Cyber Connections News Roundup: October 19

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

October 19

Do Public-Private Cybersecurity Partnerships Really Work?

As University of Maryland Global Campus continues to recognize Cybersecurity Awareness Month, Bruce deGrazia, JD, CISSP, collegiate professor of cybersecurity management and policy at UMGC, examines the effectiveness of public-private partnerships to combat cybersecurity challenges. “A public-private partnership takes various forms, from the sharing of costs and profits, as occurs with a toll road, to the sharing of information between the private sector and the government without the fear of liability for antitrust,” said deGrazia. The question remains: Can these partnerships work in a competitive marketplace where cooperation is difficult, a trade secret might be revealed, or if a company might lose a strategic advantage? Read more.

Law Enforcement Community Warns of Cyber Attacks on Water Facilities

According to a recent article on www.cyberscoop.com and based on U.S. intelligence and law enforcement reports, ransomware attackers are targeting water and wastewater facilities. A cybersecurity advisory published on Oct. 14 from the FBI, the Cybersecurity Infrastructure and Security Agency, the Environmental Protection Agency and the National Security Agency noted incidents in five states between March of 2019 and August 2021, where systems were targeted by either ransomware attacks or other hacks.  The report noted that water facilities could be vulnerable to common tactics such as spear phishing, exploitation of outdated or unsupported operating systems and software, and the exploitation of control system devices with vulnerable firmware versions. Read more.

Biden Signs K-12 Cybersecurity Act, Bolsters Safeguards for Schools

On Oct. 8, President Biden signed into law the K-12 Cybersecurity Act, legislation that requires the Cybersecurity and Infrastructure Security Agency (CISA) to create cybersecurity recommendations and tools for schools to use to defend themselves against hackers. According to a recent article on www.thehill.com, the bipartisan bill lays the groundwork for better cybersecurity policies in our K-12 schools and stronger coordination between them and the experts at CISA. Read more.

TSA to Impose Cybersecurity Mandates for Rail Transit Systems

The federal government, through the Transportation Security Administration (TSA), will impose cybersecurity mandates on “higher-risk’’ railroad and rail transit systems this year, according to a recent article on www.washingtonpost.com. The move reflects a determination by the Biden administration to compel critical industries to improve their cybersecurity in the wake of damaging cyberattacks. The new mandates will apply to passenger rail companies such as Amtrak as well as large subway systems including New York’s and Washington’s. Read more.

Deep Fake Technology Results in $35 Million Bank Heist

A recent story on www.forbes.com chronicles the power and criminal potential of deep fake technology. In early 2020, cybercriminals cloned the voice of a company director in the United Arab Emirates (UAE) to steal as much as $35 million. The article describes how a bank manager in the UAE received a call from someone he recognized who was about to make some acquisitions and needed the bank to authorize transfers totaling $35 million. The bank manager made the transfers not realizing that deep voice technology had been used to clone the director’s speech. The UAE serves as a warning about the use of AI to create so-called deep fake images and voices  in cybercrime. Read more.