|
|
|
|
|
Cyber Daily: Cybersecurity Now a Prime Risk for Power Grid
|
|
|
|
|
|
Good day. Cybersecurity now sits next to resource requirements as a risk to the reliability of the U.S. power grid, I report today. The unpredictability of hackers and the sophistication of attacks are unnerving regulators, who say cybersecurity is often at the top of the agenda for meetings of senior officials in the sector.
Also today: Pearson fined over cyber disclosures; U.S. Navy missed submarine cyber audits; and a Japanese insurer is hit by a cyberattack.
|
|
|
Sponsored by Netscout
|
|
Why a Hybrid Workforce Requires a Stateless Solution.
Pandemic-driven vulnerabilities are at an all-time high. In fact, just a couple hundred megabytes can take down an entire VPN gateway.
Read more
|
|
|
|
|
|
|
|
|
Mounting concern over cybersecurity vulnerabilities in the power grid have led to a series of actions by the Biden administration. PHOTO: APU GOMES/AGENCE FRANCE-PRESSE/GETTY IMAGES
|
|
|
|
Power Play: Cybersecurity has become a core issue for the U.S. power system, as important as the supply of raw materials used to generate electricity, a senior official at the grid’s watchdog said, as government officials push to shore up critical infrastructure from hackers.
“Security is at the heart of our operations, and one of the highest priority items right next to changing resource mix,” said John Moura, director of reliability assessment at the North American Electric Reliability Corp., a standards-setting and enforcement body for the energy industry.
The electric grid didn’t suffer any loss of output as a result of cyberattacks in 2020, according to NERC’s State of Reliability report, published Tuesday. Intelligence sharing among companies through the Electricity Information Sharing and Analysis Center, which NERC operates, grew by 96% in 2020 compared with 2019, with about 2,600 pieces of information shared. Suspicious activity reports, cyber-related reports and information on phishing scams and software vulnerabilities made up the bulk of the data, the report said.
Mr. Moura said cyberattacks had been a particularly serious concern for NERC since hackers last year penetrated SolarWinds Corp. software and proceeded to break into systems at private companies and federal agencies.
Read the full story.
|
|
|
|
|
British educational publisher Pearson PLC settled charges brought by U.S. financial regulators that it failed to properly disclose details of a 2018 data breach. PHOTO: NEIL HALL/REUTERS
|
|
|
|
Pearson fined over cyber disclosures. Educational publishing firm Pearson PLC will pay $1 million to the U.S. Securities and Exchange Commission to settle charges it misled investors in public statements following a 2018 data breach. Regulators allege the company told investors that information may have been stolen when it knew that data had been breached, and that it failed to patch security flaws six months after being informed of them. Pearson didn’t admit or deny the charges. (Reuters)
|
|
|
The logo of Tokio Marine Holdings Inc. on the company’s headquarters building in Tokyo. PHOTO: FRANK ROBICHON/EUROPEAN PRESSPHOTO AGENCY
|
|
|
Japanese insurance company hit by ransomware attack. Tokio Marine Holdings Inc. said Monday its Singapore-based operations suffered a ransomware attack, making it the latest insurance firm targeted by hackers. The company, Japan’s largest property and casualty insurer, said it notified law enforcement and turned off affected systems but is still surveying the damage. The incident at Tokio Marine, which offers cybersecurity insurance policies, is the latest in a string of hacks of insurance companies this year. (CyberScoop)
|
|
|
T-Mobile Says Hackers Stole Information on More Than 40 Million People. T-Mobile US Inc. said the attack that breached its computer network pulled Social Security numbers and other personal information of more than 40 million current and prospective customers. The cellphone carrier said the stolen data included first and last names, birth dates, Social Security numbers and driver’s license information from a subset of current and potential customers. The victims included people who applied for credit with T-Mobile—regardless of whether they ended up doing business with the carrier—and about 7.8 million current subscribers with postpaid plans. “Importantly, no phone numbers, account numbers, PINs, passwords, or financial information were compromised in any of these files of customers or prospective customers,” the company said in a statement. (WSJ)
|
|
U.S. Navy failed to conduct submarine cybersecurity audits. Submarines in the U.S. Pacific Fleet have not received internal or external cybersecurity examinations in recent years, despite being required to do so, according to a Navy audit. While formal explanations weren’t given in the audit, short staffing was suggested as a reason. (The Defense Post)
|
|
|
$14.8 million
|
The average amount of money that large U.S. companies lose to phishing scams annually, according to a report from Proofpoint Inc. and the Ponemon Institute.
|
|
|
|
|
|
|
PHOTO: MARK KAUZLARICH/BLOOMBERG NEWS
|
|
|
Colonial Pipeline hackers accessed nearly 6,000 individuals’ data. The pipeline operator said in letters to 5,810 current and former workers, as well as some of their family members, that their personal data was breached in the ransomware attack in May that brought down the largest conduit for fuel on the East Coast. Colonial told employees that the Darkside ransomware group accessed information including their Social Security numbers, driver’s license numbers and health insurance information. (CNN)
|
|
|
|
|
|
|
|