Public Sector Cybersecurity Weekly Briefing 04-20-2018

Practices Face Challenges in Hiring Qualified Cybersecurity Personnel
[Almost] three-quarters said their organizations were too short staffed to protect against future breaches. The respondents said staffing was the biggest challenge in ensuring security of health information. Only half had a dedicated chief information security officer (CISO). HIPAA does not require health care organizations to have somebody in this position, but an individual who sets and manages an organization’s security plan is a must for larger organizations.

 

U.S. Cyber Command Chief Calls for Debate Around Hacking Unit’s Authorities
Such a shift in policy may allow Cyber Command to offer more protection to private companies, including those that own and operate what the U.S. government considers “critical infrastructure.” When it comes to offensive measures, the shift could also open the door for soldiers to hack a much wider array of targets; beyond the Middle East, where the military is already engaged in firefights.

 

Colorado’s Election Systems Are Being Hacked…on Purpose, by the Feds
Colorado’s election systems have been under attack by cyber intruders. Networks are being poked and prodded in an attempt to bypass security measures, access control systems and manipulate or extract data.  […] Colorado is one of seven states participating in the exercise, along with nearly 1,000 other “players” across the nation that range from law enforcement agencies to transportation and manufacturing networks.

 

Cops Around the Country Can Now Unlock iPhones, Records Show
Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. […] “It demonstrates that even state and local police do have access to this data in many situations,” Matthew Green, an assistant professor and cryptographer at the Johns Hopkins Information Security Institute, told Motherboard in a Twitter message. “This seems to contradict what the FBI is saying about their inability to access these phones.”

 

Russian Hackers Mass Exploit Routers in Homes, Govs, and Infrastructure
The Russian government-sponsored actors are using the compromised devices to perform man-in-the-middle attacks that extract passwords, intellectual property, and other sensitive information and to lay the groundwork for potential intrusions in the future, the officials continued. The warning was included in a technical alert jointly issued by the US Department of Homeland Security and FBI and the UK’s National Cyber Security Center.

 

Atlanta Spending $2.7 Million on Ransomware Cyber Attack; Ransom was $50,000
[The] city has signed eight emergency contracts in response to the attack, including two $1 million agreements with private technology firms to assist the city’s information management and municipal court systems. Atlanta has been grappling with the impact of the attack since late March. Systems that allowed customers to pay bills or access court-related information were down and most city workers were told not to turn on their computers.

 

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.