Short Takes – 1-29-24

National Security Telecommunications Advisory Committee. Federal Register DHS meeting notice. Agenda: “The NSTAC will hold a conference call on Thursday, March 7, 2024, from 2:00 to 3:00 p.m. EST to discuss current NSTAC activities and the government's ongoing cybersecurity and NS/EP communications initiatives. This meeting is open to the public and will include: (1) remarks from the administration and CISA leadership on salient NS/EP and cybersecurity efforts; (2) a deliberation and vote on the NSTAC Report to the President on Measuring and Incentivizing the Adoption of Cybersecurity Best Practices; (3) a deliberation and vote on the NSTAC Letter to the President on Dynamic Spectrum Sharing; and (4) a status update on the Principles for Baseline Security Offerings from Cloud Service Providers Study.”

U.S. Secret Service “Cyber Investigations Advisory Board”. Federal Register Secret Service FAC reestablishment notice. Summary: “The United States Secret Service (USSS) has reestablished a “Cyber Investigations Advisory Board (CIAB),” a Federal Advisory Committee, in order to “prevent and disrupt criminal use of cyberspace,” as directed in the 2018 Department of Homeland Security Cybersecurity Strategy (Pillar #3, Goal #4) and as identified by the Secretary of Homeland Security in 2021. This notice is not a solicitation for membership. The goal of CIAB is to provide the USSS with insights from industry, the public sector, academia, and non-profit organizations on emerging cybersecurity and cybercrime issues, and to provide outside strategic direction for the USSS investigative mission. The CIAB will serve a principal mechanism through which senior industry and other experts can engage, collaborate, and advise the USSS regarding cybersecurity and cybercrime issues.”

The Great Freight-Train Heists of the 21st Century. NYTimes.com article. Pull quote: “At the time, Union Pacific claimed that about 90 containers were being opened per day and that theft on their freight trains in the area was up some 160 percent from the previous year. About 80 guns were stolen from trains. In early 2022, Gov. Gavin Newsom donned a pair of work gloves and picked up scattered boxes on the tracks himself. “What the hell is going on?” he asked the assembled television news crews.”

Since Ohio Train Derailment, Accidents Have Gone Up, Not Down. NYTimes.com article. Pull quote: “Despite that scrutiny, the five Class 1 freight railroads operating in the United States — Union Pacific, BNSF, CSX, Norfolk Southern and Canadian National — reported 256 accidents on their main lines last year through October, an 11 percent increase over the same period in 2022, according to data compiled by the Federal Railroad Administration. The five railroads had reported an aggregate decline in accidents in 2021 and 2022.

Who is Alleged Medibank Hacker Aleksandr Ermakov? KrebsOnSecurity.com article. Pull quote: ““I’ve seen a few people poo-poohing the sanctions…but the sanctions component is actually less important than the doxing component,” Gray said. “Because this guy’s life just got a lot more complicated. He’s probably going to have to pay some bribes to stay out of trouble. Every single criminal in Russia now knows he is a vulnerable 33 year old with an absolute ton of bitcoin. So this is not a happy time for him.””

Dozen funding totals struck as Congress races to avert another shutdown cliff. Politico.com article. Pull quote: “Senate Appropriations Chair Patty Murray (D-Wash.) and House Appropriations Chair Kay Granger (R-Texas) reached the deal late Friday night, according to two sources familiar with talks. Both sides aren’t releasing the numbers for the 12 funding bills, which will provide federal agencies with updated budgets for the current fiscal year.”

Ingenuity, the NASA Helicopter Flying Over Mars, Ends Its Mission. NYTimes.com article. Pull quote: ““They can rely on what we’ve accomplished,” Theodore Tzanetos, the Ingenuity project manager, said in a news conference on Thursday evening. “They can point to the fact that a cellphone processor from 2015 can survive the radiation environment on Mars for two and a half years. Lithium-ion battery cells that are commercial, off the shelf, can survive for two and a half years. Those are massive victories for engineers around NASA.””

Hybrid energy harvesters that harness heat and vibration simultaneously. NewsWise.com article. Pull quote: “"This study confirms that the hybrid energy harvesting system can be reliably applied to our real life," said Dr. Sunghoon Hur of KIST, who led the research. "We have confirmed its effectiveness in places where heat and vibration exist together, such as automobile engines, and are currently planning to build a system that can be applied to factory facilities or construction machinery engines that are difficult to supply power and diagnose their condition wirelessly."”

The United States Needs a New Way to Think About Cyber. Lawfaremedia.org article. Pull quote: “Defense is still quite important. The Iranian attack happened less than a month after the Environmental Protection Agency rescinded a rule requiring water systems to conduct additional cyber health checks. The patchwork U.S. system of water and other utilities may be a strength in some ways, but these entities absolutely must be more responsible about cyber hygiene. Utility companies are suddenly on the front lines, whether they are in Hawaii, Guam, Pennsylvania, or Iowa.”

Energy giant Schneider Electric hit by Cactus ransomware attack. BleepingComputer.com article. Pull quote: “The stolen data could contain sensitive information about customers' power utilization, industrial control and automation systems, and compliance with environmental and energy regulations.” No word on if any product development (programing) information was accessed.