Quick Hits for Oct. 22
*** A data system with direct links to Healthcare.gov was hacked, leading to the theft of records on 75,000 individuals, according to the Centers for Medicare and Medicaid Services. CMS reported detecting "anomalous activity" on Oct. 13 in the Federally Facilitated Exchanges, which allows insurance agents and brokers to assist health care consumers with enrollment under the Affordable Care Act. On Oct. 16, CMS declared a breach, and disabled accounts linked to the breach and shut down the Direct Enrollment system. The news was made public late in the day on Oct. 19. CMS said it was looking to have the system for agents and brokers back up in seven days. The self-service enrollment website HealthCare.gov remains operational, as does the Marketplace Call Center.
*** The Federal Energy Regulatory Commission approved a cybersecurity rule covering the U.S. electrical grid. The rule, based on standards proposed by the North American Electric Reliability Corporation in January 2018, requires covered electrical utilities to phase in new supply chain risk management practices over the next 18 months. The goal is to have better visibility into industrial control system hardware, software and networking services that are used to operate the nation's bulk electric system. FERC noted in the final rule that security gaps remain in the electrical grid, because standards do not cover firewalls, authentication servers, breach monitoring and alerting systems and other components covered under the category of electronic access control and monitoring systems. These ECAMS, if compromised, could yield attackers control of a protected asset. FERC has directed NERC to develop modifications to the rule to encompass supply chain risk management of such monitoring systems within two years.
*** The Defense Advanced Research Projects Agency is trying to find out how to make computers learn more like human children. The agency recently held a proposer's day for its Machine Common Sense program; the program is the first entrant in DARPA's $2 billion AI Next campaign. The MCS initiative is meant to give machines the ability to understand and navigate situations they are not explicitly programed for.
DARPA will be researching new machine learning techniques and advances in developmental psychology to try and make this happen.
"My deep belief is the magic answer is somehow buried in what human children know at one year old," said Dave Gunning, a program manager within the Information Innovation Office at DARPA.
Responses to the announcement are due by Dec. 18. Gunning said they will pick whom to work with by January and will begin the research by spring of 2019.
*** The United Kingdom reported that phishing and malicious spam is down as a result of the work of the National Cyber Security Centre, the centralized, all-of-government computer security agency that is part of the country's intelligence community. NCSC, which is part of the Government Communications Headquarters apparatus, handled security for all government domains and conducts incident response and threat assessment for threats aimed at the private sector as well. In its annual report for 2018, NCSC reported that more than 138,000 phishing sites were removed and that the country's share of global phishing attacks was down sharply from 5.3 percent in June 2016 to 2.4 percent in July 2018. The report credited the implementation of Domain-based Message Authentication Protocol with protecting government domains from spoofing. NCSC is also advancing a program to extend active cyber defense services to government owned devices. Currently 14,500 such devices are equipped with ACD services, and that number is expected to "increase significantly" in the coming months, according to the report.
Posted on Oct 22, 2018 at 1:51 AM