The NSA, FBI and CISA have released a CSI or cybersecurity information sheet called Contextualizing Deepfake Threats to Organizations. Here’s the TL:DR via this media alert:
Today, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Information Sheet (CSI), Contextualizing Deepfake Threats to Organizations, which provides an overview of synthetic media threats, techniques, and trends. Threats from synthetic media, such as deepfakes, have exponentially increased—presenting a growing challenge for users of modern technology and communications, including the National Security Systems (NSS), the Department of Defense (DoD), the Defense Industrial Base (DIB), and national critical infrastructure owners and operators. Between 2021 and 2022, U.S. Government agencies collaborated to establish a set of employable best practices to take in preparation and response to the growing threat. Public concern around synthetic media includes disinformation operations, designed to influence the public and spread false information about political, social, military, or economic issues to cause confusion, unrest, and uncertainty.
The authoring agencies urge organizations review the CSI for recommended steps and best practices to prepare, identify, defend against, and respond to deepfake threats.
Allen Drennan, Principal & Co-Founder, Cordoniq had this to say:
“The threat of deepfakes has been an ongoing challenge, however with the introduction of unregulated AI data mining that could provide unfettered access to media, this elevates the threat to a whole new level. Consumers who have provided photos, videos, audio and recordings to third-party social networks, email host providers and even online meeting solutions may find that their likeness is easily consumed by AI training models to better recreate deepfakes that not only look and sound like their intended target but also behave like them. Since many of these organizations maintain information for protracted periods of time as part of their terms of service, consumers may find these AI models can train against their likeness retroactively. Federal regulation of privacy as it relates to consumer provided content to companies and organizations is critical in preventing the wide-spread use of deepfakes.”
This cybersecurity information sheet is very much worth reading as this is an emerging threat that all should take seriously. And with emerging threats, it’s better to get out front of them rather than be on the defensive.
CISA, NFL, and Super Bowl LVIII hold Cybersecurity Tabletop Exercise
Posted in Commentary with tags CISA on September 22, 2023 by itnerdThis week, CISA, the NFL, Allegiant Stadium, and Super Bowl LVIII partners held a Super Bowl LVIII Cybersecurity Tabletop Exercise to explore, assess, and enhance cybersecurity response capabilities, plans, and procedures ahead of Super Bowl LVIII.
The 4-hour Tabletop Exercise brought together more than 100 partners from the NFL, stadium, and federal, state, and local governments in preparation efforts designed to ensure the safety of events at Allegiant Stadium. The collaborators’ aim is to discuss plans and procedures, resources, capabilities, and best practices for protecting against, responding to, and recovering from a significant cyberattack during the event.
“This was a safe, low-stress setting to identify any gaps in those plans and ensure we all have a shared understanding of roles and responsibilities. In short, this exercise will help ensure we’re ready for any challenges that come our way on game day,” said CISA’s Deputy Executive Assistant Director for Infrastructure Security Steve Harris.
During the exercise, participants discussed a hypothetical scenario that included phishing, ransomware, a data breach, and a potential insider threat – all with cascading impacts on physical systems.
“At the NFL, we understand how important it is to practice like you play, and this week’s exercise is the first of many simulations we will conduct prior to Super Bowl LVIII,” said NFL Senior VP and CSO Cathy Lanier.
George McGregor, VP, Approov had this to say:
“It is very encouraging to see this exercise was organized by the NFL and partners and CISA.
Such a workshop should be a critical exercise before any major sporting event, to check that security and contingency plans are complete.
“Such events have a highly dynamic cybersecurity attack surface which changes rapidly as multiple partners and vendors, and thousands of fans come together and interact with ticketing systems and points of sale using stadium Wi-Fi and via mobile devices. As a key part of this exercise, mobile apps which access sensitive information must be verified as being protected from impersonation or manipulation. “
Table top exercises like these ones are good because it makes sure that all parties are on the same page. Let’s hope that the lessons learned from this exercise aren’t ever needed.
Leave a comment »