Short Takes – 12-4-23

Pennsylvania lawmakers push for DOJ investigation into Aliquippa Water Authority cyberattack. IndustrialCyber.co article. Pull quote: “The lawmakers urged the DoJ to pursue legal action against the perpetrators, highlighting their concern that this cybercrime not only endangers Western Pennsylvania but also poses a national security threat. The attack, allegedly carried out by an Iranian-backed hacker group CyberAv3ngers targeted the Israeli-made components of the water system that provides service to numerous households serving the City of Aliquippa and Raccoon, Potter, and portions of Hopewell Townships in Beaver County.” Lots of interesting quotes about OT cybersecurity issues.

CISA’s Goldstein wants to ditch ‘patch faster, fix faster’ model. CyberScoop.com article. Pull quote: “Goldstein, the executive assistant director for cybersecurity at CISA, argued that delivering broad gains in computer security requires a “philosophical shift” that puts a smaller burden on school districts, water utilities, and small businesses to maintain secure systems, and asks more of the large companies to provide secure software and hardware.”

Submission to the Office of Management and Budget for Review and Approval; Comment Request; Foundational Cybersecurity Assessment. Federal Register CISA 60-day ICR notice. Summary: “The purpose of the Foundational Cybersecurity Assessment is to guide State, Local, Territorial, and Tribal (SLTT) entities through the first 12–18 months of their cybersecurity plan development. The assessment contains 32 questions that are aligned to the National Institute of Standards and Technology (NIST) Cybersecurity Framework and the Center for internet Security (CIS) CIS Critical Security Controls. Although not directly related, at least 20 of the questions on the Nationwide Cybersecurity Review (NCSR) will be covered by responses to the Foundational Cybersecurity Assessment, allowing it to serve as an excellent “assessment on-ramp” for entities who have not yet been able to tackle and complete the NCSR.”