Subject: New York Is First State With Vaccination Proof App
Source: USA Today via Newser
Subject: Mitigating Insider Threats Within U.S. Critical Infrastructure
Source: Homeland Security Digital Library
The National Counterintelligence and Security Center of the Office of the Director of National Intelligence has released Insider Threat Mitigation for U.S. Critical Infrastructure Entities: Guidelines from an Intelligence Perspective. This document highlights the importance of mitigating insider threats within U.S. critical infrastructure entities to meet the expanding nature of threats from foreign state and non-state actors. The National Insider Threat Task Force (NITTF) has produced standards to assist organizations in building an effective insider threat program. The model is focused on human behaviors and seeks to identify irregular behavior before significant damage occurs to the organization. “Improving ways to mitigate such threats is in the national interest and in the interests of individual organizations.”…
Source: NYT via beSpacific
Abstracted from beSpacific from NYT
The National Institute of Standards and Technology on Monday published a draft framework to help local election officials prepare for and respond to cyber threats.The framework takes NIST’s pre-existing cybersecurity best practices and applies them to election infrastructure such as polling places, voter registration databases and voting machines.
“The guide can help these officials reduce the risk of disruptions to the major tasks they must perform in the process of an election,” according to NIST. “These range from the immediate concerns of an election day, such as vote processing or communicating the details of a problem or crisis, to longer-term efforts, like maintaining election and voter registration systems.”
The new draft framework is the first time NIST has combined election security and cybersecurity in one of its playbooks, according to one of the authors.
A declassified assessment of the 2020 elections by the intelligence community concluded that foreign adversaries for the most part did not attempt to meddle by hacking, but rather through influence campaigns.v
The National Weather Service experienced multiple outages of major systems on Tuesday, taking its public-facing meteorological forecasts system (as well as storm warnings) offline and hindering access for its own weather experts.The NWS serves a critical public safety function, as it and its regional offices are the nation’s most authoritative sources on weather and other climate emergencies like the tornadoes and floods that have done damage across the South this spring. This mission couldn’t be more important in an era where a changing climate threatens to wreak havoc in ways that can’t be adequately anticipated or prepared for without the federal support NWS provides. It’s yet another warning that one of the nation’s most important pieces of infrastructure is being neglected.
The NWS central operations center issued a statement at around 5:11 a.m. ET saying service disruptions included downed websites, a malfunctioning agency chat service, and forecast office network outages “impacting product dissemination and data reception.” After the National Weather Prediction Service announced in the early hours of Tuesday morning it wasn’t able to back up rainfall forecasts, WHNT reported, the Storm Prediction Center attempted to take up the slack but was unable to do so due to its own technical problems.
The NWS has repeatedly promised to fix faltering digital infrastructure for years—although it apparently hasn’t. Four years of negligence under former President Donald Trump probably hasn’t helped, though the issues predate his arrival in the Oval Office by years.
Make sure you browse https://www.nco.ncep.noaa.gov/status/messages/
Subject: Biometric Technologies and Global Security
Source: CRS In Focus via beSpacific
A number of prominent U.S. colleges have become the newest, unlucky recipients of a cybersecurity migraine currently affecting dozens of organizations all over the world.You may have heard something about Accellion—the global cloud provider whose secure-file transfer product (called FTA) was beset by a hacking campaign back in December. If you haven’t heard about it, you can read a recent run-down of the whole trainwreck here. All you really need to know, though, is that a lot of organizations previously used Accellion’s FTA product to store and share data, it had big security flaws, and a pitiless hacker gang decided to exploit those flaws to steal data from dozens of organizations, including—apparently—schools.
Yes, about half a dozen universities recently announced that they had been swept up in the hack. Now, those schools also appear to have had some of their data leaked online by the hackers—in an apparent bid to get them to pay the criminals’ ransom.
On the hacker’s leak site, Gizmodo can confirm that data allegedly stolen from a number of the schools has been posted and is publicly visible. In some cases, it includes what appears to be student or employee names, social security numbers, phone numbers and addresses, and even a transcript, in one case.
Source: Consumer Reports
Facebook had argued that the Telephone Consumer Protection Act of 1991 was never intended to stop automated calls and texts from being sent unless the phone numbers were either chosen randomly or were sent in numerical sequence. Facebook says the ruling will allow it to continue sending targeted security notifications to protect user accounts.
But consumer advocates say the case is about more than security notifications. They argue that if robocallers are not covered under the law, there would be nothing to stop them from sending out a potentially unlimited stream of automated recorded calls and texts to consumers’ cell phones.
Oddly, in the end, the ruling came down to grammar more than anything.
Subject: Hunting the hunters: How Russian hackers targeted US cyber first responders in SolarWinds breach
“It appears as if the Russian SolarWinds hackers possess granular information on personnel and who among them is likely to be involved in investigating the SolarWinds hack,” said Cedric Leighton, a former NSA official and CNN military analyst. “This could mean that networks have been penetrated to a degree we’ve not known before. If that’s true, we need a complete housecleaning of all our defensive cyberoperations.”
After the hack, senior staff at DHS headquarters received new phones, a former department official told CNN, indicating the impact was significant at DHS.
The risks aren’t well understood by researchers, in part because of local and state control of electrical utilities.Electric vehicles and internet-connected home appliances are making the electrical grid more vulnerable to cyber attacks — and even the Department of Energy doesn’t know how bad the problem is, according to a March report from the Government Accountability Office, or GAO.
While cybersecurity researchers have for years warned of insecurity in internet-of-things devices, GAO says these devices could threaten energy distribution systems: the portions of the electrical grid that deliver electricity to homes and businesses. These systems are usually managed by states or local governments while the devices are controlled by consumers. Therein lies part of the problem.
But the vulnerabilities of local utilities may threaten entire state or regional grids. “Officials from another national laboratory said the extent to which the bulk power system is susceptible to disruption from attacks on distribution systems is unclear. For instance, they told us that the scale of potential impacts on the bulk power system from a cyberattack on the grid’s distribution systems is not well understood,” the report said.