Monday, May 04, 2020

What I'm Reading 5/4/2020 - Happy Star Wars Day - It's Power Grid, Supply Chains and Amazon Behaving Badly Again Today

T&D World - Utilities Continue to Assess Executive Order on Securing Bulk-Power System -
Utilities that reached by T&D World on May 1, including Duquesne Light Co., said they are assessing the impact of President Donald Trump's May 1 Executive Order on Securing the United States Bulk-Power System.
...
Jim Cunningham, executive director of Protect Our Power (POP) — which, as noted on its website, is a nonpartisan advisory panel focused on strengthening the country's electrical power grid — in a May 1 statement said, "This executive order is an important first step — one that POP supports — to address dangerous cyber-related vulnerabilities in the electric sector supply chain. The order highlights a looming threat that POP and other security experts have identified for some time now."
 Related - Enterprise Times - US acts to protect power grid from attack -
 In a move to protect the US power grid, President Trump has signed an executive order that bars US power grid entities from buying and installing electrical equipment manufactured outside the US.
...
As part of the executive order, the US is creating a new working body to look at the equipment used in the US power grid. The goal is to identify all equipment that is foreign made and at risk of being exploited. It brings together teams from the departments of Energy and Defense, Homeland Security and National Intelligence among others.
What isn’t clear, is if this also includes equipment created by companies that are now foreign-owned such as Westinghouse. It was one of the major players in the US nuclear power industry. Last year, Toshiba sold its US-based nuclear business to a Canadian company, Brookfield.
It is also worth asking how the teams will identify all the affected equipment? The US power grid is complex, and there are a lot of small power generation companies. It could take years or even decades to document what exists, where it is, and the risks it poses.
...
Identifying a lot of the older equipment that is vulnerable is also a non-trivial task. Some may be Internet-facing while most will be behind corporate firewalls. It is why many attacks start with phishing campaigns to get inside the networks of power generation companies. Attackers then transition to IIoT systems that are poorly integrated with newer IT systems. Any attempt to secure these systems needs to recognise that there is a need to look at where the attacks start and improve security at that point.
NY Post - Asia’s ‘murder hornet’ will arrive on East Coast and is ‘here to stay’: experts -
The deadly meat-eating Asian giant hornet, which has been known to kill up to 50 people a year in Japan, recently surfaced for the first time in the US in Washington state — and New York City beekeepers say there is no way it won’t make its way here, too.
This is disturbing but awesome. In China they have to kill these things with a flamethrower.  

Reuters - China, Russia take advantage of virus emergency, U.S defense secretary says -
“(The United States) is aware that some (countries) will try to use the pandemic as a way to invest in critical industry and infrastructure, with effect on security in the long term,” Esper told newspaper La Stampa, when asked whether China and Russia were trying to gain influence in Italy by sending aid.
“Potential opponents will almost certainly try to use their interest to put their interests forward and create divisions in NATO and Europe,” he said. “Huawei and 5G are an important example of this malign activity by China.” 
Business Insider - Longtime Amazon VP Tim Bray just quit in dismay, calling the company 'chickens---' for firing workers who criticized it
A longtime Amazon engineer and vice president said he "quit in dismay" over Amazon's firing of whistleblowers who raised concerns about warehouse employees scared of contracting COVID-19.
Writing on his personal blog, Tim Bray said that remaining in his job "would have meant, in effect, signing off on actions I despised." He said his last day at the company was May 1.
Related - Ars Technica -  Amazon locks down internal employee communications amid organizing efforts -
Amazon is reportedly (and suddenly) enforcing rules limiting employees' internal communication as workers, critical of the company's behavior, become increasingly outspoken and organized.
Internal listservs with more than 500 participants are now required to move to a moderated model where a manager must approve any content before its distribution, according to emails obtained by Recode
...
The company told Recode that the moderation policy is not new but that Amazon has begun enforcement against lists that either weren't following the rules or had previously been granted exceptions after a "routine audit." An internal message to employees, obtained by Recode, said the change was to "minimize disruption to any business-critical email lists." 
Fox - DARPA has a 'game-changer' coronavirus test that's awaiting emergency approval, report says -
Described as a potential "game-changer," the test came from a project at the Defense Advanced Research Projects Agency (DARPA) that was initially designed for diagnosing those who have become poisoned by germ or chemical warfare, The Guardian reports. It was repurposed for the coronavirus pandemic and may be able to detect the presence of the virus in as little as 24 hours after a person is infected.
“The concept fills a diagnostic gap worldwide,” the head of DARPA's biological
technologies office, Dr. Brad Ringeisen, said in an interview with the news outlet. If approved by the FDA under its emergency use approval (EUA), Dr. Ringeisen said that the test could be “absolutely a gamechanger.”
National Review - Trump Admin. ‘Turbocharging’ Withdrawal of Supply Chains from China -
We’ve been working on [reducing the reliance of our supply chains in China] over the last few years but we are now turbocharging that initiative,” Keith Krach, undersecretary for Economic Growth, Energy and the Environment at the U.S. State Department, told Reuters, adding that the focus was on “the critical areas” and “bottlenecks.”
Measures involving the Commerce Department, State, and other federal agencies are being explored to determine which supply chains are “essential” and how they could be decoupled from China. Sources said that one such proposal involves the creation of a trade network of “trusted partners” called the “Economic Prosperity Network” that would not include China.
The Hacker News - New Malware Jumps Air-Gapped Devices by Turning Power-Supplies into Speakers
Cybersecurity researcher Mordechai Guri from Israel's Ben Gurion University of the Negev recently demonstrated a new kind of malware that could be used to covertly steal highly sensitive data from air-gapped and audio-gapped systems using a novel acoustic quirk in power supply units that come with modern computing devices.
...
"This technique enables playing audio streams from a computer even when audio hardware is disabled, and speakers are not present," the researcher said. "Binary data can be modulated and transmitted out via the acoustic signals. The acoustic signals can then be intercepted by a nearby receiver (e.g., a smartphone), which demodulates and decodes the data and sends it to the attacker via the Internet."

No comments: