Short Takes – 9-8-22

NHTSA Updates Cybersecurity Guidelines for New Cars. Jalopnik.com article. Points at new NHTSA voluntary guidance document. Pull quote: “NHTSA and Auto-ISAC collaborated with carmakers and suppliers, then took this input and any public comments to come up with the latest guide. Again, these are non-binding guidelines, and carmakers are free to ignore them. But it’s still a good thing that NHTSA updates the list every few years.”

York, PA - FREE Pipeline Security for Rural Communities Training. LinkedIn notice. Flyer about training here.

GhostSec hacktivist group compromise 55 Berghof PLCs across Israel, OTORIO discloses. IndustrialCyber.com article. Article about Otorio blog post about incident. Pull quote: “Despite the low impact of this incident, this is a great example where a cyber attack could have easily been avoided by simple, proper configuration. For example, disabling the public exposure of assets to the Internet, and maintaining a good password policy, especially changing the default login credentials, would cause the hacktivists’ breach attempt to fail.”

CISA to Hold Meetings to Flesh Out Cyber-Incident Reporting Rules. WSJ.com article. 11 group meetings planned, details not yet available. Pull quote: “While critical-infrastructure sectors have traditionally been regulated vertically, Mr. Inglis said, with specific rules for finance, energy, telecommunications and other fields, the reality is that operationally, they are interlinked. As such, regulation must reflect that, he said.”

Renewal of an Approved Information Collection: Transportation of Hazardous Materials; Highway Routing. Federal Register 60-day ICR notice. Covers FMCSA collection of information about State and Tribal hazardous materials route information. Pull quote: “The information reported by States and Indian tribes is necessary to identify designated/restricted routes and restrictions or limitations affecting how motor carriers may transport certain hazardous materials on highways, including dates that such routes were established and information on subsequent changes or new hazardous materials routing designations.”