National Security Institute: News Watch 9/21/2022


NSI's Weekly Security NewsWatch
For security leaders who want to extend their knowledge base - 10 expertly curated news items, summarized and designed to widen your perspective.
In This Issue 
  • CISA Will Measure Effects of Coming Standards on Industry’s Cybersecurity
  • OIG: DHS IT Systems Failed to Effectively Support Migrant Tracking
  • Social Media’s National Security Implications Draw Lawmaker Scrutiny
  • DCSA Introduces National Background Investigation Services Software for Form Collection
  • Bill Would Designate Russia State Sponsor of Terrorism
  • Global Open Internet Under Chinese Threat, Lawmakers Hear
  • 3 Iranian Citizens Charged in Broad Hacking Campaign in U.S.
  • CISA Orders Agencies to Patch Bugs Used in Attacks
  • Twitter Whistleblower: At Least 1 Chinese Spy Worked at Company
  • U.S. Trails China in Key Tech Areas, New Report Warns
FORWARD to security colleagues who want to extend their knowledge base and widen their perspective of the security professionFORWARD to security colleagues who want to extend their knowledge base and widen their perspective of the security profession

Put Your Logo on a Trusted, NISPOM Compliant Employee Security Awareness Newsletter

Stop wasting precious resources pulling content from multiple sources and then patchworking it together. 

One single, smart outsourcing decision gets you:

  • Quarterly newsletter prepared with zero effort required by your team
  • Content that motivates people to protect classified information and CUI
  • A place to insert your logo and make it your own
  • Fulfill and exceed NISPOM requirements - great inspection results

 More About Employee Security Connection

CISA Will Measure Effects of Coming Standards on Industry’s Cybersecurity (Nextgov, 9/19/22)

CISA will spend the next three years measuring the success of the government’s effort to protect both publicly and privately controlled critical infrastructure from cyberattacks.  According to a national plan the agency just released to take it through 2025, CISA’s strategy will involve performance goals that were due at the end of July under a national security memorandum addressing cybersecurity for industrial control systems used in critical infrastructure.

The agency is planning to issue them sometime in October, CISA Executive Assistant Director for Cybersecurity Eric Goldstein said.  “Where appropriate within CISA authorities, we will set standards and recommendations to guide security decisions, much like our efforts to establish performance goals and increase the cross-sector cybersecurity baseline,” the CISA plan reads.  Measuring progress in cybersecurity has been a notorious sore point from the start of targeted policymaking efforts on the issue. More 

OIG: DHS IT Systems Failed to Effectively Support Migrant Tracking (HS Today, 9/16/22)

DHS IT systems did not effectively allow migrant tracking from apprehension to release or transfer, the Office of Inspector General says.  DHS must be able to process and track each migrant from apprehension to transfer or release.  It is vital that Border Patrol agents identify whether each apprehended individual is traveling as part of a family to ensure members can be linked in the system of record.

Federal agencies rely on multiple IT systems to track migrants and to release or transfer vast numbers of single adults and family units from Border Patrol custody to U.S. Immigration and Customs Enforcement and the DOJ, or in the case of unaccompanied children, to the Department of Health and Human Services.  Border Patrol agents use the e3 system to record detainee information throughout the process, from apprehension to prosecution, release, or transfer to partner agencies or components. More

Social Media’s National Security Implications Draw Lawmaker Scrutiny (Nextgov, 9/15/22)

Lawmakers expressed national security concerns about the ways in which social media platforms moderate extremist content, how their algorithms and business models may promote the spread of harmful posts and videos, and about their relationships with foreign governments during a Senate Homeland Security and Governmental Affairs Committee hearing.  Members of the committee heard from witnesses, including former executives from Twitter and Facebook—now known as Meta—who said social media platforms are incentivized to share provocative content, because it draws the most user engagement, and current executives from four large social media companies—Meta, TikTok, Twitter and YouTube—who defended their efforts to quickly identify and remove harmful content from their sites. 

Committee Chairman Gary Peters, D-Mich., expressed concern about social media platforms’ moderation practices, saying that the companies “have still not taken the necessary steps to limit the spread of the hateful, dangerous and extremist content that has motivated real world violence.” More

The Secret to Keeping Their Attention After October's Cybersecurity Awareness Month

Nobody in your organization is anti-security in the sense that no one wants to be the person who opens the door to bad actors getting their hands on classified and controlled unclassified information.

But at the same time neither do they want to spend a lot of extra time learning about what seems to be someone else’s job. That doesn’t make them bad people, just normal. They have their own work to do and priorities that demand their attention. A key part of being an effective security professional is finding a way around this understandable attitude.

Here’s what you have to do to earn an increasing share of their time and attention. Show them you respect their busy schedule and answer this question “what’s in it for me?”.   More About SecuritySense

DCSA Introduces National Background Investigation Services Software for Form Collection (Executive Gov, 9/14/22)

The Defense Counterintelligence and Security Agency has released a training video introducing a new security clearance application form collection platform that replaces the legacy Electronic Questionnaires for Investigations Processing system.  In the video presentation, DCSA provided an overview of the various features and functionality of the National Background Investigation Services program’s eApp software, which is designed to help accelerate U.S. background investigations.

The agency also demonstrated the differences between the two systems to guide users as they prepare for the future transition from e-QIP.  The NBIS software serves as the federal government’s one-stop-shop system that provides end-to-end personnel vetting.  The Defense Information Systems Agency transferred responsibility for the platform to DCSA in October 2020.  More

Bill Would Designate Russia State Sponsor of Terrorism (The Hill, 9/14/22)

Sens. Lindsey Graham (R-S.C.) and Richard Blumenthal (D-Conn.) introduced a bill that would designate Russia as a “state sponsor of terrorism,” just a few months after the Senate Judiciary Committee members called on the Biden administration to do so.  The bipartisan duo is seeking to make Russia the fifth addition to the U.S. list of state sponsors of terrorism, joining North Korea, Iran, Syria and Cuba.  The designation would eliminate Russia’s sovereign immunity before U.S. courts and reduce foreign assistance and exports to the country.  

The newly introduced Russia Is a State Sponsor of Terrorism Act follows a resolution passed by the Senate in late July that called on Secretary of State Antony Blinken to impose the designation on Russia.  “If [Russian President Vladimir] Putin’s regime is not a State Sponsor of Terrorism after all this, then the designation is meaningless,” Graham said in a statement announcing the bill.  Biden earlier this month said he did not think Russia should get the designation. More

Global Open Internet Under Chinese Threat, Lawmakers Hear (Gov Info Security, 9/14/22)

Aspirations for a borderless global internet crashed into accusations of Chinese eagerness to exploit American's data in a pair of Capitol Hill hearings.  U.S. commitment to allowing all comers onto the network has come under strain following the growth among American users of Chinese apps such as WeChat and TikTok.  Although less combative than its predecessor, the Biden administration has sustained the Trump presidency's suspicion of Chinese technology fueled by user data.

For some lawmakers, short-form video app TikTok in particular is anathema, especially given its typically young user base of 100 million Americans.  One of its executives made a rare congressional appearance in a Senate Homeland Security Committee hearing during which she attempted to tamp down accusations that the app funnels data to the Chinese Communist Party.  The company updated its infrastructure to store all U.S. user data in the Oracle cloud environment and is working with the software giant to add new data security controls, said Vanessa Pappas, COO. More

3 Iranian Citizens Charged in Broad Hacking Campaign in U.S. (AP, 9/14/22)

The DOJ said last week that three Iranian citizens have been charged in the United States with ransomware attacks that targeted power companies, local governments and small businesses and nonprofits, including a domestic violence shelter.  The charges accuse the hacking suspects of targeting hundreds of entities in the U.S. and around the world, encrypting and stealing data from victim networks, and threatening to release it publicly or leave it encrypted unless exorbitant ransom payments were made.
In some cases, the victims made those payments, the department said.  The Biden administration has tried to go after hackers who have held U.S. targets essentially hostage, often sanctioned or sheltered by adversaries.  The threat gained particular prominence in May 2021 when a Russia-based hacker group was accused of conducting a ransomware attack on Georgia-based Colonial Pipeline, which disrupted gas supplies along the East Coast. More

CISA Orders Agencies to Patch Bugs Used in Attacks (Bleeping Computer, 9/14/22)

CISA added two new vulnerabilities to its list of security bugs exploited in the wild last week, including a Windows privilege escalation vulnerability and an arbitrary code execution flaw affecting iPhones and Macs.  The elevation of privileges bug in the Windows Common Log File System Driver is tracked as CVE-2022-37969, enabling local attackers to gain SYSTEM privileges following successful exploitation.

Microsoft patched the vulnerability discovered and reported by researchers at DBAPPSecurity, Mandiant, CrowdStrike, and Zscaler.  “We found this  zero day bug during a proactive Offensive Task Force exploit hunting mission.  An escalation of privilege exploit was found in the wild, exploiting this Common Log File System vulnerability," Dhanesh Kizhakkinan, Senior Principal Vulnerability Engineer at Mandiant, said. More

Twitter Whistleblower: At Least 1 Chinese Spy Worked at Company (Motherboard, 9/13/22)

In testimony to a Senate committee, a Twitter whistleblower said that the Chinese government had placed at least one agent of the country’s intelligence agency undercover as a Twitter employee.  Former Twitter head of security Peiter Zatko made the allegation during testimony before the Senate’s Judiciary Committee. 
Last month, Zatko, who is best known by his hacker handle Mudge, filed a whistleblower complaint accusing Twitter of having a series of grave cybersecurity issues, including insider threats, lack of monitoring, and the presence of an Indian government agent working inside Twitter.  Now, Zatko said that India was not the only foreign government that put one of its agents inside the company. More

U.S. Trails China in Key Tech Areas, New Report Warns (FCW, 9/13/22)

Imagine a future in which the most skilled U.S. tech workers can’t find jobs, authoritarian regimes exert more power than democratic governments, freedom of expression is replaced by open censorship, and no one believes the U.S. military can deter conflict.  All this could happen if China surpasses the United States in key technology areas, according to a new report from the Special Competitive Studies Project, led by former Deputy Defense Secretary Bob Work and Google co-founder Eric Schmidt. 

The report, released last week, looks at current and future technology competition between the United States and China—from microelectronics supply to tech talent retention to the effects of emerging technologies like artificial intelligence on tomorrow’s national security.  “In our judgment, China leads the United States in 5G, commercial drones, offensive hypersonic weapons, and lithium-battery production,” the report said, while the U.S. is ahead in biotech, quantum computing, cloud computing, commercial space technologies, and has a small lead in artificial intelligence.  More


Someone forward this to you? Go ahead and sign up for yourself here

Advertising - Over 14k security professionals subscribe. For more information contact us at 

National Security Institute
3 Sanger Circle, Dover, MA 02030

Contact: 508-533-9099 or 
Learn More:
Copyright © 2022 NSI, All rights reserved.