Federal transportation officials aim to ‘bridge gaps’ in OT cybersecurity

In a post-Colonial Pipeline world, DOT and TSA leaders say they’re pursuing a cross-sector approach to protecting operational technology.

The post Federal transportation officials aim to ‘bridge gaps’ in OT cybersecurity appeared first on CyberScoop.

Continue reading Federal transportation officials aim to ‘bridge gaps’ in OT cybersecurity

CrowdStrike points finger back at Delta after airline threatened to sue over outages

Delta will have to account for its own shortcomings if it follows through on a threat based on a “misleading narrative,” CrowdStrike said.

The post CrowdStrike points finger back at Delta after airline threatened to sue over outages appeared first on CyberScoop.

Continue reading CrowdStrike points finger back at Delta after airline threatened to sue over outages

GAO: Federal agencies lack insight on ransomware protections for critical infrastructure

The Government Accountability Office finds that agencies overseeing key critical infrastructure sectors don’t know whether protections against ransomware have been implemented.

The post GAO: Federal agencies lack insight on ransomware protections for critical infrastructure appeared first on CyberScoop.

Continue reading GAO: Federal agencies lack insight on ransomware protections for critical infrastructure

Costa Rican president begins tenure with ransomware national emergency declaration

A Conti affiliate claimed responsibility and has posted more than 672 GB of data so far.

The post Costa Rican president begins tenure with ransomware national emergency declaration appeared first on CyberScoop.

Continue reading Costa Rican president begins tenure with ransomware national emergency declaration

Major cyber incident reporting requirement, CISA budget hike on precipice of becoming law

The incident reporting legislation, long in the works, also comes with nearly $2.6 billion for the agency for fiscal 2022.

The post Major cyber incident reporting requirement, CISA budget hike on precipice of becoming law appeared first on CyberScoop.

Continue reading Major cyber incident reporting requirement, CISA budget hike on precipice of becoming law

Biden signs infrastructure bill that provides nearly $2 billion for cybersecurity

Presdent Joe Biden signed a $1 trillion infrastructure bill into law on Monday that includes nearly $2 billion for cybersecurity and related provisions. The biggest piece of digital security funding is a Federal Emergency Management Agency cyber grant program, administered in consultation with the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, that would distribute $1 billion over four years to state and local governments. An additional $21 million would go toward the Office of the National Cyber Director, which has been unable to make key hires since being established earlier this year due to funding shortages. In all, the legislation — known as the Infrastructure Investment and Jobs Act — is “the largest investment in the resilience of physical and natural systems in American history,” the White House boasted, one that “makes our communities safer and our infrastructure more resilient to the impacts of climate change and cyber-attacks.” […]

The post Biden signs infrastructure bill that provides nearly $2 billion for cybersecurity appeared first on CyberScoop.

Continue reading Biden signs infrastructure bill that provides nearly $2 billion for cybersecurity

Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill

Shortly after Congress took action on a $1 trillion infrastructure bill, hackers posing as U.S. Transportation Department officials offered fake project bid opportunities to seduce companies into handing over Microsoft credentials, researchers say. The ploy included layers of attempts to disguise the malicious appeals as authentic government solicitations, and even eventually led the would-be victims back to the actual Department of Transportation website, according to a Wednesday blog post from INKY, an email security company. “The basic pitch was, with a trillion dollars of government money flowing through the system, you, dear target, are being invited to bid for some of this bounty,” wrote Roger Kay, vice president of security strategy for the firm. Never mind that the infrastructure legislation hasn’t fully worked its way through Congress yet, nor that few of the phishing campaign’s targets would even be eligible for the infrastructure projects that bill would fund. It’s the […]

The post Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill appeared first on CyberScoop.

Continue reading Email scammers posed as DOT officials in phishing messages focused on $1 trillion bill

Amid ransomware fallout, Energy Secretary asks Americans to avoid panic buying fuel

If Americans are starting to feel the cascading effects of a recent ransomware incident affecting Colonial Pipeline, they should resist the temptation to buy more gasoline than they need, U.S. officials say. Energy Secretary Jennifer Granholm said Tuesday several states will likely feel effects on their fuel supplies in the coming days as a result of Colonial Pipeline shutting down operations last Friday following a ransomware attack. Colonial Pipeline, which supplies 45% of the East Coast’s transportation fuels, normally supplies 100 million gallons of gas from Texas to New York daily. Secretary Granholm said that after speaking with the CEO of the firm, she expects Colonial Pipeline to restore service by the end of the week. There is not a shortage of gasoline, Granholm said. The issue is that deliveries are held up as a result of the company shuttering some operations after the ransomware incident. “The [supply] crunch is in […]

The post Amid ransomware fallout, Energy Secretary asks Americans to avoid panic buying fuel appeared first on CyberScoop.

Continue reading Amid ransomware fallout, Energy Secretary asks Americans to avoid panic buying fuel

US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules

After a ransomware attack hampered one of the largest pipeline operators in the U.S., the Transportation Department on Sunday issued an emergency directive allowing drivers in 17 states and the District of Columbia to work longer hours to transport fuel. The “regional emergency declaration” is meant to alleviate any disruptions to supply following the security incident at Colonial Pipeline, which the company revealed Friday. While the Georgia-based company normally delivers more than 100 million gallons of gas, diesel and other products daily to customers from Texas to New York, according to its website, the ransomware infection forced a temporary halt to its operations. Colonial Pipeline says it transports some 45% of all fuel consumed on the East Coast. The Transportation Department’s declaration means that truckers carrying gasoline, diesel, jet fuel and other refined petroleum products are temporarily exempt from laws restricting the amount of time they are allowed to be […]

The post US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules appeared first on CyberScoop.

Continue reading US issues emergency declaration following Colonial Pipeline ransomware incident, relaxing transport rules

Republican senators ask DOT, FAA to cease using Chinese drones

A group of Republican senators sent a letter to the Department of Transportation and the Federal Aviation Administration Wednesday asking them to exclude Chinese drones, particularly DJI drones, from future partnerships due to national security concerns. The letter comes days after one of the participants in the FAA’s Unmanned Aircraft System Integration Pilot Program announced it would be working with DJI drones, which the U.S. government has found to contain vulnerabilities that could allow adversaries to steal sensitive data — or to even take control of their systems. “We … urge you to immediately restrict the use of this equipment and technology that has the potential to jeopardize the security of critical information and infrastructure gained through this and other FAA programs,” the Senators write. “American taxpayer dollars should not fund state-controlled or state-owned firms that seek to undermine American national security and economic competitiveness.” The authors of the letter — Sens. Tom […]

The post Republican senators ask DOT, FAA to cease using Chinese drones appeared first on CyberScoop.

Continue reading Republican senators ask DOT, FAA to cease using Chinese drones