Public Sector Cybersecurity Weekly Briefing 12-08-2017

Leaked DHS Memo Accused Drone Maker DJI of Spying for China
The bulletin (pdf), written in August by the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE), was leaked last week. In it, SIP Los Angeles claims to have “moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government.” It has “high confidence” that DJI “is selectively targeting government and privately-owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data.”

 

Expert Gives Congress Solution to Vote Machine Cyber-security Fears: Keep a Paper Backup
Among Blaze’s recommendations is that rather than rely on purely electronic voting machines to log votes, officials use optical scan machines that retain a paper copy of each voter’s ballot that can be consulted if anyone grows concerned about counting errors or tampering. In other words, due to the fact that everything has bugs and flaws, truly paperless voting systems should be a no-no.

 

Senate Bill Introduced That Would Require Jail Time for Data Breach Cover Ups
The Data Security and Breach Notification Act was introduced by Sens. Bill Nelson, D-FL., Richard Blumenthal, D-CT., and Tammy Baldwin, D-WI., Nelson introduced similar legislation last year, will require quick notification of breaches and impose new penalties for the executive of any companies that withhold such information from the public. If the news of a breach is not released within 30 days the executives in charge could face up to five years in jail.

 

Federal Government to Propose New Cybersecurity-related Bill this Winter
One of the provisions of Bill C-59 is the enhancement of the Communications Security Establishment (CSE), allowing the agency to conduct cyberattacks against foreign hostile actors looking to compromise Canada’s infrastructure from abroad.

 

We Need to Secure Voting Machines. But from What?
First, how should we understand the election-security threat? As demonstrated by the 2016 U.S. presidential election, the pertinent security issues are immensely complex and wide-ranging. In order to develop a sensible framework, we must disentangle pure election-security issues from broader information operations or covert influence campaigns.

 

Risky Business: How the Government Can Reduce Contractor Cyber Risk
The good news is that federal agencies are beginning to catch up to the constantly evolving nature of cyber risk, instituting fresh cybersecurity requirements over the past year for vendors seeking contracts from the federal government. The bad news is that the dozens of new requirements were first mooted as long ago as in 2012 — a regretfully slow pace of reform that, if understandable given the scope and complexity of federal contracting, cannot keep up to the constantly evolving nature of digital threats.

 

How Cyber Safe is Your Municipality?
IT security vulnerabilities need to be front-and-centre for municipal leaders and taxpayers. The failure to act or fund should be publicly reported. Citizens have a right to know just how cyber safe your community is. After all, it is a liability. It’s not severe weather, an old bridge or crumbling road. It’s mainly ones and zeros in a computer that too few municipal leaders show an active interest in.

 

Iranian Hackers Have Been Infiltrating Critical Infrastructure Companies
“We have seen, and this is with a lot of the Iranian actors, a very disconcerting or aggressive posture towards critical infrastructure organizations,” says John Hultquist, director of intelligence analysis at FireEye. “APT 33 has targeted a lot of organizations in critical infrastructure in the Middle East and so has APT 34.

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>