Shuyuan Mary Ho Metcalfe

Pacific Gas & Electric (PG&E) will pay $390,000 to settle a regulatory investigation into its 2012 smart meter “spying” scandal.

The agreement with the California Public Utilities Commission (CPUC) was reached earlier this month. CPUC had been investigating the actions of former PG&E employee William Devereaux, who was accused of monitoring anti-smart meter groups online between 2009 and 2010 using fabricated credentials. The CPUC issued an Order Instituting Investigation (OII) in April 2012, and it has only now been resolved.

The $390,000 penalty will be paid into California’s General Fund. The settlement also requires PG&E to revamp its social media education and training process and sponsor three third-party regulatory training sessions by 2015.

The CPUC said the settlement was in line with what it found to be a violation of customer privacy and transparency.

“I hope that this investigation has sent a strong message to PG&E and all other utilities regulated by the CPUC that we will not tolerate consumer abuses in any shape or form. We expect our utilities to treat their customers with respect and compassion and engage with their customers in a transparent, ethical, and productive manner,” said CPUC Commissioner and lead investigator Mike Florio, in a statement.

Smart meter opposition groups viewed Devereaux’s actions as a means to disrupt smart meter installations and mislead activist groups. After the settlement came to light, PG&E denounced Devereaux’s actions and put a renewed focus on its social media practices.

“As soon as we found out about the activities…we were very cooperative,” PG&E spokesperson Greg Snapper told FierceEnergy, in an interview shortly after the CPUC released its April 2012 report. “What it really came to was it stressed the need for more employee engagement around how to use social media in a professional setting.”

From Fierce Energy at http://www.fierceenergy.com/story/pacific-gas-and-electric-reaches-390k-settlement-spying-case/2013-04-12?utm_medium=nl&utm_source=internal

China and the US, which are embroiled in a bitter dispute over hacking, have agreed to set up a cybersecurity working group, US Secretary of State John Kerry said on Saturday.

“All of us, every nation, has an interest in protecting its people, protecting its rights, protecting its infrastructure,” he told reporters on a visit to Beijing.

“Cybersecurity affects everybody,” he said. “It affects airplanes in the sky, trains on their tracks, it affects the flow of water through dams, it affects transportation networks, power plants, it affects the financial sector, banks, financial transactions.

“So we are going to work immediately on an accelerated basis on cyber.”

The world’s two largest economies have traded accusations this year over cyber-attacks after a US research company said in February that a Chinese army unit had stolen huge amounts of data, from mostly US companies.

China dismissed the report as “groundless”, saying its defence ministry websites were often subjected to hacking attacks originating in the US.

From RawStory.com: http://www.rawstory.com/rs/2013/04/13/u-s-and-china-announce-cybersecurity-collaboration-amid-hacking-dispute/

There are “new and rapidly growing threats” of a cyberstrike to the US homeland – perils that will require hundreds of young, college-age hackers to counter an alarming number of daily incursions into the nation’s electrical grid and financial networks, says Department of Homeland Security (DHS) head Janet Napolitano.
This will be “hackers for good,” and the DHS currently has a need for about 600 of them, Secretary Napolitano added in remarks Tuesday at a Monitor Breakfast.

The need to develop a skilled cyber workforce has been a common – and formidable – challenge for a number of US government agencies, including DHS and the Pentagon, which is also struggling to build its own cyber workforce.

That’s because most skilled “cyber warriors,” as the US military calls them, often get recruited by private industry after their service commitments are up.

“That’s a big concern, to be honest,” says Col. Kiley Weigle, commander of the Air Force’s Cyber Training Unit. “We have not, in my opinion, fully cracked that nut yet.”

The Air Force set up an internship program for high school students, who were given security clearances to work in the service’s Cyber Emergency Response Team unit.

But sequestration, which for the Pentagon has come with requirements to cut the number of temporary employees on the payroll, has forced a cancellation of the high school training program for the Air Force.

“I can’t do the internship program anymore,” says Maj. Gen. Suzanne “Zan” Vautrinot, commander of Air Force Network Operations at Lackland Air Force Base in Texas, who adds that the service is continuing to work to find ways to “give these kids experience so they can see our forensics.”

At DHS, young hackers – who have not yet entered the job market – potentially “have a bunch of different skill sets” to offer the country, Napolitano says.

“We don’t need PhDs in computer [science]” for many of the jobs they will be called upon to do, she says.

To that end, DHS is launching “a whole host of internships and fellowships for young people to get,” Napolitano adds, noting that the department recently had “over 3,000 kids compete for 60 billets” in one such program.

More from the Christian Science Monitor @ http://www.csmonitor.com/USA/Politics/monitor_breakfast/2013/0326/Homeland-Security-seeks-student-hackers-to-help-counter-cyberthreats

Over a 2-1/2 week period last July, more than 2,500 online “phantom requests” for absentee ballots were made to Miami-Dade County election headquarters, marking the first known cyberattack on a US election.

The fake requests for ballots targeted the Aug. 14 statewide primary and included requests for Democratic ballots in one congressional district and Republican ballots in two state House districts, according to a recent Miami Herald report.

The fake requests were done so clumsily that they were red-flagged and did not foul up the election. In any case, they would not have been enough to change the outcome. But now confirmed as the first cyberattack aimed at election fraud, the incident is further evidence that the vote-counting process is vulnerable, particularly as elections become more reliant on the Internet.

“This is significant because it’s the first time we’ve seen a very well documented case of attempted computer election fraud in the US,” says J. Alex Halderman, a cybersecurity researcher at the University of Michigan who focuses on election-system vulnerabilities. “This should be a real wakeup call because it illustrates the sort of computer voting attacks that many scientists have been warning were possible for years.”

From RawStory.com: http://www.rawstory.com/rs/2013/03/19/cyberattack-on-florida-election-website-points-to-broad-vulnerabilities-in-the-system/

TALLINN — Quick advances in cyber war technologies could soon lead to a new generation of so-called “intelligent cyber weapons” which top global IT defence experts warn could be virtually unstoppable.

“Rapid developments in cyber (technology) might lead to intelligent cyber weapons that are hard to control and it’s practically impossible to use formal methods of verifying the safety of intelligent cyber weapons by their users,” Enn Tyugu, IT expert at Tallinn’s NATO Cyber Defence Centre said at its fourth annual conference Thursday.

He also warned that programmes developed to counter attacks by malwares like Stuxnet can act independently and could possibly themselves spark conflicts.

“They are quite autonomous, and can operate independently in an unfriendly environment and might at some point become very difficult to control… that can lead to cyber conflict initiated by these agents themselves,” Tyugu said.

“Stuxnet and Flame have shown the side of cyber of which the average user does not think of but which will bring a lot of challenges to all experts who deal with critical infrastructure protection issues – IT experts, lawyers, policy makers,” Ilmar Tamm, Head of the NATO Cyber Defence Centre told AFP Thursday.

“The number of cyber conflicts keeps rising and it is important to understand who the actors in these events are, how to classify these events and participants, and how to interpret all that,” Tamm said, noting Western leaders have been slow to become aware of even existing cyber threats.

Experts at the conference noted that both China and Russia have significantly upgraded their cyber-defence capabilities in recent years by creating new IT units.

“But the most powerful weapon today in cyber space is still the propaganda, the chance to use the Internet to spread your message,” Kenneth Geers, US cyber defence expert told some 400 top IT gurus attending the meeting Thursday.

From RawStory.com: http://www.rawstory.com/rs/2012/06/07/cyber-experts-warn-of-intelligent-weapons/

The Russian malware hunter whose firm discovered the Flame virus said Wednesday there could be plenty more malicious code out there, and warned he feared a disastrous cyber attack could be coming.

“It’s quite logical that there are new cyber weapons designed, and maybe already computers infected that we don’t know about,” Eugene Kaspersky, founder of Kaspersky Lab, said on the fringes of a Tel Aviv University cyber security conference.

Kaspersky Lab, one of the world’s biggest producers of anti-virus software, said its experts discovered Flame during an investigation prompted by the International Telecommunication Union.

Iran appears to have been the main target of the attack which was discovered just a month after the Islamic republic said it halted the spread of a data-deleting virus targeting computer servers in its oil sector.

The Moscow-based firm said the virus was “about 20 times larger than Stuxnet,” the worm which was discovered in June 2010 and used against Iran’s nuclear facilities, with Israel widely suspected of involvement.

Observers have speculated Israel may also have been involved in Flame, but Kaspersky declined to speculate, saying its development was not necessarily limited to the most technologically advanced countries.

“Cyber weapons can replicate, and there could be random victims anywhere around the globe, it doesn’t matter how far you are from the conflict,” he said. “It’s not cyberwar, it’s cyberterrorism and I’m afraid it’s just the beginning of the game.”

He recalled Stuxnet and a 1970 denial of service — or DOS — attack that paralysed Estonia’s information technology systems, and said the next wave could be far more devastating.

“I’m afraid that it will be the end of the world as we know it,” he said. “I’m afraid that very soon the world will be very different.”

From RawStory.com: http://www.rawstory.com/rs/2012/06/06/russian-malware-hunter-warns-dangerous-cyber-attack-could-be-coming/

A cyber-attack that targeted Iran’s oil ministry and main export terminal was caused by the most sophisticated computer worm yet developed, experts have warned.

The virus appears to have been directed primarily at a small number of organisations and individuals in Iran, the West Bank, Lebanon and the United Arab Emirates. This will inevitably raise suspicions that Israel or the US were involved in some way.

Analysts who have been decoding the computer worm, which is called W32.Flamer, have been unable to identify the source. But they say only a professional team working for several months could have been behind it.

The CrySys Laboratory, in Hungary, said: “The results of our technical analysis supports the hypothesis that [the worm] was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyberwarfare activities.”It is certainly the most sophisticated malware we [have] encountered. Arguably, it is the most complex malware ever found.”

Orla Cox, a senior analyst at Symantec, the international computer security firm, said: “I would say that this is the most sophisticated threat we have ever seen.”

More at http://www.rawstory.com/rs/2012/05/28/cyber-attack-on-iranian-oil-ministry-is-most-sophisticated-computer-worm-yet/

Speaking on the floor of the U.S. Senate on Monday evening, Sen. Ron Wyden (D-OR) highlighted the “understandable fear” driving legislation like the Cyber Intelligence Sharing and Protection Act (CISPA), but cautioned that the “gross negligence” of network operators is no reason to create “a Cyber Industrial Complex” that profits on Americans’ private data.

“It is a fundamental principle of cyber-security that any network whose failure could result in loss of life or significant property should be physically isolated from the Internet,” he said. “Unfortunately many of our critical network operators have violated this principle in order to save money or streamline operations. This sort of gross negligence should be the first target in any cyber-security program – not the privacy of individual Americans.”

CISPA, which passed the House in April thanks to party-line support by Republicans, would overwrite existing privacy laws to allow the National Security Agency (NSA) to act as an information sharing hub for corporate networks, placing a military agency in charge of Americans’ private data, ostensibly for the monitoring of potential cyber-threats.

More from RawStory.com: http://www.rawstory.com/rs/2012/05/22/sen-wyden-cispa-creates-cyber-industrial-complex-to-feed-on-private-data/