Cybersecurity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State ISAC (MS-ISAC), both WaterISAC partners, have joined with the National Governors Association and the National Association of State Chief Information Officers in releasing a statement recommending state and local governments take immediate action to safeguard against ransomware attacks.

The National Cyber Security Alliance (NCSA) has announced the theme for this year’s National Cybersecurity Awareness Month (NCSAM), which is recognized every October.  With the overarching theme of “Own IT. Secure IT. Protect IT.,” the NCSA says NCSAM 2019 will focus on encouraging personal accountability and proactive behavior in security best practices and digital privacy and draw attention to careers in cybersecurity. As it has in past years, WaterISAC will distribute its own messaging using the NCSAM theme.

The NCCIC has published an advisory on a stack-based buffer overflow vulnerability in National Renewable Energy Laboratory (NREL) Energy Plus. Version 8.6.0 and prior versions (potentially) are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a denial-of-service condition. It is recommended that users update the application to the latest available release, v9.0.1, or later. The NCCIC also advises of a series of measures for mitigating the vulnerabilities.

The U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has published a series of documents as part of its efforts to address and build resilience to foreign interference, particularly information activities (e.g., disinformation and misinformation). The first document, The War on Pineapple: Understanding Foreign Interference in 5 Steps, is intended to illustrate how information operations have been carried out in the past to sow divisions in the U.S.