NASTE Publishes SP 123456789

Today the National Academy of Security and Technology Equipment (NASTE) published a draft of their newest cybersecurity publication, SP 123456789, Password Selection for Little Used Applications with No Access to Sensitive Information. This publication was designed to provide guidance on how to select a password for access to free publications and stand-alone applications that provide no access to personally identifiable information.

Kate Libby, a researcher with Dragonfire Cyber, and one of the co-authors of the draft, explained: “The proliferation of devices and applications requiring a unique password for adequate cybersecurity protections has made it increasingly difficult for the average person to keep track of the multiple passwords. We need to make it simpler for people to remember their passwords by using realistic passwords for devices and applications where system compromise will have minimal impact on individual security.

In addition to selection of easily remembered passwords, a chapter of the proposed standard discusses the use of fake names and fictional biographic data when signing up for access to devices and accounts where there are few or limited security concerns.

CAUTIONARY NOTE: This is a future news story –

Local Blackouts Caused by Electric Grid Hack

Atkinson Electric Cooperative announced today that the recent series of electrical blackouts in the area around Delano, GA have been caused by attacks on the local electric distribution system. “We have seen a pattern of electric system shutdowns that appear to be caused by cyber-attacks on many of our automated circuit reclosers,” Preston S. Arkwright, AES spokesperson, told reporters this morning at the daily CI-SOC news conference; “These devices are designed to maintain power distribution in the face of minor interruptions and these hackers are using them as a weapon against our distribution system.”

General Turgidson, Director of National Critical Infrastructure Security Operations Center (CI-SOC), told reporters that teams from the Center had helped to investigate the power system interruptions. “Our teams discovered that the Robotron AWS systems had been individually hacked and reprogramed so that the reclosers did not actually reset the power connection when a potentially minor interruption occurred. Turgidson told reporters.

Dade Murphy, CTO of Dragonfire Cyber, told reporters at the news conference that a team of analysts had isolated a copy of a new Bluetooth malware, they were calling SoreTooth, that allowed attackers to use the AWS Bluetooth connection to reprogram the switch controller. “The crafters of this malware were using a new 0-day vulnerability and two known Bluetooth vulnerabilities to gain administrator level access to the switch software.”

The Federal Bureau of Inquiry is working with the CI-SOC and Dragonfire investigators to try to determine who is behind the attack. Johnathan Quest, FBI spokesperson, refused to comment on apparent claims that a terrorist group was behind the attack; “This is an ongoing investigation and we are not prepared to comment on the identity of potential suspects at this time.”

An Instagram account, since taken down, had been claiming that a group called Carbon Restoration was behind the attack. The group reportedly was acting to stop local utilities from buying solar and hydro generated electricity to replace power previously produced at coal fired power plants. The AEC web site notes that it was targeting a 50% share of daytime power supply from the growing number of solar power farms in Georgia.

CAUTIONARY NOTE: This is a future news story –