NJCCIC Delivers Cyber Threat Alerts and More

Businesses can access information to help protect data and computer networks, thanks to this state entity.

By Anthony Birritteri, Editor-in-Chief On Aug 1, 2016

When it comes to cybersecurity, small businesses have access to government intelligence resources thanks to the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC). Formed just over a year ago by Executive Order 178, NJCCIC’s mission is to share cyber threat information and intelligence with businesses, citizens, critical infrastructure owners and operators, school systems and institutions of higher education and others. 

The entity is based within the New Jersey Office of Homeland Security and Preparedness (NJOHSP) and housed within the latter’s Regional Operations Intelligence Center in West Trenton. According to NJOHSP Director Christopher Rodriguez, the threat information that comes into the NJCCIC is analyzed and pushed out to members, who sign up at www.cyber.nj.gov, so they can better protect their computer systems from malicious activity.

According to David Weinstein, director of cybersecurity, NJOHSP, and chief information security officer (CISO) for the State of New Jersey, NJCCIC publishes up to 12 to 24 indicators of compromise per day. This is traffic targeting the state government network. Weinstein says there are about 15 departments and countless agencies of state government with 1,500 sensors scattered strategically across this network. Those sensors pick up threat activity on a daily basis. “It is some 1.4 billion suspicious events. These are mostly false-positive indicators that trigger some sort of alarm. We apply a standard rule set to the 1.4 billion and get it down to one million suspicious events. Then we apply a more tailored institutional rule set to the one million and get it down to 12 to 24,” he explains.

The initial monitoring is automated, but when it gets down to the 12 to 24 threats, “this is where our technical intelligence assets are enriched by human analysis,” Weinstein explains. This data is then shared with NJCCIC members. “We are careful about the information we do publish because we expect our members to act on the intelligence. We never want to publish anything unless it is truly credible,” he says.

E-mails are sent to NJCCIC’s 1,300-plus members, half of which are private-sector institutions. The threats are also listed on www.cyber.nj.gov. As of this writing, some of the current threats listed include:

• Vulnerabilities in Google Chrome that could allow for arbitrary code execution
• Vulnerabilities in Apple Products that could allow for arbitrary code execution
• Vulnerabilities in Adobe Flash Player that could allow for remote code execution (APSA16-02, APSA16-15)
• Vulnerability in Windows Media Center that could allow for remote code execution (MS16-059)

Recognizing that manual processes are not fast enough to keep up with the ever-changing threat landscape, Weinstein says the NJCCIC is becoming more involved in what is known as automated indicator sharing, in which information is automatically – and therefore immediately – sent out to members.

When asked what are some of the more worrisome threats that exist in cyber space, Director Rodriguez says one always has to look at the more technically advanced adversaries, particularly those that are state sponsored. “From a foreign standpoint, Russia and China continue to be the countries that have the most advanced capabilities in terms of cyber intrusion. We look at those threats constantly through NJCCIC and our federal partners. Some three dozen federal agencies have signed up for NJCCIC alerts, and anything hitting those federal networks is shared with us,” he says.

Weinstein adds that state sponsored activity is the most sophisticated, but it does not represent the bulk of malicious activity the NJCCIC is observing on a daily basis. Additionally, he adds, “State sponsored actors no longer have a monopoly on some of the more sophisticated tactics and techniques that we are observing in the wild. Overall, we are less concerned about attributing the source as we are about identifying some of the common techniques that are being used across the board.”

What is interesting is that while the techniques are high-tech, the way criminals find their way into computers systems and networks often is not: “They usually exploit human vulnerabilities,” Weinstein explains. “It’s social engineering tactics like spear fishing (an e-mail that appears to come from a trustworthy source, but in reality, is a hacker looking for one’s credit card and bank account numbers, passwords and any other financial information resting on one’s computer or smartphone).

“These are tailored and targeted e-mails with malicious links or executable [programs] contained in an attachment to gain access to an unwitting user’s information. These are relatively novice tactics, but even the most sophisticated actors are using them,” Weinstein explains. He also warns of ransomware, which restricts access to an infected computer with the malware operator demanding a ransom to remove the restriction.

“Oftentimes, we – as the user – make things easy for hackers by not practicing good cyber hygiene, like not updating software and hardware based on known vulnerabilities,” Weinstein says.

Rodriguez adds, “A large percentage of attacks in the private sector entered systems through vulnerabilities in which software patches existed … that means had the users updated their antivirus software, they would have been able to deter those attacks.”

NJCCIC wants to boost its membership to more than 5,000 over the next year. Rodriguez says this will occur via public/private partnerships. “At the end of the day, our strength comes from the diversity and scope of our membership,” he says.

The New Jersey Business & Industry Association (NJBIA) is a vital link to growing the private-sector side of this partnership, and Weinstein stresses the importance of NJBIA’s ability to bring small businesses to the table, which he deems the most vulnerable business group in the cybersecurity space.

“NJBIA is an unbelievable conduit for reaching that audience and articulating the value of the NJCCIC as not only a source of information, but a vehicle for delivering information across the public- and private-sector divide. We look forward to working with NJBIA to not only boost our membership, but to make sure NJBIA’s membership has the resources it needs to address cyber risks.”

Among the best ways businesses can help NJCCIC is by reporting any cyber breaches, incidents or suspicions of incidences to the agency. Rodriguez says all of the information is kept confidential. As written in the Executive Order, any information shared with NJCCIC is exempt from the Open Public Records Act. The Cybersecurity Act of 2015, which passed last December, provides businesses with further protections in sharing this information with federal government entities.

To become at NJCCIC member, please visit www.cyber.nj.gov.

 

Related Articles: