In the event of a cyberattack, it’s important for information about the attack to be shared with the public in order to prevent further problems.
Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at the Department of Homeland Security, said that the agency shares timely, accurate information with its partners and constituents so that they can take proper action to protect themselves.
The Software Engineering Institute’s CERT Division reported to DHS on Oct. 16 that researchers had disclosed a major weakness in the Wi-Fi Protected Access II (WPA2) protocol that secures nearly all wireless network traffic, and named the exploit technique KRACK, short for “Key Reinstallation Attack.”
DHS released an alert that day about the attack and the mitigation activities.
“When vulnerabilities like KRACK are discovered and disclosed, it is critical that DHS share this information widely and as quickly as possible so that our partners and constituents can be aware of the risk and take steps to protect themselves,” Manfra said in a blog post. “In the case of KRACK, if exploited, an attacker within range of a Wi-Fi network can view network traffic that users assume to be protected by WPA2 encryption.”
If users didn’t have additional layers of transport security, the hacker could steal email, chat messages, photos, credit card numbers, and passwords.
Quick information sharing techniques were important during this attack because to prevent it, users and administrators must update affected products as security updates become available. Individuals should also identify which Wi-Fi enabled devices they are using and ensure that the necessary updates are applied.
“There is no one patch for all affected devices,” Manfra said. “Some Wi-Fi enabled devices that people might overlook are televisions, home security systems, and wearable devices. In those cases, users should check for customer support information from the device manufacturer.”
To ensure that Federal networks were being properly protected, DHS issued a directive to enhance agency email and Web security. According to the directive, agencies must submit a plan to DHS to allow all Internet-facing mail servers to offer STARTTLS, a capability that signals to a sending mail server that the capability to encrypt an email in transit is present. The plan must also allow all second-level agency domains to have valid SPF/DMARC records, which allows a sending domain to effectively “watermark” their emails, making phishing emails easy to detect. Agencies will continue to report to DHS on their progress until their plans are complete.
Following the cyberattacks, DHS also released a joint Technical Alert on Advanced Persistent Threat activities targeting critical infrastructure. In the alert, DHS described the actors’ tactics and techniques.
“DHS actively collaborates with public and private sector partners every day to share actionable information gleaned from research, network defense, cyber crime investigations, and incident reports,” Manfra said. “Without this collaboration, we would be less able to inform our partners and constituents on emerging threats and appropriate mitigation strategies. We applaud security researchers who disclose vulnerabilities in a thoughtful and coordinated manner, which has the effect of increasing security of the entire Internet ecosystem.”