for location and timing of operations.

How the Army wants to protect missiles from GPS jammers (C4ISRNET) The Army points to newly developed algorithms that would enable a missile to detect jammers and determine their location.

BAE works on radiation-hardening space technology (Defense Systems) Emerging BAE technology is designed to make space systems more resilient to radiation interference.

Legislation, Policy, and Regulation

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure (whitehouse.gov) EXECUTIVE ORDER - - - - - - - STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Something about Trump cybersecurity executive order seems awfully familiar (Ars Technica) Trump’s cybersecurity order cribs from his predecessor, despite campaign bluster.

Trump’s cybersecurity executive order is a good first step (TechCrunch) A significant piece of cybersecurity news erupted last week, although it was nearly drowned out by the growing flap over President Trump’s firing of FBI..

US Executive Order on Cybersecurity (with industry reactions). (The CyberWire) US President Trump yesterday signed his long-anticipated Executive Order on cyber security. Its sections address "Cybersecurity of Federal Networks," "Cybersecurity of Critical Infrastructure," and "Cybersecurity for the Nation." It's a Federal-Government-centric order whose recurring themes are IT modernization and rationalization (including more shared services and use of the cloud), an emphasis on resilience, and an assertion that henceforth agency heads will be held accountable for the security of the organizations they lead. It mandates use of the NIST Framework across the Federal Government and places a strong emphasis on implementing sound risk management practices. It also calls for increased cyber deterrent capability. We cover a selection of industry reaction to the Executive Order.

US stuck in deadlock over Pyongyang's continued provocation (Nikkei Asian Review) Latest missile test 'disappointing,' says Tillerson

CIA establishes mission center focused on North Korea (TheHill) The CIA has opened a mission center focused on curbing North Korea's advancing weapons program, the agency announced on Wednesday.

Joint Staff links cyber ops to countering air, missile threats (C4ISRNET) In an update to a 2012 joint publication, the Joint Staff now includes cyberspace operations for support in countering air and missile threats.

Joint Publication 3-01: Countering Air and Missile Threats (US Joint Chiefs of Staff) This publication provides doctrine for joint operations to counter air and missile threats.

Air Force Boosts Space With Elevation Of JFCC Space to 4 Star; STRATCOM Says… (Breaking Defense) Buried in the minutiae of the Senate Armed Service’s Committee’s space hearing is an important shift for space warfighting and acquisition.

Air Force knocking down stovepipes to shore up space cybersecurity - SpaceNews.com (SpaceNews.com) The Air Force Space and Missile Systems Center faces unique challenges because it uses an extensive array of ground systems - some decades old - to communicate with individual satellites.

Top US Air Force general opposes formation of separate 'Space Corps' (Defense News) U.S. Air Force Chief of Staff Gen. David Goldfein says the service should focus on improving space operations, not its organizational structure.

AF rolls out fiscal 2018 space budget (U.S. Air Force) Air Force leaders met with media to discuss specifics of the service’s fiscal 2018 space investment budget at the Pentagon May 24, 2017. The request totals $7.75 billion, an approximately 20 percent

Networking is war fighting, says DISA director (C4ISRNET) The head of DISA notes that the agency assists in war fighting by running DoD's network globally.

Defense intelligence has opportunity to be ‘reimagined’ (C4ISRNET) With the goal of providing military commanders and policy-makers with the best possible analysis, defense intelligence has reached a point where innovations in information technology and cyber present an opportunity to drastically reimagine the entire enterprise, according to a Defense Intelligence Agency expert.

Companies, lawyers argue against changing Outer Space Treaty - SpaceNews.com (SpaceNews.com) Companies and lawyers recommended against any changes in the Outer Space Treaty at a recent hearing, saying laws and regulations can address any issues.

Litigation, Investigation, and Law Enforcement

Man acknowledges trying to sell satellite secrets to Russia (Federal Times) Gregory Allen Justice entered pleas Monday to two felonies: economic espionage and violating the Arms Export Control Act.

 
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire or Cosmic AES

Prior Issues

Cosmic AES - Experts in Space and Communications