Short Takes – 5-25-23

Mysterious malware designed to cripple industrial systems linked to Russia. Cyerscoop.com article. Pull quote: “The discovery of the malware dubbed “CosmicEnergy” is somewhat unusual since it was uploaded to VirusTotal — a service that Google owns that scans URLs and files for malware — in December 2021 by a user with a Russian IP address and was found through threat hunting and not following an attack on a critical infrastructure system.”

Joe Public, Class I, Division 2, and Gas Stations. StonehouseSafety.com blog post. Pull quote: “Self-service gasoline pumping operations require the public, usually unknowingly, to perform activities within a Class I, Division 2/ Zone 2 hazardous location. If you put gas in your car, vapors will be displaced and may end up in precisely the location where you stand. Around the fuel dispenser there is always a Class I, Division 2 area.” Good discussion about cell phone use at gas stations.

NOAA predicts a near-normal 2023 Atlantic hurricane season. NOAA.gov press release. Pull quote: “NOAA is forecasting a range of 12 to 17 total named storms (winds of 39 mph or higher). Of those, 5 to 9 could become hurricanes (winds of 74 mph or higher), including 1 to 4 major hurricanes (category 3, 4 or 5; with winds of 111 mph or higher). NOAA has a 70% confidence in these ranges.”

The Rise of Open-Source Drones. DroneAnalyst.com article. Pull quote: “It’s fascinating to see the US military move quickly on open-source technologies, and speaks to the influence of the Defense Innovation Unit in changing US DoD procurement culture. It also speaks to the benefits of Open-Source projects for large enterprise users. With strict enforcement of standards, large enterprises can test or deploy multiple systems nearly interchangeably. Vetting of cybersecurity risks can similarly be streamlined, as code is published and commonly tested before procurement.”

NACD Members Call on Congress to Reauthorize Critical CFATS Program: Program Set to Expire in July Without Congressional Action. NACD.com press release. Pull quote: ““As one of the most successful chemical security programs in existence, the CFATS program serves a critical role to our industry by protecting our nation’s high-risk chemical facilities from acts of terror and providing the industry with the stability needed to make important investments. This important program, however, is set to expire on July 27, 2023, without Congressional action. We applaud the dedicated work of Mr. Fridley and Mr. Erstad as they continue to demonstrate how this program allows the industry to partner with the U.S. Department of Homeland Security (DHS) to manage these ever-evolving risks while upholding the highest security standards. NACD will continue to closely work with Members of Congress to secure a clean, long-term reauthorization to continue to protect against potential threats to these critical facilities.””

Notice of Cybersecurity and Infrastructure Security Agency Cybersecurity Advisory Committee Meeting. Federal Register CISA meeting notice. Agenda to be published here by June 16^th, 2023. Meeting date: June 20^th, 2023.

McCarthy set to send the House home without a debt limit deal. News.Yahoo.com article. Pull quote: “In a meeting earlier this week, McCarthy told members of the Republican conference that they should prepare to return to their districts if a deal isn’t reached by the White House and Republican negotiators by Memorial Day weekend. Members can always be called back, but Republican Study Committee Chairman Kevin Hern, who was in the meeting, told reporters that this is a deal that has to be reached between a few key people.”

Debt Ceiling Furloughs Are Unconstitutional, Union Will Argue Before Court Next Week. GovExec.com article. Pull quote: “The lawsuit is seeking an emergency injunction preventing the Biden administration from no longer borrowing money to pay the government’s debt, as is expected to occur under a default, and to prohibit any related layoffs or furloughs of federal employees. NAGE filed the complaint on behalf of its 75,000 federal employee members.”

Congress Doesn’t Know How to Count the Number of National Security Professionals and That’s a Problem. GovExec.com article. Pull quote “A zero trust framework is good for IT, but unfortunately doesn’t work for people – where the reality is we’re always only in a position to reduce risk, not eliminate it. Proposals by Congress to cut the number of security clearances doesn’t address the true problem, which is how lax security procedures have allowed for the printing and removal of classified documents from cleared facilities – which has been the case for nearly every major leak scenario over the past several years.”