Trouble viewing this email?  View in web browser ›

The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by NetscoutNetscout

Cyber Daily: U.S. Officials Say Midterm Elections Were Free of Major Cyber Incidents

By James Rundle

 

Good day. Millions went to the polls yesterday across the U.S. in the midterm elections, and despite some delays and technical difficulties, which officials characterized as normal and expected, fears of widespread cyberattacks didn’t materialize.

“We’ve seen no activity that can cause anyone to question the security, integrity or resilience of our election infrastructure,” said a senior official from the Cybersecurity and Infrastructure Security Agency, speaking to reporters midday yesterday during the second of three press briefings held throughout the day.

You can read more about how CISA and others monitored the progress of election day, and the likely impact of the elections on cyber policies, below.

Also today:

  • Moody’s weighs in on credit impacts of cyber incidents.
  • German automotive supplier discloses data breach.
  • U.K. cyber authorities announce zero-day scanning program.
CONTENT FROM OUR SPONSOR: Netscout

Ensuring Election Integrity in the U.S. Midterms

Network administrators and security professionals responsible for the security of election infrastructure need to be focused on potential technology disruptions.

Learn More

 

Regulation

Ratings agency Moody's said U.S. government efforts on cyber could result in positive credit outcomes by decreasing successful attacks. PHOTO: BRENDAN MCDERMID/REUTERS

Moody’s Says U.S. Efforts on Ransomware Could Be ‘Credit Positive’ in 2023

U.S. government initiatives to sanction cybercrime groups and implement new incident reporting laws could be credit positive for issuers in the U.S. that may experience fewer ransomware attacks as a result, Moody’s Corp. said in a new report. Gerry Granovsky, senior vice president of Moody’s cyber risk group, told Axios that a determining factor in the creditworthiness of a business will be whether various ongoing government proposals on incident reporting requirements can be harmonized. (Axios)

 

Newsletter Extra: No Credible Cyber Threats

People cast their votes in Walker, Mich. on Nov. 8. U.S. cyber officials said they haven't seen credible cyber threats to election infrastructure. PHOTO: JOEL BISSELL/ASSOCIATED PRESS

Government officials have been preparing for months to combat cyber intrusions into the November elections. On Tuesday, they said, those efforts paid off.

“We continue to see no specific or credible threat to disrupt election infrastructure, or election day operations,” a senior official at the Cybersecurity and Infrastructure Agency told reporters during a press briefing yesterday. The agency established an operations room running through the day, and was in contact with other federal agencies as well as private-sector companies involved in election infrastructure, the official said.

Some distributed denial-of-service attacks against a “handful” of election-related websites were observed, the official said, but not all were successful and most affected sites were re-established quickly. Attacks of this type flood websites with massive amounts of traffic in an attempt to render them inaccessible to users.

Despite the lack of significant attacks, another CISA official said during an earlier briefing the same day that the U.S. has observed efforts from more countries than before to influence the elections, including China. Researchers at Alphabet Inc.’s Google unit had earlier claimed that China has attempted to fuel political division and discord. Beijing has previously denied engaging in influence operations.

As for the election itself, experts said that any change in control of Congress between parties was unlikely to have a significant impact on incoming cyber rules around areas such as incident reporting, noting that Republicans had already secured significant concessions in those bills.

“In the vast majority of issues we tackle, it’s bipartisan, so I don’t think the elections will have an impact unless they lead to total gridlock,” said Mark Montgomery, senior fellow at the Foundation for the Defense of Democracies, a national security think tank. “As long as there’s bills moving and laws being signed I think we’ll still be getting work done."

The biggest change, said Mr. Montgomery, who served as the senior advisor to the chairmen of the influential Cyberspace Solarium Commission, is that a number of heavyweight cyber-focused lawmakers who pushed cyber bills through the legislative process are leaving Congress this year. These include Rep. Jim Langevin (D., R.I.), who also served on the Solarium Commission, and Sen. Rob Portman (R. Ohio). They weren’t standing for re-election.

– James Rundle and Catherine Stupp

 
Advertisement
‏‏‎ ‎
 

Cyberattacks

Continental said that data had been stolen in a cyberattack disclosed in August.

PHOTO: THOMAS IOHNES/AGENCE FRANCE-PRESSE/GETTY IMAGES

Auto-Parts Supplier Continental Says Hackers Stole Data 

German automotive parts and tire manufacturer Continental AG said that some of its data was stolen as a result of a cyberattack that the company disclosed in August. German newspaper Handelsblatt reported that 40 terabytes of data was stolen and that hackers demanded a ransom. A spokesperson said the company is still investigating. (Yahoo! News)

Mexico Stops Commercial Trucking Services Through December

Mexico’s transportation ministry has stopped issuing new permits, license plates and driver’s licenses for commercial truck operators until Dec. 31 because of a cyberattack in October. The ministry disclosed the attack on Oct. 24 and said it would temporarily suspend services to avoid malware from spreading and other potential issues, such as theft of information. (FreightWaves)

 

Big Number

8,800

The number of election jurisdictions across the U.S.

 

National Security

The NCSC, a part of the U.K.'s digital spy agency, Government Communications Headquarters, said companies could opt out from scanning. PHOTO: JACOB KING/PA IMAGES/GETTY IMAGES

British Cyber Agency Will Scan Every U.K.-Hosted Device for Zero-Day Threats

The U.K. National Cyber Security Centre has started a new program to continually scan every internet-connected device hosted domestically for vulnerabilities. The NCSC said it will use the data to create an overview of the U.K.’s exposure to vulnerabilities and track their remediation. U.K.-based organizations can opt out of the scanning by emailing the NCSC with a list of IP addresses they don’t want scanned. “We’re not trying to find vulnerabilities in the U.K. for some other, nefarious purpose,” Ian Levy, the NCSC’s technical director, wrote in a blog post. (TechCrunch)

 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 

About Us

Write to the WSJ Pro Cybersecurity Team: Kim S. Nash, James Rundle and Catherine Stupp.

Follow us on Twitter: @knash99 and @catstupp. 

Contact Enterprise Technology Editor Steve Rosenbush at steven.rosenbush@wsj.com or follow him on Twitter: @Steve_Rosenbush.

 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2022 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe