The Cybersecurity and Infrastructure Security Agency on Tuesday issued an alert about a ransomware attack on information and operational technology networks of a natural gas compression facility. 

The Department of Homeland Security’s CISA said the cyber threat actor initially obtained access to the pipeline operator’s IT network using a spearphishing link before infiltrating the OT network and deploying ransomware on both networks. The attack resulted in an operational shutdown for approximately two days and loss of productivity.

CISA also found that the pipeline operator failed to implement segmentation between its OT and IT networks and its emergency response plan did not specifically consider cyber-related risks.

The agency called on asset operators and owners and network administrator to consider operational, planning, architectural and technical mitigation measures using risk-based assessment strategy. These include identifying single points of failure for operational visibility, ensuring that emergency response plans consider cyber incidents, requiring multifactor authentication, updating software and implementing execution prevention through application whitelisting.

The Department of the Navy has released a report outlining measures to modernize, innovate and defend its information systems against cyber vulnerabilities in support of the service’s new information management strategy.

The Information Superiority Vision report includes plans to update the service branch’s information infrastructure and design a cloud-based network that will leverage identity management.

Under the innovation line of effort, the military branch will adopt artificial intelligence, create digital innovation centers to speed up software development and leverage the private sector’s best practices to advance digital transformation.

The Navy will collaborate with the defense industrial base to ensure the security of naval information and perform continuous active monitoring to boost cyber situational awareness.

“Everyone in the DON enterprise must become a Cyber Sentry,” Acting Navy Secretary Thomas Modly wrote in the report. “The more advanced we become as an Information-Based organization, the more our adversaries will seek to attack and exploit us in this domain.”

A new U.S. Marine Corps auxiliary group is continuing efforts to implement automation to streamline the service branch’s cybersecurity operations, Fifth Domain reported Tuesday.

The USMC Cyber Auxiliary team was established in 2018 and is comprised of volunteer subject-matter experts from the industry and academe that work to address the service’s information technology and network defense issues.

“It is a pool of highly qualified individuals who want to help the Marine Corps and increase their effectiveness and readiness in the cyberspace domain,” said Maj. Stephen Magee, program manager for the auxiliary team.

Previously, the team launched an effort to create an “automation task force” to simplify the Marine Corps Forces Cyberspace Command’s activities.

Other areas of focus for the group include cyber defense support for companies within the Marine Expeditionary Force Information Groups, agile development and a USMC-wide “capture the flag” exercise.

The U.S. Navy's Cyber Warfare Development Group has opened a new center dedicated to the development of naval cyber warfare technologies.

The newly established Cyber Foundry features a physical environment, modern processes, resources and expertise in support of cyber technology development, the Navy said Tuesday.

NCWDG and cyber personnel from the U.S. 10th Fleet will receive the Cyber Foundry's support for rapid cyber development.

"With 76 Joint and 12 Maritime developer billets, lab space and development operations networks at the unclassified and classified levels, the Foundry was built to deliver cyber weapons as directed by the Joint and Maritime priorities of Fleet Cyber Command," said Capt. Ann Casey, NCWDG's commanding officer.

The Cyber Foundry will also combine resources from both the U.S. Navy and U.S. Marine Corps to foster collaboration, Casey added.

The Department of Energy plans to award $38.5M in grants to support the development of technologies that will renovate bare steel and cast iron natural gas distribution pipes.

DOE said Tuesday it aims to build robotic tools, smart coatings, mapping systems and inspection tools that will help the pipes reach a minimum lifespan of 50 years as part of the Rapid Encapsulation of Pipelines Avoiding Intensive Replacement program.

The technologies are envisioned to meet regulatory agencies' standards and have material traits that will allow the pipes to operate without the need for exterior pipes.

“Developing technologies to keep our domestic natural gas pipeline infrastructure safe, secure, and state-of-the-art is crucial to maintain America’s energy leadership and independence,” said Mark Menezes, DOE undersecretary.

The department noted that legacy bare steel and cast iron pipes account for 3 percent of 2M miles of activity utility pipes in the U.S.

The Cybersecurity and Infrastructure Security Agency is slated to release the third version of its Trusted Internet Connection guidance after receiving input from government and industry parties, Nextgov reported Tuesday.

In December, CISA issued a draft of the TIC 3.0 policy to include use cases encompassing traditional environments, cloud infrastructure, agency offices and remote users. TIC 3.0 introduces the concept of “trust zones”, which are intended to comply with agency-issued security guidelines for processing data with varying sensitivity levels.

“This trust zone concept is in line with the concepts of zero trust,” CISA said in the document. “A trust zone must adhere to the security outcomes as identified or described in the use case. A trust zone does not always inherit trust/security from an adjacent trust zone, nor does the trust and the subsequent security capabilities depend on the trust of the adjacent zone.”

Experts have raised concerns about the use of trust zones, which they said do not align with the concept of a zero-trust architecture.

A multipurpose spacecraft designed by Lockheed Martin to study and monitor Mars' surface has entered a hiatus on Feb. 17 to allow engineers in performing long-distance maintenance efforts from Earth. The team is updating the Mars Reconnaissance Orbiter's battery parameters as well as planetary position cables within the flash memory, NASA said Tuesday.

The engineers will focus on updating the Side-A computer's memory prior to its reboot and will shift to the Side-B computer unit to repeat the procedure. Efforts under the maintenance are intended to prevent the spacecraft's batteries from not reaching its supposed energy levels.

Once the team wraps up maintenance, MRO will resume its relay-support and monitoring activities for the next 10 years. NASA has employed the InSight and Mars Curiosity landers to relay data from the red planet to other orbiter systems in light of MRO's maintenance.