Friday Five: The Crackdown on Critical Infrastructure & a Ransomware Gang Disrupted
New regulations are rolling out following the release of President Biden’s National Cybersecurity Strategy, but dangers still lurk. Catch up on all the changes in this week’s Friday Five!
TSA ISSUES AVIATION REGULATIONS FOR AIRLINES, AIRPORTS FACING ‘PERSISTENT CYBERSECURITY THREAT’ BY CHRISTIAN VASQUEZ
Following the Biden administration's National Cybersecurity Strategy, the TSA released new regulations this past week that compel airports along with aircraft owners and operators to improve their digital defenses in the face of growing threats. According to the TSA, the agency is taking “emergency action because of persistent cybersecurity threats against U.S. critical infrastructure, including the aviation sector.” Airlines will now be required to develop a TSA-approved implementation plan that describes the measures companies are taking to improve digital defenses. Read more about the new requirements in the full story from CyberScoop.
PROPOSED FCC RULE REDEFINES DATA BREACHES FOR COMMUNICATIONS CARRIERS BY STEPHEN LAWTON
A proposed rule change at the Federal Communications Commission would expand the definition of a data breach for communications carriers, covering any incident that affects the confidentiality of customer information, regardless of whether or not harm was caused. In a recent statement, FCC Chairwoman Jessica Rosenworcel said, "the law requires carriers to protect sensitive consumer information but, given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements." Read more about communications carriers' current breach reporting requirements and the proposed changes in the full story from Dark Reading.
EPA RELEASES WATER SYSTEMS CYBER REQUIREMENT IN TANDEM WITH NATIONAL STRATEGY BY ALEXANDRA KELLEY
The Environmental Protection Agency issued a new memorandum this past week which aims to help improve the cybersecurity posture guarding the nation’s water filtration systems. The agency will require that states conduct “periodic” audits of their water systems’ sanitary quality to confirm compliance, including “an onsite review of the water source, facilities, equipment, operation, and maintenance of a PWS for the purpose of evaluating the adequacy of such source, facilities, equipment, operation, and maintenance for producing and distributing safe drinking water.”
US GOVERNMENT WARNS ROYAL RANSOMWARE IS TARGETING CRITICAL INFRASTRUCTURE BY CARLY PAGE
In their joint advisory released this past Thursday, the FBI and CISA said that Royal ransomware has targeted numerous critical infrastructure sectors across the United States and claimed multiple victims in the U.S. and internationally, including manufacturing, communications, education, and healthcare organizations. The Royal ransomware gang, which was first observed in early 2022, is believed to be comprised of experienced ransomware actors from previous operations, noting similarities between Royal and Conti, a prolific Russia-linked hacking group that disbanded in June 2022.
POLICE RAID ROUNDS UP CORE MEMBERS OF DOPPELPAYMER RANSOMWARE GANG BY NATE NELSON
In a series of raids revealed by Europol this past week, multiple police forces carried out coordinated action against two suspected members of the cybercrime gang behind the DoppelPaymer ransomware, resulting in the seizure of electronic equipment. DoppelPaymer is a 4-year-old ransomware derived from the BitPaymer ransomware and Dridex banking Trojan. Read more about the unlawful actions of DoppelPaymer and what law enforcement has been doing to combat such groups in the full story from Dark Reading.