Colonial Pipeline has returned to headlines this week, not because of a breach but because the attack on the gas pipeline company was the impetus for a highly contested security directive released in the aftermath of the attack. After much criticism, the Transportation Security Administration (TSA) has worked to revise the directive and has now delivered a new version of its cybersecurity directive for owners and operators of oil and gas pipelines.
The US continues to see a lot of cyber-focused activity from both government agencies and Congress. According to news from NextGov, “The Environmental Protection Agency will soon include cybersecurity in sanitation reviews it conducts of the nation’s critical water facilities, under a new rule.” Meanwhile, law makers in the House passed legislation intended to curb cyberthreats across different sectors of our critical infrastructure. Additionally, CISA is working to expand its international partnerships, and this week the agency signed a memorandum of cooperation with Ukraine’s State Service of Special Communications and Information Protection.
Cybersecurity regulations are trending the world over, according to an opinion piece published by CSO Online. Penned by Steve Durbin, the article reads, “Regulations are evolving fast and depending on the number of geographies in which a business operates, tracking and implementing regulatory mandates can be a complex endeavor.” Durbin isn’t alone. For more on where new regulations leave us and which are most critical to understand, check out this podcast with Tatyana Bolton, Policy Director, Cybersecurity and Emerging Threats at the R Street Institute.
Here's a look at what else made cybersecurity headlines this week.
Jul. 29: The Washington Post reported that cyberattacks on satellites are likely to grow more concerning.
Jul. 29: Three suspects believed to be members of a fraud gang were arrested by Spanish and Romanian police for internet scam crimes that raked in $3.1 million.
Jul. 28: According to a new report published by Coveware, a ransomware remediation company, the median ransomware payment dropped 51% in the second quarter of 2022.
Jul. 28: The vulnerability in Atlassian’s Confluence Server that was patched last week is reportedly being actively exploited in the wild.
Jul. 27: “Spain’s National Police said Wednesday that two people have been arrested for allegedly hacking the country’s Radioactivity Alert Network (RAR) and disabling more than one-third of the sensors that are used to monitor excessive radiation levels across the country,” according to The Record.
Jul. 27: Budapest law enforcement arrested nearly 100 people allegedly involved in a complex fraud scheme that defrauded state and local businesses of approximately EUR 2.8 million.
Jul. 27: Fed Scoop reported that the IT equipment of an employee at a Federal Reserve was allegedly compromised by Chinese officials.
Jul. 26: “Newly discovered malware linked to Vietnamese threat actors targets users through a LinkedIn phishing campaign to steal data and admin privileges for financial gain,” Threatpost reported.
Jul. 25: Cisco issued a patch for “serious vulnerabilities” in its Nexus Dashboard.