Cybersecurity: D.C. METRO Washington Metro Area Transit Authority Hack linked to Former Employee in Russia. May 2023

 

DC Metro Hack Linked to Former Employee in Russia     A former WMATA contractor using a personal computer in Russia breached Metro’s computer system earlier this year, according to a report from WMATA’s Office of the Inspector General, revealing “grave concerns” for the system’s cyber vulnerabilities. The investigation by Metro OIG Rene Febles into the hacking revealed several weaknesses in WMATA operations regarding data protection and cybersecurity, and a failure by the agency to address its vulnerabilities. “Evidence has surfaced that WMATA, at all levels, has failed to follow its own data handling policies and procedures as well as other policies and procedures establishing minimum levels of protection for handling and transmitting various types of data collected by WMATA,” reads the OIG report, made public Wednesday. The OIG’s report is not the first to warn the agency of cyberattacks from outside the U.S., nor is the OIG the first body to raise concerns about the local agency’s business dealings with other countries. In 2020, Congress passed legislation that banned transit agencies from purchasing trains made by China’s state-owned rail-car manufacturer, and the federal government has warned of potential risks for cyberattacks from Russia as the war in Ukraine has continued on. The investigation began in January 2023, after WMATA’s cyber security department flagged abnormal network activity originating in Russia. WMATA’s probe linked the unusual activity to a former contractor whose contract had expired, and who no longer worked for the agency. (According to the OIG’s report, the former contractor’s supervisor had allowed him to maintain high-level administrative access to WMATA systems, hoping his contract would be renewed.) WMATA concluded the ex-contractor had accessed his personal computer in Russia remotely, and used the computer to log into WMATA systems containing “critical and sensitive” data. He was originally hired to work on Metro networks like the SmarTrip app that riders use to pay fares at Metrorail stops. WMATA then hired a Microsoft team to further investigate the breach. According to a memo from WMATA’s Chief Information Officer Torri T. Martin and Chief Audit and Risk Officer in February, their investigation found that no data was copied from Metro’s system to the laptop in Russia during the breach, and no malicious activity continued. But the OIG’s report states that the breach is the result of deep-rooted security issues within WMATA; issues that the agency has been aware of for years, and has not successfully remedied. In 2019, the OIG raised concerns surrounding the cybersecurity of a certain train (the full name is redacted in the OIG’s report), and as a result, WMATA brought in a security company to test its network’s vulnerabilities. The test identified a number of problems, characterizing risks to the Metro system as “critical.” It wasn’t until February 2023 that Metro provided the OIG with a written report of this company’s findings, according to the OIG, despite multiple requests. Meanwhile, two OIG recommendations about cybersecurity relating to this same train type are still open, after WMATA asked for extensions.  Additionally, in 2022 the OIG initiated a routine audit of WMATA’s cybersecurity program, but paused it after uncovering issues. Former Acting General Manager and CEO Andy Off was made aware of the concerns in May 2022 in a management alert, but as of the OIG’s most recent report, the concerns still stand. “One of OIG’s gravest concerns identified in the [management alert] was access to WMATA by foreign nationals who were supporting sensitive applications and systems from Russia,” the report reads. Between OIG recommendations and those from outside audits, WMATA has failed to implement at least 51 cybersecurity recommendations over the past four years. Some of the outlined steps towards improvement included in the OIG report — and made to WMATA over the years — include installing full disk encryption on laptops in case a computer is stolen or lost, and banning employees from using personal devices to access WMATA networks. WMATA currently does not how many contractors or employees use or have used a personal computer for WMATA business, according to the report. After the breach in January, the OIG had asked the agency to compile a list of all WMATA contractors not located in the U.S., and was told WMATA did not maintain this information.  The OIG’s report includes a list of 14 actions WMATA should take, including immediately addressing the concerns from the May 2022 audit, providing OIG with a list of all devices that have connected to WMATA systems in the past 30 days, and reviewing its security clearance process for outside contractors. Coincidentally, also on Wednesday, the U.S. Attorney for D.C. announced charges against a Russian national for hacking the Metropolitan Police Department in 2021. Mikhail Pavlovich Matveev, allegedly hacked MPD’s network, intentionally infected it with ransomware, and threatened to disclose sensitive data unless a payment was made. Content retrieved on 17 May 2023 from https://dcist.com/story/23/05/17/metro-breach-linked-russian-computer/

Invitation to Fest Afrik 2023 May 27, 2023 Venice, CA

 

Greetings,   The African Coalition would like to share this upcoming event on Saturday May 27th from 12pm to 6pm, honoring and celebrating African Culture in Los Angeles. Feel free to share this info with others you know who may be interested in this free event. The flyer is also attached below. We hope to see you there!     More Info Here       African Communities Public Health Coalition 5757 W Century Blvd Suite 600 Los Angeles, CA 90045 (213) 909 - 0985 www.africancoalition.org

 

PAFF's Own Asantewa Olatunji NOW Commissioner of Cultural Affairs for The City of Los Angeles!

PAFF congratulates its own Director of Programming and General Manager Asantewa Olatunji on her appointment by Mayor Karen Bass to the Los Angeles Cultural Affairs Commission! On Wed., May 3, Los Angeles City Councilmembers unanimously approved Mayor Karen Bass’ appointment of arts advocate and attorney Asantewa Olatunji to the Los Angeles Cultural Affairs Commission. She was sworn into office following the Council’s approval. “I am thrilled and excited about the appointment by Mayor Bass and being able to serve in the development of the cultural landscape of the city of Los Angeles,” said Asantewa Olatunji. In addition to being one of the co-founders of the Pan African Film & Arts Festival (PAFF), Ms. Olatunji began her career in the arts as an entertainment lawyer on the staff of Paramount Pictures Entertainment Corporation. She’s enjoyed a diversified legal career in the areas of entertainment law, civil litigation, immigration law, and labor law.  Besides managing a private law practice, she served on the legal staff of Wausau Insurance Companies and was General Counsel for the Los Angeles Black Employees Association. Over the years, she has been involved in multiple community projects, including the Nelson Mandela Reception Committee, Les Ballets Africans de la République de Guinée performance at the 1984 Olympics Arts Festival, the Youth Program for the South-Central People's Federal Credit Union and the South-Central People’s Coalition. A supporter of fine artists, Ms. Olatunji originated the annual fine arts show presented by PAFF, attracting an estimated 75,000 people. The PAFF art show, presented every February in conjunction with its international film festival during the US Black History Month, was one of the largest Black fine art markets and shows pre-pandemic in the United States. She is currently the Director of Programming and General Manager for PAFF. The Mayor-appointed Cultural Affairs Commission is an advisory board responsible for the review and approval of all architecture and artwork on, or over, City property. The Commission assists the City with final and conceptual approvals to achieve great civic design and public art. Ms. Olatunji will serve the next four years on behalf of over 3 million residents of the city of Los Angeles.   Ms. Olatunji holds a BA Degree in History from the University of Southern California and a Doctor of Jurisprudence from Southwestern University, School of Law. She is a member of the California State Bar Association.

FEMA Is Losing Employees at an Alarming Rate Burnout is leading to attrition as disasters spike, but watchdog also blames agency for poor workforce management. May 11, 2023

 https://www.govexec.com/workforce/2023/05/fema-has-shed-staff-alarming-rate/386092/

FEMA Is Losing Employees at an Alarming Rate Burnout is leading to attrition as disasters spike, but watchdog also blames agency for poor workforce management. MAY 8, 2023 The Federal Emergency Management Agency has shed staff at an alarming rate in the wake of the COVID-19 pandemic and an increasing number of disasters, with a watchdog warning in a recent report it has struggled to rebuild its disaster response workforce.  FEMA is 35% short of its staffing needs according to its own statistical modeling, the Government Accountability Office said, leaving it more than 6,000 employees shy of what it requires to confront modern demands. Agency officials blamed increasing burnout and attrition for the shortfalls, though GAO cited the agency for a lack of metrics to improve its hiring processes. “FEMA currently faces an all-time high in disasters and an unparalleled demand on its workforce,” GAO said, adding the agency will struggle to overcome that challenge without better hiring targets and clearer ways to measure success. The auditors noted the shortages were exacerbated by “the year-round pace caused by the COVID-19 pandemic and increasing number of disasters.”  FEMA’s disaster response workforce has dipped by more than 20% since 2020. Its cadre of public assistance staff went from 100% capacity before the pandemic to just 55% in the years that followed the outbreak, in part due to attrition and in part because the need grew by 130%.  FEMA is looking to grow its workforce by the equivalent of nearly 1,500 full-time employees in fiscal 2024—a figure that includes both its regular, permanent staff and its corps of reservists. Combined with the 1,200 it hopes to add in the current fiscal year, FEMA is aiming for a 20% surge in its staffing levels from the end of September. The agency reports its “time to hire” to the Homeland Security Department every month, though it does not have a consistent method for doing so. It uses differing starting points and occasionally leaves out entire swaths of new employees. The inconsistency leaves the agency unable to “identify pain points or bottlenecking in the hiring process, and adjust as needed,” GAO said.  FEMA agreed to improve its time-to-hire data, which GAO said could “improve FEMA management’s ability to oversee and make decisions on the workforce planning and the implementation of preparedness actions vis-à-vis future potential emergencies overall.”  The agency has instituted various hiring programs, created bulk hiring events and boosted its use of contractors to fill staffing gaps, GAO said, but it has failed to monitor any of those efforts to measure their effectiveness. FEMA has set overall staffing goals for its disaster response workforce, but not for each of the 23 specific groups contained therein. The agency agreed to better evaluate its hiring efforts and to improve its performance metrics.  “By developing and documenting plans and performance measures to meet staffing targets, FEMA could better ensure it has the capacity to respond to current and emergent threats,” GAO said.  Reps. Bennie Thompson, D-Miss., and Troy Carter, D-La., two of the top Democrats on the House Homeland Security Committee who requested GAO's analysis, said Congress must assist FEMA in building its capacity.  "When disasters strike our communities, we know FEMA needs a properly staffed disaster workforce to do its job effectively and efficiently," the lawmakers said. "While recent events, such as the COVID-19 pandemic, are partly to blame for staffing shortages, it is clear from this report there is much more that FEMA can do to expand its workforce and properly track progress." As FEMA looks to boost its workforce to carry out its new and added responsibilities, it will have a tool that will make its work more attractive to prospective applicants. President Biden last year signed into law the Civilian Reservist Emergency Workforce (CREW) Act to help it address critical staffing shortages and a recent wave of departures. The law ensures that FEMA reservists, who are only paid by the agency while deployed to a disaster, receive job protections even if they are unable to give notice before deploying to a disaster response. They previously lacked those protections, which lawmakers, agency leadership and the reservists themselves said were decimating recruiting and retention efforts. In the 1960s, the United States declared an average of 18 major disasters per year. FEMA responded to 104 such disasters in 2020 and 58 in 2021. FEMA’s cadre of reservists have been stretched thin in recent years, as they deployed to not just hurricane and wildfire response but also pandemic, border and Afghan evacuee obligations. Agency employees previously sounded the alarm on their lack of down time between deployments, despite efforts in recent years to bring employees home from pandemic-related assignments to allow them to rest before hurricane season.

 

Black Emergency Managers Association International Washington, D.C.
bEMA International Cooperation, Collaboration, Communication, Coordination, Community engagement, and  Partnering (C5&P)   A 501 (c) 3 organization

Webinar Wednesday 24 May - From emergency response to resilience: future-proof city region.

Please join this third webinar of the Making Cities Resilient 2030 (MCR2030) series Building

Resilient Urban Systems (in English with simultaneous French, Spanish & Chinese interpretation)

To register: click here

 

Or scan this QR code: 

The webinar, led by the Food and Agriculture Organization of the United Nations (FAO), in partnership with the United Nations Office of Disaster Risk Reduction (UNDRR), will feature a line-up of local government representatives with extensive experience of building resilient city region food system.

This Building Resilient Urban Systems webinar series is linked to the High-Level Meeting of the Midterm Review of the Sendai Framework which takes place 17-19 May at the UN General Assembly. The Meeting is set to highlight resilient food systems as an important element of DRR at the urban and sub-national level.

The MCR2030 global partnership has mobilized more than 1,530 local governments, representing over 482 million people in 76 countries and territories. It is committed to strengthening disaster and climate resilience at the sub-national level. Twenty-one of these municipalities are recognized as Resilience Hubs – global leaders in disaster risk reduction. The initiative has also mobilized national governments, international organizations, private sector enterprises, academic organizations, and NGOs. MCR2030 is a ‘who’s who’ of partners with unmatched expertise and experience of supporting greater urban resilience.