At a glance.
- US DoD working toward a microelectronics strategy.
- Hacking voting systems to become a US Federal crime.
- Chinese espionage group expands targeting from Taiwan to the US.
- Cyber awareness in Australia.
US Defense Department working on a microelectronics strategy.
US Under Secretary of Defense for Acquisition and Sustainment Ellen Lord has outlined US plans to disentangle supply chains from Chinese-produced microelectronics, Breaking Defense reports. The Defense Department is working on a “microelectronics strategy” intended to secure the Defense Industrial Base against both economic and cyber threats. It aims to both secure Defense systems against backdoors and to encourage the growth of a domestic microelectronics manufacturing sector.
New law would make voting system hacks a Federal crime.
The US Congress unanimously voted to make cyberattacks on federal voting systems a federal crime, according to Infosecurity Magazine and The Hill. US President Trump must now sign the Defending the Integrity of Voting Systems Act into law. A 2018 report by the US Department of Justice’s Cyber Digital Task Force alerted lawmakers that existing legislation chiefly covered attacks on internet-connected systems and therefore insufficiently protected other voting machinery. Senator Richard Blumenthal, who co-sponsored the bill, commented, “Our adversaries have shown a willingness and capability to hack the infrastructure that powers our democracy, however, our laws and enforcement lag far behind this dire threat.”
Espionage update: Palmerworm wriggles into the US.
Security Week reports that the Beijing-linked Palmerworm (a.k.a. BlackTech) hacking group has expanded its territory from East Asia to the US. First spotted in 2013, the group targets the “construction, electronics, engineering, media, and finance” industries. Espionage is believed to be the goal. Recent attacks show the threat actor has adopted new instruments as well, including Nomri, Dalwit, Waship, Consock, Putty, SNScan, PSExec, and WinRAR.
Report: Canberra’s cyber caution lags?
CRN says many Australian businesses still do not understand the significance of cybersecurity despite a $1.6 billion governmental effort to deter cyberthreats. Poor communication between company cybersecurity experts and other company leadership could be at play. “Not every pair of CEOs and CISOs know how to, or even like to, talk to each other,” said Unisys Industry Director of Cyber Security Gergana Winzer. Employees are also poorly trained on cyber awareness. Nexion Group CEO Paul Glass remarked, “We don’t let someone drive a truck without a licence or step on a mine site without having done the required onboarding…so why do we simply hand the keys to our entire company without providing support and training.” In general businesses are not connecting the danger of an attack to the danger to their bottom line.