Welcome to March Madness — although if your brackets look anything like mine do this morning, it is not particularly “welcome.”   Let’s just say that there is no danger of my winning Warren Buffet’s $1 billion.

Privacy and cybersecurity continue to be hot topics and the breaches roll on.   Here are some privacy and security bits and bytes for this Monday morning.

Wall Street Journal Article Jeopardizes Security of Grid?

Last week, the Wall Street Journal published an article detailing how the U.S. “could suffer a coast-to-cost blackout” if someone took out just nine specific substations. The article doesn’t name the nine substations, and most of the later half of the article is actually devoted to a rehashing of the Pacific Gas & Electric Metcalf substation attack from last year.   But, it was certainly enough to raise the hackles of regulators and utility executives.

Acting FERC Chairman Cheryl A. LaFleur said:   [The] publication by The Wall Street Journal of sensitive information about the grid undermines the careful work done by professionals who dedicate their careers to providing the American people with a reliable and secure grid. The Wall Street Journal has appropriately declined to identify by name particularly critical substations throughout the country. Nonetheless, the publication of other sensitive information is highly irresponsible. While there may be value in a general discussion of the steps we take to keep the grid safe, the publication of sensitive material about the grid crosses the line from transparency to irresponsibility, and gives those who would do us harm a roadmap to achieve malicious designs. The American people deserve better.

Read more:

Intelligent Utility article

NERC Critical Asset Report

University of Maryland Reports Second Data Breach in Four Weeks

University of Maryland Chief Information Officer Ann Wylie must feel like a woman under siege.   Last Thursday, she reported to administrators and department chairs that the university network had been hacked — again — and personal information had been stolen — again.  Wylie says that this latest incident is not related to the February data breach we wrote about here.

For more reading about data breaches in higher education (one of the very hottest of hot spots), see this article from The Chronicle of Higher Education.

California Department of Motor Vehicles Investigating Potential “Large Scale Breach”

Security blogger Brian Krebs — who broke the Target breach story — is out in front of another potential large breach.   The California DMV confirmed over the weekend that it is investigating a potential security breach, but that it had no immediate evidence that its computer system had been hacked.   The important part of this statement is that Krebs is reporting that the breach is likely to have been at the DMV’s credit card processor, which would make this a much bigger story.