Monthly Archives: October 2022

UWF Experts Works to Protects Cars from Cyberattacks

“Almost all modern automotive vehicles are equipped with some form of electronic connectivity through GPS devices, smartphones, telematics devices, roadside sensor units, on-board devices, WiFi, among others,” Francia said. “On one hand, these connectivity features provide newly found conveniences. On the other hand, they provide an expanded attack surface that adversaries can take advantage of.”

Francia explained one example is an adversary successfully taking control of a vehicle’s speed on a busy interstate highway. He has been part of a research group known as the Transatlantic (US-Ireland-Northern Ireland) working group on IoT/CPS Cybersecurity Research. Their research has uncovered several cyber threats related to connected vehicles including that the radio frequency signal from keyless remote fob transmitter can be intercepted and cloned for replay attack; the vulnerabilities in automotive controls due to insecure communication channels; the susceptibility of the inter-vehicle network due to an insecure protocol; and the viability of Machine Learning techniques in recognizing various attacks on the vehicle network.

Francia’s research project on securing connected cars from cybersecurity threats began in 2019. It has received funding support from the National Security Agency, the Florida Center for Cybersecurity, the Office on Naval Research and the Florida Department of Transportation. The workshop was supported by the National Science Foundation (USA), Department for the Economy (Northern Ireland), and Science Foundation of Ireland (Republic of Ireland).

For more information on UWF’s Center for Cybersecurity, visit uwf.edu/cyber.

Article available at https://news.uwf.edu/uwf-cybersecurity-expert-shares-research-on-connected-vehicle-security-warns-of-vulnerabilities-in-modern-vehicles/.

2022-10-27T10:42:35-04:00October 27, 2022|
Read More

Sriram Chellappan

Dr. Sriram Chellappan is Cyber Florida’s academic director of research and a professor in the Department of Computer Science and Engineering at the University of South Florida (USF) in Tampa, Florida. Previous to his appointment at USF, he was an associate professor in the Department of Computer Science at Missouri University of Science and Technology where he directed the SCoRe (Social Computing Research) Group. His primary interests lie in many aspects of how Society and Technology interact with each other, particularly within the realms of Smart Health and Cyber Security. He is interested in mobile and wireless networking, cyber-physical systems, and distributed and cloud computing. Dr. Chellappan’s research is supported by grants from the National Science Foundation, Department of Education, Army Research Office, National Security Agency, DARPA, and Missouri Research Board. He received his PhD in Computer Science and Engineering from the Ohio State University in 2007. Dr. Chellappan received the NSF CAREER Award in 2013, the Missouri S&T Faculty Excellence Award in 2014, the Missouri S&T Outstanding Teaching Commendation Award in 2014, and the Missouri S&T Faculty Research Award in 2015.

Research Interests

Socio-technical systems; cybersecurity; smart health; cyber-physical systems; mobile and wireless computing

Teaching Interests

4930/6930: Information Security and Privacy in Distributed Systems;
6611: Operating Systems

Education

PhD in Computer Science and Engineering, Ohio State University (2007)

Honors and Awards

Missouri S&T Outstanding Teaching Commendation Award (2015)
Missouri S&T Faculty Research Award (2015)
Missouri S&T Faculty Excellence Award (2014)
NSF CAREER Award (2013)

Key Activities

Invited Speaker at International Conference on Orange Technologies (ICOT) (December 2015)
Invited Speaker at International Conference on Collaboration Technologies and Systems (CTS) (June 2015)
Technical Program Committee Member, Percom 2016, Infocom 2016, AINA 2016, MSN 2015
IEEE Member

2023-06-05T17:23:07-04:00October 25, 2022|
Read More

Charles Shirer – the custom t-shirt wearing CEO who went from Nintendo to Network Security

Charles Shirer - the custom t-shirt wearing CEO who went from Nintendo to Network Security

Charles Shirer is the Chief Executive Officer of GlobalWave Consulting, an IT and cybersecurity consultancy. Known as the @bsdbandit to his 20,000+ Twitter followers, Charles is often considered the most positive person in cybersecurity (and for good reason!). In this episode, Charles joins the No Password Required team to tell us about how his childhood love for video games led to his passion for everything computer-related, what inspires him to share motivational messages on Twitter, and the importance of striving for a positive mindset in life. Jack and Ernie discuss the United Kingdom’s potential privacy enforcement against TikTok, and the regulatory regime for collecting the personal data of minors.

2022-11-14T18:27:30-05:00October 25, 2022|
Read More

Cyber Florida Launches Statewide Cybersecurity Risk Assessment for Critical Infrastructure

Oct. 21, 2022—Tampa, Fla– The Florida Center for Cybersecurity (Cyber Florida) at the University of South Florida and Florida Digital Service are working together to launch the state’s first statewide assessment of both public and private critical infrastructure cybersecurity pursuant to House Bill 5001, Appropriation 2944B. The appropriation provides $7 million in funding to Cyber Florida to “conduct a comprehensive risk assessment of the state’s critical infrastructure and provide recommendations to support actionable solutions for improvement of the state’s preparedness and resilience to significant cybersecurity incidents.”

The assessment is part of a significant investment by the Florida Legislature to enhance the state’s cyber resiliency, dubbed “CyberSecureFlorida.” The initiative also includes a $30-million statewide cybersecurity awareness and upskilling training program for public sector employees and establishing a cyber range to help public cybersecurity and information technology professionals learn to detect, prevent, and mitigate cyberattacks. Law enforcement personnel will also be able to use the cyber range to learn digital forensics and evidence-gathering techniques.

“Florida lawmakers have made an unprecedented investment in the state’s cyber resiliency,” said General (Ret.) Frank McKenzie, Executive Director of Cyber Florida. He continued, “This risk assessment will enable Cyber Florida to start building a statewide community of cybersecurity leaders and practitioners centered on Florida’s collective cyber resiliency.”

The assessment consists of an online survey of roughly 150 questions using the Cyber Security Evaluation Tool (CSET) created by the Idaho National Laboratory and the Department of Homeland Security. Cyber Florida is leveraging Idaho National Laboratory’s critical infrastructure cybersecurity expertise through a Strategic Partnership Project (SPP). Florida is the first state in the nation to conduct a statewide survey using CSET.

The CSET link will open on Oct. 20, 2022, at cybersecureflorida.org. Participation is voluntary, and Cyber Florida is encouraging all critical infrastructure organizations in the state, both public and private, to participate. Participants will receive a custom risk assessment report for their organization, which they can use to apply for potential grant funding. All data will be kept confidential and housed on secure servers at Cyber Florida’s host institution, the University of South Florida.

The data will be compiled and reviewed by researchers at MITRE working with Cyber Florida to create a report for the Florida Legislature and Governor DeSantis. The report will outline the aggregate, anonymized findings and recommend potential legislation and funding initiatives to enhance and fortify the state’s critical infrastructure cybersecurity posture.

To learn more about the assessment, please visit cyberflorida.org/cybersecureflorida/.

ABOUT CYBER FLORIDA

The Florida Center for Cybersecurity, also known as Cyber Florida, was established by the Florida Legislature in 2014 to help position Florida as a national leader in cybersecurity through education, research, and outreach. Hosted by the University of South Florida, Cyber Florida leads an array of initiatives to inspire and educate future and current professionals, support industry-advancing research, and help people and organizations better understand cyber threats and what they can do to stay safer in cyberspace.

###

2023-04-05T17:27:39-04:00October 21, 2022|
Read More

Lauren Zabierek – the co-founder of #ShareTheMicInCyber and Cybersecurity Project Executive Director at Harvard’s Belfer Center

Lauren Zabierek – the co-founder of #ShareTheMicInCyber and Cybersecurity Project Executive Director at Harvard’s Belfer Center

Lauren Zabierek is the co-founder of the #ShareTheMicInCyberCampaign and the Cybersecurity Project Executive Director at Harvard’s Belfer Center. In this episode, Lauren joins Tashya and Pam to talk about her inspiration for starting the social media campaign, and the journey that led her from the military to becoming a major force for diversity and inclusivity in the cyber industry.

2022-10-27T09:11:44-04:00October 21, 2022|
Read More

Imposter Syndrome – How Can We Overcome the Feeling That We Don’t Belong?

Imposter Syndrome – How Can We Overcome the Feeling That We Don’t Belong?

Imposter syndrome, or that feeling that you don’t belong, is present in every industry, and the cybersecurity industry is no exception. In this episode, Tashya and Pam discuss their experiences with imposter syndrome and the ways that they have overcome those feelings throughout their careers.

2022-10-27T09:12:18-04:00October 21, 2022|
Read More

The First Meeting – Tashya Denose and Pam Lindemoen Interview Each Other (did they just become best friends?)

The First Meeting – Tashya Denose and Pam Lindemoen Interview Each Other (did they just become best friends?)

In this episode, we get to hear our hosts Tashya Denose, the Cyber Whisperer, and Pam Lindemoen, the Chief Information Security Officer Advisor at Cisco, meet in person for the first time and get to know each other. Warning: this episode contains a lot of happiness and love!

2022-10-27T09:13:52-04:00October 21, 2022|
Read More

Halloween Hijinks: An Interactive Code Cracking Webinar for Students

This free webinar is open to all K-12 students wishing to learn some code-cracking skills! Join us for a spooky time!

2022-11-03T16:03:44-04:00October 20, 2022|
Read More

Colorado State Website Attacked by Russian Hacktivists

I. Targeted Entities

  • Colorado’s official website

II. Introduction

Colorado state officials say that on Wednesday, October 5, 2022, Colorado’s website was rendered unusable as the result of an apparent cyberattack after a known Russia-based hacker group made a Telegram post saying that it would be targeting U.S. state websites. While the U.S. election system is largely disconnected from the Internet, state websites are prime targets for hackers who want to undermine confidence in elections.

III. Background Information

The cyberattack flooded the state’s website with web traffic, and is a common and simple way to disable websites. There is no indication that any of Colorado’s internal systems were accessed or that its election systems were compromised.[1] However, given how close this attack is to the U.S. midterms, experts say that the attack could give the false impression that U.S. elections are vulnerable to foreign interference.[1]

Killnet, the group responsible for the attack, is a Russian-aligned group that claims to be made up of amateur hacktivists who support Russian’s international interests. Killnet adheres to the same model that Ukraine’s IT Army (the IT Army is a Ukrainian government-affiliated movement that frequently posts a list of Russian websites on Telegram for supporters around the globe to try to overwhelm with traffic). The tactic Killnet uses to overwhelm websites with traffic is known as a distributed denial of service, or DDoS.[1] On Wednesday, KillNet posted a list of 12 target states to its Telegram channel: Alabama, Alaska, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Indiana, Kansas, Kentucky, and Mississippi.[1]

It is unclear if other states were affected, but federal officials have repeatedly stated that they do not expect a cyberattack to affect the midterm elections. The Cybersecurity and Infrastructure Security Agency (CISA), which oversees federal cybersecurity support for election infrastructure, released a joint announcement with the FBI saying, “any attempts by cyber actors to compromise election infrastructure are unlikely to result in large-scale disruptions or prevent voting.”[2]

Because DDoS attacks are simple to conduct and don’t inflict lasting damage or give criminals access to hidden information, cybersecurity professionals and other hackers generally regard them as unimpressive. However, Killnet has started becoming more effective at making websites unreachable, and has the potential to cause significant disruptions.[1]

IV. MITRE ATT&CK

  • T1498 – Network Denial of Service
    Killnet performed a DDoS attack to degrade and block the availability of targeted websites. Network DoS can be performed by exhausting the network bandwidth services rely on.

V. Recommendations

  • Set antivirus programs to conduct regular scans
    Ensure that antivirus and antimalware programs are scanning assets using up-to-date signatures
  • Monitor malware
    Continuously monitor current and new types of malware. Stay up to date on intel and advancements to prevent, defend, and mitigate these types of threats.
  • Turn on endpoint protection
    Enable endpoint detection and response (EDR) to stop unknown malware in the product you’re using.

VI. Indicators of Compromise (IOCs)

Because of the nature of this threat advisory, there are no IOCs. However, it is important that businesses and entities create a business continuity and disaster recovery plan in case a DDoS attack were to occur.

VII. References

(1) Collier, Kevin. “Cyberattack on Colorado State Website Follows Russian Hacktivist Threat.” NBCNews.com. NBCUniversal News Group, October 6, 2022. https://www.nbcnews.com/tech/security/colorado-state-websites-struggle-russian-hackers-vow-attack-rcna51012.

(2) “Malicious Cyber Activity Against Election Infrastructure Unlikely to Disrupt or Prevent Voting.” FBI & CISA Public Service Announcement, October 4, 2022. https://www.cisa.gov/uscert/sites/default/files/publications/PSA_cyber-activity_508.pdf.

Threat Advisory created by The Cyber Florida Security Operations Center. Contributing Security Analysts: Dorian Pope, Sreten Dedic, EJ Bulut, and Uday Bilakhiya.

2022-10-19T14:07:46-04:00October 19, 2022|
Read More

Cyber Florida Names Ernest Ferraresso as New Director

October 4, 2022 – Tampa, Fla. – The Florida Center for Cybersecurity at the University of South Florida (USF), also known as Cyber Florida, is delighted to announce that Ernest “Ernie” Ferraresso has been selected to serve as Cyber Florida’s new Director, overseeing the center’s day-to-day operations under Executive Director General (Ret.) Frank McKenzie.

Ferraresso previously served as Cyber Florida’s Associate Director of Programs and Partnerships, leading numerous essential projects and initiatives and helping the center grow from a regional entity to a statewide organization. Among his achievements, Ferraresso built strategic public and private partnerships across Florida to forge a strong cyber workforce and worked to implement programs focusing on education, research, and engagement to advance Florida’s cyber resilience

Before joining Cyber Florida in 2017, Ferraresso was Director of Operations for a small technology design and integration firm, overseeing the design and implementation of cybersecurity and emergency operations center technology solutions in the U.S. and Latin America. He is a retired U.S. Marine Intelligence Officer whose work included assignments with U.S. Special Operations Forces, the Intelligence Community, the George C. Marshall European Center for Security Studies, and U.S. Cyber Command.

“Ernie is a highly respected member of the Cyber Florida team,” said General (Ret.) Frank McKenzie. “His expertise, prior exemplary service at Cyber Florida, collaborative leadership style, and ongoing commitment to the mission made him the standout candidate for this role. I am entirely confident that, under his leadership, Cyber Florida will continue to flourish and secure its rightful place as the nation’s preeminent center for cybersecurity.”

Ferraresso describes his vision for Cyber Florida’s future as being the mechanism at the heart of Florida’s efforts to stand as the national model for a statewide culture of cyber resiliency and collaboration. “Florida has made significant investments in advancing public sector cybersecurity as well as building a robust cyber industry and workforce across the state,” noted Ferraresso. He continued, “There are many entities, both public and private, working toward the same goals across the state, and I see Cyber Florida as the nexus of these efforts, connecting, enabling, and facilitating the initiatives and resources needed for Florida to realize its goal of being the national leader in cybersecurity.”

 

ABOUT CYBER FLORI

The Florida Center for Cybersecurity, also known as Cyber Florida, was established by the Florida Legislature in 2014 to help position Florida as a national leader in cybersecurity through education, research, and outreach. Hosted by the University of South Florida, Cyber Florida leads a spectrum of initiatives to inspire and educate future and current professionals, support industry-advancing research, and help people and organizations better understand cyber threats and what they can do to stay safer in cyberspace.

###

2023-04-05T17:27:51-04:00October 19, 2022|
Read More

Hosted by the University of South Florida
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620
outreach@cyberflorida.org
813-974-2604

Office meetings by appointment only

CONTACT US

PRIVACY POLICY

Copyright 2024 The Florida Center for Cybersecurity. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.