2022 Week 5 Summary

-

 Summary

News came this week of several new cyber security operation centers.  This is a great idea.  The harder we make it for the bad guys the more likely they are to try and figure out something else to do.  We also have some advisories about issues in Industrial Control Systems(ICS).


News

SLTT

Several Puerto Rico government entities were struck by a cyberattack including the territories Senate.  Still not a lot of information at this time.

The Port of Los Angeles has opened its own Cyber Resilience Center (CRC).  This CRC will ensure that the port is protected from cyber threats that might impact cargo shipments that come into one of the world's most active seaports.  

Power

The U.S. Federal Energy Regulatory Commission (FERC) is looking at implementing a new regulation that would mandate owners and operators to monitor network security.  At the time they are seeking public comment.  


Healthcare

Medical IoT security company Cynerio released a report saying that 53% of connected medical devices or hospital-related IoT devices have known critical security issues.  Additionally, they reported that 1/3 of all bedside health-related IoT devices have critical risks.  

County of Kings, California alerted the public that a misconfiguration on their website lead to the exposure of sensitive medical information.  The error was made by a 3rd party contractor, and the flaw was in place for most of 2021.  They do not know of any use of the flaw but alerted the public so they can take whatever action they feel necessary.

The Rhode Island Public Transit Authority (RIPTA) has one of the strangest data breach disclosures I read this week.  They let 5,015 people know that their health plan information was stolen during a hack in August.  There has been no answer as to why RIPTA had the records in the first place as they are not employee records.  I will be following up.




Legislative actions 

New Mexico USA has filed several bills.  HB122 seeks to increase the cybersecurity of public schools.  HB98 would create an Office of Cybersecurity.  

Bills



Pennsylvania has passed a new law that bans state and local governments from using taxpayer money to pay cyber ransoms.  They also approved a bill to create an Office of Information Technology and required it to oversee cybersecurity best practices for state agencies. 

Bills



Not exactly legislation but regulatory activity...  The U.S. Federal Communications Commission voted to make a new policy requiring broadband providers to be more transparent on actual delivery and reliability specs in a program based on the USDA nutrition labels.  

Jobs

The state of Oklahoma has a cyber analyst position open.
Location: Oklahoma, USA

Comments

Post a Comment

Popular posts from this blog

2021 Week 11 Security Roundup

-
  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a
Read more

2021 Weeks 32-40 Security Roundup

-
  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically, the suit alleges failure to adequately train em
Read more

2021 Week 29 Security Review

-
  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit
Read more