Short Takes – 5-25-23
Mysterious malware designed to cripple industrial systems
linked to Russia. Cyerscoop.com article.
Pull quote: “The discovery of the malware dubbed “CosmicEnergy” is
somewhat unusual since it was uploaded to VirusTotal — a service that
Google owns that scans URLs and files for malware — in December 2021 by a
user with a Russian IP address and was found through threat hunting and not
following an attack on a critical infrastructure system.”
Joe Public, Class I, Division 2, and Gas Stations.
StonehouseSafety.com blog
post. Pull quote: “Self-service gasoline pumping operations require the
public, usually unknowingly, to perform activities within a Class I, Division
2/ Zone 2 hazardous location. If you put gas in your car, vapors will be
displaced and may end up in precisely the location where you stand. Around the
fuel dispenser there is always a Class I, Division 2 area.” Good discussion
about cell phone use at gas stations.
NOAA predicts a near-normal 2023 Atlantic hurricane
season. NOAA.gov press
release. Pull quote: “NOAA is forecasting a range of 12 to 17 total named
storms (winds of 39 mph or higher). Of those, 5 to 9 could become hurricanes
(winds of 74 mph or higher), including 1 to 4 major hurricanes (category 3, 4
or 5; with winds of 111 mph or higher). NOAA has a 70% confidence in these
ranges.”
The Rise of Open-Source Drones. DroneAnalyst.com article.
Pull quote: “It’s fascinating to see the US military move quickly on
open-source technologies, and speaks to the influence of the Defense Innovation
Unit in changing US DoD procurement culture. It also speaks to the benefits of
Open-Source projects for large enterprise users. With strict enforcement of
standards, large enterprises can test or deploy multiple systems nearly
interchangeably. Vetting of cybersecurity risks can similarly be streamlined,
as code is published and commonly tested before procurement.”
NACD Members Call on Congress to Reauthorize Critical
CFATS Program: Program Set to Expire in July Without Congressional Action.
NACD.com press
release. Pull quote: ““As one of the most successful chemical security
programs in existence, the CFATS program serves a critical role to our industry
by protecting our nation’s high-risk chemical facilities from acts of terror
and providing the industry with the stability needed to make important
investments. This important program, however, is set to expire on July 27,
2023, without Congressional action. We applaud the dedicated work of Mr.
Fridley and Mr. Erstad as they continue to demonstrate how this program allows
the industry to partner with the U.S. Department of Homeland Security (DHS) to
manage these ever-evolving risks while upholding the highest security
standards. NACD will continue to closely work with Members of Congress to
secure a clean, long-term reauthorization to continue to protect against
potential threats to these critical facilities.””
Notice of Cybersecurity and Infrastructure Security
Agency Cybersecurity Advisory Committee Meeting. Federal Register CISA meeting
notice. Agenda to be published here
by June 16th, 2023. Meeting date: June 20th, 2023.
McCarthy set to send the House home without a debt limit
deal. News.Yahoo.com article.
Pull quote: “In a meeting earlier this week, McCarthy told members of the
Republican conference that they should prepare to return to their districts if
a deal isn’t reached by the White House and Republican negotiators by Memorial
Day weekend. Members can always be called back, but Republican Study Committee
Chairman Kevin Hern, who was in the meeting, told reporters that this is a deal
that has to be reached between a few key people.”
Debt Ceiling Furloughs Are Unconstitutional, Union Will
Argue Before Court Next Week. GovExec.com article.
Pull quote: “The lawsuit is seeking an emergency injunction preventing the
Biden administration from no longer borrowing money to pay the government’s
debt, as is expected to occur under a default, and to prohibit any related
layoffs or furloughs of federal employees. NAGE filed the complaint on behalf
of its 75,000 federal employee members.”
Congress Doesn’t Know How to Count the Number of National
Security Professionals and That’s a Problem. GovExec.com article.
Pull quote “A zero trust framework is good for IT, but unfortunately doesn’t
work for people – where the reality is we’re always only in a position to
reduce risk, not eliminate it. Proposals by Congress to cut the number of
security clearances doesn’t address the true problem, which is how lax security
procedures have allowed for the printing and removal of classified documents
from cleared facilities – which has been the case for nearly every major leak
scenario over the past several years.”