Cyber Security Update from CERT.JE - Issue #2

Dear all – newsletter no.2! Some weekend reading for you. The cyber security risk of many jurisdictions - including Jersey - has been raised by the invasion of Ukraine. The inclusion of Jersey in Russia’s list of unfriendly nations, due to the implementation of sanctions has also heightened interest by hackers and carries the risk of a nation state response. Russia has a mature offensive cyber capability and has previously shown a willingness to use it. A series of cyber attacks have now been carried out against Ukraine and other targets. Previous attacks against Ukraine, such as the NotPetya malware in 2017, have had a global impact compromising both companies and public services.What actions are we taking?CERT has led the Island’s first C-TAC (Cyber Technical Advisory Cell), following the invasion, and is coordinating response to the raised cyber risk impacting the Island as part of wider emergency planning structures. C-TAC is a multi-agency group with representatives across government and industry. Actions already taken have included issuing controls guidance to industry, awareness raising via local media, webinars and briefings, and updating island risk assessments to ensure appropriate response plans are in place. The continuing development of CERT’s capabilities over 2022 will provide further support. We continue to monitor key threat indicators both directly and via local and international partners, and encourage local organisations to report significant increases in malicious activity. Nevertheless, every organisation is responsible for their own controls – now is a good time to consider what more you can do!Where are the cyber attacks?Whilst there is some evidence of increased interest in Jersey by hacker groups this has not as yet translated into a higher level of attacks. This has surprised many commentators who expected immediate widespread cyber activity, but cyber attacks take time and effort to undertake successfully and those we see in practice are likely to be more targeted. Current advice from the UK’s NCSC remains that the threat level is raised and actions should be taken to improve controls. President Biden has commented that US intelligence believes the Russian Government is exploring options for potential cyber attacks. The situation remains highly volatile and can change at short notice.This is not the moment to stand down – it is the moment to get ready. This is a long term challenge and it is expected that the ongoing raised cyber risk resulting from this conflict – and the increased adoption of offensive cyber techniques by nation states and organised crime, combined with the high degree of dependence on IT by financial services firms, public services and the digital economy – will continue to require a heightened response.What should I do?If you are not sure where to start, implementing the NCSC’s Early Warning System (see below) provides an immediate practical benefit, as does implementing multi-factor authentication throughout your organisation, and patching vulnerabilities quickly and consistently.Regards, Matt

April 01, 2022 • Estimated Reading Time: 5 minutes

Several countries including Germany and the UK have now issued guidance about the use of Russian technology products. We recommend local organisations inventory their technology and review the ongong use of any Russian technology products following a risk based approach as outlined by NCSC. Even where technology solutions do not pose a direct technical risk, the potential impact of sanctions on future updates should be borne in mind.

JFSC cyber webinar

Watch last month’s webinar hosted by the JFSC in association with CERT JE on the raised cyber threat following the invasion of Ukraine – including Matthew Palmer from CERT JE and Davey Sandiford, Senior Manager Cyber Security at the JFSC.

“Responding to cyber-attacks and building national cyber resilience has never been – and will never be – the sole responsibility of governments. It requires a whole-of-society approach grounded in international cooperation efforts.”

The variety of online actors working for the cause is unprecedented, say Joyce Hakmeh and Esther Naylor of Chatham House and the International Security Programme.

What is cyber security?

We have also produced a short introductory video to explain what we mean by cyber security and why it matters to Jersey. This will be going on our website and you can preview it here:

The European Commission has proposed changes to cyber security measures across EU institutions. This includes strengthening the role of CERT-EU, requiring all EU bodies to have a framework for governance, risk and control in cyber security, conducting regular maturity assessments, and to share incident data with CERT-EU. At the same time, a new regulation will create a minimum standard for cyber security controls across the EU.

Additionally, US President Biden has signed into law the Cyber Incident Reporting for Critical Infrastructure Act, mandating incident reporting by public bodies within 72 hours, and an obligation to report ransomware payments within 24 hours.

Read the European Commission announcement:

Resources

Upcoming Events

CERT JE – Cyber Security Service Providers Round Table

This month we are inviting any Jersey cyber security providers to our operations centre for a discussion on how we can collaborate to support and improve the cyber security posture of the island. If you have not yet received an invite but feel your inclusion would be beneficial, please do get in touch with us via email to [email protected]

Our goal is to have an open discussion with input from all local cyber security service providers. It will also provide an opportunity to talk to us about the role of CERT and our future plans, and input to our priorities.

CYBERUK 2022 – 10 & 11th May 2022

The NCSC’s flagship event is held over two days at ICC Wales in Newport, South Wales, and provides a key opportunity for the cyber security community to interact, network and share knowledge. Keynote speeches will also be streamed on the CYBERUK YouTube channel in order to maximise accessibility for all.

Tool of the month

NCSC Early Warning System - Early Warning - NCSC.GOV.UK

Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.

Early Warning is completely FREE to use, and CERT has confirmed that it is available to all Jersey organisations. CERT recommends that all organisations sign up unless an equivalent commercial solution is already in place. Smaller organisations without their own IT function can have alerts sent to their local IT provider.

Activity on the CiSP Channel Islands Node:

Use of CiSP in CI
EU Proposal for a regulation laying down measures on cybersecurity_at_euibas.pdf
Invasion of Ukraine - Raised Cyber Threat - 27th February 2022
Essential steps to reducing cyber risk - general advice

How to sign up for CiSP: CiSP - NCSC.GOV.UK

And finally...

If you’d like to share jobs or events related to cyber security please do let us know via email to [email protected]