James Thew - Fotolia
Privileged user management trips up NSA
News roundup: DOD inspector general found NSA failed to implement secure privileged user management post-Snowden. Plus, Honda hit by WannaCry, Trump met with tech CEOs and more.
A recently declassified report revealed the U.S. National Security Agency failed to fully secure its systems since the Edward Snowden leaks in 2013.
The report detailed the findings of the Department of Defense inspector general's 2016 assessment of the NSA's security efforts around privileged user management. The heavily redacted report was declassified after Charlie Savage, a Washington correspondent for The New York Times, filed a Freedom of Information Act lawsuit. The assessment looked at how the NSA handles privileged access management, and, according to the report, the NSA was found wanting.
After Edward Snowden leaked over a million files in 2013, the NSA began an initiative, dubbed Secure the Net (STN), with seven privileged user management goals. The inspector general's assessment found that the NSA met only four out of the seven goals: developing and documenting a plan for a new system administration model; assessing the number of system administrators across the enterprise; implementing two-factor access controls over data centers and machine rooms; and implementing two-factor authentication controls for system administration.
According to the report, dated Aug. 29, 2016, not all of the four privileged user management initiatives were fully met. "[The] NSA did not have guidance concerning key management and did not consistently secure server racks and other sensitive equipment in the data centers and machine rooms in accordance with the initiative requirements and policies, and did not extend two-stage authentication controls to all high-risk users," the report read.
Additionally, the assessment found that three of the seven STN initiatives for strong privileged user management were not accomplished. The NSA was supposed to "fully implement technology to oversee privileged user activities; effectively reduce the number of privileged access users; and effectively reduce the number of authorized data transfer agents."
There were 40 STN initiatives in total, though the assessment focused on the seven related to privileged access management. The conclusion reached in the assessment was, while the NSA was successful in part, it "did not fully address all the specifics of the recommendations."
In other news:
- Automaker Honda Motor Co. stopped production at its plant in Sayama, Japan, on Monday after it found the WannaCry ransomware on its network. Honda discovered WannaCry on its systems on Sunday and determined it had affected its networks in Japan, North America, Europe, China and other regions, despite taking steps to protect against the ransomware in mid-May. The plant in Sayama, which produces about 1,000 vehicles every day -- including the Accord sedan, Odyssey minivan and StepWGN compact multipurpose vehicle -- was the only plant Honda shut down. Production resumed the next day. Honda's discovery comes over a month after WannaCry first emerged in May 2017 and infected more than 200,000 computers in 150 countries.
- On Monday, June 19, President Donald Trump met with the heads of 18 technology companies, including Apple, Amazon and Microsoft, to discuss improving the government's computer systems. The executives are part of the American Technology Council that Trump formed in May to help modernize the government's technology. Trump reportedly wants to update government IT systems, cut costs, eliminate waste and improve service. "Our goal is to lead a sweeping transformation of the federal government's technology that will deliver dramatically better services for citizens," Trump said. "Government needs to catch up with the technology revolution." Others in attendance at this meeting included executives from Google's parent company Alphabet Inc., venture capital firm Kleiner Perkins, Intel, Qualcomm, Oracle and others.
- Nayana, a South Korean web hosting company, agreed to pay $1 million in bitcoin after a ransomware attack infected 153 of its Linux servers earlier this month. The ransomware attack resulted in over 3,400 company websites hosted by Nayana becoming encrypted and inaccessible. Trend Micro determined ransomware belonged to the Erebus family of malware targeting Linux systems. "In a notice posted on Nayana's website last June 12, the company shared that the attackers demanded an unprecedented ransom of 550 bitcoins, or US$1.62 million, in order to decrypt the affected files from all its servers," Trend Micro explained. "In an update on June 14, Nayana negotiated a payment of 397.6 BTC (around $1.01 million as of June 19, 2017) to be paid in installments. In a statement posted on Nayana's website on June 17, the second of three payments was already made." The third installment is expected to be paid after the first two installments of servers are recovered.