Security

Cyber Daily: White House Plan For Maritime Security Warns of Digital Risks


Happy Friday. The U.S. has more than 360 ports and 3,500 maritime facilities, such as state-owned harbors, but no central body for coordinating cybersecurity or setting standards to protect a transportation system that accounts for 25% of the U.S. gross domestic product. The White House this week issued a plan for improvements, WSJ Pro’s James Rundle reports.

Other news: Direct Energy reveals data breach originating with a tech provider; Russian hacker gets 12 years; Federal judiciary’s systems likely breached in
SolarWinds

hack;
Facebook

suspends President Trump’s accounts indefinitely; and Senator says laptop stolen in melee at U.S. Capitol on Wednesday.

Weekend reading: GDPR frustrations; cyber firm Iboss raises $145 million; and security startups face funding challenges this year.

Maritime Cybersecurity

White House plan for maritime cybersecurity warns of previously unknown risks. The plan introduced initiatives designed to provide security standards for port technology, and formalized cybersecurity responsibilities for the U.S. Coast Guard’s involvement in investigations and incident response.

The Department of Homeland Security and the National Institute of Standards and Technology, a standards-setting agency within the Commerce Department, along with other federal agencies, must undertake a number of actions to better protect maritime transportation.

Tasks include the establishment of a formal forensics process for maritime cyber investigations by government and law-enforcement agencies, and the implementation of mandatory contractual language for cybersecurity when the federal government hires private-sector companies to run critical infrastructure.

The maritime sector is a frequent target for hackers. In September, shipping line CMA-CGM SA became the victim of ransomware while in April, Geneva-based Mediterranean Shipping Co. suffered a network outage believed to be the result of a cyberattack.

READ  Over 600 Japan entities hit by cyberattacks amid rise in telework

Ports and other maritime facilities have been largely left to determine their own security arrangements and as a result rely on a patchwork of guidelines from other institutions and sectors to inform their approaches.

Read the full story.

Quotable

“The number of…brand-name players that are involved in this, what we call SolarWinds intrusion right now, that have not come forward would surprise the hell out of many of the people watching this.”

— Sen. Mark Warner (D., Va.), the top Democrat on the Senate Intelligence Committee, during a videoconference hosted by the Aspen Institute on Thursday

More Cyber News

Direct Energy reveals data breach originating with a tech provider. Direct Energy LP told regulators in Maine this week that sensitive data for about 250,000 customers was compromised when a data analytics provider was hit with ransomware in November. Direct Energy, which provides electricity and natural gas in the U.S. and Canada, suspended work with the unnamed tech vendor and notified credit-card companies of the incident, according to a notice to customers. The vendor locked out the intruders and didn’t pay the ransom, Direct Energy said.

Russian hacker sentenced to 12 years. A U.S. federal judge issued the ruling Thursday to Andrei Tyurin, who pleaded guilty in September 2019 to stealing data about 100 million U.S. consumers from
JPMorgan Chase

& Co. and other firms, the Associated Press reports. In a string of computer intrusions from 2012 to mid-2015, Mr. Tyurin and a co-conspirator targeted financial firms and media, including The Wall Street Journal, prosecutors said. Mr. Tyurin, who was extradited to the U.S. in 2018 from the country of Georgia, is “ashamed” of his actions, his lawyer said in court papers.

READ  Airport security time-slots and pre-booked booze may be the future of travel post-pandemic

Federal judiciary’s systems likely breached in SolarWinds hack. The federal judiciary was working to immediately add new security procedures to protect “highly sensitive confidential documents filed with the courts,” The Wall Street Journal reports, citing a statement Wednesday by the Administrative Office of the U.S. Courts. Highly sensitive court documents filed with federal courts on paper or via secure electronic devices will be stored in a stand-alone computer system. Gaining access to confidential judiciary records could be especially valuable to foreign spies, analysts said, because of the extreme sensitivity of information they often contain, including investigative techniques described in search warrants or specific email accounts or phone numbers being surveilled.

Senator says laptop stolen. 

Sen. Jeff Merkley
(D., Ore.) said in a video on his
Twitter

 feed that a laptop was taken from his office during the melee Wednesday.

Weekend Reading

Dutch Lawsuit Seeks Quicker Resolution in Google Case

Cybersecurity Firm Iboss Raises $145 Million as Cloud Market Stays Hot

Cyber Startups Face Broader Funding Challenge in 2021



READ SOURCE

Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.