Cyber Connections News Roundup: April 19

Get the latest cybersecurity news from leading companies, news outlets and blogs.

Cyber Connections News Roundup is a bi-weekly brief of online links to news stories and commentary of interest to the cybersecurity community, delivered on the second and fourth Tuesday of each month. Articles are selected for their newsworthiness, timeliness, potential impact, and reach.

April 19

FDA and Congress Are Trying to Protect Medical Devices from Hacks

A recent report on www.theverge.com examines the steps that Congress and the Food and Drug Administration have taken to protect medical devices, such as infusion pumps and imaging machines, from cyberattacks.  Congress with a proposed bill and the FDA with new draft guidelines for device makers on how they should build devices that are less likely to be hacked. The FDA has updated guidelines introduced in 2018 with a new draft based on feedback from manufacturers and other experts and changes in the medical device environment over the past few years. Meanwhile, Congress proposed the Protecting and Transforming Cyber Health Care (PATCH) Act, which would require device manufacturers to have a plan to address any cybersecurity issues with their devices. Read more.

U.S. Charges Four Russians For Global Energy Hacks

According to a recent article on www.theguardian.com, the United States Justice Department has unveiled criminal charges against four Russian government officials, saying they engaged in two major hacking campaigns between 2012 and 2018 that targeted the global energy sector and affected thousands of computers across 135 countries. In one unsealed indictment from August 2021, the DoJ said three alleged hackers from Russia’s Federal Security Service carried out cyberattacks on the computer networks of oil and gas firms, nuclear power plants, and utility and power transmission companies across the world between 2012 and 2017. In a second unsealed indictment from June 2021, the DoJ accused Evgeny Viktorovich Gladkikh, a Russian ministry of defense research institute employee, of conspiring with others to hack the systems of a foreign refinery and install malware known as “Triton” on a safety system produced by Schneider Electric. Read more.

Cybersecurity at Home: Children Are the Weak Link

According to a recent article on www.forbes.com, the most important vector within our homes that we often neglect are children. Kids, tweens and teens are often the most unsecured consumers, yet they are some of the most highly connected vectors, especially as they are now using new technology like cryptocurrency and starting to explore the metaverse. The targeting of kids is expected to come even more into the mainstream as cybercriminals continue to try and make use of consumer vulnerabilities. Education around gaming safety, providing security software, and basic cyber hygiene offer a good starting point. Read more

State Department Cyber Bureau Officially Launches

The Bureau of Cyberspace and Digital Policy officially launched Monday at the State Department, according to a recent report on www.cyberscoop.com. The bureau will address the national security challenges, economic opportunities, and implications for U.S. values associated with cyberspace, digital technologies, and digital policy, according to a news release. The bureau eventually will be led by a Senate-confirmed ambassador-at-large. For now, Jennifer Bachus, a career member of the Senior Foreign Service, is serving as Principal Deputy Assistant Secretary for the CDP bureau. Read more.

Craig Newmark Donates $50 Million for Citizen Cyber Defense

According to a recent report on www.washingtonpost.com, philanthropist and Craig’s List founder Craig Newmark is donating $50 million to what he’s calling a “civil cyber defense” effort aimed at broadly raising cybersecurity standards for small businesses and regular U.S. citizens. The concept was inspired by people who performed non-military services during World War II, such as building victory gardens. The funding will be aimed broadly at building and promoting cybersecurity tools that are easy for average citizens to use, pushing companies to make technology more secure by default and publicizing vetted information about which products are most secure. Read more.