Wednesday, May 3, 2023

Short Takes – 5-3-23

Reigning in ‘Out-of-Control’ Devices. SecurityWeek.com article. Pull quote: “Next are the rapidly expanding number of devices and systems that are now attaching to network infrastructure, including Internet of Things (IoT) and operational technology (OT) devices like video surveillance systems, HVAC systems, and supervisory control and data acquisition (SCADA) systems [emphasis added]. Any appliance that can’t support an [Endpoint Detection and Response - EDR] agent for whatever reason can be hijacked and taken advantage of as an entryway to launch attacks.”

Merck’s Insurers On the Hook in $1.4 Billion NotPetya Attack, Court Says. WSJ.com article. Pull quote: ““The exclusion of damages caused by hostile or warlike action by a government or sovereign power in times of war or peace requires the involvement of military action,” the judges wrote. “Coverage could only be excluded here if we stretched the meaning of ‘hostile’ to its outer limit.”” Does not name the appellate court, but further appeals probable, will probably end up at Supreme Court.

Area Maritime Security Advisory Committee (AMSC), Eastern Great Lakes, Northwest Pennsylvania Sub-Committee Vacancy. Federal Register CG notice. Summary: “The Coast Guard requests individuals interested in serving on the Area Maritime Security Committee, Eastern Great Lakes, Northwest Pennsylvania Region sub-committee submit their applications for membership to the U.S. Coast Guard Captain of the Port, Buffalo. The Committee assists the Captain of the Port as the Federal Maritime Security Coordinator, Buffalo, in developing, reviewing, and updating the Area Maritime Security Plan for their area of responsibility.” Application deadline: May 22nd, 2023.

Department of Defense (DoD) Defense Industrial Base (DIB) Cybersecurity (CS) Activities. Federal Register DOD proposed rule. Summary: “The DoD is proposing revisions to the eligibility criteria for the voluntary Defense Industrial Base (DIB) Cybersecurity (CS) Program. These revisions will allow a broader community of defense contractors to benefit from bilateral information sharing as when this proposed rule is finalized all defense contractors who are subject to mandatory cyber incident reporting will be able to participate. DoD is also proposing changes to definitions and some technical corrections for readability.” Comment deadline: June 20th, 2023.

Methylene Chloride; Regulation Under the Toxic Substances Control Act (TSCA). Federal Register EPA proposed rule. Summary: “To address the identified unreasonable risk, EPA is proposing to: prohibit the manufacture, processing, and distribution in commerce of methylene chloride for consumer use; prohibit most industrial and commercial uses of methylene chloride; require a workplace chemical protection program (WCPP), which would include a requirement to meet inhalation exposure concentration limits and exposure monitoring for certain continued conditions of use of methylene chloride; require recordkeeping and downstream notification requirements for several conditions of use of methylene chloride; and provide certain time-limited exemptions from requirements for uses of methylene chloride that would otherwise significantly disrupt national security and critical infrastructure.”

Incentives for Advanced Cybersecurity Investment. Federal Register FERC direct final rule. Summary: “The Federal Energy Regulatory Commission is revising its regulations to provide incentive-based rate treatment for the transmission of electric energy in interstate commerce and the sale of electric energy at wholesale in interstate commerce by utilities for the purpose of benefitting consumers by encouraging investments by utilities in Advanced Cybersecurity Technology and participation by utilities in cybersecurity threat information sharing programs, as directed by the Infrastructure Investment and Jobs Act of 2021.” Effective date: July 3rd, 2023.

No comments:

 
/* Use this with templates/template-twocol.html */