Public Sector Cybersecurity Weekly Briefing 12-15-2017

NewsJacker #4

In this 3+ minute NewsJacker episode, Mike shares his opinions on the most recent news in IT security:

  • Net Neutrality
    • The vote is imminent, and motivations for repeal look fishy
  • Georgia’s Hacked Voting Machine
    • Here’s a good example of why paper voting is still the best way to hold a secure election.
  • Cyber Security as a Competitive Differentiator
    • Learn the four forces accelerating infosec as a competitive advantage

 

German Intelligence Warns of Increased Chinese Cyber Spying
Hans-Georg Maassen said his agency, known by its German acronym BfV, believes more than 10,000 Germans have been targeted by Chinese intelligence agents posing as consultants, headhunters or researchers, primarily on the social networking site LinkedIn. “This is a broad-based attempt to infiltrate in particular parliaments, ministries and government agencies,” Maassen said.

 

ISIS Hackers Take Down One US Township Website After Threatening Global Cyber Attack Starting Today
They threatened a massive cyber attack on governments and armies around the world starting with ‘the cursed Unites States’ today. But ISIS hackers have only managed to take down a US township website. A group called Electronic Ghosts of the Caliphate hacked the Gloucester Township site and posted threats on its homepage, writing: ‘You will see the lions of the Caliphate in your homes roasting your bodies.’

 

Cybersecurity Expert: Iranian Hacking is a “Coordinated, Probably Military, Endeavor”
A report released this week, by FireEye, a cybersecurity firm, noticed increased and increasingly advanced cyber-espionage efforts by groups that have been tied to Iran, and to the nation’s Islamic Revolutionary Guard Corps (IRGC). Groups, believed to be Iranian, have utilized “spearphishing emails, strategic web compromises and breached social media accounts distributing malware,” in order to steal commercial secrets and intercept personal communications.

 

FBI Mum on Georgia’s Wiped Election Server
The plaintiffs in the lawsuit allege that Georgia’s voter registration data was hosted on the same server as the vote tabulation databases, the software used to program ballots and the passwords for both voting machines and election supervisors. Further, all of this data was connected to a public-facing website that was accessible for at least 10 months to anyone with an internet connection and technical expertise. […] At a Dec. 7 House hearing, FBI Director Christopher Wray declined to answer questions about whether the bureau retained data on a Georgia election server before it was wiped clean by state election officials, then declined to answer whether the FBI was investigating the matter.

 

New York is First State to Adopt Comprehensive Cybersecurity Regulations
Notable among the new requirements under the New York regulation is that all covered entities are responsible for retaining a “chief information security officer” (CISO) to implement and oversee the company’s cybersecurity program. This individual is responsible for maintaining compliance with the regulation for the company. The individual could be an employee or outside contractor.

 

Public Sector Cyber Security Needs to Fight Back
Public sector organisations across every service stand to lose valuable data which is vulnerable to criminals. This can range from high-value research from universities to patient records and even sensitive information shared by government officials. So why is the public sector struggling to prevent cyber-attacks? Budget constraints are universal across all public sector services, and IT managers are increasingly finding themselves tasked to do more with less. As a result, basic security hygiene has always been an Achilles heel for public sector organisations.

 

To Fend Off Hackers, Local Governments Get Help From States
Washington state started offering local governments independent audits of their cyber defenses three years ago. The reviews by contractors and state auditors and IT security specialists assess a system’s vulnerabilities, perform technical tests to see if it can be penetrated, and recommend improvements. The audits take six months to two years and cost the state $150,000 to $300,000 each.

 

Voting Machines Without Safeguards
Having worked at IBM for long, Barbara Simons (76) is among the pioneers in computer science. When, therefore, she began saying that electronic voting was not safe, people took her to be a ‘crank’.  […] But the election of Donald Trump in 2016 as the US President and the cloud cast by allegations of Russian interference in the electoral process, has overnight changed the usually cold reception that Simons was used to from public officials and citizens alike. People are now more curious to hear her and more willing to accept that she may actually be talking sense.

 

Senator Presses White House to Improve Election Cyber Protections
Specifically, Wyden asked McMaster to designate a senior White House election security czar to brief Congress of executive branch election security efforts, direct the National Institute for Standards and Technology and the Department of Homeland Security to grade states on their election infrastructure and designate political campaigns as critical infrastructure.

 

State Attorneys General Line Up to Sue FCC Over Net Neutrality Repeal
Attorneys general from “across the country” will sue the Federal Communications Commission in an attempt to reverse today’s repeal of net neutrality rules. “Today, I am announcing my intention to file a legal challenge to the FCC’s decision to roll back net neutrality, along with attorneys general across the country,” Washington State Attorney General Bob Ferguson said.

 

Stay up to date on the Public Sector Information Security news that you need to know by signing up for our Public Sector Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.