Hillicon Valley — Schools step up security after TikTok threats

View in your browser OVERNIGHT POLICY: Hillicon Valley Schools step up security after TikTok threats © Getty Images Today is Friday. Welcome to Hillicon Valley, detailing all you need to know about tech and cyber news from Capitol Hill to Silicon Valley. Subscribe here: thehill.com/newsletter-signup. Follow The Hill’s cyber reporter, Maggie Miller (@magmill95), and tech team, Chris Mills Rodrigo (@millsrodrigo) and Rebecca Klar (@rebeccaklar_), for more coverage. Security was stepped up at schools across the nation Friday after shooting and bomb threats were made on TikTok, with some schools canceling classes as a precaution. Meanwhile, federal agencies were ordered to take immediate steps to investigate and patch their systems against a major vulnerability in Apache logging library log4j, and… Let’s jump into the news. Schools on high alert © istock   Schools nationwide have increased security in response to shooting and bomb threats that have been made on TikTok. Red flag: Schools in Arizona, Connecticut, Illinois, Montana, New York and Pennsylvania have said classes on Friday would see an increase in police presence or would be canceled altogether due to the threats made on the social media platform, The Associated Press reports. “We are writing to inform you and not alarm you,” school administrations from Oak Park and River Forest, Ill., told parents. “We have been made aware of a nationwide viral TikTok trend about ‘school shooting and bomb threats for every school in the USA even elementary’ on Friday, December 17.” The school said the local police department would be in the area as a precaution. Gilroy High School in Northern California made the decision to cancel school on Friday after threats were found against it on social media and postponed the last day of finals until January.  “Making the decision to cancel classes tomorrow has not been an easy one,” Principal Greg Kapaku told parents. On the lookout: TikTok acknowledged the threats circulating online, saying the platform is working with authorities and that none of the posts have been deemed credible.  Read more here. Patch your systems now © Greg Nash Federal agencies on Friday were ordered to immediately investigate and patch systems to prevent exploitation of a massive vulnerability in Apache logging library log4j that has been increasingly used by nations and cybercriminals to target organizations around the world. Directive: The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive giving agencies until Dec. 23 to identify which software is impacted by log4j and then either deploy patches against these vulnerabilities or remove the impacted software from the network. The agencies must report all impacted software and actions taken to CISA by Dec. 28.  Following these actions, CISA will provide a report in February to the secretary of Homeland Security and to the Office of Management and Budget, and will keep working with partners to help remediate the vulnerability.  The vulnerability, first uncovered a week ago, has sent cybersecurity professionals scrambling to address the issue, which has been particularly difficult given that log4j is a fundamental ingredient of much of the software used by major companies.  Nation states have quickly moved to try to take advantage of the situation, with Microsoft and Mandiant reporting earlier this week that Chinese and Iranian hackers had been attempting to exploit the log4j vulnerability.  Huge stakes: Exploitation has reached massive levels worldwide, with a spokesperson for Check Point Software telling The Hill Friday that the company had seen 3.8 million attempts to use the vulnerability, more than 100 attempts per moment globally, and that around half of all corporate networks worldwide had been targeted.  Read more here.  HABIT CHANGES NEEDED A rollout of President Biden’s proposed network of 500,000 electric vehicle (EV) charging stations must be paired with a "paradigm shift" in the way Americans view driving, a House lawmaker said this week. “I've spent my entire life ... with a sort of pre-existing infrastructure in my mind — gas stations on every corner, right?” Rep. Joe Neguse (D-Colo.) told reporters during a tour of an EV charging pilot project in his home district on Thursday. “My daughter, who's 3, by the time she's my age…one would hope that every one of those gas stations is replaced by a charging network,” he said. The Colorado project, which enables a two-way transfer of electricity between a car and a building, allows a vehicle to be charged through the system when energy demand is minimal while sending power back to the building during peak hours. The City of Boulder has tested the system using a Nissan Leaf from its fleet connected to a local recreation center. The project is a joint partnership between Boulder and Virginia-based Fermata Energy, which produces “vehicle-to-building” charging systems. Read more on the project. A MESSAGE FROM HUAWEI BITS AND PIECES An op-ed to chew on: Washington shouldn’t pat itself on the back for its cybersecurity spending just yet Lighter click: May the booster shot win Notable links from around the web: ‘Amazon won’t let us leave’ (Vice Motherboard / Matthew Gault) The Harvard job offer no one at Harvard ever heard of (The New York Times / Jeffrey Gettleman, Kate Conger and Suhasini Raj)  Drones could be enlisted to fight tornados and other climate disasters (The Washington Post / Steven Zeitchik)  One last thing: A renewed push Key federal cybersecurity officials are pushing for passage of legislation to create mandates for certain organizations to report cyberattacks amid the fallout from a massive vulnerability in Apache logging package Log4j, which has left organizations worldwide vulnerable. Bipartisan legislation to establish cyber incident reporting standards was set to be included in the compromise version of the National Defense Authorization Act (NDAA), but was removed at the last minute due to concerns from Sen. Rick Scott (R-Fla.) about the scope of the bill. Scott's concerns were addressed, but not in time for the provision to be included in the NDAA. It was set to be the main congressional response to a series of major attacks this year that have included high profile ransomware attacks on Colonial Pipeline and JBS USA, along with the SolarWinds hack, which led to at least nine federal agencies and 100 private sector groups being breached. The legislation would require critical infrastructure companies to report a cyberattack to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 hours of discovery, and report any ransomware payments made within 24 hours. Currently, there is no law on the books requiring these organizations to report incidents, making it far more difficult for the federal government to respond. In the wake of the new Log4j vulnerability, which has sent cybersecurity professionals worldwide racing to patch systems before nation states including China and Iran can exploit the issue, top officials are pushing hard for Congress to revisit cyber incident reporting.  Read more here.  A MESSAGE FROM HUAWEI That’s it for today, thanks for reading. Check out The Hill’s technology and cybersecurity pages for the latest news and coverage. We’ll see you Monday. Sign Up for Hillicon Valley Forward Hillicon Valley Privacy Policy  |   Manage Subscriptions  |   Unsubscribe Email to a friend  |   Sign Up for Other Newsletters The Hill 1625 K Street, NW 9th Floor, Washington DC 20006 © 1998 - 2021 Nexstar Media Inc. | All Rights Reserved.

Link