At a glance.
- GAO gives US cybersecurity strategy mixed reviews.
- Commercial aviation cybersecurity policies and standards under discussion.
- Scanning for weaknesses in US voting systems.
GAO finds US administration’s cybersecurity strategy lacking.
On Tuesday the US Government Accountability Office (GAO), a nonpartisan watchdog agency, published a report stating that the White House’s cybersecurity strategy, while it has its merits, lacks clarity regarding how the strategy will be implemented. FCW reports that the GAO’s findings indicated that the Trump administration’s 2018 national cyber strategy and 2019 implementation plan do not detail leadership functions, and the report recommends that either the White House Cybersecurity position, phased out in 2018, be restored, or that a new position be established to fill a similar role. Furthermore, according to CyberScoop, the GAO indicated that the National Security Council’s current plan lacks clear measures of performance, as well as the schedules or resources necessary to accomplish tasks. The GAO’s report is seen as lending further momentum to the National Cyber Director Act, legislation introduced in June in response to the Cyberspace Solarium Commission's report.
EASA and FAA discuss aviation system cybersecurity policy.
Aviation Today reports that the European Union Aviation Safety Agency (EASA) and the Federal Aviation Administration (FAA) met virtually at the Global Connected Aircraft Summit to discuss aircraft cybersecurity. Though an aircraft’s critical avionic systems might appear to be impenetrable, the public networks used by passengers during flights are vulnerable to hacking. Indeed, professional hackers have proven in the past that they can break into a commercial plane’s in-flight Internet, giving them access to passenger mobile devices and the valuable user data they contain. As a result, the FAA plans to put out an advisory circular detailing cybersecurity standards for Transport Category Airplanes, while EASA is developing an Information Security Management System that will assess risks and hire professionals with the know-how to alleviate them.
Cyber operatives scanning for weaknesses in US voting systems.
As the US presidential election approaches, hackers continue to scan voting systems for potential weaknesses, Voice of America reports. Ever since Russian actors infiltrated US voter registration databases in 2016, officials have been working to safeguard election systems. Intrusion detector sensors that give threat information in real time are being used in all 50 states, resulting in no new attacks on voting infrastructure this year. But cyber operatives haven’t stopped looking for chinks in the armor. “Election systems, like IT systems generally, are being scanned, are being targeted, are being researched for vulnerabilities," said Matt Masterson, the Department of Homeland Security's senior election security adviser. There’s also the potential for hackers to find ways of hindering the voting process indirectly, by taking out general internet connectivity, targeting local election officials with phishing attacks, or employing disinformation campaigns.
How such systems might be at risk was illustrated this week by a ransomware attack on Tyler Technologies, a US IT firm based in Plano, Texas, whose solutions, Reuters notes, are widely used by state and county governments to, among other things, coordinate emergency services and exchange election information, including voting results. The company has disclosed that it’s working to restore its systems, and that while some data were exposed as is now normal in ransomware attacks, it’s not believed that any customers’ software or data were affected, but it's probably prudent to regard the incident as a shot across the November elections' bow.