Cyber Rules For
Autonomous Vehicles Stall In Congress
The Hill ![Share to Facebook]()
![Share to Twitter]()
(9/26,
Miller) reports the issue of cybersecurity “is becoming increasingly important
as large car manufacturers ramp up their testing of the vehicles on the road
and begin to float ambitious plans to eventually bring them to market.”
However, those strides come “as lawmakers have failed to make progress on
federal cybersecurity standards to protect the vehicles from hacking operations
and other malicious cyber incidents.” On Capitol Hill, a bipartisan effort “to
pass legislation to set cybersecurity and other standards for autonomous
vehicles failed during the previous Congress.” Lawmakers expressed optimism
“they could revive those efforts this year, but objections from a group of
Senate Democrats that language in the legislation, the AV START Act, did not do
enough to address consumer safety and cybersecurity issues has scuttled those
plans.”
Google Issues Warning
Over Hacked iPhones
Under the headline, “Google
Shocks 1 Billion iPhone Users With Malicious Hack Warning,” Forbes ![Share to Facebook]()
![Share to Twitter]()
(8/30,
Doffman) reports Google’s Project Zero team “found a number of ‘hacked
websites’ that were being used to attack iPhones. And every up-to-date iPhone
was vulnerable for at least two years.” The researchers said, “There was no
target discrimination, simply visiting the hacked site was enough for the
exploit server to attack your device, and if it was successful, install a
monitoring implant.” The team “was able to collect five separate, complete and
unique iPhone exploit chains, covering almost every version from iOS 10 through
to the latest version of iOS 12. This indicated a group making a sustained
effort to hack the users of iPhones in certain communities over a period of at
least two years.”
Mashable ![Share to Facebook]()
![Share to Twitter]()
(8/29,
Welsh) reports the research team demonstrated that the malware “could ‘steal
private data like iMessages, photos and GPS location in real-time’; it also had
access to users’ keychains and password data, as well as database files
containing plaintext of messages sent and received in messaging apps such as
Google Hangouts, and even end-to-end encrypted apps including WhatsApp,
iMessage, and Telegram.”
According to BBC News Online (UK) ![Share to Facebook]()
![Share to Twitter]()
(8/30), “Google’s team notified Apple of the vulnerabilities on 1 February this
year. A patch was subsequently released six days later to close the
vulnerability.”
Shipping Industry
Highly Vulnerable To Cyber Attacks
Government Technology ![Share to Facebook]()
![Share to Twitter]()
(8/22)
reports “the shipping industry in general is highly vulnerable due to the lack
of expertise in the workforce, and the leadership having not grown up in any
technological environment.” Due “to the lack of maritime-specific cybersecurity
solutions, vessels are highly susceptible to digitally led hijackings or even
ransomware.” Rapid “and autonomous response cybersecurity solutions are the
only option.”
Karamba Develops New
Cyber Defense Technology For Autonomous Vehicles
Forbes ![Share to Facebook]()
![Share to Twitter]()
(8/7,
Garsten) reports that Karamba Security “believes it has a way to foil hackers”
targeting autonomous vehicles by “using technology it claims is more effective
than current methods.” Karamba is “creating what it calls the ‘self defending
car’ by building security into a vehicle’s electronic control unit” and instead
of “relying on periodic security updates, Karamba’s system causes the vehicle
to reject commands that do not match software code built into it by the
automaker.” Karamba Co-Founder David Barzilai said, “Any change to factory
settings not delivered by the automaker would be practically detected.”
Medical Device
Companies Seen As Not Doing Enough On Cybersecurity
Editor Laura Hughes writes at Medical Plastic News ![Share to Facebook]()
![Share to Twitter]()
(8/7)
that “some in the medical device and tech industries believe that healthcare
providers and manufacturers are not working together effectively enough to
mitigate the risk” posed by connected technology. According to Hughes, Carolyn
Crandall, chief deception officer at Attvio Networks, “believes that
stakeholders on both sides could be more proactive when it comes to the
cybersecurity of medical devices. Crandall told Medical Plastics News that the
topic is a source of friction between device manufacturers and healthcare
providers.” Crandell is quoted saying, “If a business buys the equipment, they
know that they have to manage their security. They’ve accepted that they’ve got
to build defences and a strategy to try and protect their networks. [However]
this is an investment that healthcare providers have not always sufficiently
made.”
ED Issues Security
Alert About Colleges Impacted By Hacker Attack
The Chronicle of Higher Education ![Share to Facebook]()
![Share to Twitter]()
(7/18)
reports ED posted an alert last week “saying that a software program used
widely among higher-education institutions has a severe vulnerability that
could allow users to gain access to student records. The program, Banner, is
operated by Ellucian, a company that makes higher-education software.” ED’s
Federal Student Aid office “said it had identified at least 62 colleges that
have been exploited through the vulnerability,” saying that “colleges had seen
attackers infiltrate Banner and then create multiple student accounts in the
‘admissions or enrollment section of the affected Banner system.’”
Inside Higher Ed ![Share to Facebook]()
![Share to Twitter]()
(7/19)
reports ED’s alert said the attack “may have given hackers access to student
data such as grades, financial information and Social Security numbers. ... The
alert indicates that criminals have been ‘scanning the internet looking for
institutions to victimize’ and drawing up lists of colleges to target.”
Study Shows
Cyberattacks On Vehicle Chargers Could Induce Blackouts
E&E Publishing ![Share to Facebook]()
![Share to Twitter]()
(8/19,
Sobczak, Subscription Publication) reports new research from New York
University found “electric vehicle chargers could offer low-hanging fruit for
hackers hoping to disrupt the power grid,” and if attackers were able to “hack
into about 1,000 EV charging points” they could “destabilize New York City’s
power grid.” The research identified EV cyberattacks as an “emerging
vulnerability” that requires attention to both cybersecurity and grid planning.
Medical Device
Companies Invite Hackers To Look For Vulnerabilities In Their Products
The Washington Post ![Share to Facebook]()
![Share to Twitter]()
(8/8,
Marks) reports that ten of the nation’s top medical device companies “will give
hundreds of ethical hackers free rein this weekend to poke and prod their
pacemakers, drug infusion pumps and other devices – and look for bugs that
could hurt people or even end their lives if they’re exploited by criminals.”
The hacks will take place in a realistic hospital replica at the Planet
Hollywood Casino in Las Vegas “that includes hospital rooms, a lab for
bloodwork, and neonatal and intensive care units.”
Hackers Could Cause
Problems For Smart Cities
The Wall Street Journal ![Share to Facebook]()
![Share to Twitter]()
(9/17,
Rundle, Subscription Publication) examines how hackers will be able to exploit
vulnerabilities in smart cities to disrupt transportation or steal data. The
Journal says there is no limit to the danger hackers could pose to cities, from
covering up infrastructure flaws to diverting emergency services or funding to
places where it is not needed, and autonomous vehicles could be particularly
susceptible to cyber attacks because hackers could target vehicles to be used
as weapons or send the car to a different destination for a kidnapping.
Opinion: US Needs To
Train Cybersecurity Professionals To Strengthen National Security
In an op-ed for The Hill ![Share to Facebook]()
![Share to Twitter]()
(8/3,
Desimone) Raytheon VP of Cybersecurity and Special Missions John Desimone
writes that the “nation is at risk for a potential cyber shutdown” as “data
breaches are on the rise, and IT costs are soaring as organizations try to
outmaneuver the oncoming threats.” Desimone argues that “one of the most
effective ways to combat it is through a strong army of cyber defenders,” and
“addressing technical gaps in our evolving workforce will help us strengthen
our nation’s security.” Desimone calls for organizations to “review and begin
executing against the goals laid out” in the Executive Order on America’s
Cybersecurity Workforce.
