The U.S. Department of Homeland Security (DHS) has been offering a free service to test companies’ abilities to withstand cyber attacks, according to KrebsOnSecurity. The little-known program involves penetration testing of companies’ infrastructure and has drawn both support and criticism from private security experts.
Under the program, private firms, primarily energy companies and banks, commission the DHS to conduct penetration tests with the goal of strengthening firms’ network and computer defenses against real attackers. The testing is provided by the National Cybersecurity Assessment and Technical Services (NCATS).
The program came to light after a risk manager at a small Eastern U.S. financial company sought KrebsOnSecurity’s advice when comparing the free services with private sector offerings. KrebsOnSecurity contacted other sources about the program and found none were aware of the program.
DHS Publishes Program Information
DHS declined to be interviewed about NCATS, but it has published information about the program. The NCATS provides penetration testing through two separate programs: a Risk and Vulnerability Assessment (RVA) and a Cyber Hygiene evaluation, both of which help the client organization understand how infrastructure and external systems look to attackers.
Sy Lee, a DHS spokesman, told KrebsOnSecurity via email that the agency works with private and public sector partners to improve the resilience and security of their systems against cyber attacks. NCATS focuses on government at all levels and private sector stakeholders to improve cyber security.
The RVA program scans clients’ databases, operating systems and web applications for vulnerabilities. It then tests for weaknesses. Program participants are scanned for rogue wireless devices. “Social engineering” is used to see how employees respond to phishing attempts.
The Cyber Hygiene program is mandatory for federal civilian executive agencies and optional for state, local, tribal and private sector stakeholders. This program includes both external and internal vulnerability and web application scanning.
Reports Cite Need For Improvement
The program’s reports provide clients detailed information about their vulnerabilities and recommendations for corrective action.
Program data was used to create an FY14 End of Year report which is available on the program’s website. It includes information from over 100 engagements. The report notes:
• Manual testing was needed to identify 67% of RVA vulnerability findings (as opposed to automated vulnerability scans).
• Over half of the 344 vulnerabilities discovered during the scans received a severity rating of high (40 percent) or critical (13 percent).
• RVA phishing emails delivered a 25 percent click rate.
In 2015, NCATS served 53 private sector clients, the majority being financial services and energy companies. The financial service companies were mainly smaller firms such as credit unions.
DHS has been criticized for its own cybersecurity shortcomings, KrebsOnSecurity noted. Given these issues, the NCATS program appears to be an attempt to mollify criticism.
Cyber Security Experts Weigh In
KrebsOnSecurity sought input from the private sector testing industry on the government’s services.
Dave Aitel, chief technology officer at Immunity Inc. in Miami Beach, Fla., said DHS can learn about real-world vulnerabilities from the program. As a major player in regulation policy, DHS should have technical expertise in penetration testing, Aitel said. The more DHS knows about information security, the better its policy recommendations will be.
At the same time, Aitel said, you sometimes get what you pay for.
He wondered if the data DHS finds will affect a company’s SEC liabilities. He also wondered if there are legal ramifications if the government gains access to customer data.
The DHS provides no warranties related to its services, KrebsOnSecurity noted.
Aitel, a former National Security Agency (NSA) research scientist, further noted that vulnerabilities found inside the government are required to go to the NSA, which could use the vulnerabilities for clandestine programs.
There are also legal issues when the government competes with private industry.
An Excuse For Not Investing?
Alan Paller, research director at SANS Institute, a Bethesda, Md.-based security training firm, said DHS’ free assessments can serve as an excuse for companies for spending less on security. He said the services measure a limited set of vulnerabilities.
Paller further noted that NCATS testers do not conduct active penetration tests against the network, despite what its documents claim.
He said NCATS mostly does traffic analysis and architectural assessments. Using big packet capture, NCATS baselines, profiles and does some protocol analysis. Scans done by DHA can only reveal a certain amount of information, he said, and the people doing them do not have extensive experience with important aspects of critical infrastructure systems.
The architectural reviews are conducted by younger people with minimal real world experience and the customer is not completely advised on the assessment and testing limitations, Paller noted.
Images from Shutterstock and the DHS.
Jamie Dimon May Hate Bitcoin, but J.P. Morgan Is Embracing Blockchain
J.P. Morgan Chase CEO has made it abundantly clear that he hates bitcoin, but that hasn’t stopped his firm from adopting the technology that underpins the digital currency system.
J.P. Morgan Launches Pilot Program
On Monday, America’s biggest bank rolls out the next phase of its blockchain pilot program. The effort will facilitate a faster, more secure transfer of cross border payments between J.P. Morgan and other banks, including Royal Bank of Canada and Australia and New Zealand Banking Group.
Although the new program will not trade cryptocurrency, it will use the landmark record-keeping technology that underpins it. The Wall Street Journal reports that J.P. Morgan will use the same blockchain technology behind digital currency Ethereum.
Despite widespread concern over cryptocurrency, financiers are enamored with blockchain. They, like many others, say the technology can significantly increase the speed of cross-border payments. The system currently in place is extremely complex, and requires multiple streams of communication between various participants. The blockchain has the potential to cut down transaction time from as much as 15 days to mere hours.
The pilot program aims to achieve a secure distributed ledger across financial institutions, enabling banks to work together to process transactions. Connecting transaction data through a shared network will greatly reduce the number of steps it takes to verify and process transactions.
J.P.’s embrace of blockchain doesn’t mean he’s going to warm up to cryptocurrency. His latest criticism of bitcoin came on Friday when he said it had “no actual value” and that “governments are going to crush it.” He did, however, give a glowing review of blockchain.
“We actually use it. It will be useful for a lot of different things,” Dimon said at a conference in Washington, as quoted by The Wall Street Journal. “God bless the blockchain.”
Featured image courtesy of Shutterstock
Cryptocurrency Adoption Will Lead to Free Money Transfers, According to Top Tech Investor
The rapid adoption of cryptocurrency will soon pave the way for free global money transfers, according to a top technology investor.
Cathie Wood, the CEO of Ark Invest, says cryptocurrencies like bitcoin are going to spearhead a system of free money transfers worldwide. She cites the already huge reduction in conversion fees from fiat currencies into crypto and back again. The current rate for those transactions is 2-3%, which is a fraction of the 7-8% money transfer services like Western Union charge.
But Wood says crypto transfer fees could soon fall to zero as companies prioritize valuable transaction information above anything else.
The cryptocurrency market approached record highs over the weekend, hitting a total value of $176.6 billion. Bitcoin’s market cap surged above $90 billion last week and reached a high of $96.7 billion recently. That surpassed the capitalization of major equities like Goldman Sachs and Morgan Stanley.
If bitcoin were a stock, it would be the 15th largest member of the Nasdaq and the 58th largest on the New York Stock Exchange.
Computing Power as a Commodity
In Wood’s view, that the growing value of cryptocurrency will lead to the commoditization of bandwidth and computing power.
“It’s interesting that you’ve got corn and oil and copper trading on the exchange but you don’t have computing power, and bandwidth, and storage,” Wood said, according to CNBC. “Well we think that’s going to happen because of blockchain technology and all of the cryptos that are coming along.”
Woods has placed special emphasis on Ethereum, a unique platform that operates more like a “cryptocommodity” than anything else.
Ark Invest is the author of the widely cited whitepaper, Bitcoin: A Disruptive Currency. In it, the firm argues that cryptocurrency has the potential to be the most disruptive development since the Internet. The investment manager controls $1.7 billion of asset funds focused exclusively on emerging technologies.
Featured image courtesy of Shutterstock
Jamie Dimon Doesn’t Want to Talk About Bitcoin Anymore
Jamie Dimon doesn’t have anything to say about bitcoin anymore. The head of J.P. Morgan Chase & Co has been heckled by the blockchain community since he declared cryptocurrency to be a “fraud,” and that he would fire any employee trading it for being “stupid.”
Bitcoin’s New Record
Dimon also doesn’t think much of bitcoin’s new record high. The virtual currency spiked more than 8% on Thursday to surpass $5,200.00 for the first time.
“I wouldn’t put this high in the category of important things in the world, but I’m not going to talk about bitcoin anymore,” Dimon said Thursday, as noted by Bloomberg.
J.P. Morgan has taken a less adversarial approach to cryptocurrency. In addition to handling bitcoin-related trades – something that came to light after Dimon’s warning – the financial giant is keeping its options open. J.P. remains “very open minded” to possible uses of cryptocurrencies “if they are properly controlled and regulated,” according to Chief Financial Officer Marine Lake.
Mainstream Appeal Growing
The growth and widespread adoption of cryptocurrency hasn’t been lost on the financial community. Earlier this month, Goldman Sachs CEO Lloyd Blankfein tweeted that his firm is weighing the possibility of trading cryptocurrency.
Fidelity Investments is also mining cryptocurrency, and making a lot of money doing it. Fidelity says its chief motivation for mining isn’t profit, but learning about the growing cryptocurrency market.
Increased mainstream adoption of bitcoin is seen by many as a necessary precursor to a more stable currency. Countries like Japan are spearheading adoption by introducing favorable regulation of the cryptocurrency space. But regulatory approval has not been uniform.
Russia recently became the third major economy in the span of a month to put the clampdown on cryptocurrency trading. China and South Korea have also implemented new controls on the market, focusing heavily on initial coin offerings.
Featured image courtesy of Shutterstock
- Daily Analysis: Dollar Rally Continues amid Fed Chair Confusion October 17, 2017
- Technical Analysis: NEO Jumps as Broad Markets Turns Lower October 17, 2017
- Trade Recommendation: Syscoin October 17, 2017
- Trade Recommendation: Lisk October 17, 2017
- Information on Russia’s Regulation of Cryptocurrency Surfaces October 17, 2017
- Gold Creating Kilonova October 17, 2017
- Asian Market Update – Tuesday: Cryptocurrency prices consolidate after strong rally October 17, 2017
- Former Fed Chief Bernanke Backs Blockchain, but Not Bitcoin October 17, 2017
- Bitcoin Takes a Breather as Prices Drop Below $5,700 October 17, 2017
- ICO Analysis: Genesis Vision October 17, 2017
Ethereum1 week ago
Ethereum’s Hard Fork Is Coming
ICO1 week ago
ICO Analysis: TripAlly
Analysis5 days ago
Analysis: Bitcoin Price at $5200, How Much is There Left in the Tank?
Analysis4 days ago
Technical Analysis: Ethereum, Monero, and Litecoin Jump as Bitcoin Goes Parabolic
Analysis2 days ago
5 Things to Watch Next Week: Byzantium, Bitcoin Stretched, Gold’s Strength, The Next Fed Chair, Kirkuk and Crude Oil
Cryptocurrencies6 days ago
Trade Recommendation: Monero
ICO3 days ago
ICO Analysis: UTRUST
Analysis5 days ago
Technical Analysis: Litecoin Follows Bitcoin Higher as Market Tops $165 billion