D.C. Metro system beefs up supply-chain cybersecurity provisions for new railcars

The Washington, D.C., area’s Metro system, in response to U.S. senators who raised security concerns about a new line of railcars, now says it will use the National Institute of Standards and Technology’s cybersecurity framework to vet software and hardware proposed for the project. Bidders on the railcar procurement, worth an estimated $1 billion and covering up to 800 railcars, also will have to show evidence that a third party tested their software or hardware, Washington Metropolitan Area Transit Authority CEO Paul J. Wiedefeld said Wednesday. The NIST framework — used widely throughout other industries and government agencies — is a key part of the  updated request for proposal, Wiedefeld wrote in a letter to Democratic senators from Virginia and Maryland. “We are confident that these approaches will impose appropriate controls that limit any malicious actor’s ability to embed malware and for WMATA to monitor and enforce security requirements,” Wiedefeld wrote to […]

The post D.C. Metro system beefs up supply-chain cybersecurity provisions for new railcars appeared first on CyberScoop.

Continue reading D.C. Metro system beefs up supply-chain cybersecurity provisions for new railcars

Senators worry that new D.C. Metro railcars could carry cyber risk

Senators who represent the Washington, D.C., area have raised concerns about added cybersecurity risks in the region’s Metro system after reports that a Chinese state-owned manufacturing company could win a $1 billion procurement for railcars. The four Democrats – Sens. Mark Warner and Tim Kaine of Virginia, and Ben Cardin and Chris Van Hollen of Maryland – wrote to the Washington Metropolitan Area Transit Authority expressing their “serious concerns” of possible foreign bidding on the project, “particularly when it could involve foreign governments that have explicitly sought to undermine our country’s economic competitiveness and national security.” The Jan. 18 letter to WMATA CEO Paul J. Wiedefeld, the lawmakers exhorted him to “take the necessary steps to mitigate growing cyber risks to these cars.” The worry is that technology in the transit system, including video surveillance cameras and the automated aspects of railcars, could be a target of spies or hackers. The state-owned China Railway […]

The post Senators worry that new D.C. Metro railcars could carry cyber risk appeared first on CyberScoop.

Continue reading Senators worry that new D.C. Metro railcars could carry cyber risk

Kaspersky Lab files injunction in court, seeking to counter Trump administration ban

Moscow-based anti-virus company Kaspersky Lab has filed a motion for a preliminary injunction in U.S. federal court in hopes of halting the Trump administration’s ongoing efforts to ban Kaspersky software from use in federal agencies, CyberScoop has learned. The move comes after Kaspersky Lab founder and CEO Eugene Kaspersky announced plans in December to sue the Department of Homeland Security (DHS), who originally launched the ban through a Binding Operational Directive (BOD) on Sept. 13 citing alleged espionage concerns. The motion was filed in the U.S. District Court for the District of Columbia. The Washington Post, New York Times and Wall Street Journal have all reported in recent months, citing anonymous U.S. intelligence officials, that Russian intelligence agencies have in the past leveraged Kaspersky Lab’s anti-virus engine to remotely steal confidential documents from targeted computers where the software is already installed. Kaspersky Lab has repeatedly and unequivocally denied all wrongdoing. The company continues […]

The post Kaspersky Lab files injunction in court, seeking to counter Trump administration ban appeared first on Cyberscoop.

Continue reading Kaspersky Lab files injunction in court, seeking to counter Trump administration ban

Kaspersky Lab takes U.S. government to court over federal software ban

Russian anti-virus maker Kaspersky Lab is suing the U.S. government for its decision to ban the company’s software in federal agencies and departments, according to an open letter written by company founder Eugene Kaspersky. Citing a lack of due process and insufficient evidence relating to the Department of Homeland Security’s Binding Operational Directive (BOD) 17-01, Kaspersky is claiming the U.S. government violated the Administrative Procedures Act and the Fifth Amendment. The Administrative Procedures Act controls how administrative agencies can propose and establish regulations, requiring organizations to provide “substantial evidence” for their decisions if questioned by a U.S. court. In September, DHS ordered civilian agencies to remove Kaspersky Lab from their computers within 90 days via the directive. Although the process had been ongoing for some time, the ban was then codified into law last week when U.S. President Donald Trump signed the National Defense Authorization Act (NDAA). The lawsuit represents […]

The post Kaspersky Lab takes U.S. government to court over federal software ban appeared first on Cyberscoop.

Continue reading Kaspersky Lab takes U.S. government to court over federal software ban

Shadow Brokers return to taunt U.S. government after ransomware spread

A mysterious group known for publishing highly classified computer code developed by the National Security Agency returned to the limelight Tuesday with a cryptic message concerning the future release of other government hacking tools and secretive information, including “network data from Russian, Chinese, Iranian, and North Korean nuclear missile programs.” “TheShadowBrokers is having many more where coming from?” a lengthy message posted Tuesday morning by the peculiar group reads, claiming they own “75% of U.S. cyber arsenal.” The message also cites the Equation Group, which has been observed operating in the wild by cybersecurity firm Kaspersky Lab and is believed to associated with an elite hacking unit within the NSA. “This is theshadowbrokers way of telling theequationgroup ‘all your bases are belong to us.’ TheShadowBrokers is not being interested in stealing grandmothers’ retirement money. This is always being about theshadowbrokers vs theequationgroup.” Since the Shadow Brokers posted their first message to […]

The post Shadow Brokers return to taunt U.S. government after ransomware spread appeared first on Cyberscoop.

Continue reading Shadow Brokers return to taunt U.S. government after ransomware spread