News about the company, views from our security staff.
Bill Dean
With little modification to their malicious code, Chinese hackers are back in business and U.S. companies need to assume this code is already on their IT networks.
As the information security industry is well aware, the cyber security company, Mandiant, published a paper in February detailing cyber-espionage involving the compromise and intellectual property theft of hundreds of U.S.-based companies.
Not only did the report disclose the origin of the attacks as originating from China, but actually pinpointed the Peoples Liberation Army (PLA), in detail, as the culprit. The Chinese government, with very careful wording, disputed these accusations.
Is there additional information supporting these claims of Chinese cyber-espionage on U.S. companies? As an organization that provides incident response services, our answer is, “Yes.”
When the Mandiant report was published on the heels of President Barack Obama’s executive order for “Improving Critical infrastructure Cybersecurity”,” incident responders applauded the disclosure of what was common knowledge in the incident response community.
This report brought to light to what incident response organizations have been reporting to their clients for years: China is infiltrating your computer networks for long durations of time and obtaining your valued intellectual property. The report also did a great job of simplifying the situation for the needed executive understanding from a business impact perspective.
Once the admiration of the needed disclosure was realized, the incident response community then became somewhat concerned. Over time, incident response organizations had developed successful tools and techniques for identifying this specific threat for our clients. Now that the adversary has been “ousted”, will they raise their game and change their methods making the identification more difficult?
Do you know how the major amendments and additions to the HIPAA Omnibus Rule will affect your business?
Cyber Group Offers Special Update on Chinese Threats on May 29
The session, presented by the 2013 East Tennessee Cyber Security Summit Planning Committee, will discuss new information regarding Chinese hacking.
The committee is offering this session to members of the local cyber practitioner community for free if the member attended the 2012 Cyber Security Summit. Those who did not attend the summit, but who want to attend this session will be charged a $10 cash fee.
Dean and Wouldenberg will present the updated information at the Fountainhead College of Technology West campus at 10208 Technology Drive from 1 to 4:30 p.m.
Dean will discuss detailed forensics from actual cases. He will concentrate on discovering the intrusion, preventing data loss, and effective remediation.
Woudenberg will cover China’s cyber “hacking” programs and concentrate on motivation, organization, activity, and techniques. She is a former CIA Case Officer with years of relevant experience, and speaks to audiences around the globe about the vulnerability of SCADA systems.
The presentations are unclassified and were initially being offered exclusively to 2012 Summit attendees. This program is NOT open to the general public. You must be invited or be a member of the cyber security community. Seating is limited for this event, so an RSVP is required. Please email your request to attend to Pat Payne, paynepw@ornl.gov. Your confirmation and directions will be emailed once your place is assigned.