DIRECTOR'S NOTE

DIRECTOR'S NOTE

Dear readers, 

Let’s begin my final note of the year with some great news: This week, we announced the expansion of our cohort of senior fellows with two new cybersecurity experts. Daniel Kroese, vice president of public policy and government affairs at Palo Alto Networks, brings a wealth of experience forging a bipartisan cybersecurity agenda at the House Homeland Security Committee and at CISA. Sarah Beth Jansen, partner at the Franklin Square Group, brings valuable experience from her time as counsel at the Senate Homeland Security and Governmental Affairs and Judiciary committees. I look forward to the meaningful contributions each will make to our ongoing and future work.

Our institute’s recent efforts include a new policy brief released this week examining the challenging economics of cybersecurity. Senior fellow Kiran Sridhar and I delved into the economic incentives for cyber attackers and examined how federal policy can help turn the tables by incentivizing cybersecurity. And at POWER magazine this week, Kyle Klein, our deputy director for policy and partnerships, and I penned a piece on grid security and how the incoming administration should take into account our recent transition task force report to secure critical infrastructure.

This necessary focus on CI security made it an ideal week to sit down with NERC senior vice president and E-ISAC CEO Manny Cancel on the latest episode of Cyber Focus. Manny discussed the evolving threat landscape including cyber, physical and AI-driven risks; public-private collaboration and lessons learned from global crises; enhancing grid resilience through mutual aid, exercises such as GridEx and supply chain security; the convergence of IT and OT systems in critical infrastructure; preparing the next generation of cybersecurity leaders and addressing resource gaps. "The threat has really become so much more complicated because of the geopolitical tensions... corporations were not designed to fight nation-states," Manny noted. Our conversation unfolded in the same week that NERC, stating that “well over half of the continent is at elevated or high risk of energy shortfalls over the next 5 to 10 years,” released its sobering 2024 Long-Term Reliability Assessment. As Robert Walton reported at Utility Dive, NERC is calling for rapid federal prioritization of grid reliability measures to handle the “explosive” demand.

CISA opened a monthlong public comment period this week for its updated National Cyber Incident Response Plan – a plan that Jeff Greene, CISA’s executive assistant director for cybersecurity, hopes will be an “agile, actionable, updated framework that will provide coherent coordination that matches the pace of our adversaries,” Matt Bracken reported at CyberScoop. DHS addressed another critical infrastructure threat this week with the release of a white paper that kicked off a new multi-pronged effort on undersea cable security at the department.

Communications security is at the forefront of cyber defenders’ minds after the Salt Typhoon attack, and now the federal government is weighing whether TP-Link, a Chinese-made router found in millions of American homes, should be banned, Heather Somerville, Dustin Volz and Aruna Viswanatha reported at The Wall Street Journal. Another concerning report about the intentions of the PRC’s electronic warfare division revealed that China has a list of targets with the intent of electronically incapacitating our naval forces in a potential conflict, Joe Saballa reports at The Defense Post.

Adversaries of the United States have ramped up partnerships, both in combat and influence operations, in ways that may require the unique intervention abilities of the special operations community to avoid conflict, Todd South reports at Defense News. “This is not just Russia fighting Ukraine,” said Army Gen. Bryan Fenton, head of Special Operations Command, at this month’s Reagan National Defense Forum. “It’s Russia, backed by Iranian drones, North Korean personnel and indirect Chinese contributions.” Nation-state adversaries are also concerningly teaming with non-state actors to achieve goals, Christopher Maier, the outgoing assistant secretary for Special Operations-Low-Intensity Conflict at DoD, said at CNAS this week.

Combating these mounting challenges requires support on the Hill, and Congress approved the 2025 National Defense Authorization Act this week with important cyber provisions, David DiMolfetta reports at Nextgov/FCW. The bill closes a $3 billion shortfall the FCC needs to remove and replace high-risk Chinese networking equipment and the NSA will have to establish an artificial intelligence security center, among other key provisions.

Alabama Rep. Mike Rogers, who leads the House Armed Services Committee, argued this week that it’s time to grow the Space Force in order to counter evolving threats from China and Russia, Courtney Albon reports at Defense News. Along with manpower growth, Rogers also advocated for more development opportunities for guardians across career fields, particularly technical and acquisition roles.

This week by the numbers:

  • A major data breach at password manager firm LastPass in 2022 is still wreaking havoc two years later as hackers stole $12.38 million in cryptocurrency from LastPass users on Dec. 16 and 17. (IT Pro)
  • As cross-border trade grows, Mexico has seen a surge in cybercrime, averaging about 298 malware attack attempts per minute. Hackers and cybercriminals from China, Russia and North Korea account for more than 77% of phishing activity in Mexico. (Freight Waves)
  • The average time for a newly deployed API to be discovered is just under 29 seconds. (SC Media)
  • A sharp increase in phishing attacks, including a 202% rise in overall phishing messages in the second half of 2024, has been identified by cybersecurity experts. (Infosecurity Magazine)
  • And, in the spirit of cyber grinches, 71 percent of UK consumers believe bad bots are ruining Christmas by snapping up the most-wanted presents. (Beta News)

At The Hill this week, David Hickton and McCrary senior fellow Mark Montgomery argued that all cyber-informed members in the 119th Congress must take leadership roles to strengthen our national cybersecurity posture. Before leaving for the holiday break, cyber-minded members in the 118th Congress released the deep-dive report from the bipartisan House Task Force on Artificial Intelligence, Miranda Nazzaro and Julia Shapero report at The Hill. And as we await the result of negotiations to fund the government by today’s deadline, we’re reminded that cyber policy needs funding to back it up. Eric Geller reports at The Record that a critical cyber grant program for state and local governments is in danger of lapsing next September.

The Cyber Briefing will return to your inboxes in the new year as we celebrate the holidays. I wish you all a wonderful Christmas and Hanukkah as we look ahead to a collaborative new year.

War Eagle,

Frank Cilluffo


TODAY'S TOP 5

SUPPLY CHAIN ASSESSMENT: The White House released the first Quadrennial Supply Chain Review on Thursday, a formal assessment of efforts to strengthen America’s critical supply chains, and announced additional actions across the sectors of energy, critical minerals, food and agriculture, healthcare supplies, semiconductors and other technologies, transportation, defense and emerging technologies. The Commerce Department is also developing a list of chemicals that are essential to critical supply chains, and where supply is insecure, along with planning to host another Supply Chain Summit in the coming year.

  • Commerce found that the highest-risk industries cut across the U.S. economy, including electronics, chemicals and transportation. In many cases, vulnerability is driven by high levels of imports from risky countries, including China, or from other highly concentrated sources.

HHS WARNING ON HEALTHCARE OT: The security of medical devices has been getting most of the attention from regulators in recent years, but other devices that make up the medical internet of things and operational technology systems are also vulnerable to cyberattacks, federal authorities warned in a new advisory, HealthcareInfoSecurity reports. Outdated software, inadequate cybersecurity measures and poor integration with IT infrastructures render OT, IoMT and other connected devices found in healthcare environments increasingly attractive targets for threat actors, the U.S. Department of Health and Human Services warned in a bulletin.

FBI personnel at the 2024 election command post in SIOC at FBI Headquarters in Washington, D.C., on November 4, 2024. (FBI)

‘IMPEDED’ INTEGRATION OF AI IN INTEL: The FBI’s ability to fully embrace artificial intelligence has been hamstrung by funding constraints and various workforce and technical challenges, according to a new watchdog report, FedScoop reports. The Department of Justice Office of the Inspector General said the FBI has “demonstrated initiative” and taken steps to “integrate AI capabilities in a manner consistent” with guidance from the Office of the Director of National Intelligence. But substantial progress has been difficult to come by due to barriers that have “impeded” more “accelerated adoption” of AI.

GPS DISRUPTION CONCERNS: A bipartisan pair of senators are pressing the Department of Homeland Security to release information on the efforts being taken to protect critical infrastructure from GPS disruptions or outages, Nextgov/FCW reports. In a Dec. 18 letter to DHS Secretary Alejandro Mayorkas, Sens. Maggie Hassan (D-N.H.) and James Lankford (R-Okla.) pointed to steps that global competitors — such as Russia and China — have taken to bolster their own navigation and positioning technologies outside of satellite-based systems, like GPS. 

  • “GPS disruptions could affect the delivery of critical community services provided by multiple government and commercial entities, and could lead to cascading detrimental economic, public safety and security effects,” the letter said.

ON THE QUANTUM TRACK: The U.S. federal government's 2035 mandate for agencies to adopt quantum-resistant cryptography remains a "realistic" timeline, even in light of Google's recent quantum chip breakthrough, said the nation's cyber defense agency, GovInfoSecurity reports. By unveiling its 105-qubit quantum processor earlier this month, Google seemingly surpassed a critical error-correction threshold, just weeks after the National Institute of Standards and Technology released its first set of finalized encryption tools designed to withstand a quantum computer attack. Garfield Jones, associate chief of strategic technology at CISA, described the development as "somewhat expected."

CYBER FOCUS PODCAST

(

In the latest episode of Cyber Focus, host Frank Cilluffo speaks with Manny Cancel, senior vice president at NERC and CEO of the Electricity Information Sharing and Analysis Center (E-ISAC). The conversation explores the evolving threat landscape impacting grid security, including challenges posed by ransomware, physical attacks and AI-driven cyber risks. Cancel highlights the importance of public-private collaboration, resilience engineering and supply chain security to mitigate nation-state and extremist threats. He also discusses the ISAC's role in information sharing, mutual aid programs and exercises such as GridEx to strengthen critical infrastructure defenses. Cancel shares insights on emerging technologies, operational technology (OT) convergence and preparing the next generation of cybersecurity leaders.

SUBSCRIBE TO CYBER FOCUS: YouTube | Spotify | Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

APIs

India sees surge in API attacks, especially in banking, utilities

Overall, organizations in India encountered nearly 1.2 billion attacks in the third quarter of 2024, up from about 600 million in the same quarter in 2023, according to a quarterly report published by Indusface, a managed application security provider. Some 377 million denial-of-service (DoS) events and 215 million bot-based requests targeted API services and Web servers utilizing the firm's Web application and API protection (WAAP) service. (DARKREADING.COM)

Breaches

Rhode Island auditor general warned state about cybersecurity vulnerabilities

Rhode Island's auditor general has been warning the state of cybersecurity issues and risk for years. His reports even mentioned the exact system that was breached. Multiple agencies are investigating questions like how did this happen and why was the system vulnerable to a cyberattack? Ongoing investigations are limiting what information Gov. Dan McKee is willing to share about the state's data breach. (TURNTO10.COM)

Sign of the times: How RIBridges data breach compares with other cyberattacks in RI

Last week's news that a cyberattack plaguing Rhode Island’s public benefits portal has potentially exposed hundreds of thousands of people’s personal information to bad actors was eerily reminiscent of an attack on the Providence school system this fall. Or last year's ransomware attack in North Kingstown. Or last year's data breach at the Donald W. Wyatt Detention Facility. (PROVIDENCEJOURNAL.COM)

Cybercrime

Web hacking service ‘Araneida’ tied to Turkish IT firm

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds. The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. (KREBSONSECURITY.COM)

Malware

BadBox malware botnet infects 192,000 Android devices despite disruption

Researchers from BitSight warn that the malware appears to have expanded its targeting scope beyond no-name Chinese Android devices, now infecting more well-known and trusted brands like Yandex TVs and Hisense smartphones. BadBox is an Android malware thought to be based on the 'Triada' malware family, infecting devices made by obscure manufacturers either through supply chain attacks on their firmware, shady employees, or through injections taking place as they enter the product distribution phase. (BLEEPINGCOMPUTER.COM)

Ransomware

Play ransomware claims Krispy Kreme breach, threatens data leak

The Play Ransomware group made the announcement December 19 via its dark web leak site. While Krispy Kreme has not disclosed whether any data was stolen or the nature of such data, the ransomware group is threatening to release sensitive internal company information within two days. The Play Ransomware group, which emerged in June 2022, specializes in targeting a wide range of sectors, including business, government, critical infrastructure, healthcare, and media. (HACKREAD.COM)

Romanian national sentenced to 20 years in prison in connection with NetWalker ransomware attacks

Daniel Christian Hulea, 30, of Jucu de Mijloc, Cluj, Romania, pleaded guilty in the Middle District of Florida to computer fraud conspiracy and wire fraud conspiracy on June 20. He was ordered to forfeit $21,500,000 and his interests in an Indonesian limited liability company and associated luxury resort property under construction in Bali, Indonesia — a business venture he financed with proceeds from the attacks. He was also ordered to pay $14,991,580.01 in restitution. (JUSTICE.GOV)

Israeli court to hear U.S. extradition request for alleged LockBit developer

According to Israeli news outlet Ynet, a U.S. extradition request was made public Thursday claiming that between 2019 and 2024 Rostislav Panev served as a software developer for LockBit. During this period, LockBit is alleged to have executed cyberattacks impacting roughly 2,500 victims globally, including U.S. governmental and health care organizations. (CYBERSCOOP.COM)

Soldiers of 719th Composite Truck Company participated in Counter-Unmanned Aircraft Systems Threat Awareness training on Aug. 13, 2024, at Fort Dix, N.J. (Kevin C Mcdevitt/USASA, Fort Dix)

THREATS

Drones

U.S. temporarily bans drones in parts of N.J., may use ‘deadly force’ against aircraft

The Federal Aviation Administration temporarily banned drones over parts of New Jersey yesterday and said "the United States government may use deadly force against" airborne aircraft "if it is determined that the aircraft poses an imminent security threat." The FAA issued 22 orders imposing "temporary flight restrictions for special security reasons" until January 17, 2025. "At the request of federal security partners, the FAA published 22 Temporary Flight Restrictions (TFRs) prohibiting drone flights over critical New Jersey infrastructure," an FAA statement said. (ARSTECHNICA.COM)

Internet

This VPN lets anyone use your internet connection. What could go wrong?

In the hit virtual reality game Gorilla Tag, you swing your arms to pull your primate character around—clambering through virtual worlds, climbing up trees and, above all, trying to avoid an infectious mob of other gamers. If you’re caught, you join the horde. However, some kids playing the game claim to have found a way to cheat and easily “tag” opponents. Over the past year, teenagers have produced video tutorials showing how to side-load a virtual private network (VPN) onto Meta’s virtual reality headsets and use the location-changing technology to get ahead in the game. Using a VPN, according to the tutorials, introduces a delay that makes it easier to sneak up and tag other players. (WIRED.COM)

Malware

Juniper warns of Mirai botnet targeting SSR devices with default passwords

The company said it's issuing the advisory after "several customers" reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024. Mirai, which has had its source code leaked in 2016, has spawned several variants over the years. The malware is capable of scanning for known vulnerabilities as well as default credentials to infiltrate devices and enlist them into a botnet for mounting distributed denial-of-service (DDoS) attacks. (THEHACKERNEWS.COM)

Social media

Telegram’s algorithms promote extremist content, researchers say

The messaging app Telegram is reportedly using a feature that serves some users extremist content, according to researchers. Telegram’s “similar channels” feature, introduced last year, recommends extremist channels even when users browse channels on nonpolitical topics such as celebrities or technology, according to a report by the U.S. nonprofit legal advocacy organization Southern Poverty Law Center. (THERECORD.MEDIA)

Vulnerabilities

Mandiant traces Cleo file-transfer exploits back to October

Mandiant identifies the cluster actively exploiting the two vulnerabilities, CVE-2024-50623 and CVE-2024-55956, as UNC5936. Researchers say the cluster has overlaps with FIN11, also known as Clop, which claimed responsibility for the attacks earlier this month. There is currently no evidence of mass data theft, which was observed in prior campaigns by the threat group, Carmakal said. However, malicious backdoors including Beacon and Goldtomb have been deployed on exploited systems. (CYBERSECURITYDIVE.COM)

Orgs scramble to fix actively exploited bug in Apache Struts 2

Organizations do need to upgrade to the latest version of Struts, 6.7.0 — or, at least, 6.4.0, released in the wake of CVE-2023-50164, which deprecated the File Upload Interceptor at issue. The fix isn't backward compatible, however, Apache noted in its security bulletin. IT teams will need to migrate to the newfangled Action File Upload Interceptor, and adjust how their existing applications handle file uploads by diligently rewriting their code to make use of it. (DARKREADING.COM)

Fortinet warns of critical FortiWLM flaw that could lead to admin access exploits

The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. “A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files," the company said in an alert released Wednesday. However, according to a description of the security flaw in the NIST's National Vulnerability Database (NVD), the path traversal vulnerability could also be exploited by an attacker to "execute unauthorized code or commands via specially crafted web requests." (THEHACKERNEWS.COM)

Chrome 131 update patches high-severity memory safety bugs

Tracked as CVE-2024-12692, the first of the externally reported issues is a type confusion flaw in the browser’s V8 JavaScript engine, for which Google paid out $55,000 to the researcher who reported it. While the internet giant has kept bug details restricted, such a bug bounty amount is typically handed out for defects that could lead to remote code execution (RCE). Type confusion issues are prevalent in programming languages that lack memory safety mechanisms and the successful exploitation of such flaws in Chrome’s V8 engine could allow threat actors to leak sensitive information or potentially compromise a victim’s system. (SECURITYWEEK.COM)


ADVERSARIES

China

New U.S. Space Force jammers aim to disrupt China’s SATCOM signals

The U.S. Space Force is on track to field its first batch of a new ground-based satellite communications jammer in the coming months — designed to disrupt signals from enemy spacecraft. Space Operations Command just approved the Remote Modular Terminals for initial fielding, a spokesperson told Defense News Wednesday, adding that the jammers will be in the hands of military users imminently. (DEFENSENEWS.COM)

U.S. military needs to talk to China on space, cyber issues, officials say

“The expansion of China's nuclear program raises the question of: what are all these nuclear weapons for, exactly, given that they have had this more limited doctrine in the past. And they haven't answered that question,” Ely Ratner, the Pentagon’s assistant secretary of defense for Indo-Pacific security affairs, said during a Center for Strategic and International Strategy event Wednesday. (DEFENSEONE.COM)

‘Straight talk’ on China’s offensives in the American homeland 

2024 has brought multiple reminders of the threats – real and potential – posed by the People’s Republic of China (PRC). Over the past year, Beijing has had some of its most violent clashes with the Philippines in the disputed waters of the South China Sea; Chinese military activity around Taiwan has increased; China stands accused of providing military equipment to Russia for its war against Ukraine; and the Pentagon’s annual China Military Power Report – issued Wednesday — found that China’s People’s Liberation Army (PLA) has expanded its nuclear arsenal. (THECIPHERBRIEF.COM)

Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets

The U.S. government has long accused China of cyber espionage to steal trade secrets from domestic companies, and China’s allegations about U.S. cyberattacks arrives in the midst of a very public campaign from U.S. government officials blaming China for a major attack on telecommunications carriers. CNCERT said one of the attacks dates back to August of this year, against “a certain advanced material design and research unit.” (CYBERSCOOP.COM)

North Korea

North Korean hackers steal $1.34B in crypto in 2024

North Korean hackers are suspected to be behind more than half of the $2.2 billion stolen from cryptocurrency platforms this year. Hackers linked to the hermit kingdom stole more than ever before this year, according to a new report from blockchain data platform Chainalysis. North Korea-affiliated cybercriminals stole approximately $1.34 billion in crypto across 47 incidents this year. The amount is more than double compared to last year, when Pyongyang was linked to $660.5 million in stolen crypto across 20 incidents, cybersecurity experts said in their latest report on crypto crime. (CYBERNEWS.COM)

Russia

Russia conducted mass cyberattack on Ukraine's state registries, deputy PM says

Russia has carried out a mass cyberattack on Ukraine's state registries, Ukrainian Deputy Prime Minister Olha Stefanishyna said late on Thursday, resulting in a temporary suspension of services. The registries contain vital information about Ukrainian citizens such as births, deaths, marriages and property ownership. "Today the largest external cyberattack in recent times occurred with Ukraine's state registries," Stefanishyna wrote on Facebook. (REUTERS.COM)

U.S. organizations still using Kaspersky products despite ban

Despite the ban on Kaspersky products in the US they continue to be actively used by US organizations, including by 19 US government entities. A Bitsight analysis found that 40% of US organizations observed to be using Kaspersky products before the prohibition came into effect on September 29, 2024, still appear to be using the products. The findings demonstrate that policymakers need effective ways of measuring the current technology usage within their borders amid growing government concern about supply chain risk and the trust of technology providers, Bitsight said. (INFOSECURITY-MAGAZINE.COM)

Secretary of State Antony Blinken speaks at a UN Security Council meeting on artificial intelligence on Dec. 19, 2024, at UN Headquarters in New York. (UN video)

GOVERNMENT AND INDUSTRY

Artificial intelligence

UN Security Council debates use of artificial intelligence in conflicts, hears calls for UN framework to avoid fragmented governance

Rapidly evolving artificial intelligence (AI) is outpacing human ability to govern it, even threatening human control over weapons systems, the United Nations chief warned during a Security Council briefing today, urging Member States to swiftly establish “international guard-rails” to ensure a safe, secure and inclusive AI future for all. However, recent conflicts have become testing grounds for AI military applications, he pointed out, noting that algorithms, from intelligence-based assessments to target selection, have reportedly been used in making life-and-death decisions. (UN.ORG)

MORE: “The U.S. and our partners have developed a global consensus for AI, and now we’re building upon it,” Secretary of State Antony Blinken said at the UNSC. (STATE.GOV)

EU opens door for AI training using personal data

Using personal data without consent to train AI models will not necessarily infringe the EU’s General Data Protection Regulation (GDPR), according to a new opinion by the European Data Protection Board (EDPB). However, this is on the condition that the AI tool’s output does not reveal personal information. (INFOSECURITY-MAGAZINE.COM)

Florida AI broadcast system unifies disaster communications

BEACON, the Broadcast Emergency Alerts and Communications Operations Network, enhances FPREN’s capabilities — using AI to transform written updates from emergency managers into real-time, 24/7 audio broadcasts. It consolidates verified data and delivers continuous updates through the BEACON app, broadcaster dashboards, and over-the-air channels, ensuring important information reaches even remote communities. (GOVTECH.COM)

Data

Dutch DPA fines Netflix €4.75 million for GDPR violations over data transparency

An investigation launched by the DPA in 2019 found that the tech giant did not inform customers clearly enough in its privacy statement about what it does with the data it collects from its users. This includes email addresses, telephone numbers, payment details, as well as information about what customers watch on the platform. (THEHACKERNEWS.COM)

Energy

CESER announces $10M to foster partnerships to mitigate national security threats to electric sector critical infrastructure

Through this opportunity, CESER aims to establish a regional pilot to foster partnerships among national laboratories, universities, electricity sector utilities, and state and local government entities to identify and mitigate the prevalent and constantly evolving national security threats to regional infrastructure. (ENERGY.GOV)

FERC proposes to approve first standards to protect grid for clean energy transition

The Notice of Proposed Rulemaking marks the latest in the commission’s series of grid reliability orders pertaining to inverter-based resources (IBRs) issued over the last two years. The NOPR is intended to ensure reliability of the grid by accommodating the rapid integration of new power generation technologies, known as IBRs, that include solar photovoltaic, wind, fuel cell and battery storage resources and comprise a significant portion of new generating capacity projected to come online over the next decade. (FERC.GOV)

IT modernization

DCSA details new plan for next-gen background investigation system

DCSA is moving out on an 18-month roadmap to stabilize the NBIS program by modernizing applications, strengthening cybersecurity protections and migrating systems to the cloud. Additionally, DCSA has a new 36-month NBIS “product roadmap” that details how the agency will roll out new capabilities in the coming years. “There’s still a lot of work ahead of us, but I’m very confident where we are now in our ability to deliver on NBIS,” DCSA Director David Cattler said during a media roundtable on Wednesday. (FEDERALNEWSNETWORK.COM)

Leadership

Senior DHS official who launched cyber safety review board departs

Rob Silvers, the Department of Homeland Security’s undersecretary for policy, left the agency on Wednesday, sources told Recorded Future News. In his role, Silvers focused heavily, but not exclusively, on cybersecurity issues such as ransomware. He also chaired the high-profile Cyber Safety Review Board, a public-private panel loosely modeled after the National Transportation Safety Board, that was established by President Joe Biden to probe major digital incidents. (THERECORD.MEDIA)

Regulations

Study finds ‘significant uptick’ in cybersecurity disclosures to SEC

Analysis by Paul Hastings LLP found that since the disclosure law went into effect in 2023, there has been a 60% increase in disclosures of cybersecurity incidents, and 78% of disclosures were made within eight days of discovery of the incident. The regulations require public companies to disclose material cybersecurity incidents within four business days of determining their materiality, aiming to provide investors with timely and relevant information that could impact investment decisions. (CYBERSCOOP.COM)

Flagstar fined $3.5M for ‘misleading’ after 2021 cyber attack

In its 2021 Form 10-K filed March 1, 2022, Flagstar said cyberattacks “may interrupt our business or compromise the sensitive data of our customers,” but the bank did not disclose that it had already experienced such attacks that resulted in a customer data leak and interruptions to its mortgage origination business, according to the SEC order. (CYBERSECURITYDIVE.COM)

Space

White House charges Pentagon to develop cislunar monitoring tech, including for ‘planetary defense’

DoD, with the assistance of NASA and the Commerce Department, are tasked to “identify and prioritize research and development needed to support extension of U.S. SSA [space situational awareness] capabilities into Cislunar space, to include aiding planetary defense, improved debris population modeling, and detection, tracking, and characterization of satellites in the Cislunar volume,” according to the National Cislunar Science and Technology Action Plan.” (BREAKINGDEFENSE.COM)

New Space Force ‘International Partnership Strategy’ coming next year

The Space Force is working on a new strategy for working with allied and partner nations to integrate their capabilities into US plans for future warfighting, starting from early concept development of needed capabilities and running through wargames and exercises, according to the project’s leader. (BREAKINGDEFENSE.COM)

LEGISLATIVE UPDATES

Bipartisan bills to protect car owners’ privacy introduced in House and Senate

The Senate bill, the Auto Data Privacy and Autonomy Act, would require automakers to create opt-in mechanisms for vehicle data collection and would bar manufacturers from sharing, selling or leasing customer data without explicit consent. It also would empower car owners to delete their data after connecting to their car and would direct the Federal Trade Commission (FTC) to report to Congress on how car companies are collecting data. (THERECORD.MEDIA)

WATER SECURITY: Rep. Ruben Gallego (D-Ariz.) introduced legislation to amend the Safe Drinking Water Act to provide grants under the Drinking Water Infrastructure Risk and Resilience Program for training programs relating to protecting public water systems from and responding to cyberattacks. (H.R. 10483)

EVENTS

ENERGY OUTLOOK: Daniel Yergin, vice chairman of S&P Global and a Pulitzer Prize-winning author, discusses the forces behind the evolving energy landscape and what they mean for the world energy outlook on Jan. 6 at the Atlantic Council.

NUCLEAR SECURITY: CSIS’ Project on Nuclear Issues will host a live debate on AI Integration in U.S. Nuclear Command, Control and Communications (NC3) on Jan. 24. As Russia continues its saber-rattling and China accelerates its nuclear buildup, should the United States increase its reliance on artificial intelligence to enhance resilient decision-making in its NC3 systems to prevent inadvertent escalation? 

ZERO TRUST SUMMIT: This annual event on Feb. 19 in Washington, D.C., is presented by CyberScoop and will feature federal and industry tech and cybersecurity leaders discussing their firsthand experiences and strategies in laying the foundations for and establishing the major pillars of zero-trust cybersecurity.

SPACE SECURITY: Chatham House’s 2025 Space Security Conference online and in person on March 5 convenes policymakers and leaders from the private sector, multilateral organizations, academia and NGOs for a day of high-level interactive discussions examining conflict, competition and cooperation in outer space. 

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK

SUBSCRIBE TO THE CYBER FOCUS PODCAST: YOUTUBE | SPOTIFY | APPLE PODCASTS

GET THE DAILY CYBER BRIEFING IN YOUR INBOX: SUBSCRIBE

To view or add a comment, sign in

Explore topics