Ransomware damage costs predicted to hit $11.5B by 2019

The market for ransomware is growing. Ransomware is already a multi-billion dollar business run by international organization or an individual. The recent case of UBER breach and it’s $100 million ransomeware to destroy the evidence is a perfect example.

Source: https://www.csoonline.com/article/3237674/ransomware/ransomware-damage-costs-predicted-to-hit-115b-by-2019.html

Paying a ransom pales in comparison to the actual damage costs involved with a ransomware attack, which includes:

• Damage and destruction (or loss) of data
• Downtime
• Lost productivity
• Post-attack disruption to the normal course of business
• Forensic investigation
• Restoration and deletion of hostage data and systems
• Reputational harm
• Employee training in direct response to the attacks

Tallying it all up, Cybersecurity Ventures predicts ransomware damages will cost the world $5 billion in 2017 and climb to $11.5 billion in 2019. Those figures are up from just $325 million in 2015.

The rising costs are driven by an uptick in the frequency of attacks. Ransomware is projected to attack a business every 14 seconds by the end of 2019, up from every 40 seconds this year.

[ Read our blue team’s guide for ransomware prevention, protection and recovery. | Get the latest from CSO by signing up for our newsletters. ]

Some industries will be more targeted than others. Ransomware attacks on healthcare organizations are expected to quadruple by 2020. But that doesn’t necessarily mean they’ll pay more ransoms.

“We do not store Bitcoin for ransomware and do not make payments to recover data,” says Jim Routh, chief security officer at Hartford, Conn.-based Aetna, one of the nation’s leading diversified healthcare benefits companies.

Saying no to ransom demands, backing up all data in the enterprise, training employees on how to detect and react to spear phishing emails (which is how 91 percent of cyber attacks originate), and more timely patching (software updates), are the best practices that many IT security leaders are following.

Companies buy Bitcoin in case of attack

However, battening down the hatches to protect against hackers is easier said than done — and businesses are hardly devoid of Bitcoin — much as it can be argued by many experts for an alignment to Routh’s thinking.

CyberArk’s CEO Udi Mokady recently told CNBC Mad Money’s Jim Cramer that many companies who fall victim to ransomware are buying Bitcoin to pay off the hackers.

The world of business intelligence is changing faster than ever. From the growing move towards data insurance to crowd-sourced governance—you need to know what’s next.

A disturbing trend is brewing in the U.K., where organizations are seemingly more likely to pay ransoms.

“About a third of mid-sized British companies report having Bitcoin on hand to respond to ransomware emergencies when other options can’t be immediately exhausted,” says Gotham Sharma, managing director at Exeltek Consulting Group, a New York City-based consulting firm specializing in cybersecurity and digital privacy.

“Interestingly, the percentage of British companies who don’t regularly back up data is also about a third,” adds Sharma.

John McAfee — his last name synonymous with antivirus software — has turned his attention to stockpiling cryptocurrency over the past year. The Chief Cybersecurity Visionary at MGT Capital Investments says many companies are storing Bitcoin in the event of a ransomware attack, but they won’t say so publicly.

Still, Cybersecurity Ventures’ research indicates the overall number of businesses willing to pay a ransom is declining.

Seeing the potential for massive payouts, hackers have been innovating (new ransomware) furiously, according to a recent CSO article. That’s not likely to wane until the ransom payouts stop altogether.

2017 Has Broken the Record for Security Vulnerabilities

Since we are almost at the end of 2017 I found this blog explaining where we stand this year in terms of security vulnerabilities.

Some 40% of disclosed vulnerabilities as of Q3 are rated as severe, new Risk Based Security data shows.

2017 has already broken the record for the most security vulnerabilities – and that’s only as of the third quarter of this year.

There were some 16,006 vulnerabilities disclosed through September 30, which is more than all of 2016, when there were 15,832, according to new data published today by Risk Based Security. The number of bugs as of Q3 represents an increase of 38% over Q3 2016. According to Risk Based Security, that’s 6,295 more security vulnerabilities than those reported in the CVE and National Vulnerability Database.

“Any security product or tool that relies on CVE/NVD is putting your organization at serious risk,” said Jake Kouns, CISO for Risk Based Security.

The firm’s new Q3 2017 VulnDB QuickView report shows that the number of severe vulnerabilities is still high, with nearly 40% ranked above 7.0 on the CVSSv2 score. And 31.6% of disclosed vulnerabilities this year also are being abused in public exploits.

Source: https://www.darkreading.com/threat-intelligence/2017-has-broken-the-record-for-security-vulnerabilities/d/d-id/1330410?

FBI Still Trying to Unlock Texas Killer’s Smartphone

 Here is an another case of law enforcement not having access to fugitive phone data. According to the article if the fingerprints are not used within 48 hours to unlock an iphone you must enter the passcode to unlock Iphone. In this mass shooting tragedy, Shooter phone data access could easily lead to some clue which can help law enforcement to find the motive of this mass shooting. encryption to encryption messages doesn’t identify who is a criminal or who is just trying to protect the personnel data. Phone manufacturing companies should come up with a plan to do a quick assessment and provide phone data access to the LAW enforcement in the case of murder and mass shooting investigation.

Source: https://www.databreachtoday.com/fbi-still-trying-to-unlock-texas-killers-smartphone-a-10443

The FBI is still working to unlock the mobile phone of Devin P. Kelley, who shot and killed 26 people in a church in a rural Texas town on Sunday. The bureau’s revelation seems certain to revive the contentious debate over the use of strong encryption to protect consumers and their devices.

The smartphone has been sent to the FBI headquarters in Quantico, Virginia, for analysis, Christopher Combs, FBI special agent in charge, said during a Tuesday press conference.

Combs said encryption is again proving to be an obstacle to law enforcement investigations.

“Unfortunately at this point in time, we are unable to get into that phone,” Combs said. “So it actually highlights an issue you’ve all heard about before. With the advance of the technology and the phones and the encryptions [sic], law enforcement – whether it’s at the state, local or the federal – is increasingly not able to get into these phones.”

Combs didn’t identify the type of phone Kelley was using, so as to not tip off others as to what model of device is frustrating law enforcement. The New York Times, however, reported that it is an Apple iPhone, although did not specify the model.

“I’m not going to describe what phone it is because I don’t want to tell every bad guy out there what phone to buy to harass our efforts on trying to find justice here,” Combs said. “I can assure you we are working very hard to get into the phone, and that will continue until we find an answer.”

Kelley committed suicide shortly after the attack, which occurred at First Baptist Church in Sutherland Springs, Texas.

Dead Man’s Fingerprints

In theory, law enforcement could still have used his fingerprints to unlock the device, Reuters reported Wednesday. On an iPhone, Touch ID – the home button, which doubles as a fingerprint sensor – can be used to unlock a device for up to 48 hours after it was last used.

After that time period, the iPhone’s passcode must be entered. Citing an anonymous source, Reuters reported that Apple did not receive any requests for technical assistance from law enforcement between the shooting and Combs’ press conference – a period of about 48 hours.

The FBI’s linking of the debate over law enforcement access to encrypted content in light of yet another mass shooting tragedy in the United States is sure to stoke an emotive debate that puts further pressure on technology companies that use strong encryption.

Following former National Security Agency contractor Edward Snowden’s revelations, companies such as Apple, Google and Facebook in recent years have sought to design communications systems that are more resistant to hackers, cybercriminals and unauthorized government surveillance.

Encryption systems are now often designed to be “end-to-end,” meaning only senders and recipients hold the keys necessary to decrypt content.

Technology companies have dismissed ideas of also retaining a key that could be turned over to law enforcement as too risky, given increasingly sophisticated hacking attempts coming from cybercriminals and nation-states.

Apple: Encryption Defender

Apple has been at the forefront of the encryption debate after it resisted legal orders to help law enforcement break into the iPhone 5c used by Syed Rizwan Farook, which he had been issued by his employer. Farook and his wife opened fire at a holiday party at his workplace in San Bernardino, California, in December 2015, killing 14 people.

Apple was ordered by a federal court to create software to disable either the auto-erase on Farook’s iPhone 5c or enable unlimited password guesses. Investigators feared Farook had enabled a feature in iOS 9 that would delete all data on a device after 10 incorrect password-entry attempts.

But Apple went to the mat, with CEO Tim Cook arguing that creating such software would be a “cancer” that would jeopardize the security of millions of iPhone users.

The Department of Justice dropped the lawsuit against Apple after saying it found another way to break into the device, a method suspected to be a software exploit.

Stalled Legislation

Senior government and law enforcement officials in the United States, as well as the United Kingdom and Australia, continue to support legislation that would compel technology companies to provide a way to access encrypted content.

U.S. Deputy Attorney General Rod J. Rosenstein said during a speech at the U.S. Naval Academy on Oct. 10 that thousands of seized devices are in storage and “impervious to search warrants.”

Rosenstein added: “Over the past year, the FBI was unable to access about 7,500 mobile devices submitted to its Computer Analysis and Response Team, even though there was legal authority to do so.”

In the wake of the San Bernardino attacks, two U.S. senators – Republican Richard Burr of North Carolina and Democrat Dianne Feinstein of California – drafted a bill in early 2016 that would have required the technology companies’ cooperation in order to crack encrypted content and devices (see Encryption Compromise: A Fleeting Dream).

But the legislation, called Compliance with Court Orders Act of 2016, failed to gain traction after receiving tepid support from other lawmakers and opposition from the technology industry.

Digital code signing certificates are more expensive than credit cards or weapons

Researchers have discovered that digital code signing certificates are being sold for more than is required to buy a gun in the web’s underground markets. These certificates are a fundamental way of ensuring software and apps are legitimate, but if compromised, can be used to install malware on networks and devices while avoiding detection. A single certificate can fetch up to $1,200. Credit cards can go for as little as a few dollars, while US passports can be picked up for roughly $850 and a handgun may only set buyers back $600.

Source: http://www.zdnet.com/article/illicit-certificates-worth-more-than-guns-on-the-dark-web/

Software code signing certificates worth more than guns on the Dark Web

“We’ve known for a number of years that cybercriminals actively seek code signing certificates to distribute malware through computers,” said Peter Warren, chairman of the CSRI. “The proof that there is now a significant criminal market for certificates throws our whole authentication system for the internet into doubt and points to an urgent need for the deployment of technology systems to counter the misuse of digital certificates.”

The six-month investigation was carried out by the CSRI in partnership with the Cyber Security Centre at the University of Hertfordshire.

“With stolen code signing certificates, it’s nearly impossible for organizations to detect malicious software,” said Kevin Bocek, chief security strategist at Venfai. “Any cybercriminal can use them to make malware, ransomware, and even kinetic attacks trusted and effective.”

“In addition, code signing certificates can be sold many times over before their value begins to diminish, making them huge money makers for hackers and dark web merchants,” the executive added. “All of this is fuelling the demand for stolen code signing certificates.”

In October, Flashpoint researchers uncovered another worrying trend in online underground marketplaces, of which remote access to PCs. Access to Windows XP desktop PCs is being sold for as little as $3, and attackers can tap into compromised Windows 10 systems for only $9.

Given this access, cyberattackers can spy on consumers and businesses without the need to compromise systems through phishing or malware campaigns.

Dangerous Malware Allows Anyone to Empty ATMs—And It’s On Sale!

Wow this is a win-win situation for a hacker stealing money from ATM without targeting individual with their bank accounts. A hacker can easily buy this tool for $5000 and it comes with a manual to prepare him for stealing money directly from the bank without physically going inside the bank.

Source: https://thehackernews.com/2017/10/atm-malware-hacking.html

Hacking ATM is now easier than ever before.

Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs.

Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered after spotting a forum post advertising the malware, dubbed Cutlet Maker.

The forum post provides a brief description and a detailed manual for the malware toolkit designed to target various ATMs models with the help of a vendor API, without interacting with ATM users and their data.

Therefore, this malware does not affect bank customers directly; instead, it is intended to trick the bank ATMs from a specific vendor to release cash without authorisation.

The manual also mentions an infamous piece of ATM malware, dubbed Tyupkin, which was first analysed in 2014 by Kaspersky Lab and used by an international cybercrime gang to conduct Jackpotting attack and make Millions by infecting ATMs across Europe and beyond.

The list of crimeware contains in the toolkit includes:

• Cutlet Maker—ATM malware which is the primary element of the toolkit
• Stimulator—an application to gather cash cassette statuses of a targeted ATM
• c0decalc—a simple terminal-based application to generate a password for the malware.

According to Kaspersky researchers, the functionality of the Cutlet Maker malware suggests that two people are supposed to be involved in the ATM money theft—the roles are called “drop” and “drop master.”

“Access to the dispense mechanism of CUTLET MAKER is password protected. Though there could be just one person with the c0decalc application needed to generate a password,” the researchers say.

“Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface.”

In order to operate, the application needs a special library, which is part of a proprietary ATM API and controls the cash dispenser unit—this shows how cyber “criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM.”

The price of this ATM malware toolkit was $5000 at the time of Kaspersky’s research.

The advertisement of this Cutlet Maker ATM malware was initially published on the AlphaBay Darknet marketplace, which was recently taken down by the FBI.

 

This Wireless Explosives Detector Is the Size of a Postage Stamp

Upon reading this article, I find this very useful for law enforcement agencies to detect explosives.  This is a major break through to save millions of lives from explosives and chemical weapons. In current state, a dog sniffing method is highly dangerous and risky to detect explosives.

Below picture is a wireless, battery-free RFID sensor tag for detection of chemicals such as explosives and oxidizers developed by GE Global Research.

 

For public safety agencies, sniffing out explosives and other contraband is a tricky task. Handheld explosive detectors can be as small as a purse, but still must be manually operated. Permanently mounted sensors need to be even bigger. Dogs are useful in some scenarios, but they’re expensive to deploy en masse and must always have a handler.

That’s why GE Global Research is working on a new way to detect dangerous substances, one that costs about a nickel, can be deployed anywhere, and doesn’t need human supervision. The device is a tiny RFID tag that activates only when it detects certain explosives or oxidizing agents. In effect, it could replace gigantic explosive scanners with something a couple inches across.

Developed in partnership with the Technical Support Working Group (TSWG), an inter-agency task force dedicated to anti-terrorism, the new RFID tag could dramatically drive down the cost of scanning for dangerous materials in places like cargo ports and airports.

Conventional RFID tags that have been converted into sensors by applying a sensing material on one side of the tag. The sensing material is white.

GE Global Research

RFID tags use electromagnetic fields to transfer data, and are commonly found on things like key cards to open doors and EZPass toll transponders. GE is keeping mum on the details of how they’re being used here, but says it’s developed “a sensing material that responds to explosives and oxidizers” than can be built into the device. Radislav Potyrailo, a GE scientist, compared the tags to a smoke alarm or CO2 sensor. “We have developed sensing materials that are quite sensitive for this type of detection.”

The tags can be placed in cargo containers, shipping packages, airports, and government buildings, to name a few. The team believes they’ll be able to sit dormant for months and still trigger effectively, without any need for power or recharging. Effectively, the tag can be slapped nearly anywhere and only activate once a target chemical is found. The range at which they can be read depends on the strength of the pickup antenna of the reader, typically anywhere from a few inches to a few dozen feet. That may seem limited, because GE believes can cost just pennies each, they can be installed in vast numbers very cheaply, basically everywhere.

Currently, GE’s focus is on explosives and oxidizers (frequently used in improvised explosive devices), but the team believes it can develop similar tags to detect biological matter like spores or bacteria. Commercialization could arrive as soon as the next few years.

Source: https://www.wired.com/2015/02/wireless-explosives-detector-size-postage-stamp/

Watch Out! Difficult-to-Detect Phishing Attack Can Steal Your Apple ID Password

I found this article very useful since I am a Iphone user. The article talks about how to identify real and fake apple password prompt and also how to prevent data stolen from your iphone using 2 step authentication process. This is very realistic hacker are using similar design to mask GUI interface and have you enter your own password to simply give it away!!

Can you detect which one of the above screens—asking an iPhone user for iCloud password—is original and which is fake?

Well, you would agree that both screenshots are almost identical, but the pop-up shown in the second image is fake—a perfect phishing attack that can be used to trick even the most careful users on the Internet.

Felix Krause, an iOS developer and founder of Fastlane.Tools, demonstrated an almost impossible to detect phishing attack that explains how a malicious iOS app can steal your Apple ID password to get access to your iCloud account and data.

According to an alarming blog post published on Tuesday by Krause, an iOS app can just use “UIAlertController” to display fake dialog boxes to users, mimicking the look and feel of Apple’s official system dialogue.

Hence, this makes it easier for an attacker to convince users into giving away their Apple ID passwords without any degree of suspicion.

“iOS asks the user for their iTunes password for many reasons, the most common ones are recently installed iOS operating system updates or iOS apps that are stuck during installation. As a result, users are trained to just enter their Apple ID password whenever iOS prompts you to do so,” Krause said.

“However, those popups are not only shown on the lock screen, and the home screen, but also inside random apps, e.g. when they want to access iCloud, Game Center or In-App-Purchases.”

Moreover, it is even possible for app developers to generate fake alerts without knowing user’s email address because Apple also does that sometimes, as shown below:

Although there is no evidence of malicious attackers exploiting this phishing trick, Krause says it is “shockingly easy to replicate the system dialog,” allowing any malicious app to abuse this behaviour.

For security reasons, the developer has decided not to include the actual source code of the popup while demonstrating the attack.

Here’s How you can Prevent Against Such Clever Phishing Attacks

In order to protect yourself from such clever phishing attacks, Krause suggested users hit “Home” button when they are displayed such suspicious boxes.

If hitting Home button closes both the app, over which it appeared, and the dialog box disappears, then it was a phishing attack.
If the dialog and the app are still there, then it is an official system dialog by Apple.

“The reason for that is that the system dialogs run on a different process, and not as part of any iOS app,” the developer explained.

Krause also advised users to avoid entering their credentials into any popup and instead open the Setting app manually and enter the credentials there—just like users are always encouraged to not click on any links they receive via an email and instead go to the legitimate website manually.

Most importantly, always use 2-factor authentication, so even if attackers gain access to your password, they still need to struggle for the OTP (one-time passcode) that you receive on your mobile device.

Source: https://thehackernews.com/2017/10/apple-id-password-hacking.html

 

AOL Instant Messenger to shut down after 20 years

I remember how popular AOL was a decade before. This is the perfect example how volatile social media platforms are now a days. Same thing happened with myspace and some other social media site which failed to survive. I wonder what would happened if Facebook stayed only as a social media platform and did not expand for business, politics and entertainment.

AOL today announced it is permanently shuttering AOL Instant Messenger (AIM) — its iconic chat service which debuted in 1997 and was popular in the ’00s.

Michael Albers, VP of Communications Product at Oath — the Verizon subsidiary which owns both AOL and Yahoo — said in a Tumblr post that he understands how important AIM was to many people:

You likely remember the CD, your first screenname, your carefully curated away messages, and how you organized your buddy lists. Right now you might be reminiscing about how you had to compete for time on the home computer in order to chat with friends outside of school … In the late 1990’s, the world had never seen anything like it. And it captivated all of us.

I’m not sure how many people will mourn AIM’s loss on a practical level — I haven’t even heard of anyone using it in the last few years, which isn’t surprising given how many more sophisticated alternatives are available. That’s not a dig at the company, for the record: I actually still have my old AOL email address (it was my first, and I’m sentimental).

Whatever its value, or lack thereof, on a modern internet, it’ll be sad to see a piece of Internet history go after 20 years. The service officially shutters on December 15, 2017.

Source: https://thenextweb.com/socialmedia/2017/10/06/aol-instant-messenger-shut-down/#.tnw_eK3n1XW0

 

Here’s what quantum computing is and why it matters

I found this article very interesting on quantum computing and it’s future. This article talks about how a super computer with conditional programming can change the future of binary system to an artificial intelligent system implemented using computer chip.

Secondly, Quantum technology internet which doesn’t uses transmission to data method and almost impossible to be hacked.

Researchers for IBM, Google, Intel, and others are in a fantastic scientific arms race to build a commercially viable quantum computer. They already exist in laboratories, and we’re only a few years away from the beginning of what may turn out to be an entire shift in how we think about computing.

A typical computer, like the one inside the phone or laptop you’re reading this on, is a binary system, basically a yes/no device. The most amazing thing about computer programmers is how they can take something as basic and simple as a computer chip and spit out something like Microsoft Office by creating a series of “if this, then that” scenarios. This showcases how useful the computer is as a tool for humans to accomplish tasks.

The quantum computer

The quantum computer, however, is an entirely difference concept – the reason it’s quantum is that it doesn’t use binary logic. By its nature a quantum computer is a yes/no/both device. When a developer makes a logic choice they aren’t limited by “if this then that,” they can also ask “if this, then that — or both” and that makes all the difference in the world.

There are several instances where a binary computer can’t feasibly solve a problem the way we’d like to. When asked to solve a problem where every answer is equally likely, a binary computer has to take the time to individually assess each possibility. Quantum computers can assess more than one probability at a time, through something called “quantum entanglement.”

Quantum Entanglement

When two particles become entangled a phenomena occurs where anything that happens to one of these particles happens to the other. Einstein called this “spooky action at a distance,” and he was spot-on. A lion’s share of the research that’s been done in quantum computing since the 1980s has been focused on figuring out how to use quantum entanglement to our advantage.

The quantum internet of the future is also being built right now, with Chinese researchers making amazing strides in quantum communications.

A quantum internet would be unhackable as there’s no transmission of data. Of course storage vulnerabilities will still exist, but by then our security will be handled by AI anyway. The weird and wonderful phenomena of entanglement means you can stick data in one side and it pops out the other like teleportation. There’s nothing swirling through the ether; whatever happens to one entangled particle instantly happens to another.

The future

The technology is here already, but there are numerous challenges to overcome on the way to full-scale implementation. First, the quantum computing we’re capable of is still a bit behind the binary computing we’ve mastered. We also need to overcome physical concerns such as the fact that, in the IBM lab for example, the processors need to be kept at perfect-zero temperatures within hundredths of a degree.

Despite several incredible problems the outlook is very bright. Recent breakthroughs include the first ever space-based video call secured by quantum encryption.

The video call connected a Chinese scientist in Beijing with an Austrian scientist in Vienna. The distance between the two was over 4,000 miles. The communication was sent to a satellite in space then beamed back down to earth. Scientists have chosen to investigate the quantum network this way due to issues of signal loss through traditional methods of sending photons like fiber-optic cables.

These quantum encrypted communications would be impossible to hack using a binary computer. On the flip-side the successful completion of a commercially viable quantum computer may signal the end of binary-based encryption systems. Theoretically, a quantum computer could crack 128-bit encryption almost instantly given the same resources for computing power as any binary system, for example.

Perhaps the best way to look at the change that quantum computing represents is to compare it to binary computing in the exact same way you would compare the iPhone X’s capabilities with those of a Timex calculator watch from the 1980s.

Source: https://thenextweb.com/evergreen/2017/10/01/heres-quantum-computing-matters/

 

CEOs Resign from Trump’s Cybersecurity Commission

 

I read an article about eight members of the National Infrastructure Advisory Council resigned in August, citing inadequate attention by the Trump Administration to address growing cybersecurity threats facing the United States. US economy is one of the world’s largest and always been a target for many security threats on global spectrum. If the president doesn’t understand the global threat and security risk to protect all Americans, this could lead to a future financial meltdown. I recently read two blogs (Equifax data breach and cerber ransomware found on a US govt. site)  on huge data breach and security threats.

President Donald Trump’s Administration has “given insufficient attention to the the growing threats to the cybersecurity of the critical systems upon which all Americans depend,” according to a resignation letter signed by eight members of the President’s private-public National Infrastructure Advisory Council (NIAC).

The members of NIAC also said they resigned in protest to the Trump’s response to deadly clashes in Charlottesville earlier this month between white nationalists and Antifa protesters. The move is similar to resignations within two White House business councils that were also disbanded earlier this month over  concerns by members over Trump’s response to the Charlottesville violence.

“The moral infrastructure of our Nation is the foundation on which our physical infrastructure is built. The Administration’s actions undermine that foundation,” read the resignation letter  (PDF) first published by NextGov.

NIAC is a public-private government council which advises the President on cybersecurity systems in finance, transportation, energy and manufacturing. The original 30 members were appointed by previous administrations and included leaders from the private sector, academia and state and local government. It was founded by George W. Bush administration’s executive order in 2001 and was extended until Sept. 30, 2017 by the Obama administration.

Resigning members cited Trump’s failure “to denounce intolerance and violence of hate groups” in the wake of “horrific violence in Charlottesville.” They also pointed to the Trump Administration’s move to withdraw from the Paris Agreement as part of their reasoning to resign.

“Additionally, your decision to withdraw from the Paris Agreement, your intent to revoke flood-risk building standards, and your many other actions to ignore the pressing threat of climate change to our critical infrastructure also point to your disregard for the security of American communities,” they wrote.

Cybersecurity expert Edgard Capdevielle, CEO of Nozomi Networks, said the move will have a negligible impact on U.S. cybersecurity defenses. “While the National Infrastructure Advisory Council (NIAC) provides the President through the Secretary of Homeland Security with advice on the security of critical infrastructure, the actual standards and frameworks for securing critical infrastructure come from the National Institute of Standards and Technology.”

The resignations come just before the commission held a quarterly business meeting. The agenda of that meeting was to approve a report titled “Securing Cyber Assets: Addressing Urgent Cyber Threats to Critical Infrastructure (PDF)” released Monday.

The draft report warns that the country’s cyber defenses and readiness is falling short when it comes to defending critical systems against cyberattacks. Rep. Michael McCaul (R-TX), chairman of the House Committee on Homeland Security, came to a similar assessment earlier this year. And just last week at an Arizona State University’s Cybersecurity Conference U.S. Senator John McCain (R-AZ), Chairman of the Senate Armed Services Committee said “Unfortunately, leadership from the executive branch on cybersecurity has been weak.”

“As America’s enemies seized the initiative in cyberspace, the last administration offered no serious cyber deterrence policy and strategy. And while the current administration promised a cyber policy within 90 days of inauguration, we still have not seen a plan,” McCain said.

Source: https://threatpost.com/ceos-resign-from-trumps-cybersecurity-commission/127686/