Weekly Security Sprint EP 59. Terrorism news, Hurricanes, and Health Preparedness

Please enjoy our newest podcast, the Weekly Security Sprint, on Spotify, Apple, Google, as well as other locations accessible via the Spotify for Podcasters link or almost anywhere you listen to your favorite podcasts.

---

In this Week’s Security Sprint, Dave and Andy talked about the topics below. For more of these and other security updates, subscribe to our free daily report, delivered directly to your inbox, the Gate 15 SUN. To subscribe, please email [email protected].

• Major companies put U.S. cyber defenses to the test in simulated attack
• The Auto-ISAC Launches Automotive Threat Matrix (ATM) Tool to Enhance Vehicle Cybersecurity Governance
• Change Healthcare Wake-Up Call: Is Sector Too Codependent? Denise Anderson and Errol Weiss of Health-ISAC Discuss Critical Cyber Issues. 
• Signing of MOU between CI-ISAC Australia and Health ISAC

Main Topics

Russia, Terrorism

• ISIS issues horrifying warning as ‘lone wolves’ ordered to target Christians and Jews. ISIS spokesperson Abu Hudhaifa al-Ansari told “lone wolves” to mobilise and target Christians and Jewish people in the US, Europe and Israel. An audio message released on the messaging platform Telegram saw al-Ansari urging terrorists to strike during the ongoing month of Ramadan. Ramadan, the holy month in the Muslim calendar, began on March 11 this year, and is set to last until April 10. The audio was shared by the Al-Furgan Foundation the primary media production house of the Islamic State.
• ISIS calls for Ramadan massacre of Christians and Jews by lone wolves across US, Europe and Israel
• Reuters: Iran alerted Russia to security threat before Moscow attack
• Egyptian suspect, 62, to face trial after police foil alleged ISIS terror attack on Notre Dame Cathedral
• ISIS Issues Fresh Threat To Putin: Reports
• No evidence so far of Ukraine’s involvement in Moscow terrorist attack: Putin
• What is ISIS-K, the terror group claiming responsibility for the Moscow concert hall attack?
• Russian intel heads allege Western support for Moscow attack
• Rocked by Deadly Terror Attack, Kremlin Amps Up Disinformation Machine
• “Israel is ISIS” and other lies about the Crocus City Hall terror attack
• Special Edition: The Moscow Terror Attack; How Russia, China, and Iran are spinning the tragedy to spread disinformation about the West
• Russia Amps Up Online Campaign Against Ukraine Before U.S. Elections
• Improving the Security of Soft Targets and Crowded Places: A Landscape Assessment
• Keeping Soft Targets and Crowded Places Safe from Mass-Casualty Attacks: Insights from a Landscape Assessment
• Comparing Violent Extremism and Terrorism to Other Forms of Targeted Violence

Explosive Atlantic hurricane season predicted for 2024, AccuWeather experts warn; A super-charged hurricane season could spawn a near-record number of storms in the Atlantic this year, and forecasters may even run out of names for storms amid a frenzy of tropical systems. 

• April Fools! Atlantic hurricanes to be given both first and last names

Health and Broader Preparedness: 

• Future State of Smallpox Medical Countermeasures
• National Academies report says US not ready for intentional, accidental smallpox outbreak
• Gate 15: Webinar Recording: Getting Started Now: Pandemic Preparedness After-Action Reports, 17 Apr 2020

Gate 15:Pandemic Preparedness: Start Your After-Action Report & Improvement Planning (NOW), 26 Mar 2020)

Quick Hits

CISA Seeks Input on CIRCIA Notice of Proposed Rulemaking. The Federal Register posted for public inspection the Cybersecurity and Infrastructure Security Agency (CISA) Notice of Proposed Rulemaking (NPRM), which CISA was required to develop by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The NPRM will soon formally publish in the Federal Register, following which the public will have 60 days to provide their written comments to inform the direction and substance of the Final Rule. Beginning in September 2022, CISA solicited input from public and private sector stakeholders, including the critical infrastructure community, as the agency developed the NPRM, and the open comment period on the NPRM is another opportunity for stakeholders to submit written comments on the CIRCIA rulemaking process. The NPRM contain proposed regulations for cyber incident and ransom payment reporting, as well as other aspects of the CIRCIA regulatory program. Implementation of CIRCIA will enable CISA to develop insights on the cyber threat landscape to drive cyber risk reduction across the nation and to provide early warning to entities who may be at risk of targeting. The comments CISA received through the Request for Information (RFI) and listening sessions over the past year helped shape this NPRM. In turn, getting robust input on the NPRM will support our ability to implement CIRCIA to drive national cyber risk reduction. Any member of the public, including critical infrastructure sector entities and other stakeholders, can provide written comments on the NPRM during the 60-day public comment period. Detailed information about the NPRM and instructions for submission of public comment will be available at Federal Register – Public Inspection: Cyber Incident Reporting for Critical Infrastructure Act. Visit cisa.gov/CIRCIA to learn more.

• CISA releases draft rule for cyber incident reporting
• Thompson, Clarke Release Statement on CISA Cyber Incident Reporting Proposed Rule
• WSJ: U.S. Publishes Draft Federal Rules for Cyber Incident Reporting
• CISA publishes 447-page draft of cyber incident reporting rule
• CISA’s cyber incident reporting rules will apply to 316K entities
• CISA’s proposed framework for cyber incident reporting rules includes subpoena power

• CISA: Reported Supply Chain Compromise Affecting XZ Utils Data Compression Library, CVE-2024-3094
• Red Hat: Urgent security alert for Fedora 41 and Rawhide users.
• FBI PSA: Child Sexual Abuse Material Created by Generative AI and Similar Online Tools is Illegal
• Seven Hackers Associated with Chinese Government Charged with Computer Intrusions Targeting Perceived Critics of China and U.S. Businesses and Politicians
• Google: A review of zero-day in-the-wild exploits in 2023
• Intel 471: Vulnerabilities Year-in-Review: 2023
• The Audacious MGM Hack That Brought Chaos to Las Vegas
• IRS kicks off annual Dirty Dozen with warning about phishing and smishing scams
• Ivanti-linked breach of CISA potentially affected more than 100,000 individuals
• AT&T notifies users of data breach and resets millions of passcodes
• CNN: Hackers stole Russian prisoner database to avenge death of Navalny
• CISA: Emergency Communications Month 2024: Resilient Together
• U.S. Department of Education Launches Government Coordinating Council to Strengthen Cybersecurity in Schools
• What Caused the Red Sea Submarine Cable Cuts?
• Recorded Future: Violent Extremists Dox Executives, Enabling Physical Threats
• How the Baltimore bridge collapse spawned a torrent of instant conspiracy theories
• Misinformation Milestone of More than 100 Israel-Hamas War False Claims
• Threats to Catholic Charities staffers increase amid far-right anti-migrant campaign
• Readout from state convening to discuss cybersecurity and the water sector
• FS-ISAC: New Cyber Threats To Challenge Financial Services Sector In 2024
• FACT SHEET: Vice President Harris Announces OMB Policy to Advance Governance, Innovation, and Risk Management in Federal Agencies’ Use of Artificial Intelligence
• Rewards for Justice – Reward Offer for Information on ALPHV BlackCat-linked Cyber Actors Targeting U.S. Critical Infrastructure

Read more about Gate 15’s full podcast menu at our Podcast page. You can subscribe and enjoy all the Gate 15 Podcasts on Spotify for Podcasters, Apple, Spotify, Google, as well as other locations accessible from the Spotify for Podcasters link. Week-to-week, you can hear and learn more about our all-hazards threats, risks, mitigation and other issues impacting homeland security risk management from our team as well as our regular and special guests. The full podcast menu includes:

• The Security Sprint is our weekly rundown of the week’s notable all-hazards security news, risks and threats and some of the key focus areas for organizations to consider behind the headlines. Gate 15 team members discuss physical security, cybersecurity, natural hazards, health threats and other issues across our environment.
• Nerd Out! Security Panel Discussion, moderated by Dave Pounder, focuses on physical security topics including terrorism, extremism, hostile events, and other pertinent topics.
• The Gate 15 Interview, is a monthly interview between Gate 15’s founder and Managing Director, Andy Jabbour and guests from throughout the homeland security risk management community addressing a wide range of all-hazards topics and issues.
• Venue Security, The IAVM Podcast Series is our newest podcast as Gate 15’s founder and Managing Director, Andy Jabbour hosts short interviews with venue safety and security experts from the International Association of Venue Managers’ (IAVM) Venue Safety and Security Committee (VSSC) and other special guests from the IAVM community.
• The Cybersecurity Evangelist, with Jennifer Lyn Walker, is a cybersecurity-focused discussion with Jen and invited guests. This is presently a Gate 15 special podcast and occasionally is updated on our Gate 15 podcast channel.
• The Risk Roundtable, was a monthly discussion among our team and occasional guests exploring the all-hazards threats and risks impacting the United States and internationally. This was suspended in September 2023.

We hope you’ll subscribe, listen and share your ideas and other feedback! Reach out to us on Threads,  LinkedIn, via email at: [email protected], and also on X, the platform formerly known as Twitter.