In This Issue - FCC Cracks Whip on Security Breach Reporting
- CISA Director Calls on Tech Makers to Prioritize Security
- Russian Hackers Targeted U.S. Nuclear Research Labs
- Cuba Spy Ana Belen Montes Released After 20 Years Behind Bars
- U.S., Turkey Target Financial Network Linked to Islamic State
- Cyberattack on Records Vendor Affects Scores of U.S. Counties
- GE Insider Gets 2 Years for IP Theft
- Key Lawmaker Says U.S. Ownership Could Be 'Workable Solution' for TikTok
- Many Former DHS Employees Maintain Access to Secure Buildings and Systems
- See the Agenda for IMPACT 2023: Agenda
|
|
NSI’s 36th Annual IMPACT Training Set for April 17-19, 2023 (Chantilly, Virginia) |
|
Security professionals from government and the nation’s defense contractors will once again get together for a one-of-a-kind training and education experience. This 2.5-day training experience delivers a unique combination of learning opportunities including: Expert Briefings on Security Threats to the U.S. Industrial Base and U.S. Government; NISP Rule 32 Changes, Compliance and Know-How; Security Practice, Leadership and Know-How; Q&A Sessions with Industry and Government; Networking with both government and defense industry security practitioners.
Security team members who attend learn from top experts and presenters from the U.S. Government Security, Intelligence and Law Enforcement communities; Security Leaders and Experts in the Defense Industrial Base; DSCA Leadership and Representatives; Security Practitioners from Industry and Government. More |
|
FCC Cracks Whip on Security Breach Reporting (Total Telecom, 1/9/23) |
|
The FCC began proceedings to bolster the existing rules regarding telco obligations to notify their customers when sensitive data has been compromised. Currently, network operators are required to notify the relevant authorities – the FCC, but also potentially the Secret Service and FBI – of a data breach within a maximum of seven days after discovery. Only then, assuming no objections from law enforcement agencies, can customers be notified. The proposed update suggests eliminating this seven-business-day window, meaning that customers can be notified more quickly, “without unreasonable delay,” when their data has been leaked. The update would also broaden the existing scope of what is considered a breach, now including cases of “inadvertent access, use, or disclosures of customer information,” rather than solely breaches as a result of cyberattacks. More |
|
CISA Director Calls on Tech Makers to Prioritize Security (HS Today, 1/7/23) |
|
CISA Director Jen Easterly sat down with Bloomberg TV at the Consumer Electronics Show to discuss the importance of safety and transparency as technology continues to advance for consumers. While at the world’s largest technology trade show, Director Easterly asked technology leaders to treat cybersecurity as a core business risk and for industry leaders and creators to embrace security by design and security by default when bringing new products to market. Easterly highlighted that “when people create technology, it shouldn’t all be about cost, capability, performance and speed to market. They should have to keep basic safety in mind. Security shouldn’t follow the innovation curve. Security should move with the innovation curve.” She went on to say, “Cybersecurity, cyber safety, is a social good. It’s about societal resilience. With everything connected these days, you can’t just worry about your own company. We have to stop putting self-preservation over collaboration.” More |
|
Russian Hackers Targeted U.S. Nuclear Research Labs (Yahoo, 1/7/23) |
|
A group of Russian hackers reportedly targeted three U.S. nuclear research laboratories last summer. The Russian group Cold River carried out a phishing campaign against scientists at the Brookhaven, Argonne, and Lawrence Livermore National Laboratories to obtain passwords. According to reports, hackers created fake login pages for the laboratories and contacted nuclear scientists to try to trick them into revealing their passwords. "This is one of the most important hacking groups you've never heard of," Adam Meyers, senior vice president of intelligence at CrowdStrike, said. "They are involved in directly supporting Kremlin information operations." Cold River hacked into and leaked emails belonging to the former head of Britain's MI6 spy service in 2022 and targeted Britain's foreign ministry in 2016. More |
|
Cuba Spy Ana Belen Montes Released After 20 Years Behind Bars (Reuters, 1/7/23) |
|
Ana Belen Montes, one of the highest-ranking U.S. officials ever proven to have spied for Cuba, has been released from prison early, the U.S. Bureau of Prisons confirmed, after she spent more than two decades behind bars. Montes, 65, had in 2002 pleaded guilty to conspiracy to commit espionage after she was accused of using her leading position as a Defense Intelligence Agency official to leak information, including identities of some U.S. spies, to Havana. Aged 45, she was sentenced to 25 years in prison. A U.S. citizen of Puerto Rican descent, Montes began working for the DIA in 1985 and rapidly climbed its ranks to become the agency's top Cuba analyst. Prosecutors said during this time Montes received coded messages from Havana over a short-wave radio as strings of numbers, which she would type onto a decryption-equipped laptop to translate to text. More |
|
U.S., Turkey Target Financial Network Linked to Islamic State (Reuters, 1/5/23) |
|
The Treasury Department said it was taking joint action with Turkey against a network it said played a key role in money management, transfer and distribution for the Islamic State militant group operating in Iraq and Syria. Turkey's foreign affairs ministry said on Twitter the assets of seven individuals or legal persons involved in financing for the group were frozen. The Treasury Department said four individuals and two entities in Turkey were designated under U.S. sanctions. They included an Iraqi national living illegally in Turkey, Brukan al-Khatuni, his two sons and an associate, and two businesses they used to transfer money on behalf of the Islamic State, also known as ISIS, between Turkey, Iraq and Syria. The sanctions freeze any U.S. assets they hold and generally bar Americans from dealing with them. More |
|
Spend Less Time Pulling Together Security Awareness Content |
|
License NSI's Employee Security Connection
Content for Your Facility or Agency
- Quarterly 8-page digital newsletter you can share with cleared and uncleared employees alike at your facility
- Meets NISPOM-rule requirements
- Easily drop in your organization logo to brand it your own
- Easily add your own content if you wish
- Take aim at a superior rating
- A staple of industry and government security programs since 1985
- Learn a little more
|
|
Cyberattack on Records Vendor Affects Scores of U.S. Counties (Gov Info Security, 1/4/23) |
|
Hundreds of U.S. counties continue to work with pen and paper after a cyberattack on their digital records management vendor last week disrupted methods to view, add and edit government records. The third-party vendor, Cott Systems, a cloud-based solutions provider, informed its customers that an "organized cyberattack" had hit the company systems and resulted in "unusual activity" on its servers on Dec. 26. The company responded by unplugging its servers to isolate the intrusion, Cott said in a notification. Cott Systems helps manage government data including public records, land records and court cases. The company serves over 400 local governments across 21 states and has long-standing associations with several national and international bodies, according to its website. The server suspension forced hundreds of local governments to resort to manual processes, slowing down the processing of birth certificates, marriage licenses and real estate transactions. More |
|
GE Insider Gets 2 Years for IP Theft (Info Security, 1/4/23) |
|
A New York man was sentenced to 24 months behind bars for his part in a conspiracy to steal aviation trade secrets and send them to China. Xiaoqing Zheng, 59, of Niskayuna, N.Y., was convicted of conspiracy to commit economic espionage, after a four-week jury trial that ended in March last year. Zheng worked at GE Power’s Schenectady plant from 2008 to 2018, where he specialized in engineering turbine sealing technology. His participation in the conspiracy saw top secret IP sent to Chinese companies and universities researching, developing and manufacturing parts for turbines. It’s believed to be part of a sophisticated multi-year cyber-espionage campaign designed to help China gain parity with western aerospace firms and help it build the C919 commercial airliner. According to the FBI, Zheng was a member of the controversial Thousand Talents Program – a Communist Party initiative designed to recruit science and technology experts living abroad. More |
|
Key Lawmaker Says U.S. Ownership Could Be 'Workable Solution' for TikTok (Nextgov, 1/4/23) |
|
Rep. Mike Gallagher (R-Wis.) says that the sale of TikTok to an American company is potentially a "workable solution" to national security concerns about the popular video-sharing application. Just last month, Gallagher introduced a bill with fellow Republican Sen. Marco Rubio (Fla.) and Rep. Raja Krishnamoorthi (D-Ill.) that would ban the app in the United States outright. Gallagher, a former co-chair of the Cyberspace Solarium Commission, has been touted as the potential leader of a new select committee in the 118th Congress focusing on U.S. competition with China. Asked whether creating an American version of the app would be a solution, Gallagher said that selling to an American company would be allowed by his bill but that the "devil is in the details." Gallagher likened the app to "digital fentanyl" that is "highly addictive and destructive." More |
|
Many Former DHS Employees Maintain Access to Secure Buildings and Systems (HS Today, 1/3/23) |
|
The Office of Inspector General says DHS cannot ensure only authorized employees and contractors have access to its controlled systems and facilities. OIG found that DHS did not always terminate personal identity verification card access or withdraw security clearances for separated employees and contractors in accordance with federal regulations and department policies. OIG previously identified weaknesses in DHS’ controls over card collection, revocation, destruction, and management oversight in 2018. Many of the issues the watchdog reported then remain, and further work is required to improve and enhance processes. Specifically, DHS has not prioritized ensuring that cards are terminated when individuals no longer require access. OIG determined that, in thousands of cases, DHS did not promptly revoke card access privileges or destroy the cards of individuals who separated from the department. More |
|
National Security Institute
3 Sanger Circle, Dover, MA 02030
Contact: 508-533-9099 or infoctr@nsi.org
Learn More: nsi.org |
|
|
|
|
|
Comments
Post a Comment