The Gate 15 Podcast Channel Gate 15

In the latest episode of the Weekly Security Sprint, Dave and Andy covered the following topics:

Nashville School Shooting:


CNN: https://www.cnn.com/us/live-news/nashville-shooting-covenant-school-03-27-23/index.html

Gate 15's Blue Jeans Worksho


The Conversation: ⁠⁠Watermarking ChatGPT, DALL-E and other generative AIs could help protect against fraud and misinformation⁠⁠, 27 March, shared by BJW Panelist, Todd Helmus

Political Violence


NBC: Trump warns of ‘potential death and destruction’ if he’s charged in hush money probe, 24 Mar
Newsweek: Jim Jordan’s Response to Trump’s ‘Death & Destruction’ Post, 24 Mar
CBS: “Significant increase” in threats online ahead of possible Trump indictment, 20 Mar
Breaking 911: Bomb Threats Made Against Manhattan DA, Courts & NYPD HQ As Possible Trump Indictment Nears, 21 Mar
NY Post: Envelope containing suspicious powder, death threat sent to DA Alvin Bragg’s NYC office, 24 Mar

Severe Weather:


BBC: https://www.bbc.com/news/world-us-canada-65072195

Cybersecurity Regulations:


CISA: CIRCIA at One Year: A Look Behind the Scenes, 24 Mar (Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA))


CISA: JCDC Cultivates Pre-Ransomware Notification Capability, 23 Mar
CISA: Getting Ahead of the Ransomware Epidemic: CISA’s Pre-Ransomware Notifications Help Organizations Stop Attacks Before Damage Occurs, 23 Mar

Ransomware:


Palo Alto report: https://unit42.paloaltonetworks.com/multi-extortion-rise-ransomware-report/


DataBreaches.net: Blended Threats! Cyberattack disrupts Spanish medicine distribution, 23 Mar
Lawrence Abrams and Bleeping Computer: The Week in Ransomware - March 24th 2023 - Clop overload, 24 Mar

Others:


Protests: @dave links?
Washington Post’s Cybersecurity 202: Everything you need to know about Thursday’s four cyber hearings, 24 Mar
CyberScoop: The pressing threat of Chinese-made drones flying above U.S. critical infrastructure, 23 Mar
CyberScoop: Fact or fiction, hacktivists’ claims of industrial sabotage in Russia or Ukraine get attention online, 22 Mar and Mandiant: We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems, 22 Mar
DoJ: Justice Department Announces Arrest of the Founder of One of the World’s Largest Hacker Forums and Disruption of Forum’s Operation, 24 Mar & CyberScoop: The FBI’s BreachForums bust is causing ‘chaos in the cybercrime underground,’ 24 Mar
CISA: Untitled Goose Tool Aids Hunt and Incident Response in Azure, Azure Active Directory, and Microsoft 365 Environments, 23 Mar

In this episode of The Gate 15 Interview, Andy Jabbour visits with Dr. Jeff Masters. Jeff Masters, Ph.D., worked as a hurricane scientist with the NOAA Hurricane Hunters from 1986-1990. After a near-fatal flight into category 5 Hurricane Hugo, he left the Hurricane Hunters to pursue a safer passion - earning a 1997 Ph.D. in air pollution meteorology from the University of Michigan. In 1995, he co-founded the Weather Underground, and served as its chief meteorologist and on its Board of Directors until it was sold to the Weather Company in 2012. Between 2005-2019, his Category 6 blog was one of the Internet’s most popular and widely quoted sources of extreme weather and climate change information. He now frequently writes for YALE Climate Connections.

On Twitter: @DrJeffMasters

In the discussion we address:


Jeff’s incredible Hurricane Hugo experience.

Intergovernmental Panel on Climate Change (IPCC) Report and going beyond the ‘planetary boundaries of safe operation for the planet.’

Jeff’s important ideas to understand about climate change.

Jeff discusses his two biggest climate concerns - the disruptive threats from sea level rise and drought, including:

A potential ‘massive financial threat to the US.’ Jeff says, ‘we’re not correctly pricing risk…there threatens to be a shakeout in the…market’ and he notes insurance company struggles in Florida, Louisiana and California as examples before discussing the potential cascading effects associated with humans fleeing from the coasts.

Threats to critical infrastructure, including real estate, water and wastewater, transportation and supply chains.

And he explains his concerns about drought impacting food prices and leading to famine.

Hurricane season 2023, an anticipated El Nino year, perhaps something that may look like the 2018 hurricane season.

Plus! Devo, getting outdoors, watermelon, and the beauty of the Havasupai Canyon.
A few references mentioned in or relevant to our discussion include:


Jeff’s Hurricane Hugo Experience:

Weather Underground: Hunting Hugo: The Hurricane Hunters' Wildest Ride, a multi-part story of Jeff’s incredible experience in the eye of Hurricane Hugo.

Weather Underground: A flight through Hurricane Hugo, remembered 20 years later, 15 Sep 2009

Originally published in Weatherwise magazine, Hunting Hugo was made available in digital form, complete with the many photos I took on the flight, on the web site I co-founded, Weather Underground. A separate account of the flight was written by a reporter from Barbados who was on the flight, and was published in my Weather Underground blog in 2009. There was a 45-minute episode of “Air Crash Investigation” (AKA “Mayday”) on the Hugo flight called “Into the Eye of the Storm” that aired in 2014. Several hundred thousand dollars was spent on the episode, which included CGI effects, a set built in Toronto to simulate the flight, and actors playing the crew and scientists. In 2022, the video was available with a paid subscription to Paramount Plus. The video was also available for free at apparat.com.

Take to the Sky: The Air Disaster Podcast: Episode 85: NOAA 42 Hurricane Hunters, 02 Dec 2021

Intergovernmental Panel on Climate Change (IPCC) Report:

The Guardian: Scientists deliver ‘final warning’ on climate crisis: act now or it’s too late, 20 Mar

IPCC Sixth Assessment Report, 20 Mar

IPCC IPCO Sixth Assessment Report Working Group 1: The Physical Science Basis; Summary for Policymakers

BBC: UN climate report: Scientists release 'survival guide' to avert climate disaster, 20 Mar

New York Time: Earth to Hit Critical Warming Threshold by Early 2030s, Climate Panel Says, 20 Mar

Climate.gov: Climate Change: Global Sea Level, 19 Apr 2022

NASA Vital Signs

NASA Sea Level Change; Observations from Space

NASA Sea-Level Toolkit: New Guide Helps Planners Prepare, 07 Fe

On the latest episode of Nerd Out, Dave goes solo to talk about behavioral analytics, recent reporting and how to merge those together to deliver insights and develop appropriate plans. It's one thing to have the data, and it's one thing to have the reports that point to various types of behaviors, but merging them together can be a challenge. Dave also talks to the ways to develop the data if you don't have a tool. Dave wraps up by giving some thoughts on what he is seeing from the ever expanding extended universes. Is there a reason to be concerned? Could he be losing interest?
Reports mentioned in this podcast include:
START: https://www.start.umd.edu/spotlight/pirus-dataset-launches-major-update-adding-955-subjects-database
U.S. Secret Service: https://www.secretservice.gov/newsroom/releases/2023/01/new-secret-service-research-examines-first-time-five-years-mass-violence

In this Week's Security Sprint, Dave and Andy talk about the following topics.
Extremism and Terrorism:

START reports. PIRUS: https://www.start.umd.edu/profiles-individual-radicalization-united-states-pirus-keshif; https://www.start.umd.edu/news/major-update-pirus-dataset-adds-955-us-subjects-2019-2021


Press Release via Yahoo! Terrorist attacks more deadly, despite decline in the West, 14 Mar, PDF and complete report, Institute for Economics & Peace: Global Terrorism Index 2023
Catholic Vote: ⁠⁠300th Catholic Church Attacked Since 2020⁠⁠, 13 Mar

Banking Fears:

World Economic Forum: https://www.weforum.org/agenda/2023/03/fears-global-banking-crisis-economy-roundup/
CNN: https://www.cnn.com/2023/03/16/investing/bank-scare-credit-suisse/index.html

Intergovernmental Panel on Climate Change (IPCC) Report:

The Guardian: Scientists deliver ‘final warning’ on climate crisis: act now or it’s too late, 20 Mar
IPCC Sixth Assessment Report, 20 Mar
IPCC IPCO Sixth Assessment Report Working Group 1: The Physical Science Basis; Summary for Policymakers

Other:

New York Post: NYC bracing for unrest after Trump calls for protests over possible arrest, indictment, 19 Mar
The Register: LockBit brags: We’ll leak thousands of SpaceX blueprints stolen from supplier, 13 Mar
CISA: CISA Establishes Ransomware Vulnerability Warning Pilot Program, 13 Mar
DOJ: Associate Attorney General Vanita Gupta Issues Statement on the FBI’s Supplemental 2021 Hate Crime Statistics, 13 Mar
Senator Mark Warner: Warner, Blackburn, Colleagues Request Cybersecurity Analysis of Chinese-Made Drones, 16 Mar
SEC: SEC Proposes New Requirements to Address Cybersecurity Risks to the U.S. Securities Markets, 15 Mar
CyberScoop: Presidential advisory council recommends cyber mandates for critical infrastructure, 14 Mar

On the latest episode of the Security Sprint, Andy bails Dave out on some technology issues and they work through it to cover the following topics.
FBI IC3 Report: 

FBI Internet Crime Report 2022 (PDF) & Report Statistics 
Risky Biz News: BEC loses top spot in FBI Internet Crime report, 12 Mar 

Physical Security: NJ [.] com: 

Man yelled ‘white lives matter,’ threw smoke bombs at N.J. church’s anti-racism concert, 06 Mar 
Michigan Man Arrested and Charged For Illegally Possessing Firearms While Making Threats to Kill Government Officials, 10 Mar
Florida neo-Nazis who projected a swastika on a downtown building say the hysteria over drag queens is helping them recruit people, 10 Mar

ODNI Annual Threat Assessment: 

'ODNI Releases 2023 Annual Threat Assessment of the U.S. Intelligence Community and see here, PDF report, and U.S. Senate Hearing 08 Mar 
Risky Biz News: ODNI report highlights China as the US’ biggest cyber threat, 09 Mar 

SVB: 

Statement from President Joe Biden on Actions to Strengthen Confidence in the Banking System 
READOUT: Financial Stability Oversight Council Meeting on March Federal Reserve Board - Federal Reserve Board announces it will make available additional funding to eligible depository institutions to help assure … 
Federal Reserve Board - Joint Statement by Treasury, Federal Reserve, and FDIC 
Silicon Valley Bank: why did it collapse and is this the start of a banking crisis? 
In historic last-minute deal, HSBC acquires Silicon Valley Bank UK, says all depositors’ money is safe 
Silicon Valley’s surreal weekend 
SVB’s ventures are taken apart in China, UK after US bank’s collapse 

Other Cybersecurity Updates: 

Cyber Incident Reporting Framework: Global Edition (PDF) 
NBC: Data breach hits ‘hundreds’ of lawmakers and staff on Capitol Hill, 08 Mar 
CNN: Hundreds of US lawmakers and staff affected by data breach, 08 Mar 
WaterISAC: Threat Awareness – Keep Our Eyes on Emotet, 09 Mar 
Cofense: Emotet Sending Malicious Emails After Three-Month Hiatus, 07 Mar 
WIRED: The Era of Faked CCTV Has Truly Arrived, 07 Mar 
Washington Post: Cyberattacks Are Just One Part of Hybrid Warfare, 07 Mar 

Ransomware: 

WIRED: Ransomware Attacks Have Entered a ‘Heinous’ New Phase, 13 Mar 
Security Scorecard: ESXi Ransomware - A case study of Royal Ransomware Prepared by: Vlad Pasca, Senior Malware & Threat Analyst 
Sentinel Labs: IceFire Ransomware Returns; Now Targeting Linux Enterprise Networks, 09 Mar 

John Cena: Cybersecurity Enthusiast (?): @CenaOnSecurity 
Gate 15's upcoming Blue Jeans Workshop: Addressing MDM Threats While Protecting Free Speech

In the latest episode of the Risk Roundtable, Andy and Dave welcome in Tracy Maleef as they went through the latest security news. Tracy kicked things off by looking at a new scam reported on by the Better Business Bureau involving craft fairs (is there no place that's safe). Then the roundtable took turns looking at the recently released National Cybersecurity Strategy and what it means for individuals and organizations, especially around training and information sharing. Andy used the release to also discuss corresponding actions that the EPA is taking to improve the resiliency of the water system. Tracy then transitioned back to other types of scams and how Artificial Intelligence is even getting into the scam business targeting individuals pretending to be loved ones and how safe words could be an effective mitigating factor. Dave wrapped things up with a quick hit on venue security to which the group discussed how this is not strictly a physical security problem, but in fact a blended threat. Andy put the finishing touches on the pod with his three questions (no comment on the new CISA website redesign).

National Cybersecurity Strategy: 

White House: FACT SHEET: Biden-⁠Harris Administration Announces National Cybersecurity Strategy, 02 Mar 
Gizmodo: I Read the Biden Administration’s New Cyber Policy So You Don’t Have To, 04 Mar 
US House Committee on Homeland Security: Green, Garbarino Statement on the Release of the National Cybersecurity Strategy, 02 Mar 
Risky Biz News: White House unveils National Cybersecurity Strategy, 02 Mar 
HS Today: COLUMN: A Shared Accountability Approach to Cyber Defense, by Bob Kolasky, 02 Mar 
CISA Readout: Director Easterly Visits Carnegie Mellon University, Calls for “Radical Change” for Technology Product Safety in Major Address, 27 Feb
Industrial Cyber: National Cybersecurity Strategy sets its eyes on improving security, resilience across critical infrastructure, 03 Mar 
WSJ: Cisco Chief Says Tech Products Must Be Made More Secure, 02 Mar 

Water Cybersecurity: 

EPA: EPA Takes Action to Improve Cybersecurity Resilience for Public Water Systems, 03 Mar 
Risky Biz News: EPA releases cybersecurity guidance for US public water sector, 05 Mar 
CNN: US introduces new rules to protect water systems from hackers, 03 Mar 
CyberScoop: EPA issues water cybersecurity mandates, concerning industry and experts, 03 Mar 
SC Media: EPA memo pushes states to include cybersecurity in water safety reviews, 03 Mar 
Industrial Cyber: EPA issues memorandum to address PWS cybersecurity using sanitary surveys, improve resilience, 06 Mar 

Venue Security: 

AP: 1 dead, 9 hurt in stampede at GloRilla concert in New York, 06 Mar 
Dr. G K Still on Twitter, ‘Teaching crowd safety/risk analysis around the world. Consulting and expert witness experience help develop better teaching and training courses.’ International Association of Venue Managers’ (IAVM) Academy of Venue Safety and Security (AVSS) 

Scams: BBB Scam Alert: 

Think twice before filling out craft fair applications, 03 Mar 
Washington Post: They thought loved ones were calling for help. It was an AI scam., 05 Mar