Quick Hits

*** Paul Brubaker, currently a deputy assistant secretary in the Cybersecurity, Energy, Security and Emergency Response (CESER) office at the Department of Energy will be moving to the Department of Veterans Affairs in early March to become the deputy CIO for account management. He is replacing Alan Constantian, who recently retired. Brubaker has worked for many years in and around government— as a Senate staffer, a senior executive in the Defense Department and the Department of Transportation and in a number of executive roles in the private sector.

*** A federal district court judge dismissed a lawsuit from Chinese telecommunications firm Huawei challenging a provision in the fiscal year 2019 National Defense Authorization Act that prohibits federal agencies from acquiring Huawei gear as well as video and communications products from certain other Chinese-owned firms.

*** The Cybersecurity and Infrastructure Agency revealed that an unnamed natural gas facility in the United States has been hit by a ransomware attack. In a U.S. Computer Emergency Readiness Team alert, the agency said the attackers spearphished its way to initial access of the organization's IT network and pivoted to the operational technology network before deploying commodity ransomware. According to the notice, the attack did not impact programmable logic controllers and the organization never lost operational control, but it did shut down operations for two days as a result. The CISA alert did not specify the name of the organization or when the attack took place.

*** New legislation sponsored by Sen. Chuck Grassley (R-Iowa) and backed by Sen. Mark Warner (D-Va.) would standardize the role of the chief financial officer across government and give Congress and the public a clearer view of how agencies are hitting cost and performance targets. The bill also vests deputy CFOs with new authority in the case of a CFO vacancy.

*** The FBI is warning industrial control system that a Trojan targeting the software supply chain, energy, financial and healthcare sectors bears similarities to the notorious Shamoon wiper malware that was used against Saudi Arabian oil companies in 2012. An FBI alert to industry published by a Louisiana information sharing group warns recipients about the connection, though it notes the Remote Access Trojan virus, dubbed "Kwampirs," does not appear to have a wiper component. The bureau also passed along a number of rules that can be used with websites like VirusTotal and GitHub to identify the malware.

*** New research from cybersecurity firm Eclypsium finds that unsigned firmware is a major security problem for many WiFi adapters, USB hubs, trackpads and cameras. Most enterprise devices do not verify that the code governing these components is authentic, leaving an opening for hackers to insert malware "which the component would blindly trust and run." That in turn would give attackers a foothold to launch further intrusions, facilitating man-in-the-middle attacks, packet sniffing, data loss and even ransomware attacks.