Welcome to Codebook, a brief Mueller-free respite for what's going to be a long weekend.
Factory workers assembling a car. Photo: Jerry Cooke/Corbis via Getty Images
After years of dire warnings about hackers wreaking havoc in computers that run physical processes in factories and infrastructure, you’d think industrial firms would already have their top cybersecurity officers running cybersecurity at their plants. Today, that’s the case for only 35% of big facilities — but the situation is finally changing.
Why it matters: The two most important things to an industrial business are uptime and efficiency. Where plant owners once worried that cybersecurity pros would meddle with industrial processes they didn't understand, the very real impacts of two global cyberattacks in 2016 proved their skills were sorely needed.
The big picture: According to a 2018 Gartner report, only 35% of firms had the chief information security officer's (CISO) department or an equivalent in charge of its industrial networks — often referred to as operational technology (OT) as opposed to business systems, the traditional IT. But it projected that number to double by 2021.
The key term to know is “IT/OT convergence.” OT and IT used to be church and state, separated by custom and bureaucratic boundaries. But companies are realizing the dangers of ignoring how quickly OT networks are beginning to look like IT networks.
Yes, but: Cybersecurity is increasingly seen as a boon to uptime, rather than an obstacle.
Why now? The trend of CISOs getting full control of plant cybersecurity predates the growth of targeted ransomware attacks and came years after the first industry warnings that increased connectivity could cause industrial disasters.
The expansion of CISO duties has led to a change in how many security firms do business.
Cisco Talos reports a new attack group used the domain name system to spy on 40 organizations in 13 primarily Middle Eastern and North African nations.
DNS hijacking? Though you probably think of websites in terms of domain names like axios.com, the web works on numeric internet addresses. The domain name system converts the domain names to internet addresses.
Details: Talos is calling the group Sea Turtle.
Sea Turtle is separate from a DNS hijacking campaign Talos identified in January and gave the catchy name DNSpionage.
Why it matters: All espionage matters, but successful campaigns often inspire imitators. It's a good time to check your DNS security.
Photo: Oleg Pereverzev/Pacific Press/LightRocket via Getty Images
Researchers at Chronicle discovered that the source code for hacking tools used by the Iran-linked group APT34, also called Oil Rig, had been leaked on Telegram's group messaging platform.
Why it matters: While this isn't as grim as the ShadowBrokers leaks, where far more potent NSA tools were leaked and eventually used by North Korea and Russia in destructive attacks, the Oil Rig leaks nonetheless offer new attackers a successful toolkit to use in their own attacks.
Codebook is going to call it Oil Spill. Fight me.
A new program will use two-year shifts at government agencies to train potential employees for corporate cybersecurity jobs at Mastercard, Microsoft and Workday.
Our thought bubble: We cover a lot of different programs aimed to address workforce shortages in the public or private sector. This plan, the Cybersecurity Talent Initiative, is far and away the most sustainable.
Details: The Initiative will place recent college grads with a host of participating government agencies, ranging from the CIA, FBI and Department of Defense to the Department of Veterans Affairs, EPA and Federal Election Commission.
Between the lines: There's a well-discussed cybersecurity staffing shortage coming that will impact both the private sector and public sector.
What they're saying: Green, formally of the Secret Service, said he hopes that the experience working for the government will encourage students to forgo the private sector job at the other end.
Editor's note: The timeline of reimbursement has been corrected; student loans will be repaid after (not during) government service.
1. Microsoft email breach: Hackers that compromised a Microsoft customer service representative's credentials had access to data from non-corporate users' Hotmail, MSN and Outlook accounts between January and the end of March.
2. Hacker guides are cheap, plentiful and often out of date: Hacking guides for sale on criminal markets are cheap, plentiful and often only a decade out of date, according to a new report from intelligence firm Terbium Labs.
3. Assange fallout begins to set in: We mentioned last week that Julian Assange's arrest for helping hack the U.S. government appeared to be specifically engineered to sidestep concerns about the issue of press freedom.
Codebook will return Thursday of next week.