Cybersecurity News in Review

Robert DuPree
June 14, 2021 • 6 min read

This week’s cybersecurity news in review includes updates in the aftermath of recent attacks against certain U.S. enterprises, a number of articles on the growing threat of ransomware, and warnings about cyber vulnerabilities in the educational and energy sectors. There are also stories on Biden Administration actions to secure IT and communications technology and to fight ransomware, an IG report on DHS’ CDM program flaws, and new legislation designed to help small businesses following a cyber attack. Also provided is coverage on moves by two federal agencies to meet President Biden’s push for zero trust architecture, and the Pentagon’s efforts to improve 5G security. Finally, there are reports on the FY 2022 budget and the cybersecurity needs of U.S. Cyber Command and other Department of Defense components, as well as the IRS.

Hacked meat packing firm pays $11M ransom

Dark Reading reports the U.S. meat packing company that briefly shut down operations after a recent ransomware attack paid an $11 million ransom to those responsible in an effort to “mitigate any unforeseen issues related to the attack and ensure no data was exfiltrated.” Read more…

Pulse Secure VPN weakness led to NYC transit hack

SC Magazine says a recent cyberattack against New York City’s Metropolitan Transportation Authority (MTA) systems was due to Chinese hackers gaining access through a zero day attack exploiting vulnerabilities in Pulse Secure’s VPM software. Read more…

In the aftermath of ransomware attack, Colonial Pipeline CEO welcomes cyber mandates

According to Nextgov, the CEO of Colonial Pipeline told a Senate panel that mandatory cybersecurity requirements would be helpful to the pipeline industry. Read more…

Ransomware’s growing threat

NPR says there were over 65,000 ransomware attacks against U.S. interests last year, and it says this will only get worse as hackers realize tgat their tactics are working, enterprises are still vulnerable, new malware is available to them, and the ability to receive payment via cryptocurrencies makes it easier to receive payments and avoid capture.  Read more…

Ransomware: Becoming an “epidemic”

Security Week examines the recent rash of ransomware attacks, citing a recent estimate that victims paid “at least” $18 million to their attackers last year, and quoting one expert as warning that ransomware “is hitting epidemic proportions.” Read more…

Critical infrastructure OT and ransomware – CISA fact sheet

Dark Reading reports that DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has issued a ransomware fact sheet which looks at the threat to operational technology (OT) assets and control systems in America’s critical infrastructure. Read more…

Biden Administration calls of private sector to step up against ransomware

Security Week cites a memo from a key White House cyber official as urging private companies to take certain basic steps to protect themselves against ransomware.  Read more…

Here’s what the Biden Administration is doing on ransomware

The Washington Post does a deep dive into the Biden Administration’s efforts to respond to the fast-growing threat of ransomware attacks. Read more…

Ransomware and school cybersecurity: A shared responsibility

Government Technology explores the growing threat of ransomware attacks against the nation’s public school systems, and says there is a shared responsibility among school staff and students to keep their networks secure. Read more…

Secretary Granholm: Foes can use cyberattacks to bring down U.S. power grid

The Hill quotes Secretary of Energy Jennifer Granholm as warning that U.S. adversaries can use cyberattacks to shut down the nation’s power grid, and saying the private and public sectors must work together to defend against such efforts. Read more…

Biden Administration gives further direction on securing IT, comms

Nextgov reports on new instructions and deadlines for certain departments and agencies to take actions per the directions given last year by the Trump Administration on transactions which involve foreign adversaries and information and communications technology. Read more…

White House nominee will coordinate to systematically attack ransomware roots

President Biden’s nominee for White House cyber director told a Senate panel that he needs to connect public and private cyber capabilities to “systematically attack” what makes ransomware possible, Breaking Defense reports. Read more…

Homeland Security IG: CDM dashboard doesn’t have data needed for real time response

FedScoop cites an Inspector General report as faulting DHS’s Continuous Diagnostics and Mitigation (CDM) dashboard for lacking some of the data necessary to enable the department to prioritize or respond to cybersecurity risks in real time. Read more…

Senate bill would provide additional cyber protections, assistance to small biz

The Hill reports that a bipartisan group of senators has introduced legislation to mandate credit bureaus inform small businesses of a nonpublic personal data breach within 30 days, and bar credit bureaus from charging such businesses for a credit report within 180 days of a breach. Read more…

Immigration agency publishes RFI for cyber capabilities

According to FedScoop, in the wake of President Biden’s May 12 cybersecurity executive order urging agencies to adopt zero trust architecture, the U.S. Citizenship and Immigration Services (USICS) has issued an RFI seeking information from contractors on their cybersecurity capabilities vis-à-vis protecting IT infrastructure, other systems, and the data they contain. Read more…

DISA looking to shift DoD to zero trust

Nextgov says DISA is working to move DoD from perimeter-based security to a zero trust approach. Read more…

DoD working on 5G security standards

FedScoop says the Defense Department is beginning to create its own set of security standards for 5G, which will in turn determine the requirements private companies will have to meet in order to collaborate with DoD on installing 5G technology. Read more…

Could CMMC costs force electronics manufacturers out of the DoD market?

A new IPC industry survey and report warns that a quarter of U.S. electronic manufacturers believe the costs and burdens they will face under DoD’s Cybersecurity Maturity Model Certification (CMMC) program could force them to drop out of the DoD supply chain. Read more…

If more money appropriated, Pentagon wants it for Missile Defense Agency cybersecurity

While it didn’t make the final cut in the President’s proposed FY 2022 budget, Defense News reports the Pentagon’s unfunded mandates “wish list” includes $55 million for the Missile Defense Agency to improve the cybersecurity of critical infrastructure that supports systems, including its Ballistic Missile Defense System. Read more…

CYBERCOM unfunded mandates list includes more money for DoD network protection

C4ISRNet says U.S. Cyber Command’s unfunded mandates list includes an additional $62 million to better protect Department of Defense networks, beyond that which was proposed in the President’s FY 2022 budget. Read more…

Joint Cyber Command and Control would get big budget boost

According to C4ISRNet, the FY 2022 budget request for U.S. Cyber Command more than doubles the current year’s funding request for Joint Cyber Command and Control (JCC2) mission planning. Read more…

IRS wants to use funding increase for IT modernization, cybersecurity

FCW cites the Commissioner of the Internal Revenue Service as telling a Senate panel that some of the $305 million requested in President Biden’s proposed budget for the agency will be used to continue a multi-year IT modernization plan and better protect the cybersecurity of its networks and systems. Read more…

Robert DuPree
Manager of Government Affairs
Robert DuPree is the manager of government affairs at Telos Corporation. Follow him on Twitter: @RFDuPree
Read full bio
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.