GOV/MIL US issues emergency cyber security directive as Iran-linked hackers strike during shutdown

[Melodi]

But...but the Federal Workforce doesn't do anything, they are all just leaches right (sarcasm alert) and good luck getting those agencies to "submit reports" with no IT people and good luck getting IT people to come in if they find other jobs.
US issues emergency cyber security directive as Iran-linked hackers strike during shutdown
A cyber attack linked to the Iranian state has prompted an emergency directive during the shutdown to secure civilian agencies.
By Alexander J Martin, technology reporter

Thursday 24 January 2019 15:14, UK

The US has issued an emergency cyber security directive in response to an ongoing attack attributed to Iran-linked hackers striking during the government shutdown.

Prompted by disagreements over President Donald Trump's $5.6bn (£4bn) budget request for a border wall with Mexico, the shutdown has now stretched into its 34th day and become the longest in US history.

As no budget has been passed, many federal employees have been furloughed from their jobs, left unpaid and effectively ordered to not come into work, including those who maintain the security of IT systems.

This in turn has left civilian agencies exposed to a global cyber attack hijacking the internet's Domain Name System (DNS), which cyber security firms believe originated from Iran.

DNS is a directory service system underpinning the internet, and DNS hijacking is when the attacker redirects something to route to the wrong place - often a place they can monitor and manipulate.


Federal agencies are being required to audit these public systems to identify whether any malicious actors have modified them to direct people to attacker-controlled addresses.

Chris Krebs, director of the US cyber and infrastructure security agency (CISA), has now issued "an emergency directive to US civilian agencies requiring immediate actions to protect federal information systems from ongoing DNS hijacking and tampering activities".


Mr Krebs said that the government was "aware of a number of agencies affected by the tampering activities" and said that CISA has notified them.

Federal agencies have until Friday to submit a status report to the Department for Homeland Security about their work to protect their systems from the flaw, and are required to submit a completion report by 5 February.

The relationship between Iran and the US has become more fraught since the election of Mr Trump, who has reimposed economic sanctions against the country.

Other western nations including the UK have attempted to navigate a more conciliatory course regarding sanctions, but have also clashed with the regime - particularly in regards to the status of jailed nationals.


Britain's Foreign Secretary Jeremy Hunt has called on Tehran to release what he says are innocent people whom the regime has imprisoned, including charity worker Nazanin Zaghari-Ratcliffe.

Iran has developed a significant offensive cyber capability in recent years which it has regularly exercised against neighbouring states and the West.

One of the most significant cyber attacks ever recorded, the Shamoon attack against Saudia Arabia's state-owned oil company Saudi Aramco, is believed to have been sponsored by the Iranian state.

Elsewhere, attacks from the country have appeared less geopolitically motivated.

A hacking group linked to Iran was identified as targeting dozens of universities in 14 countries, including the UK, in an attempt to steal student credentials, presumably as a method of circumventing academic literature sanctions.
https://news.sky.com/story/us-issue...inked-hackers-strike-during-shutdown-11616241

 

[The Mountain]

I wonder just how complicit Iran really is in that so-called "attack". They make an easy scapegoat for Dems looking for an excuse to stop the shutdown, and for IT workers who just want to get paid.

 

[parable]

I wonder just how complicit Iran really is in that so-called "attack". They make an easy scapegoat for Dems looking for an excuse to stop the shutdown, and for IT workers who just want to get paid.

I think that is the most reasonable explanation.

 

[TheSearcher]

I think that is the most reasonable explanation.

There is not a small chance that with Israel's looming conflict with Iran, we may be posturing as a more overt Israeli ally in such a war, as well.

 

[CaryC]

I wonder just how complicit Iran really is in that so-called "attack". They make an easy scapegoat for Dems looking for an excuse to stop the shutdown, and for IT workers who just want to get paid.

My first thought as well.

 

[Melodi]

There is not a small chance that with Israel's looming conflict with Iran, we may be posturing as a more overt Israeli ally in such a war, as well.

That wouldn't surprise me either, I would be shocked that IT workers were not considered "essential" in this day and age (aka forced to work without pay) except that I've seen just how amazingly stupid the Agencies are when it comes to security and from what family and friends still working for the US Feds tell me it hasn't improved much.

Sure the passwords are no longer ordered to be "taped to the computer" by management and they are no longer "password;" but considered that we were using 1980's computer software in 1993; with all the "security" that implies, well...no, I am not shocked.

I did notice the level of anti-Iran stuff in the second half of the article.

 

[SouthernBreeze]

I wonder just how complicit Iran really is in that so-called "attack". They make an easy scapegoat for Dems looking for an excuse to stop the shutdown, and for IT workers who just want to get paid.

I don't think it is out of the realm of possibility for the Dems to orchestrate an event in order to blame it on Trump for his unwillingness to reopen the government.

 

[SSTemplar]

Yep. The smell test says it is political bull.

 

[WalknTrot]

My bet...the Chloe O'Brians of the world are still glued to their desks, soaked with high-octane caffeine and ticking away with Cheezy-Poof colored fingers, sleeping on the floor under their coats for a few hours every couple days - just like always.

IOW..the people who need to be there, still are there.

 

[Heliobas Disciple]

I don't think it is out of the realm of possibility for the Dems to orchestrate an event in order to blame it on Trump for his unwillingness to reopen the government.

I was thinking the same thing. The air traffic controllers recently issued a statement about safety on planes, as TSA in Miami.

Here's the one from the Air Traffic Controllers:

https://www.afacwa.org/air_traffic_...etail_serious_safety_concerns_due_to_shutdown
(fair use applies)

Air Traffic Controllers, Pilots, Flight Attendants Detail Serious Safety Concerns Due to Shutdown

Washington, D.C. — On Day 33 of the government shutdown, National Air Traffic Controllers Association (NATCA) President Paul Rinaldi, Air Line Pilots Association (ALPA) President Joe DePete, and Association of Flight Attendants-CWA (AFA) President Sara Nelson released the following statement:

“We have a growing concern for the safety and security of our members, our airlines, and the traveling public due to the government shutdown. This is already the longest government shutdown in the history of the United States and there is no end in sight. In our risk averse industry, we cannot even calculate the level of risk currently at play, nor predict the point at which the entire system will break. It is unprecedented.

“Due to the shutdown, air traffic controllers, transportation security officers, safety inspectors, air marshals, federal law enforcement officers, FBI agents, and many other critical workers have been working without pay for over a month. Staffing in our air traffic control facilities is already at a 30-year low and controllers are only able to maintain the system’s efficiency and capacity by working overtime, including 10-hour days and 6-day workweeks at many of our nation’s busiest facilities. Due to the shutdown, the FAA has frozen hiring and shuttered its training academy, so there is no plan in effect to fill the FAA’s critical staffing need. Even if the FAA were hiring, it takes two to four years to become fully facility certified and achieve Certified Professional Controller (CPC) status. Almost 20% of CPCs are eligible to retire today. There are no options to keep these professionals at work without a paycheck when they can no longer afford to support their families. When they elect to retire, the National Airspace System (NAS) will be crippled.

“The situation is changing at a rapid pace. Major airports are already seeing security checkpoint closures, with many more potentially to follow. Safety inspectors and federal cyber security staff are not back on the job at pre-shutdown levels, and those not on furlough are working without pay. Last Saturday, TSA management announced that a growing number of officers cannot come to work due to the financial toll of the shutdown. In addition, we are not confident that system-wide analyses of safety reporting data, which is used to identify and implement corrective actions in order to reduce risks and prevent accidents is 100 percent operational due to reduced FAA resources.

“As union leaders, we find it unconscionable that aviation professionals are being asked to work without pay and in an air safety environment that is deteriorating by the day. To avoid disruption to our aviation system, we urge Congress and the White House to take all necessary steps to end this shutdown immediately. “

###

ABOUT NATCA
The National Air Traffic Controllers Association (NATCA) is a labor union and aviation safety organization in the United States that represents nearly 20,000 highly skilled air traffic controllers, engineers, and other aviation safety-related professionals. NATCA was certified in 1987 by the Federal Labor Relations Authority to be the exclusive bargaining representative for air traffic controllers employed by the Federal Aviation Administration. Today, NATCA is one of the strongest labor unions in the federal sector and represents a range of aviation safety professionals in 15 FAA bargaining units, 4 Department of Defense air traffic facilities, and 102 federal contract towers. These air traffic controllers and other aviation safety professionals make vital contributions to the U.S. economy and make modern life possible by coordinating the safe, orderly, and expeditious movement of nearly one billion aviation passengers and millions of tons of freight within the National Airspace System each year. NATCA is headquartered in Washington, D.C., and is affiliated with the AFL-CIO.

ABOUT ALPA
Founded in 1931, ALPA is the world’s largest pilot union, representing more than 61,000 pilots at 33 airlines in the United States and Canada. Visit the ALPA website at www.alpa.org or follow us on Twitter @WeAreALPA.

ABOUT AFA
The Association of Flight Attendants is the Flight Attendant union. Focused 100 percent on Flight Attendant issues, AFA has been the leader in advancing the Flight Attendant profession for 73 years. Serving as the voice for Flight Attendants in the workplace, in the aviation industry, in the media and on Capitol Hill, AFA has transformed the Flight Attendant profession by raising wages, benefits and working conditions. Nearly 50,000 Flight Attendants come together to form AFA, part of the 700,000-member strong Communications Workers of America (CWA), AFL-CIO. Visit us at www.afacwa.org.

 

[Heliobas Disciple]

https://www.nbcmiami.com/news/local/MIA-TSA-Worker-Concerns-Government-Shutdown-504730632.html
(fair use applies)

Local TSA Worker Warns About Dangers of Shutdown
The airline industry "cannot even calculate the level of risk currently at play, nor predict the point at which the entire system will break," said unions representing air traffic controllers, flight attendants and pilots
By Laura Rodriguez
Published Jan 22, 2019 at 11:11 PM | Updated 2 hours ago

A Florida Transportation Security Administration employee said the government shutdown has made the already stressful task of securing airports even more difficult and warned passengers are in danger because the "system is severely compromised."

Herbert Garces works at Miami International Airport and said he is hanging up his uniform until there's an end to the shutdown. Graces, a 16-year veteran with the TSA, stopped reporting to work on Tuesday because of security concerns.

"The system is severely compromised and we can't accomplish our mission," Garces told NBC 6. "I cannot, on a clear conscience, process the bags and the passengers knowing I could be sending them to their deaths."

TSA officers who staff security checkpoints and FAA's air-traffic controllers are among the "essential" federal employees required to work through the shutdown without pay. The agency said Monday the percentage of TSA airport screeners missing work has hit 10 percent as the partial government shutdown stretches into its fifth week.

The workers who screen passengers and their bags face missing another paycheck if the shutdown doesn't end early this week. According to TSA, many of them say the financial hardship is preventing them from reporting to work.

Industry officials worry that if the shutdown lingers and TSA employees quit en masse, with training for new hires on hold, the lack of staffing will lead to longer security lines, closed checkpoints, extended flight delays and even the grounding of flights.

It also has security repercussions. Mike Perrone, president of the Professional Aviation Safety Specialists union, told NBC it's hard for TSA and FAA employees to "keep their head in the game" when they're worried about bills not getting paid.

Garces believes staffing issues will lead to errors and detailed his concerns in a letter to TSA administrators and other government officials.

"We are understaffed and workers are overworked. We are understaffed because many workers are quitting and can't afford to be without a paycheck," he said.

A TSA spokesman disputed Garces' claim that security is compromised in an emailed statement to NBC 6.

"Our Federal Security Directors around the country are busy ensuring that security standards are being met, just as they always are," said TSA's Jim Gregory.

Meanwhile, unions representing air traffic controllers, flight attendants and pilots also voiced "growing concern for the safety and security" of its members and passengers, NBC News reported.

The presidents of the National Air Traffic Controllers Association, Air Line Pilots Association and Association of Flight Attendants cautioned in a join statement that the airline industry "cannot even calculate the level of risk currently at play, nor predict the point at which the entire system will break. It is unprecedented."

The FAA responded to the unions' concerns in a statement to NBC News, writing in part, "We have not observed any appreciable difference in performance over the last several weeks compared to the same periods during the previous two years."

It said the FAA "continually reviews and analyzes the performance of the national airspace system to assess its safety and efficiency" and passengers "can be assured that our nation's airspace system is safe."

"Personally, I won't be flying, and that would be my recommendation to anybody, domestic or international travel," Garces said.

 

[Heliobas Disciple]

Add former homeland security to the list of those saying 'it's not safe out there'.

https://www.bostonglobe.com/news/po...ity-funding/NxBhnEdPNU6ddKmkFeVpkM/story.html

John Kelly joins former DHS secretaries in calling for Homeland Security funding
By Christina Prignano
January 24, 2019

Former White House Chief of Staff John Kelly is among the signers of a letter urging President Trump and members of Congress to fund the Department of Homeland Security, calling the lack of paychecks for DHS employees “unconscionable.”

Kelly was among five former Homeland Security secretaries who signed the letter, joined by Jeh Johnson, Janet Napolitano, Michael Chertoff, and Tom Ridge.

The group criticized the federal government for failing to fund the agency despite the shutdown, as it has done for the Department of Defense and other national security agencies during past funding lapses. It also praised community members and charitable organizations for stepping in to aid the workforce while expressing dismay that such an effort was necessary.

“DHS employees who protect the traveling public, investigate and counter terrorism, and protect critical infrastructure should not have to rely on the charitable generosity of others for assistance in feeding their families and paying their bills while they steadfastly focus on the mission at hand,” the group wrote in the letter.

They also showered praise on the 240,000-strong workforce.

“We are awed by the sacrifices that the men and women of DHS and their families make every day and their extraordinary service to our nation,” the five forner secretaries wrote.

Federal workers are all but certain to miss a second paycheck as the government shutdown drags on. Many employees deemed “essential,” such as TSA officers, are being forced to work without pay, limiting their options for earning money outside their primary jobs.

The former Homeland Security secretaries argued this predicament was leading some workers to leave government service for the private sector.

“The Department is facing a real crisis in retaining this workforce week after week,” they wrote.

The Senate is scheduled to hold its first votes on bills to end the shutdown Thursday at 2:30 p.m
~~~~~~~~~~~

I can't find the text of the letter, only images of it so I will attach those instead

 

[Heliobas Disciple]

https://www.vox.com/policy-and-politics/2019/1/24/18195805/john-kelly-government-shutdown-tsa-letter
(fair use applies)

John Kelly wants to reopen the government
Trump’s former chief of staff joined former homeland security secretaries in saying the security risks of the shutdown have become too great.
By Emily Stewart
Jan 24, 2019, 10:40am EST


John Kelly, who formerly served as President Trump’s chief of staff and homeland security secretary, joined other former homeland security secretaries in calling for the department they used to head to be reopened as the partial government shutdown enters its second month.

“Homeland security is national security,” the group wrote in a letter to Trump and Congress this week asking them to restore funding to the department, which is one of nine affected by the partial government shutdown. “DHS has a vital mission: to secure the nation from the many threats we face. This requires the dedication of more than 240,000 employees in jobs that range from aviation security, law enforcement and protective services, border security, emergency preparedness and response, and federal network security to stopping human trafficking, child exploitation and transnational criminal organizations. Their duties are wide-ranging, but their goal is clear — keep America safe.”

Kelly, who served as head of the agency until he joined Trump’s White House in July 2017, joined former DHS secretaries appointed by both Republican and Democratic presidents: Tom Ridge, Michael Chertoff, Janet Napolitano, and Jeh Johnson. The shutdown also affects the Justice, State, and Treasury departments.

The former secretaries noted that Congress has “consistently voted” to fund other national security agencies, including the Department of Defense, during government shutdowns. The Defense Department hasn’t been affected by the current shutdown. “DHS should be no different,” they wrote. “With today’s threats, there is no longer a distinction between the ‘away game’ and the ‘home game,’ which is why DHS and DoD work hand in hand to defend our country.”

5 ex-Homeland Security secretaries are calling for Trump and Congress to "fund the critical mission of DHS," according to letter obtained by @NBCNews.

One of the secretaries is John Kelly, who was still technically Trump's chief of staff when the shutdown started last month. pic.twitter.com/coD85MEhk8
— Kyle Griffin (@kylegriffin1) January 24, 2019 ​

Kelly’s signature on the letter comes as a bit of a surprise, given that it’s been just weeks since he left the White House and the shutdown began while he was technically still employed there. He has also been a hardliner on immigration — the issue Trump says is at the root of his refusal to sign a government funding bill — and infamously defended the Trump administration’s family separation practice by saying that children taken from their parents would be “taken care of — put into foster care or whatever.”

But Kelly has acknowledged that the border wall, for which Trump is currently demanding $5.7 billion, isn’t, in his eyes, the best idea.

“To be honest, it’s not a wall,” Kelly said in an interview with Los Angeles Times reporter Molly O’Toole in December.

He said that when he met with border agents as homeland security secretary, they told him they needed a “physical barrier in certain places” but also “technology across the board, and we need more people.”

“The president still says ‘wall’ — oftentimes frankly he’ll say ‘barrier’ or ‘fencing,’ now he’s tended toward steel slats,” he said. “But we left a solid concrete wall early on in the administration, when we asked people what they needed and where they needed it.”

The security risks the shutdown is created are getting a little scary

Air travel has become a particular point of concern amid the government shutdown. Transportation Security Administration agents, who are under DHS, are deemed “essential” employees during the shutdown and have to work without a paycheck. Many have been calling out sick. Air traffic controllers are also considered “essential.”

On Wednesday, three aviation unions — the National Air Traffic Controllers Association, the Air Line Pilots Association, and the Association of Flight Attendants-CWA — released a statement urging Congress and the White House to “end this shutdown immediately” and sounding the alarm about what might happen if they don’t.

“We have a growing concern for the safety and security of our members, our airlines, and the traveling public due to the government shutdown,” the unions’ leaders said. “This is already the longest government shutdown in the history of the United States and there is no end in sight. In our risk averse industry, we cannot even calculate the level of risk currently at play, nor predict the point at which the entire system will break. It is unprecedented.”

Unfortunately, it still appears there is no end in sight. The Senate on Thursday will take two votes to end the shutdown. Both are expected to fail.

 

[Heliobas Disciple]

Whether being done intentionally or not, all of these raised 'safety concerns' are actually giving Pres Trump more ammunition to declare a national emergency over the shutdown. Food for thought....

HD