The Increasing Threat to the Global Energy Supply

The Increasing Threat to the Global Energy Supply

This month’s attack on Saudi Arabia’s Abqaiq oil processing facility, which is the world’s largest and accounts for five percent of global oil supplies, resulted in one of the biggest oil price increases  ever recorded. 

More importantly, it demonstrated that the world’s energy infrastructure is vulnerable, can be severely disrupted and is an increasingly likely target for bad actors.

Recent Attacks Reinforce the Threat

Other recent examples – of both cyber and physical attacks – reinforce the threat.

In 2008, an alleged cyber attack blew up an oil pipeline in Turkey, shutting it down for three weeks.  In 2015, a Distributed Denial of Service (DDos)  attack brought down a section of the Ukrainian power grid — for just six hours, but substations on the grid had to be operated manually for months.  Another attack in the Ukraine occurred just a year later, reportedly carried out by Russian actors. And, the Abqaiq facility itself had been the target of a thwarted Al Qaeda suicide bomber attack in 2006.

Threats to Physical Security

A 2018 report by the United Nations Office of Counter-Terrorism outlined the most intuitive physical threats to critical infrastructure, including the energy sector, involved the use of explosives or incendiary devices, rockets, MANPADs, grenades and tools to induce arson.

That same report noted that the energy sector has witnessed sustained terrorist activity through attacks perpetrated by Al Qaeda and its affiliates on oil companies’ facilities and personnel in Algeria, Iraq, Kuwait, Pakistan, Saudi Arabia and Yemen.

Increasing Intensity of DDoS Attacks

In addition to physical threats, it is estimated that by 2020, at least five countries will see foreign hackers take all or part of their national energy grid offline through Permanent Denial of Service (PDoS) attacks. And, DDoS attacks like those in the Ukraine are becoming increasingly severe.  Studies show that the number of total DDoS attacks decreased by 18 percent year-over-year in Q2 2017.  At the same time, there was a 19 percent increase in the average number of attacks per target.

U.S. is the “Holy Grail”

Disruption of the U.S. power grid is considered the “holy grail,” and experts predict that the energy industry could be an early battleground, not only the power sector, but the nation’s pipelines and the entirety of the supply chain. 

In fact, last year the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) publicly accused the Russians of cyberattacks on small utility companies in the United States.  In a joint Technical Alert  (TA), the agencies said Russian hackers conducted spear phishing attacks and staged malware in the control rooms with the goal of gathering data to create detrimental harm to critical U.S. infrastructure.

900 “Vulnerabilities” Found in the U.S. Energy Systems

This specific incident aside, DHS’s Industrial Control System Computer Emergency Response Team found nearly 900 cyber security vulnerabilities in U.S. energy control systems between 2011 and 2015, more than any other industry.  It’s not surprising that the international oil sector alone is expected to increase investments on cyber defenses by $1.9 billion this year. 

Investment in Physical Security Will Reach $920 billion

With any disruption to the global or national energy supply having serious implications for virtually all industries, especially critical ones like healthcare, transportation, security, and financial services, one report projects that the global critical infrastructure protection market will be worth $118 billion by 2028.

Physical security is expected to account for the highest proportion of spending, and cumulatively will account for $920 billion in investment.

Artificial Intelligence: A Security “Pathway” for the Future

Experts suggest that these investments should include next generation technologies for both physical and cyber security purposes. As one expert put it: “Automation, including via artificial intelligence, is an emerging and future cyber security pathway.”

In addition to the role that automation, artificial intelligence and machine learning can bring to identifying and predicting a physical or cyber attack, research shows that it can also help manage the rising costs associated with it. A study found that only 38 percent of companies are investing in this technology – even though after initial investments, it could represent net saving of $2.09 million.

Learn more about AI-driven Radiance and how it can help identify and predict physical and cyber threats to the energy infrastructure.

Mitigating Insider Threats:  Latest Trends, Best Practices and AI Automation

Mitigating Insider Threats: Latest Trends, Best Practices and AI Automation

Insider threat incidents range from data security breaches which have cost firms like Capital One as much as $100 – $150 million to violent threats from disgruntled employees, like the case of Coast Guard Lieutenant Christopher Hassan who was arrested after a joint Coast Guard and FBI investigation found he was stockpiling weapons and seeking to launch a major attack.

Every Organization is Vulnerable

While these high-profile incidents grab international headlines, the reality is that every organization is vulnerable to insider threats. On average, insider threats cost almost $9 million, take more than two months to contain and include issues related to careless workers, disgruntled employees, workplace violence and malicious insiders.

Consider that between January and June 2019,  the healthcare industry had already disclosed 285 incidents of patient privacy breaches, with hospital insiders responsible for 20 percent of the incidents.  Similarly, the Verizon 2019 Data Breach Investigations Report, found that 34 percent of all breaches were caused by insiders.

Companies are Building Insider Threat Programs, But Want to Invest More

Some 90 percent of organizations feel vulnerable to insider attacks and 86 percent have or are building an insider threat program.  Still, nearly 75 percent of C-level executives do not feel they are invested enough to mitigate the risks associated with an insider threat.

As part of National Insider Threat Awareness Month this September, the National Counterintelligence and Security Center (NCSC) is reminding companies of the need for strong insider threat protection programs and the signs to look for with existing employees. 

Look for These Concerning Behaviors

William Evanina, who heads up NCSC, shares that those individuals engaged or contemplating insider threats display “concerning behaviors” before engaging in these events. 

The CERT National Insider Threat Center in the latest edition of its Common Sense Guide to Mitigating Insider Threats, identifies these behaviors as including:

  • repeated policy violations;
  • disruptive behavior;
  • financial difficulty or unexplained extreme change in finances; and
  • job performance problems.

Early Detection Technologies

AI security

The Center suggests deploying solutions for monitoring employee actions, correlating information from multiple data sources, having tools for employees to report concerning or disruptive behavior, and monitoring social media.

Surveys like the one conducted by Crowd Research Partners show more and more organizations are increasingly using behavior monitoring and similar methods to help with early detection of insider threats

And, a report from Accenture found that while advanced identification, security intelligence and threat sharing technologies are widely adopted, automation, AI and machine learning are now being used by about 40 percent of companies.   

Costs Savings from AI Automation

According to the same report, once investment costs are considered, AI automation could offer the highest net savings of about $2 million and begin to address the shortage in skilled security staff.

AI can help detect the risk indicators displayed by those who want to defraud organizations but without the inherent human bias.  Additionally, AI can help manage the incredible volume of data that must be collected, aggregated, correlated, analyzed and fused across disparate sources

Following the Common Sense Guide to Mitigating Insider Threats

Companies looking to follow the CERT National Insider Threat Center’s guidelines, should consider how the Radiance platform can help with monitoring social media, correlating disparate information, and providing a tool for employees to report concerning behaviors.  

Radiance OS-INT monitors all publicly available information across the entire deep web, not only social media.  And, it can ingest massive amounts of unstructured content from disparate internal data sources for further correlation and verification.

Radiance’s HUM-INT platform, known as S4, is a mobile application that allows users to confidentially report concerns in real time.  It can be configured as a workplace tool, with a centralized management portal to allow clients to access real–time threats to geo-fenced facility locations.

Try Radiance for Free Today.

Download our S4 app.

Assessing Safety Protocols in Public Venues

Assessing Safety Protocols in Public Venues

As the summer draws to a close and students return to campus, schools across the country are incorporating active shooter response training into their procedures and protocols.  The drills are just one component of overall safety preparedness efforts, being undertaken at the state, federal and local levels.

STRONG Ohio Plan Includes Social Media Scans

While response trainings on school campuses have become an increasingly common practice, the focus is even more pronounced in light of the recent mass shooting attacks in Dayton and El Paso.

In response to the shootings in Ohio, Governor Mike DeWine unveiled his STRONG Ohio plan, designed to reduce gun violence. The state created a School Safety Center, which will review school emergency management plans and offer risk threat and safety assessments, consolidate school safety resources on saferschools.ohio.gov, promote the use of a tip line to anonymously report suspected threats and scan social media and websites to identify people suggesting acts of violence. 

Increased Arrests for Threatening Comments

Increased precautions aren’t just being taken at schools, and for good reason.  Following those tragic events, the FBI ordered a new threat assessment to thwart future mass attacks in the country.

Since that time, more than 25 people have been arrested for making threats to commit mass shootings – and that number does not include the three mall shooting scares in California over the weekend.

Public Venues Enhancing Security and Reviewing Response Plans

Sports venues like the Raven’s M&T Bank, and Camden Yard, home to the Orioles, announced enhanced security measures in August and retailers across the country are reviewing their safety procedures, which as Target noted in a public statement include team member training, partnerships with law enforcement and the use of technology.

Use of technology is not unique to private corporations.  Even before the recent shootings, the FBI issued a request for proposal for a social media early alerting to mitigate multifaceted threats. 

Tips for Personal Safety

The Department of Homeland Security offers tips for all of us to follow when we’re in public locations.

  • Be Prepared: Take notice of surroundings and identify potential emergency exits. Be aware of unusual behaviors and report suspicious activities to security or law enforcement.
  • Take Action: If an attack occurs, run to the nearest exit and conceal yourself while moving away from the dangerous activity. If you can’t exit to a secure area, protect yourself by seeking cover.
  • Assist and React: Call 9-1-1, remain alert and stay aware of the situation. Help with first aid when it is safe, and follow instructions once law enforcement arrives.

Part of your preparation can include downloading for free Lumina’s See Something Say Something app. It’s a crowd-sourced, mobile application that allows users to confidentially report concerns in real time.  

You can learn more about S4 and download it here. It’s one part of our comprehensive, AI-driven risk management platform, Radiance.

AI is integral to creating deepfakes. It’s also critical to protecting against them.

AI is integral to creating deepfakes. It’s also critical to protecting against them.

Although the term deepfake – a blend of the words “deep learning” and “fake” – was first coined in 2017, concerns about doctored videos and audio reached a fevered pitch after a manipulated video of House Speaker Nancy Pelosi went viral in May 2019.

Nancy Pelosi and the Deepfake

The video, which was slowed to about 75 percent of its original speed, was intended to make the Speaker appear like she was slurring her words.  It was posted on Facebook, Twitter and YouTube. YouTube removed the video as a matter of company policy, Facebook did not.

Although the video was ultimately “disappeared” from Facebook, the damage was already done – within days it had more than 2.5 million views on Facebook alone.

The 2020 Election – Cause for Concern

Concerns about the implications of these deepfake videos on the 2020 elections has led to an investigation by the House Intelligence Committee this summer.  And,  in a January 2019 Statement for the Record before the Senate Select Committee on Intelligence, Director of National Intelligence Dan Coats noted that online and election interference could include “deep fakes or similar machine-learning technologies to create convincing—but false—image, audio, and video files….”  

Corporate America Targeted

While the political implications are serious, so too are the implications of deepfakes for corporations.

Criminals are using corporate videos, earnings calls and media appearances to build models of executive voices.  According to a report from the BBC, deepfake audio has been used to steal millions in dollars. In three separate cases, financial controllers were tricked into transferring money based on bogus audio of their CEOs requesting the transfer.

The reputational consequences are equally disconcerting.

Deepfake videos of a company CEO — released on digital and social media immediately before an earnings call could have serious implications on stock price. 

Or activists looking to discredit a corporation and create an online misinformation campaign could release a deepfake video attempting to implicate the practices of the organization or casting its leaders in a bad light.

Mark Zuckerberg and the Deepfake

Consider that Mark Zuckerberg himself was the victim of a deepfake video. Posted on Instagram, the doctored video showed the Facebook CEO calling himself, “one man, with total control of billions of people’s stolen data, all their secrets, their lives, their futures”?  Instagram stood by corporate policy and did not take the video down.

Are Corporations Really “Largely Defenseless?”

As companies look to ways to protect their reputation and bottom line against the risk of a deepfake, some experts and pundits insist that there are few tools available, leaving businesses “largely defenseless.”

At Lumina, we disagree.

Our Radiance OS-INT deep-web listening technology is the solution.  Radiance uses continuous deep-web extraction to ingest all open source data and prioritize it against configurable behavioral affinity models (BAM).  

Corporate Reputation Behavioral Model and Continuous Monitoring

Our corporate reputation BAM is specifically designed to filter the volumes of publicly available information against terms related to reputational, brand and business risks. The results are cleaned and prioritized, yielding relevant insights into any disinformation being spread about a corporation, its leadership or its employees.

The platform becomes even more powerful after the first deep-web search is completed.  Our continuous monitoring capabilities allow for daily searches, producing only relevant, new web content. 

The system would quickly flag the content associated with a deepfake, helping corporations get ahead of the issue before it becomes viral.  

Learn more about Radiance here.

Waiting in Line at Airport Security This Summer?        AI Could Make Screening More Effective and Efficient.

Waiting in Line at Airport Security This Summer? AI Could Make Screening More Effective and Efficient.

With summer air travel expected to hit a new record between June 1 and August 31 this year, travelers should expect to see longer lines at security checkpoints.

To address these challenges, the Transportation Security Administration (TSA) is hiring an additional 2,000 employees and employing new technologies like automated screening lanes and computed tomography

360-degree Security View

As these changes move forward, implementing artificial intelligence and machine learning technologies can also help reduce wait times and increase the effectiveness of security screening.

In fact, experts suggest that AI and big data analytics can move the screening process from the current single point in time analysis to a 360-degree view of a person’s behavior over a broader time range by linking data sets to identify risky behavior even before a potential bad actor gets to the airport.

This thinking is in line with the recommendations from the White House’s 2018 National Strategy for Aviation Security (NSAS).  NSAS highlighted the importance of strengthening aviation domain awareness through integration of open-source data into existing air surveillance and law enforcement intelligence, collection and analysis of advanced and anticipatory information, and layered and risk-based security measures.

The International Air Transport Association is also working on a program to facilitate the exchange of critical security data.  According to the Director General and CEO Alexandre de Juniac, “This is similar to the way that our safety colleagues work with data to do predictive risk analysis. This tool will provide early detection of changes to security environments in different parts of the world, so we can effectively deal with emerging threats and the impacts of changes to security procedures.”

The Role of AI

AI-driven technologies, like Lumina’s Radiance platform are another facet to the solutions being implemented in the U.S. and globally.

Radiance has the ability to comprehensively mine unstructured data sources, whether across the open web, or among disparate, legacy data systems. It ingests, integrates and analyzes those data sets, searching against more than 6,500 terms related to aviation security.

The platform conducts nearly 135,000 searches across all publicly-available data on the web, correlating names with these associated risk behaviors and cross-referencing over 1 million queries into Lumina’s proprietary databases of risk. 

Then add to this open source search internal data sets such as passenger bookings and travel history – or in the case of insider-threats, employee-related data – and airline and airport security experts have an important tool to help predict and prevent threats.

Looking ahead

To be sure, integrating AI driven technologies like Radiance are not a thing of the far of future. Research shows that 66% of airlines and 79% of airports plan to implement these capabilities across a wide variety of use cases by 2021. In fact, AI in aviation was valued at $152 million in 2018 and expected to increase to $2.2 billion by 2025.  And, passengers are ready for these technologies to help expedite their time at  airport security and make their travel more seamless. An online poll of UK passengers found that 68 percent of respondents would welcome AI at airports, and another study found 65 percent would share additional personal information to speed up processing at the airport.

Learn more about Radiance’s capabilities for the airline industry here.

3 Reasons Why Today’s Music Events are so Vulnerable to Terror

3 Reasons Why Today’s Music Events are so Vulnerable to Terror

The very nature of popular music events makes them attractive for terrorists and extremely difficult to defend. Here are a few reasons why these targets aren’t going away.Open-air festivals and concerts provide a particular challenge for law enforcement officials charged with keeping people safe. Violent extremists have targeted these events to sow chaos and destruction in places where people should feel comfort and enjoyment. 

Sprawling Event Venues & Loud Volume

Today’s event venues are often held in large areas of open space. In such circumstances, there are simply too many people unprotected from outside elements. Following an Ariana Grande concert in May 2017, Salman Abedi, a British citizen of Libyan descent, detonated a suicide bomb during concertgoer’s exit from the show.  More than 800 people were injured, and Abedi took the lives of 22 individuals.  Abedi had been a “subject of interest” for MI5 in 2015 and had been reported to authorities as many as five times by leaders of the Muslim community in Manchester, but the service had no reason to take further action at the time. The attack took place at the Manchester Arena, where approximately 14,200 people were attending the event.  The improvised explosive device, packed with nuts, bolts, and screws to act as shrapnel, was detonated in the foyer of the arena following the last performance of the evening.  The bomb was so deadly that it killed people over 65 feet away from the explosion’s source.  The attack had added tragedy due to the type of casualties: out of the 139 people who needed hospitalization or were severely injured, 79 were children. 

Cultural Significance

Soft targets like music festivals and concerts offer terrorists practical and symbolic value. The symbolism of attacking Westerners who are enjoying themselves is what makes it an attractive target.  On November 13, 2015, three gunman stormed into the Bataclan theater in Paris and killed 89 people attending a heavy metal concert.  In a night that was coordinated to the last detail, the brunt of the damage came in the tight, dark spaces of the concert hall. There was little security, as the perpetrators killed three people on the sidewalk in front of the venue and then simply walked in to carry out the rest of their attack. The killers were part of an ISIS cell operating out of Belgium and France and had come in response to French and American airstrikes in Syria. In the nearly three years following the incident, Paris’ music scene has almost returned to normal, but the ubiquitous police presence is a reminder that danger still remains.

Masses of People

Events with large crowds will always be attractive targets to extremists, whether the reason stems from religious extremism or a political motive. In the deadliest mass shooting in U.S. history, 58 people were killed when Stephen Paddock opened fireon a Jason Aldean concert in Las Vegas, Nevada. Over 22,000 people were in attendance when Paddock began spraying bullets indiscriminately into the crowd. When a threat goes undetected before the attack, it can be very difficult to thwart once it is in motion due to the unorganized chaos that follows. Frighteningly, Paddock had reserved hotel rooms overlooking the Lollapalooza music festival in Chicago a few months before the Vegas massacre and was reported to have searched online for information regarding Fenway Park and associated Boston music festivals.

Despite the efforts of officials in recent years to prevent attacks on soft targets, large-scale casualties have still occurred at musical events with an alarming frequency. Officials recognize that these targets are difficult to harden by their very nature. Therefore, new approaches are needed to detect and monitor relevant activity that may indicate the planning of such attacks.

Lumina’s risk sensing capabilities illuminate areas of emergent unrest by monitoring online behavioral patterns consistent with the means and motivation of attack planning. By predictively identifying these online behavioral patterns, Lumina empowers organizations and venues to identify and mitigate potential threats to their physical security.

oyment. 

Sprawling Event Venues & Loud Volume

Today’s event venues are often held in large areas of open space. In such circumstances, there are simply too many people unprotected from outside elements. Following an Ariana Grande concert in May 2017, Salman Abedi, a British citizen of Libyan descent, detonated a suicide bomb during concertgoer’s exit from the show.  More than 800 people were injured, and Abedi took the lives of 22 individuals.  Abedi had been a “subject of interest” for MI5 in 2015 and had been reported to authorities as many as five times by leaders of the Muslim community in Manchester, but the service had no reason to take further action at the time. The attack took place at the Manchester Arena, where approximately 14,200 people were attending the event.  The improvised explosive device, packed with nuts, bolts, and screws to act as shrapnel, was detonated in the foyer of the arena following the last performance of the evening.  The bomb was so deadly that it killed people over 65 feet away from the explosion’s source.  The attack had added tragedy due to the type of casualties: out of the 139 people who needed hospitalization or were severely injured, 79 were children. 

Cultural Significance

Soft targets like music festivals and concerts offer terrorists practical and symbolic value. The symbolism of attacking Westerners who are enjoying themselves is what makes it an attractive target.  On November 13, 2015, three gunman stormed into the Bataclan theater in Paris and killed 89 people attending a heavy metal concert.  In a night that was coordinated to the last detail, the brunt of the damage came in the tight, dark spaces of the concert hall. There was little security, as the perpetrators killed three people on the sidewalk in front of the venue and then simply walked in to carry out the rest of their attack. The killers were part of an ISIS cell operating out of Belgium and France and had come in response to French and American airstrikes in Syria. In the nearly three years following the incident, Paris’ music scene has almost returned to normal, but the ubiquitous police presence is a reminder that danger still remains.

Masses of People

Events with large crowds will always be attractive targets to extremists, whether the reason stems from religious extremism or a political motive. In the deadliest mass shooting in U.S. history, 58 people were killed when Stephen Paddock opened fireon a Jason Aldean concert in Las Vegas, Nevada. Over 22,000 people were in attendance when Paddock began spraying bullets indiscriminately into the crowd. When a threat goes undetected before the attack, it can be very difficult to thwart once it is in motion due to the unorganized chaos that follows. Frighteningly, Paddock had reserved hotel rooms overlooking the Lollapalooza music festival in Chicago a few months before the Vegas massacre and was reported to have searched online for information regarding Fenway Park and associated Boston music festivals.

Despite the efforts of officials in recent years to prevent attacks on soft targets, large-scale casualties have still occurred at musical events with an alarming frequency. Officials recognize that these targets are difficult to harden by their very nature. Therefore, new approaches are needed to detect and monitor relevant activity that may indicate the planning of such attacks.

Lumina’s risk sensing capabilities illuminate areas of emergent unrest by monitoring online behavioral patterns consistent with the means and motivation of attack planning. By predictively identifying these online behavioral patterns, Lumina empowers organizations and venues to identify and mitigate potential threats to their physical security.