Tag Archive for: required

Counties required to adopt security system

/in


By MARY MURPHY
Washington State Journal

OLYMPIA – Under a bill Secretary of State Steve Hobbs endorsed, all counties are required to install “Albert Systems,” a technology that notifies counties when there is an attempted cybersecurity attack. 

Even though ballot-counting machines are not connected to the Internet, election data is often circulated on Internet communication channels. Technology like the Albert System can help protect the security of county records by monitoring any attempt to manipulate, intercept, or tamper with data transmitted through these channels. 

While 36 of 39 counties across the state already use this system, the counties that don’t have expressed concern about requiring this technology. Lincoln County officials, for example, spoke to its use of the Albert System and its potential flaws.

“Lincoln County became a victim of a ransomware attack in 2020,” Rob Coffman, Lincoln County Commissioner, said. “At the time, it had Albert Systems monitoring the county network. That attack brought the county to its knees for months, costing tens of thousands of dollars.”

Coffman said the third-party non-profit which runs Albert Systems, the Center for Internet Security, never notified the county of the attack. 

The version of the bill that passed requires counties to install the Albert System specifically. “We all want secure elections,” Tom Gaines, Grant County Commissioner, said. “We all want to make sure that the people in our communities know that their data is safe, but we shouldn’t be forced to put something into our data center that sits outside our firewall, that we’re not allowed to ask about, and that we don’t get a dashboard to see what’s going back and forth.”

Others, however, say this legislation is necessary and timely. 

“We are under threat from seen and unseen vulnerabilities within our election systems, and in Washington State,” prime sponsor, Sen. Joe Nguyễn, D-White Center, said. “Thanks to the leadership of our secretary of state, we figure by example. But we are not immune to the dangers that cast a shadow over the safety of our own votes.” 

Nguyễn…

Source…

United, American, Southwest Airlines and Others Say Masks No Longer Required – NBC Chicago

/in


Monday, U.S. District Judge Kathryn Kimball Mizelle voided the Centers for Disease Control and Prevention’s current national mask mandate on airplanes and mass public transit.

The 59-page ruling from the Florida judge said the CDC failed to justify its decision and did not follow proper rulemaking procedures that left it fatally flawed.

The CDC had recently extended a federal mask mandate on public transit and in public transportation hubs until May 3, to allow more time to study the BA.2 omicron subvariant of the coronavirus now responsible for the vast majority of cases in the U.S.

Regarding the ruling, a White House administration official on Monday said, “The agencies are reviewing the decision and assessing potential next steps. In the meantime, today’s court decision means CDC’s public transportation masking order is not in effect at this time.

Therefore, TSA will not enforce its Security Directives and Emergency Amendment requiring mask use on public transportation and transportation hubs at this time.”

Based on that ruling, here’s a look at which major U.S. airlines are lifting their mask mandates for domestic flights.

American Airlines: Masks No Longer Required

“In accordance with the Transportation Security Administration no longer enforcing the federal face mask mandate,” American Airlines said in a statement Monday. “Face masks will no longer be required for our customers and team members at U.S. airports and on domestic flights. Please note face masks may still be required based on local ordinances, or when traveling to/from certain international locations based on country requirements.”

Alaska Airlines: Masks No Longer Required

“Face masks have been like boarding passes for nearly two years — you couldn’t fly without one,” Alaska Airlines said in a statement. “But, as of today, masks are optional in airports and onboard aircraft, effective immediately.” 

“Due to a judicial decision in our federal court system, the mask mandate has been overturned, which means our guests and employees have the option to wear a mask while traveling in the U.S. and at work.”

Delta: Masks No Longer Required

“Following the ruling of a…

Source…

Billions required to prevent next pandemic, warns epidemic expert

/in


Governments must invest billions of dollars to prevent the next pandemic and begin constructing a library of vaccines for every single family of viruses, says the organisation charged with preparing the world for emerging infectious diseases.

Richard Hatchett, chief executive of the Coalition for Epidemic Preparedness Innovations, said it could take as little as five years to create the vaccine bank that could be adapted when a threat was detected, to ensure the world could start vaccinating within 100 days.

Vaccine makers were able to deliver Covid-19 vaccines in record time partly because they were already developing jabs for Mers, another coronavirus. But Hatchett said that unless shots were prepared for other virus families, the world might not be as lucky next time.

“The core of the 100-day mission is built on this idea of looking at prototype viruses from the different viral families and doing as much of the work . . . in advance as possible. That’s a large but finite task,” he told the Financial Times ahead of a global pandemic preparedness summit next week in London.

The event comes as western countries ease restrictions to try to live with the virus and politicians are focused on the war in Ukraine.

Hatchett warned against “pandemic fatigue”, saying an outbreak was “not like a volcano where the eruption discharges the risk”. In fact, the increasingly interconnected world had created conditions ripe for disease outbreaks, including for other coronaviruses.

“Why would we take this to be the last [coronavirus]? We know there are other coronaviruses out there in the wild,” he said. “Some could be theoretically as infectious as Sars-Cov-2 and possibly with a mortality that is closer to Sars-Cov-1, or Mers. That would be truly terrifying.”

© Richard Cannon/FT

Hatchett said governments, business and citizens should think about protecting against pathogens like the world treated computer viruses. “We don’t think about computer threats as, ‘Oh, Stuxnet, it’s gone, we have the patch and we don’t need to worry about cyber security any more’,” he said, referring to the computer worm originally aimed at Iran’s nuclear facilities.

Cepi…

Source…

Data Breach Notification Laws in the United States: What is Required and How is that Determined? | Burr & Forman

/in


Has your business considered what obligations you would have to notify people in the event of a cyber-attack that compromises some or all of your IT systems? Have you cataloged all the data you collect and where it is stored so that you can determine whose information is impacted by a breach? If not, you are certainly not alone. With the continuing increase in cyber-attacks and particularly ransomware, combined with laws that are imposing shorter and shorter notice deadlines, it is important for all businesses to understand the scope of their potential notification obligations in the event they fall victim to an attack.

Breach Notification Laws

Breach notification requirements obligate organizations that are collecting, storing, processing, or otherwise in possession of personally identifiable information to notify the individuals if the information is compromised in a security breach. In addition to notifying the identified individuals, many states require that the Attorneys General offices and the Credit Reporting Agencies be notified, depending on how many identified individuals in the state received notices. If you are missing contact information for some of the identifiable individuals, if the number of identified individuals is particularly high, or if the cost of the required notifications is excessive, you may have the option to, or be required to, provide substitute notice in lieu of or in addition to individual notices. In most cases, substitute notice requires notification to be placed prominently on your website as well as distributed through the media, in print, on television, and/or by radio.

In the United States, certain Federal Laws govern obligations to report data breaches in particular industries, including:

  • The Health Insurance Portability and Accountability (HIPAA) Act provides notification requirements for a security breach that compromises protected health information held by a covered entity or its business associates.
  • The Gramm-Leach Bliley Act (GLBA) requires covered financial institutions to notify customers whose non-public personal information is compromised by a security breach.
  • The Computer-Security Incident Notification Requirements for…

Source…