Happy Friday. The U.S. has more than 360 ports and 3,500 maritime facilities, such as state-owned harbors, but no central body for coordinating cybersecurity or setting standards to protect a transportation system that accounts for 25% of the U.S. gross domestic product. The White House this week issued a plan for improvements, WSJ Pro’s James Rundle reports.
Other news: Direct Energy reveals data breach originating with a tech provider; Russian hacker gets 12 years; Federal judiciary’s systems likely breached in
suspends President Trump’s accounts indefinitely; and Senator says laptop stolen in melee at U.S. Capitol on Wednesday.
Weekend reading: GDPR frustrations; cyber firm Iboss raises $145 million; and security startups face funding challenges this year.
White House plan for maritime cybersecurity warns of previously unknown risks. The plan introduced initiatives designed to provide security standards for port technology, and formalized cybersecurity responsibilities for the U.S. Coast Guard’s involvement in investigations and incident response.
The Department of Homeland Security and the National Institute of Standards and Technology, a standards-setting agency within the Commerce Department, along with other federal agencies, must undertake a number of actions to better protect maritime transportation.
Tasks include the establishment of a formal forensics process for maritime cyber investigations by government and law-enforcement agencies, and the implementation of mandatory contractual language for cybersecurity when the federal government hires private-sector companies to run critical infrastructure.
The maritime sector is a frequent target for hackers. In September, shipping line CMA-CGM SA became the victim of ransomware while in April, Geneva-based Mediterranean Shipping Co. suffered a network outage believed to be the result of a cyberattack.
Ports and other maritime facilities have been largely left to determine their own security arrangements and as a result rely on a patchwork of guidelines from other institutions and sectors to inform their approaches.
Read the full story.
“The number of…brand-name players that are involved in this, what we call SolarWinds intrusion right now, that have not come forward would surprise the hell out of many of the people watching this.”
— Sen. Mark Warner (D., Va.), the top Democrat on the Senate Intelligence Committee, during a videoconference hosted by the Aspen Institute on Thursday
More Cyber News
Direct Energy reveals data breach originating with a tech provider. Direct Energy LP told regulators in Maine this week that sensitive data for about 250,000 customers was compromised when a data analytics provider was hit with ransomware in November. Direct Energy, which provides electricity and natural gas in the U.S. and Canada, suspended work with the unnamed tech vendor and notified credit-card companies of the incident, according to a notice to customers. The vendor locked out the intruders and didn’t pay the ransom, Direct Energy said.
Russian hacker sentenced to 12 years. A U.S. federal judge issued the ruling Thursday to Andrei Tyurin, who pleaded guilty in September 2019 to stealing data about 100 million U.S. consumers from
& Co. and other firms, the Associated Press reports. In a string of computer intrusions from 2012 to mid-2015, Mr. Tyurin and a co-conspirator targeted financial firms and media, including The Wall Street Journal, prosecutors said. Mr. Tyurin, who was extradited to the U.S. in 2018 from the country of Georgia, is “ashamed” of his actions, his lawyer said in court papers.
Federal judiciary’s systems likely breached in SolarWinds hack. The federal judiciary was working to immediately add new security procedures to protect “highly sensitive confidential documents filed with the courts,” The Wall Street Journal reports, citing a statement Wednesday by the Administrative Office of the U.S. Courts. Highly sensitive court documents filed with federal courts on paper or via secure electronic devices will be stored in a stand-alone computer system. Gaining access to confidential judiciary records could be especially valuable to foreign spies, analysts said, because of the extreme sensitivity of information they often contain, including investigative techniques described in search warrants or specific email accounts or phone numbers being surveilled.
Senator says laptop stolen.
Sen. Jeff Merkley
(D., Ore.) said in a video on his
feed that a laptop was taken from his office during the melee Wednesday.
Dutch Lawsuit Seeks Quicker Resolution in Google Case
Cybersecurity Firm Iboss Raises $145 Million as Cloud Market Stays Hot
Cyber Startups Face Broader Funding Challenge in 2021