Short Takes – 2-24-23

Dole production plants crippled by ransomware, stores run short. TheRegister.com article. No mention of control systems being affected. Pull quote: “"The Dole attack is the perfect example of how ransomware can put organizations in a pressure cooker," Miller said. "If they are locked out of their systems, they can't fulfill customer orders, they're losing more money every second that the system stays down."”

White House cybersecurity strategy to force large companies to make systems secure by design. CyberScoop.com article. Document release ‘imminent’ again. Pull quote: “By “shifting the burden back from the smaller players” and toward larger players “that can build in security by design” the strategy aims to deliver broad security gains, Stewart Gloster said. The strategy documents also looks at how to “rearchitect our digital ecosystem” so “that we are creating future resilience,” she said.”

Hacker Uncovers How to Turn Traffic Lights Green With Flipper Zero. TheDrive.com article. Pull quote: “For the record, building and using one of these transmitters as a member of the general public isn't exactly a good idea nor is it legal It's best treated like something read in The Anarchist's Cookbook unless you want to end up in prison for six months, that is. But for those in a position where they are authorized to use the devices as part of their work, Fairlie's example serves as a low-cost proof of concept for agencies that don't have tons of cash to spend on first-party transmitters.”

Four systemic safety issues the East Palestine crash report may point to. TheHill.com article. Pull quote: “Federal regulators, advocates and safety experts suggest the crashes could point to broad issues with federal regulations and the methods America’s freight railways use to detect and respond to overheating car wheels. Here are four possible problems they’ve raised.”

The Most Advanced Bay Area Earthquake Simulations to Be Publicly Available. HomelandSecurityNewswire.com article. Further advances may allow for facility level earthquake resilience planning. Pull quote: ““Particularly, data is very limited for large magnitude events. In an expected big earthquake near the San Francisco Bay Area or Los Angeles, critical infrastructure, tall buildings, and important bridges will be subjected to high magnitude ground motions, so developing such motions from simulations is essential for community safety and resilience,” said Mosalam. “The upcoming simulation-based dataset will be instrumental for facilitating deeper understanding of the hazard, performance, and overall resiliency of California, allowing officials to identify the infrastructure systems and structures that pose the largest risk in an effective and accurate manner, and properly allocate resources.””

Implementation of 2021 Wassenaar Arrangement Decisions. Federal Register BIS final rule. No new cybersecurity provisions. Summary: “This final rule implements the remaining controls agreed to during the December 2021 WA Plenary meeting by revising the CCL, as well as certain EAR provisions, including License Exception Adjusted Peak Performance (APP). This final rule also makes corrections to align the scope of Significant Item (SI) license requirements throughout the EAR and makes a revision to License Exception Strategic Trade Authorization (STA).” Effective date – today.