Normal view
Volkswagen Will Invest Up to $5 Billion in EV Maker Rivian
© Joel Angel Juarez/Reuters
Apple’s App Store Policies Charged Under New E.U. Competition Law
© Johanna Geron/Reuters
How Netflix’s Corporate Culture Has Changed
© Philip Cheung for The New York Times
What the Arrival of A.I. Phones and Computers Means for Our Data
© Derek Abella
These Grieving Parents Want Congress to Protect Children Online
© Amanda Lucier for The New York Times
The Future of Netflix, Amazon and Other Streaming Services
© SMLXL Company
How Mark Zuckerberg’s Meta Failed Children on Safety, States Say
© Illustration by Pablo Delcan; Photograph by Kenny Holston/The New York Times
Gilead Shot Provides Total Protection From HIV in Trial of Young African Women
© Aaron Ufumeli/EPA, via Shutterstock
CDK Global Cyberattack Disrupts Car Sales in U.S. and Canada
© Tristan Spinski for The New York Times
260 McNuggets? McDonald’s Ends A.I. Drive-Through Tests Amid Errors
© Damian Dovarganes/Associated Press
Amazon Says It Will Stop Using Plastic Pillows in Shipments
© Fred Greaves/Reuters
-
NYT: Technology
- Ilya Sutskever, OpenAI Co-Founder Who Helped Oust Sam Altman, Starts His Own Company
Ilya Sutskever, OpenAI Co-Founder Who Helped Oust Sam Altman, Starts His Own Company
© Jim Wilson/The New York Times
How A.I. Is Revolutionizing Drug Development
Nvidia, with $3.34 Trillion Market Cap, Becomes Most Valuable Company
© The New York Times
-
Cybersecurity News and Magazine
- Guidehouse and Nan McKay to Pay $11.3M for Cybersecurity Failures in COVID-19 Rental Assistance
Guidehouse and Nan McKay to Pay $11.3M for Cybersecurity Failures in COVID-19 Rental Assistance
What Exactly Happened?
In response to the economic hardships brought on by the pandemic, Congress enacted the Emergency Rental Assistance Program (ERAP) in early 2021. This initiative was designed to offer financial support to eligible low-income households in covering rent, rental arrears, utilities, and other housing-related expenses. Participating state agencies, such as New York's Office of Temporary and Disability Assistance (OTDA), were tasked with distributing federal funding to qualified tenants and landlords. Guidehouse assumed a pivotal role as the prime contractor for New York's ERAP, responsible for overseeing the ERAP technology and services. Nan McKay acted as Guidehouse's subcontractor, entrusted with delivering and maintaining the ERAP technology used by New Yorkers to submit online applications for rental assistance.Admission of Violations and Settlement
Critical to the allegations were breaches in cybersecurity protocols. Both Guidehouse and Nan McKay admitted to failing their obligation to conduct required pre-production cybersecurity testing on the ERAP Application. Consequently, the ERAP system went live on June 1, 2021, only to be shut down twelve hours later by OTDA due to a cybersecurity breach. This data breach exposed the personally identifiable information (PII) of applicants, which was found accessible on the Internet. Guidehouse and Nan McKay acknowledged that proper cybersecurity testing could have detected and potentially prevented such breaches. Additionally, Guidehouse admitted to using a third-party data cloud software program to store PII without obtaining OTDA’s permission, violating their contractual obligations.Government Response and Accountability
Principal Deputy Assistant Attorney General Brian M. Boynton of the Justice Department’s Civil Division emphasized the importance of adhering to cybersecurity commitments associated with federal funding. "Federal funding frequently comes with cybersecurity obligations, and contractors and grantees must honor these commitments,” said Boynton. “The Justice Department will continue to pursue knowing violations of material cybersecurity requirements aimed at protecting sensitive personal information.” U.S. Attorney Carla B. Freedman for the Northern District of New York echoed these sentiments, highlighting the necessity for federal contractors to prioritize cybersecurity obligations. “Contractors who receive federal funding must take their cybersecurity obligations seriously,” said Freedman. “We will continue to hold entities and individuals accountable when they knowingly fail to implement and follow cybersecurity requirements essential to protect sensitive information.” Acting Inspector General Richard K. Delmar of the Department of the Treasury emphasized the severe impact of these breaches on a program crucial to the government’s pandemic recovery efforts. He expressed gratitude for the partnership with the DOJ in addressing this breach and ensuring accountability. “These vendors failed to meet their data integrity obligations in a program on which so many eligible citizens depend for rental security, which jeopardized the effectiveness of a vital part of the government’s pandemic recovery effort,” said Delmar. “Treasury OIG is grateful for DOJ’s support of its oversight work to accomplish this recovery.” New York State Comptroller Thomas P. DiNapoli emphasized the critical role of protecting the integrity of programs like ERAP, vital to economic recovery. He thanked federal partners for their collaborative efforts in holding these contractors accountable. “This settlement sends a strong message to New York State contractors that there will be consequences if they fail to safeguard the personal information entrusted to them or meet the terms of their contracts,” said DiNapoli. “Rental assistance has been vital to our economic recovery, and the integrity of the program needs to be protected. I thank the United States Department of Justice, United States Attorney for the Northern District of New York Freedman and the United States Department of Treasury Office of the Inspector General for their partnership in exposing this breach and holding these vendors accountable.”Initiative to Address Cybersecurity Risks
In response to such breaches, the Deputy Attorney General announced the Civil Cyber-Fraud Initiative on October 6, 2021. This initiative aims to hold accountable entities or individuals who knowingly endanger sensitive information through inadequate cybersecurity practices or misrepresentations. The investigation into these breaches was initiated following a whistleblower lawsuit under the False Claims Act. As part of the settlement, whistleblower Elevation 33 LLC, owned by a former Guidehouse employee, will receive approximately $1.95 million. Trial Attorney J. Jennifer Koh from the Civil Division's Commercial Litigation Branch, Fraud Section, and Assistant U.S. Attorney Adam J. Katz from the Northern District of New York led the case, with support from the Department of the Treasury OIG and the Office of the New York State Comptroller. These settlements highlight the imperative for rigorous cybersecurity measures in federal contracts, particularly in safeguarding sensitive personal information critical to public assistance programs. As the government continues to navigate evolving cybersecurity threats, it remains steadfast in enforcing accountability among contractors entrusted with protecting essential public resources.How the Teamsters and a Homegrown Union Plan to Take On Amazon
© DeSean McClinton-Holland for The New York Times
How Crypto Money Is Poised to Influence the Election
© Minho Jung
FTC Sues Adobe Over Hard-to-Cancel Subscriptions and Fees
© Jordan Strauss/Associated Press
How A.I. Is Revolutionizing Drug Development
Elon Musk Got 72% in Tesla Shareholder Vote on Pay
© Gonzalo Fuentes/Reuters
Apple Joins the A.I. Party, Elon’s Wild Week and HatGPT
© Photo Illustration by The New York Times; Photos: Jeff Chiu/Associated Press
Clearview AI Used Your Face. Now You May Get a Stake in the Company.
© Amr Alfiky for The New York Times
Clearview AI Used Your Face. Now You May Get a Stake in the Company.
© Amr Alfiky for The New York Times
Musk’s Friends and Fans Applaud Shareholder Vote on His Payday
© Amir Hamja/The New York Times
Tesla Shareholders Approve C.E.O. Elon Musk’s Pay Package
© David Swanson/Reuters
Fake News Still Has a Home on Facebook
© Greta Rybus for The New York Times
Tesla’s Nordic Shareholders Seek to Promote Workers’ Rights in Vote
© Felix Odell for The New York Times
Tesla’s Stock Price Shows Doubts About Outlook Under Elon Musk
Akira Endo, Scholar of Statins That Reduce Heart Disease, Dies at 90
© Jiji Press, via Agence France-Presse — Getty Images
Tesla Shareholders to Vote on Elon Musk’s Pay Package
© Anthony Gerace
Games Are Proving Their Pull on News and Tech Sites
© Igor Bastidas
Abortion Groups Say Tech Companies Suppress Posts and Accounts
© Ariana Drehsler for The New York Times
Is Slop A.I.’s Answer to Spam? A Phrase Emerges for Bad Search.
© Andrew Paterson/Alamy Stock Photo
Can Apple Rescue the Vision Pro?
© Clara Mokri for The New York Times
FDA Advisory Panel Endorses Approval of Alzheimer’s Drug Made by Eli Lilly
How Apple and Google Are Overhauling Our Phones With AI
© Sisi Yu
Apple Intelligence Revealed at WWDC 2024 as Company Jumps Into AI Race
© Carlos Barria/Reuters
Law Enforcement Unit Formed to Crack Down on Illegal E-Cigarettes
© Mike Blake/Reuters
Hey, Siri! Let’s Talk About How Apple Is Giving You an A.I. Makeover.
© Ted Hsu/Alamy Stock Photo
Can I Opt Out of Meta’s A.I. Scraping on Instagram and Facebook? Sort Of.
© Associated Press
-
Cybersecurity News and Magazine
- University of Arkansas Leads Initiative to Improve Security of Solar Inverters
University of Arkansas Leads Initiative to Improve Security of Solar Inverters
University of Arkansas Solar Inverter Cybersecurity Initiative
The new project led by the University of Arkansas is funded by the U.S. Department of Energy's Solar Energy Technologies Office (SETO) and aims to strengthen the cybersecurity measures of solar inverters. Solar inverters are used to convert direct current (DC) generated from solar panels into alternating current (AC) that can be used in households and within the energy grid. This effort involves collaboration among multiple universities, laboratories, and industry partners to develop custom-designed controls infused with multiple layers of cybersecurity protocols. [caption id="attachment_75768" align="alignnone" width="800"]![University of Arkansas Solar Inverter Cybersecurity Initiative](../themes/icons/grey.gif)
Securing Renewable Energy and Electric Grids
As electric grids become increasingly digitized and connected, securing these grids becomes a top priority for the U.S. Department of Energy (DOE). The department has stated that while some cyberattacks target information technology (IT) systems, attacks on operating technology (OT) devices such as solar photovoltaic inverters could have potential physical impact, such as loss of power and creation of fires. The department cited an incident in March 2019 in which hackers managed to breach through a utility’s web portal firewall. The attack caused random interruptions to the visibility of segments of the grid from its operators for a period of 10 hours. The DOE's Solar Energy Technologies Office (SETO) is working to ensure that the electric grid is secure and capable of integrating more solar power systems and other distributed energy resources. The agency developed a roadmap for Photovoltaic Cybersecurity, supports ongoing efforts in Distributed Energy Resources (DER) cybersecurity standards, and participates in the Office of Energy Efficiency and Renewable Energy's Cybersecurity Multiyear Program Plan, along with the Department of Energy's broader cybersecurity research activities. The Solar Energy Technologies Office has recommended the use of dynamic survival strategy based on defense-in-depth measures that functional as additional layers of security to secure individual components as well as entire systems. These layers include installing anti-virus software on DER systems (solar inverters and battery controllers) and maintaining virus protection and detection mechanisms on the firewalls and servers integrating these individual systems to the broader system of grid operation. The Office admits that implementation of this strategy into DER technologies can be complex, with different owners, operators, and systems typically involved, but maintains the strategy's importance in reducing potential cyberattacks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.-
NYT: Technology
- A Conversation With Prime Minister Justin Trudeau of Canada, and an OpenAI Whistle-Blower Speaks Out
A Conversation With Prime Minister Justin Trudeau of Canada, and an OpenAI Whistle-Blower Speaks Out
© Photo Illustration by The New York Times
How the Humane AI Pin Flopped
© Kelsey McClellan for The New York Times
That Much-Despised Apple Ad Could Be More Disturbing Than It Looks
U.S. Clears Way for Antitrust Inquiries of Nvidia, Microsoft and OpenAI
© Grant Hindsley for The New York Times
New Covid Vaccine Endorsed for Fall
© Jamie Kelter Davis for The New York Times
How Electric Car Batteries Might Aid the Grid (and Win Over Drivers)
© Laetitia Vancon for The New York Times
Israel Secretly Targets U.S. Lawmakers With Influence Campaign on Gaza War
© Gabriela Bhaskar for The New York Times, Kenny Holston/The New York Times