December 6, 2017
Drone Manufacturer DJI Accused of Spying on Critical Infrastructure – United States
According to a report generated by Los Angeles-based intelligence agents, the Department of Homeland Security has a strong reason to believe that drone manufacturer DJI is spying for the Chinese Government on pieces of critical infrastructure in the US. The memo was created by the Immigration and Customs Enforcement bureau back in August but is just now surfacing publicly this week. They believed Chinese-based Da Jiang Innovations (DJI) is stealing sensitive infrastructure and law enforcement data to covertly send back to the Chinese Government. Part of the report reads: SIP Los Angeles assesses with moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government. SIP Los Angeles further assesses with high confidence the company is selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data. The report goes on to specify which targets the Chinese Government has been attempting to spy on and they are certainly concerning. The list includes railroads, utilities, drinking water systems, and hazardous material storage facilities. DJI has denied the claims stating to the New York Times that the report is "based on clearly false and misleading claims." They said that their users are able to control what data is uploaded to the company's servers in China. They have recently added a feature allowing pilots to cut all outside internet connections while the drone is flying. While DJI makes many drones for hobbyists, these claims are focused on their commercial line where DJI has a nearly two-thirds market share.
U.S. Air Force Cyber Attack Plans Tested during National Grid Exercise – Washington, United States
Recently, 32 Air Force installations and representatives from Headquarters Air Force took part in the two-day national Grid Security Exercise IV, or GridEx IV, to simulate a coordinated response to cyber and physical security threats to North America's electricity grid and other critical infrastructure. GridEx IV, the largest exercise of its kind, brought together more than 6,500 participants from 450 government agencies and private industry from the U.S., Canada and Mexico. During the exercise, participants from the Department of Defense, civilian federal agencies, state and local entities, banking and telecommunication sectors and utilities simulated how they would respond to, recover from and facilitate the restoration of damaged grid infrastructure. “The Air Force recognizes the resiliency of the energy grid, but also understands both nature and adversaries could separate our missions from the electrons they need,” said Mark Correll, deputy assistant secretary of the Air Force for Environment, Safety and Infrastructure. “Participating in exercises like GridEx IV, allows us to test our preparedness plans and ensure the Air Force has resilient energy capabilities to assure our critical defense missions continue during a real-life crisis.” One of the main objectives of the exercise was to identify communication friction points and look for possible solutions. Staff from Joint Base Langley-Eustis, Virginia, were among the Air Force participants in the exercise. "Our participation in GridEx provided a great forum to work with our key mission partners and utility service provider," said Dan Porter, 633rd Civil Engineer Squadron base energy manager. "It helped to improve our lines of communication, increased our collaborative efforts and elevated the importance of JBLE's energy assurance plans."
Senators Again Propose National Breach Notification Law – United States
A trio of Democratic Senators is attempting to catapult Congress into the information security era by pushing for passage of a U.S. national data breach notification law. Sen. Bill Nelson of Florida, the top Democrat on the Senate Commerce Committee, on Thursday announced a bill, dubbed the Data Security and Breach Notification Act. Many other similar bills introduced earlier have failed to advance. The data breach notification measure would give companies a maximum of 30 days to notify victims and authorities after they discover a data breach. The bill also would make it a crime - punishable by up to five years in prison - to knowingly conceal a breach. Nelson's bill is being co-sponsored by two fellow Democratic committee members, Sen. Richard Blumenthal of Connecticut and Tammy Baldwin of Wisconsin. It would not supersede HIPAA's breach notification rule for the healthcare sector or the cybersecurity requirements of the Gramm-Leach-Bliley Act for the financial sector. The bill represents a repeat play by Nelson, who introduced the same legislation last year. This year, however, the proposed legislation comes on the heels of ride-sharing firm Uber on Nov. 21 warning that it suffered a breach that exposed personal information for 57 million of its riders and drivers.
FOR MORE INFORMATION:
To sign up for the complete daily G4S Corporate Risk Services Intelligence Bulletin, please subscribe.