DIRECTOR'S NOTE

DIRECTOR'S NOTE

Dear readers,

The Thanksgiving holiday is upon us, and as we’re enjoying a hearty meal with family and friends cyber foes are also feasting their eyes upon the opportunities afforded by reduced security staffing and shoppers eager to snap up huge bargains. Ransomware gangs are increasingly targeting weekends and holidays, according to a new report from Semperis, as Beth Maundrill?writes at Infosecurity Magazine. Eighty-five percent of surveyed organizations reduced SOC staffing by as much as 50% on holidays and weekends. And while it’s important for staff to take time with family, ransomware actors unfortunately know to take advantage of this lull: 86% of study participants who experienced a ransomware attack were targeted on a weekend or?holiday. With Black Friday also a?top lure?for cybercriminals, it’s definitely a time to stay on our toes.

Former Deputy Assistant National Cyber Director Cheri Caddy has been at the forefront of the threats that travelers packing the roads will face this holiday and well into the future. On this week’s?Cyber Focus, I had an enlightening discussion with Cheri, a McCrary senior fellow, about the IT/OT cybersecurity challenges that come with modern connected vehicles. Our conversation covered privacy implications of driving essentially computers on wheels, the global supply chain implications for vehicle data security, regulatory harmonization across sectors impacting connected vehicles, the future of autonomous vehicles in the cybersecurity landscape, and managing cybersecurity at an enterprise level for government and corporate vehicle fleets. "There's no cyber problem that's a single sector anymore," Cheri said.

Another of our senior fellows sat down with?IT Brew?to share thoughts about what’s keeping him up at night in the current cyber landscape. Former NSA Deputy Director George Barnes discussed cyber vulnerabilities within critical infrastructure, election security, how to prepare for quantum to be used as a nation-state hacking tool, how cybercriminals use AI and more.

Former NSA Deputy Director and former National Cyber Director Chris Inglis stressed that “cybersecurity is less about technology or expertise and more about doctrine” in an interview with?Paul Wagenseil at SC Media. In a discussion about shaping cybersecurity outcomes, regulations and resilience, Chris emphasized the importance of making the right day-to-day security choices in “a slow-motion crisis” landscape. “If we concentrated these failures into a single moment, we’d see the severity more clearly,” he said of diffuse and persistent cyber threats.

These threats, of course, include the hit on our telecommunications sector from the China-linked Salt Typhoon campaign. As?Sam Sabin reports at Axios, CrowdStrike has discovered a new China-linked hacking group, Liminal Panda, that's been targeting telecommunications networks since at least 2020 to spy on customers' text messages and phone call metadata. The threat could be looming in other infrastructure, as well: The Coast Guard published a notice in the Federal Register this week detailing cyber risk management actions for ship-to-shore cranes?made by?Chinese companies, underscoring growing concerns over vulnerabilities in critical maritime infrastructure,?Anna Ribeiro reports at Industrial Cyber.

And the threats lurk below the surface. As Henri Astier and Paul Kirby?reported at BBC, two telecommunications cables under the Baltic Sea were severed early this week, with our allies in Europe saying that the damage looked like sabotage and “hybrid warfare” that “must be assessed with the growing threat posed by Russia in our neighborhood as a backdrop.” These types of incidents have prompted the FCC to press ahead on a “major, comprehensive review and update of licensing rules for submarine cables” for the first time since 2001,?John Curran reported at MeriTalk.

As we confront these threats, we’re weighing the best way to advance emerging technologies. This week, NIST?announced?the formation of the?interagency Testing Risks of AI for National Security task force. The bipartisan congressional U.S.-China Economic and Security Review Commission recommended that lawmakers “establish and fund a Manhattan Project-like program dedicated to racing to and acquiring an Artificial General Intelligence (AGI) capability,”?Miranda Nazzaro reported at The Hill. On the broader topic of contemplating our AI future, in a Foreign Affairs essay?Henry Kissinger, Eric Schmidt and Craig Mundie pondered what it will mean for the world when AI shapes strategy and statecraft.

This week by the numbers:

  • The EPA’s Office of Inspector General assessed?for cybersecurity vulnerabilities 1,062 drinking water systems that serve more than 193 million people across the United States, and identified?97?systems serving about?26.6 million?users as having either critical or high-risk cyber vulnerabilities. (EPAOIG.GOV)
  • One in five?DocuSign spoofs targeting businesses have been found to be impersonations of regulatory agencies.?(SCWORLD.COM)
  • In a stark reminder of cyber threats’ toll on localities and education, a phishing scheme led to?$2.2 million?being taken from Grand Forks Public Schools in North Dakota. (GRANDFORKSHERALD.COM)
  • 'Scam yourself' attacks, which?rely on social engineering to get people to download malware themselves, just increased over?600%. (ZDNET.COM)
  • One deepfake digital identity attack strikes?every five minutes. (INFOSECURITY-MAGAZINE.COM)

At CyberScoop this week, senior fellow Brian Harrell and Sachin Bansal wrote about the?urgent need for a unified cyber defense approach from the public and private sectors to address vulnerabilities across the entire energy sector supply chain.

This newsletter will be in your inboxes on Monday and Tuesday, then return the following week after the Thanksgiving hiatus. We’re extremely thankful for everyone who works to secure this nation, especially those who will be manning the front lines over the holiday.

War Eagle,

Frank Cilluffo


TODAY'S TOP 5

CISA HACKS CRITICAL INFRASTRUCTURE: The U.S. cyber defense agency is urging critical infrastructure operators to learn from the experience of a volunteer red teaming test and not rely too heavily on host-based endpoint detection and response solutions at the expense of network layer protections, GovInfoSecurity reports. An unnamed critical infrastructure organization that sought a red teaming assessment from the Cybersecurity and Infrastructure Security Agency lacked an adequate security framework to detect or prevent malicious activity from the outset, the agency?said?Thursday.

  • The red team gained initial access through a web shell left from a third party’s previous security assessment, CISA said. The red team proceeded to move through the demilitarized zone (DMZ) and into the network to fully compromise the organization’s domain and several sensitive business system targets. The assessed organization discovered evidence of the red team’s initial activity but failed to act promptly regarding the malicious network traffic through its DMZ or challenge much of the red team’s presence in the organization’s Windows environment.

GAO CALLS OUT QUANTUM THREAT STRATEGY: The National Cyber Director should take the lead on coordinating the national quantum computing cybersecurity strategy and ensure that the strategy’s various documents address all the desirable characteristics of a national strategy, the Government Accountability Office said in a new report. The Office of the National Cyber Director did not agree or disagree with the recommendation.

  • GAO identified three central goals based on documents from various federal entities?that inform a national strategy for addressing this threat. But these desirable characteristics have not been fully addressed, in part, because no single federal organization is responsible for coordinating the strategy.

Tech. Sgt. Gregory Kirchner, assigned to the 3rd Maintenance Squadron, uses a drill to cut and shape a metal block in the metals fabrication shop on Joint Base Elmendorf-Richardson, Alaska, on Jan. 27, 2017.?(U.S. Air Force photo/Justin Connaher)

PENTAGON’S OT ZERO-TRUST FOCUS: The Pentagon’s?zero trust?office has “pivoted” from a focus on shoring up the Defense Department’s?information technology?to better securing?what’s known as operational technology (OT) and weapon systems from foreign hackers, the office’s director said, Breaking Defense reports. Given adversarial threats and the department’s progress in implementing zero trust into IT, Randy Resnick said the next step is to create guidance for implementing zero trust in OT and then eventually DCI.?

  • The Pentagon’s Office of Small Business Programs also will launch a pilot project to create creating a secure, cloud-based enclave for small contractors, who often struggle to meet?DoD’s extensive cybersecurity requirements, Breaking Defense reported. The as-yet unnamed pilot will be run out of OSBP’s Project Spectrum, which provides online resources to educate contractors and a marketplace for government-vetted cybersecurity tools but hasn’t built such a comprehensive suite of services before.?

DIGITAL DIPLOMACY IN AI ERA: As artificial intelligence reshapes the global landscape, America must seize the moment to lead AI’s development and deployment worldwide, Joseph Dunford,?Frances Townsend?and?Michael Morell write at Roll Call. To achieve this, we must leverage digital diplomacy, strengthen partnerships with the private sector and deepen cooperation with our allies— all while countering the growing threats from China and Russia, who are working tirelessly to outpace us in AI and other critical technologies.

CHINA-LINKED GIFT PORTAL EXPOSES U.S. MILITARY OFFICIALS: A popular promotional gift platform, gs-jj.com, left 300,000 emails from customers exposed for months, Cybernews reports. Among the leaked emails around 2.500 were from .mil and .gov email domains, belonging to different U.S. military branch officers and government officials. These were mostly orders for products such as patches, coins, medals and, in some cases, even battalion emblems.

  • Researchers also discovered other security issues with the website, such as leaked git repository configuration, folder and file structure of the website. These hidden files appear to have been accidentally uploaded and left open inadvertently. They reveal the company’s operational links with China.

CYBER FOCUS PODCAST

(

In the latest episode of Cyber Focus, host Frank Cilluffo sits down with former Deputy Assistant National Cyber Director Cheri Caddy, a McCrary senior fellow and senior technical advisor at the Department of Energy. They discuss the cybersecurity challenges surrounding connected vehicles, examining how modern cars are effectively "computers on wheels" and the broader implications for privacy, data security and national security. Cheri highlights the convergence of IT and OT systems in vehicles, the need for cyber-informed engineering and the importance of regulatory harmonization in addressing these challenges.

SUBSCRIBE TO CYBER FOCUS:?YouTube?|?Spotify?|?Apple Podcasts

CYBER AND CI UPDATES

ATTACKS AND INCIDENTS

Breaches

Cyberattack at French hospital exposes health data of 750,000 patients

A threat actor using the nickname 'nears' (previously near2tlg)?claimed to have attacked multiple healthcare facilities in France, alleging that they have access to the patient records of over 1,500,000 people. The hacker claims they breached MediBoard by Software Medical Group, a company offering Electronic Patient Record (EPR) solutions across Europe. (BLEEPINGCOMPUTER.COM)

Gambling and lottery giant disrupted by cyberattack, working to bring systems back online

International Game Technology (IGT) notified the U.S. Securities and Exchange Commission on Tuesday that it became aware of the cyberattack when it “experienced disruptions in portions of its internal information technology systems and applications” on Sunday. (THERECORD.MEDIA)

Norfolk, Va., Sheriff’s Office ‘victim of cybersecurity event’

Norfolk Sheriff Joe Baron said it was an isolated issue that impacted its records and other operational systems, but was not a security threat. “Our jail’s physical security, including doors, camera systems and other vital checkpoints is managed on a separate network that was not impacted by this cyber incident,” Baron said in a statement. Baron said the sheriff’s office had been made aware of suspicious activity on its computer systems. (WAVY.COM)

Critical infrastructure

Man sentenced to nine years in federal prison for detonating an explosive device outside the Alabama Attorney General’s Office

During the early morning hours of Feb. 24, 2024, Kyle Calvert placed an explosive device outside of the Alabama Attorney General's Office in downtown Montgomery. During his plea hearing, Calvert admitted to manufacturing the device and to using nails and screws as shrapnel. After positioning the explosive device near the Attorney General’s Office, Calvert lit its fuse and left the area. (JUSTICE.GOV)

Dozens of Colorado water systems impacted after chemist caught manipulating data

According to the health department, in February, a managing chemist discovered anomalies in test results relating to one water quality method, method 200.7, which tests for metals and trace elements of barium, copper and chromium in drinking water. When the anomalies were discovered, the acting chemist was removed from all laboratory testing and the department launched an investigation. But CDPHE had not notified the EPA of the lapse until early April. (9NEWS.COM)

Malware

NodeStealer malware targets Facebook ad accounts, harvesting credit card data

NodeStealer, first publicly documented by Meta in May 2023, started off as JavaScript malware before evolving into a Python stealer capable of gathering data related to Facebook accounts in order to facilitate their takeover. It's assessed to be developed by Vietnamese threat actors, who have a history of?leveraging various malware families?that are centered around hijacking Facebook advertising and business accounts to fuel other malicious activities. (THEHACKERNEWS.COM)

Social media

Meta removes 2 million accounts accused of ‘pig butchering’ scams

These pig-butchering fraud schemes are usually long-term cons, in which scammers pose as friendly or romantic individuals or government or business representatives who ultimately manipulate victims into depositing money into an investment scheme. The schemes lose money, and the victims are often out large sums of money, sometimes in the form of cryptocurrency. (THEHILL.COM)

Lumma Stealer proliferation fueled by Telegram activity

McAfee researchers identified two prominent Telegram channels distributing Lumma Stealer payloads through cracking software or archived versions of seemingly benign software. The first channel, named VIP HitMaster Program, has over 42,000 subscribers, and the second, named MegaProgram +, has 8660. Indian Telegram users are the most affected by this threat, followed by U.S. and European users. (INFOSECURITY-MAGAZINE.COM)

Now BlueSky hit with crypto scams as it crosses 20 million users

Over the past few years, X/Twitter has become the hotbed of scammers from those targeting?banking customers?to ones?impersonating high-profile accounts?to push posts promoting fake crypto giveaways, websites that utilize wallet drainers, and Discord channels promoting pump-and-dumps. Threat actors are starting to get their foot in BlueSky too, and push their agenda. (BLEEPINGCOMPUTER.COM)

Vulnerabilities

2,000 Palo Alto firewalls compromised via new vulnerabilities

While the number of internet-exposed PAN-OS interfaces has decreased from 11,000 on November 10 to approximately?2,700 on November 20, the Shadowserver Foundation on Thursday reported seeing roughly?2,000 instances of compromised firewalls. (SECURITYWEEK.COM)


THREATS

Critical infrastructure

CISA, ODNI issue guidance to safeguard critical infrastructure installations against foreign threats

In observance of?National Critical Infrastructure Security and Resilience Month, the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence, released guidance to assist?critical infrastructure?owners and operators to detect and mitigate efforts by foreign intelligence entities to disrupt U.S. critical infrastructure. (INDUSTRIALCYBER.CO)

DDoS

Bigger and badder: how DDoS attack sizes have evolved over the last decade

Cloudflare has mitigated over 14.5 million DDoS attacks since the start of 2024 — an average of 2,200 DDoS attacks per hour. Going back in time, early in the 2010s, the largest attacks were measured in the Gigabits per second (Gbps) scale, but these days, it’s all about Terabits per second (Tbps). The number of requests per second (rps) and bits per second (bps) are also significantly higher these days. (CLOUDFLARE.COM)

ICS

145,000 ICS systems exposed to web; many industrial firms hit by attacks

Censys’ latest ‘State of the Internet’ report also reveals that the devices are spread out across 175 countries, with 38% of them located in North America, 35% in Europe and 22% in Asia.?In the United States, there are 48,000 exposed systems. Censys previously reported seeing?40,000 internet-exposed ICS systems?in the United States. In comparison, a Shodan search currently shows roughly 110,000 worldwide ICS systems directly accessible from the web.?(SECURITYWEEK.COM)

Phishing

Microsoft takes action against phishing-as-a-service platform

ONNX was the top adversary-in-the-middle (AitM) phishing service, according to?Microsoft's "Digital Defense Report 2024,"?with a high volume of phishing messages during the first six months of this year. Millions of phishing emails targeted Microsoft 365 accounts each month, and Microsoft has apparently had enough. (DARKREADING.COM)

Ransomware

CISA says BianLian ransomware now focuses only on data theft

This new information comes in an update to a joint advisory released in May by the same agencies, which warned about?BianLian's shifting tactics?involving the use of stolen Remote Desktop Protocol (RDP) credentials, custom Go-based backdoors, commercial remote access tools, and targeted Windows Registry modifications. (BLEEPINGCOMPUTER.COM)

Vulnerabilities

Google's AI-powered OSS-Fuzz tool finds 26 vulnerabilities in open-source projects

These AI-assisted vulnerability discoveries are also made possible by the fact that LLMs are proving to be adept at emulating a developer's fuzzing workflow, thereby allowing for more automation. The development comes as the company?revealed?earlier this month that its LLM-based framework called Big Sleep facilitated the detection of a zero-day vulnerability in the SQLite open-source database engine. (THEHACKERNEWS.COM)


ADVERSARIES

China

China’s surveillance state is selling citizen data as a side hustle

China has long been a billion-plus-person experiment in?total state surveillance, with virtually no legal checks on the government's ability to physically and digitally monitor its citizens. When so much control of citizens' private data amasses within a few government agencies, however, it doesn't stay there. Instead, that bounty of private info has also leaked onto a lively black market—one where insiders sell off their own access to any scammer or stalker willing to pay. (WIRED.COM)

Chinese APT Gelsemium targets Linux systems with new WolfsBane backdoor

WolfsBane has been assessed to be a Linux version of the threat actor's Gelsevirine backdoor, a Windows malware put to use as far back as 2014. Also discovered by ESET is another previously undocumented implant named FireWood that's connected to a different malware toolset known as?Project Wood. FireWood has been attributed to Gelsemium with low confidence, given the possibility that it could be shared by multiple China-linked hacking crews. (THEHACKERNEWS.COM)

Ukraine’s ‘IT Army’ has lessons for Taiwan

Assembling a volunteer IT Army presents a significant challenge due to its inherently decentralized nature, where members rely more on their own skills than formal training. Fortunately, however, these skills have been developed by our increasingly digital world, opening the door to normal citizens participating in cyber warfare. Taiwan should look to implement a similar framework and develop its own IT Army for if and when China invades. (EURASIAREVIEW.COM)

Chinese ship casts shadow over Baltic subsea cable snipfest

The Danish military has confirmed it is tracking a Chinese ship that is under investigation after two optical fiber internet cables under the Baltic Sea were damaged. The cables are widely believed to have been deliberately interfered with, a situation German Defense Minister Boris Pistorius insists was "sabotage." The two cables run between Finland and Germany and between Lithuania and Sweden respectively. They are part of the circa?600 undersea cables?– or shall we say, 600 that are?publicly known?about and tracked. (THEREGISTER.COM)

North Korea

North Korean front companies impersonate U.S. IT firms to fund missile programs

SentinelOne, which analyzed four new DPRK IT Worker front companies, said they were all registered through NameCheap and claimed to be development outsourcing, consulting, and software businesses, while copying their content from legitimate companies. (THEHACKERNEWS.COM)

North Korea hackers behind 2019 $42 million Ethereum heist, South Korea police say

More than half of the stolen assets were laundered through three crypto exchanges set up by the hackers themselves at a discount to Bitcoin and the rest were laundered through 51 different exchanges, the National Police Agency said. The hackers infiltrated a crypto exchange where the Ethereum was being kept and stole 342,000 tokens, now valued at more than 1.4 trillion won ($1 billion), the police said in a statement. (REUTERS/YAHOO.COM)

Russia

Is Britain ready to repel a cyberattack from Russia?

This year the NCSC says it has responded to 50 percent more nationally significant incidents compared to last year, as well as a threefold increase in severe incidents. The government has taken significant steps to protect the consumer, by introducing in April a new regime to secure smart home devices such as speakers, TVs and wearables. There is, however, only so much the government can do. Supply chains are so diverse now that hackers can often find?a minor player with a weak link?that can bring the main system down.?(THETIMES.COM)

Dozens of Central Asian targets hit in recent Russia-linked cyber-espionage campaign

Since July of this year, Insikt Group has identified over 60 unique TAG-110 victims, primarily in Tajikistan, Kyrgyzstan, Turkmenistan, and Kazakhstan. They were infected with the group’s custom malware, including the?Hatvibe?loader and the?Cherryspy?backdoor. To deliver these tools to targeted systems, the group used malicious Microsoft Word email attachments and exploited vulnerable web-facing services, Insikt Group said.?(THERECORD.MEDIA)


GOVERNMENT AND INDUSTRY

Artificial intelligence

School did nothing wrong when it punished student for using AI, court rules

A federal court yesterday ruled against parents who sued a Massachusetts school district for punishing their son who used an artificial intelligence tool to complete an assignment. U.S. Magistrate Judge Paul Levenson found that school officials "have the better of the argument on both the facts and the law." (ARSTECHNICA.COM)

Business

DoJ demands Google sells Chrome — and potentially Android too

Regulators focused on the use of payments worth billions of dollars to rival browser makers to ensure that Google was included as a search engine. The suggested remedies include the widely-anticipated divestment of Chrome, which is by far the world's most popular browser. The DoJ also seeks to prohibit Google from re-entering the browser market for at least five years. (ITPRO.COM)

Microsoft unveils resiliency, security enhancements following July global IT outage

Microsoft will allow IT administrators to make changes to Windows Update on PCs, even if the machines are unable to boot up. Administrators will not require physical access to the machines to make the necessary changes.?The service will be available to the Windows Insider Program community starting in early 2025. (CYBERSECURITYDIVE.COM)

Communications

FCC launches first major review of submarine cable rules in decades

The Notice of Proposed Rulemaking looks to update application requirements for national security purposes and ensure the Commission has targeted and granular information regarding the ownership, control, and use of a submarine cable system.?The FCC is also looking to improve the quality of the circuit capacity data it collects from licensees, and facilitate the sharing of such information with federal partners.?(FCC.GOV)

FCC leaders skirt call for wiretap security reform, hope to ‘go deeper’ on telecom breach briefings

An unprecedented Chinese intrusion into U.S. telecommunications firms and the infrastructure that facilitates legal access requests has grabbed the attention of several lawmakers who have asked the Federal Communications Commission to launch a formal proceeding to reform the key law that governs wiretapping procedures. But the agency doesn’t appear poised to proceed just yet. (NEXTGOV.COM)

Privacy-focused mobile phone launches for high-risk individuals

The aim of the Washington, D.C.-based company from the beginning was to create a realistically secure and private cell phone. The company also has a deal with an original equipment manufacturer. Leading up to the announcement, Cape shipped the hardened phones to a few beta testers and advisers, some of which are well-known in the security space. The company also includes research partners at Virginia Tech, the University of Maryland, and the Air Force Research Laboratory.?(CYBERSCOOP.COM)

Leadership

Potential Trump cyber picks coalesce — but insiders say there could be surprises

A major complicating factor is that, to date, the president-elect has tapped people in his personal orbit for administration jobs, forgoing career public servants or those with previous experience, even from his first White House stint. As a result, even those closest to the president have been caught off guard by some of his picks. (THERECORD.MEDIA)

Outreach

NASCIO highlights cyber training need for locals, underserved communities?

A report Thursday from the National Association of State Chief Information Officers (NASCIO),?Bridging Digital Divides: Expanding Cybersecurity in Underserved Communities, outlines best practices and case studies in this area. State chief information security officers are also increasingly turning their attention to the cybersecurity needs of smaller government organizations, which tend to be more closely connected to their communities. (GOVTECH.COM)

Regulations

Navigating cybersecurity investments in the time of NIS 2

The fifth iteration of the NIS Investments report provides key insights into how organisations in scope of the NIS 2 Directive allocate their cybersecurity budgets, build their capabilities, and mature in line with the directive’s provisions, while also exploring global cybersecurity trends, workforce challenges, and the impact of AI.?The report further provides insights into the readiness of entities to comply with new requirements introduced by key horizontal (e.g. CRA) and sectorial (e.g. DORA, NCCS) legislation, while also exploring the challenges they face.??(ENISA.EUROPA.EU)

Transportation

Gatwick Airport's cybersecurity chief on supply chain risks and CrowdStrike outage

Supply chain attacks have emerged as one of the primary challenges for cybersecurity teams, with attackers recognizing that?software providers?and other?third-party services?can provide an accessible gateway to high-value targets. This is a particularly significant issue in the aviation sector, which relies on a complex ecosystem of third-party services and external IT tools to operate efficiently. (INFOSECURITY-MAGAZINE.COM)

Workforce

Gov. Wes Moore announces $1.8M investment to expand cybersecurity training at Maryland community colleges

Cyber ranges are interactive, simulated platforms that provide hands-on, experiential learning in a secure environment. The new funding, made possible by a new Talent Innovation Fund, will provide training, support services, and direct connections to employment through BCR Cyber and the Maryland Workforce Association. Howard Community College is the first operational cyber range on a Maryland community college campus. (MOCOSHOW.COM)

LEGISLATIVE UPDATES

Senators call for watchdog to investigate TSA’s use of facial recognition

In a Wednesday?letter?to DHS Inspector General Joseph Cuffari, 12 senators — seven Democrats and five Republicans — called for a thorough review of how TSA uses facial recognition to verify travelers’ identities “from both an authorities and privacy perspective.” The agency plans to expand the use of facial biometrics to more than 400 airports in the coming years, although some lawmakers and privacy rights groups have expressed alarm about the widespread rollout of the technology.?(NEXTGOV.COM)

EVENTS

OPERATIONAL TECHNOLOGY: Join government leaders and industry experts on Dec. 3 in Washington, D.C., to explore advanced strategies for protecting U.S. operational technology and critical infrastructure and understand the biggest threats facing these sectors today.

MARITIME CYBERSECURITY: The National Maritime Security Advisory Committee will conduct a virtual meeting Dec. 3 to discuss new Committee taskings on Cybersecurity Regulation Implementation, Regulatory/Navigation and Vessel Inspection Circular Revisions, and Homeport Modernization.

FOLLOW THE McCRARY INSTITUTE ON LINKEDIN | X | FACEBOOK

SUBSCRIBE TO THE CYBER FOCUS PODCAST?YOUTUBE?|?SPOTIFY?|?APPLE PODCASTS

GET THE DAILY CYBER BRIEFING IN YOUR INBOX: SUBSCRIBE


要查看或添加评论,请登录