Here’s this week’s Future of Security report. Let’s get started:
Troubling news last week: A ransomware attack forced a gas pipeline operator to go offline. The incident took place at a natural gas compression facility, according to an advisory from U.S. officials at the Cybersecurity and Infrastructure Security Agency (CISA). The attacker used a “commodity” ransomware program, described as a “spearphishing link” that encrypted data on both the IT and operational network. CISA did not reveal when the attack took place.
The operator was unable to access and read real-time data, which prompted a two-day shutdown. At no point did the victim lose control of operations, nor did the attacker ever obtain the ability to control or manipulate operations, according to CISA. But the initial success of the attack was directly tied to the operator’s failure to “implement robust segmentation between the IT and OT networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks.”
The information about the attack from CISA comes at a time when there's growing demand for more information about cyberattacks. Federal lawmakers have been pushing for metrics that would enable the development of a more evidence-based cybersecurity policy, according to NextGov. “CISA has been working to acquire more information on vulnerabilities from private-sector owners of critical infrastructure to glean patterns and inform long-term planning and mitigation measures across the ecosystem.”
Kentucky state officials report their election system is scanned by foreign adversaries. "We are routinely scanned by Venezuela, by North Korea, by Russia on a regular basis," Kentucky Board of Elections Executive Director Jared Dearing testified during a Kentucky House budget subcommittee hearing, according to the Courier Journal. "This is not something that is in the past, that happened in 2016," Dearing said. "It happens on a weekly basis."
Kentucky Democratic Party Chairman Ben Self said in a statement following Dearing’s remarks that he was very alarmed to hear about potential Russian interference in Kentucky elections. “With this new information, it’s clear we need stronger laws cracking down on foreign election interference,” Self said.
Dearing testified during a Kentucky House budget subcommittee hearing to discuss election funding for the upcoming two fiscal years. He pointed out that the foreign scans are often targeted at the county level. Kentucky Gov. Andy Beshear has recommended that the Board of Elections be given around $6.2 million for fiscal 2021, which will include the 2020 elections.
The normalization of surveillance in the U.S. Americans seem to be growing comfortable with the new levels of surveillance available to them, thanks to tech advances that make wireless cameras cheap and ubiquitous. That’s the conclusion of The Washington Post after it conducted an informal survey of people who own indoor and outdoor cameras, most notably the popular doorbell cams, including Amazon’s Ring and Google’s Nest.
“Most of those who responded to online solicitations about their camera use said they had bought the cameras to check on package deliveries and their pets, and many talked glowingly about what they got in return: security, entertainment, peace of mind,” reported Drew Harwell. “Some said they worried about hackers, snoops or spies. But in the unscientific survey, most people also replied that they were fine with intimate new levels of surveillance — as long as they were the ones who got to watch.”
But privacy advocates and civil rights organizations are concerned. Matthew Guariglia, an analyst for the online-rights group Electronic Frontier Foundation, told the Post that the rush of new home cameras threatened to make the problems of widespread surveillance that much more intimate and harder to avoid.
Cops like the doorbell cameras too. The number of police agencies that have been granted access to the cameras’ video streams has more than doubled since September, to nearly 900 agencies across 44 states, a Post analysis found.