A vulnerability recently identified in the Wi-Fi Protected Access II (WPA2) protocol that secures most wireless network traffic highlights the critical nature of Department of Homeland Security (DHS) information sharing, according to a recent DHS release.
Jeanette Manfra, the assistant secretary of the DHS Office of Cybersecurity and Communications, outlined the chain of events that followed the Oct. 16 identification of the exploit technique, known as Key Reinstallation Attack (KRACK), in a post on the DHS’s website.
When researchers at the Software Engineering Institute identified the vulnerability, the DHS U.S.-Computer Emergency Readiness Team (US-CERT) immediately issued a public alert to mitigate the threat.
“When vulnerabilities like KRACK are discovered and disclosed, it is critical that DHS share this information widely and as quickly as possible so that our partners and constituents can be aware of the risk and take steps to protect themselves,” Manfra wrote. “In the case of KRACK, if exploited, an attacker within range of a Wi-Fi network can view network traffic that users assume to be protected by WPA2 encryption. If additional layers of transport security, such as HTTPS, are not in place, an attacker could capture email, chat messages, photos, or other user information like credit card numbers and passwords.”
DHS also issued a binding operational directive requiring federal departments to use specific cybersecurity best practices to ensure that even if KRACK was able to bypass wireless-frame level encryption, traffic to HTTPS sites would be protected against infections, modifications and snooping, Manfra added.
“Later in the same week, on Oct. 20, we released a joint technical alert based on collaborative analysis between DHS and the FBI on advanced persistent threat activities targeting critical infrastructure, particularly the energy sector,” Manfra continued. “In the alert, we provide a detailed description of the actors’ tactics, techniques, and procedures, including in-depth technical analysis of various phases in the cyber kill chain. We also included several sets of indicators of compromise in the structured threat indicator expression, a common language used in disseminating cyber threat information, to help cybersecurity professionals detect and defend against these activities in their own networks.”
Those examples demonstrate that information is a critical component of DHS efforts to curb malicious cyber activities and to make the public aware of new vulnerabilities, Manfra concluded.