Ruri Ranbe has been working as a writer since 2008. She received an A.A. in English literature from Valencia College and is completing a B.S. in computer science at the University of Central Florida. Ranbe also has more than six years of professional information-technology experience, specializing in computer architecture, operating systems, networking, server administration, virtualization and Web design.

Threat actors could chain two critical security vulnerabilities in Schneider Electric's Unity line of Modicon programmable logic controllers, tracked as CVE-2022-45788 and CVE-2022-45789, to compromise safety protections for limiting physical damage, according to The Record, a news site by cybersecurity firm Recorded Future.

Ruri Ranbe has been working as a writer since 2008. She received an A.A. in English literature from Valencia College and is completing a B.S. in computer science at the University of Central Florida. Ranbe also has more than six years of professional information-technology experience, specializing in computer architecture, operating systems, networking, server administration, virtualization and Web design.

The state’s chief information officer told members of the Oklahoma Veterans Commission on Wednesday that six databases maintaining veterans’ personal identification information are being managed on a site outside the state network, in violation of the law and at an expense paid by the personal credit card of a Department of Veterans Affairs employee.

Jerry Moore, Oklahoma’s CIO since 2020, said an investigation last year has given his office serious concerns about an ODVA system housing six datasets on a third-party server, something he told commissioners could put the security of Oklahoma veterans’ personal information at risk.

“We believe at this time that these databases contain transaction information between federal and state veterans agencies, including past and current veterans’ personal identifiable information,” Moore said.

Moore said the types of veteran information located on the unidentified server include names, addresses, Social Security numbers, driver’s license numbers, phone numbers, disability percentages and business details.

He named six datasets or databases:

• Veteran-owned business systems database
• Veterans employment opportunity database
• Technical assistance systems database
• State approving agency activity reporting database
• Check it meta-system database
• Program review system database

Moore said he has been unable to investigate the situation further without certain approvals from embattled ODVA director Joel Kintsel, who has clashed with his agency’s governing board and refused to attend Wednesday’s meeting and a prior Feb. 3 meeting.

“[I] put director Kintsel on notice that we feel like we have discovered this and we need action taken,” Moore said.

At this time, Moore said he does not know where the servers housing the ODVA program databases are located, but he does know that hosting services are being paid for by an ODVA employee’s personal credit card. Moore said he could not answer whether a private company or an individual possesses the servers.

“We have no ability to continue our investigation because it is privately managed,” Moore told commissioners. “The state has no rights. We don’t have admin rights to it. We see it. We know it exists. We see traffic going to and from it, but we have no ability to get into it to determine if it has been compromised.”

Reached Wednesday afternoon by phone, Kintsel said the database issue raised by Moore is “a red herring.” He provided NonDoc with his 12-page response to the Office of Management and Enterprise Services inquiry, which listed 15 alleged instances “where ODVA systems are not in compliance with state standards”

The OMES allegation regarding the datasets claims that Brint Montgomery, ODVA’s state approving agency administrator, manages the datasets in question:

Six tables (all housed within a single database) were created by and stored in a private server, managed by Brint Montgomery to use by ODVA’s programs (SAA, OKVetWorks, OKSteps). Consistently, we recommended moving the information to the state platform and the Hub & Spoke, yet so far unsuccessfully.

An Amazon author profile for a book edited by Montgomery regarding “relational theology” states that he “has been teaching logic and philosophy at Southern Nazarene University since 1995. He has interests in open theology and, more generally, in metaphysical matters concerning mind and free will.”

The response provided by Kintsel says “OMES is misinformed” about the hosting of the datasets

“The Oklahoma Veteran Owned Business System data was indeed transferred successfully to the state hub system,” the response states. “Other data tables are used as [State Approving Agency] transitionary data and are duly transferred to stipulated federal VA systems via the approved Citrix environment upon completion of approvals, compliance reviews, and quarterly reports per the standards outlined in the SAA Annual Cooperative Agreement.”

The answer concludes: “OMES possesses no organic expertise with these systems and there is no need for OMES to be involved in this process.”

Moore said his office is “culling through” Kintsel’s Feb. 3 response.

“A lot of it is that ‘there’s nothing here,'” Moore said. “We’re going through his barrage of information that isn’t associated with, really, the issue at hand. Most of it is that there’s kind of nothing to see here and there’s no issue.”

OSBI: No request to investigate yet

Moore told commissioners that the use of a private credit card to purchase state information technology services “actually violates state statute.” However, Moore said his office has not taken steps to shut down the database system.

“The reason we haven’t done that is that we believe — because we see ODVA employees interacting with the system — that it is an integral part of current business operations for ODVA and therefore crucial to delivering services,” Moore said.

After his presentation, Moore declined to say whether the database matter had been referred to law enforcement.

But Brook Arbeitman, public information officer for the Oklahoma State Bureau of Investigation, said Wednesday afternoon that OSBI had not received a request for engagement on the ODVA database matter.

During Wednesday’s meeting, Commissioner Scott Sweeney questioned how the situation could be ameliorated, but Moore called it an employment matter to address with Kintsel, ODVA’s director. After the meeting — which featured no action on Kintsel’s employment — Sweeney expressed frustration with the CIO’s answer.

“I don’t think that we got a satisfactory answer other than it’s a personnel decision at that point, and we tabled any potential personnel action,” Sweeney said.

Commissioner Daniel Orr asked whether the unauthorized and external database poses potential problems for the state’s relationship with the federal government, which administers veteran benefits.

“I would expect that it puts your accreditation at jeopardy if we were to find indication of compromise or if there were audit findings that were not being remediated,” Moore said. “Most federal entities would consider that as part of their accreditation.”

Veterans Commission Chairman Robert Allen called the situation “very disturbing.”

“Right now, it seems that [the agency’s] mission has been compromised and could be further compromised were we to be in jeopardy of losing our accreditation,” Allen said.

Allen said commissioners have a meeting with State Auditor and Inspector Cindy Byrd later this month to discuss a potential audit of ODVA’s finances.

Orr, who was appointed to the commission by Gov. Kevin Stitt in January, said commissioners need additional information as it becomes available.

“I would like to see a report of this cyber breach — the entire report — at some point in time because this is still open,” Orr said. “Veterans’ information is still compromised and continues to be potentially compromised. We would like to end this as soon as possible.”

Secretary of Veteran Affairs and Military John Nash said “commissioners asked difficult questions and have received no answers.”

“The information we learned from the state CIO regarding ODVA’s use of a third-party website and its handling of veteran [personal identifiable information] is concerning,” Nash said in a statement following the meeting. “I plan to reach out to attempt to resolve this issue and to request that the administrator of this site immediately cooperate with state cybersecurity professionals to bring this practice to a halt until the site can be brought within state security protections and protocols.

“We want all veteran information to be protected in accordance with state statutes and guidelines. I am sure all veterans and Oklahomans would agree.”

Commission avoids executive session on Kintsel’s employment

Although Wednesday’s agenda featured a proposed executive session to discuss “the employee performance and conduct of Joel Kintsel related to the current workplace environment,” commissioners did not enter into executive session, and they took no action on Kintsel’s employment.

Asked at what point Kintsel’s refusal to attend the current commission’s meetings jeopardizes his employment at the agency, Allen said an inflection point is “imminent.”

“I think that the writing is on the wall. I think it is imminent. I think it needs to happen immediately,” Allen said. “I don’t think any of you would think I was honest if I said otherwise. He needs to come on board and comply and subject himself to the oversight of his governing body immediately.”

Allen’s appointment to the commission by Stitt has been challenged in court by the Military Order of the Purple Heart, and Kintsel has said he views the commission as illegitimate owing to the statutory question.

But Allen said Kintsel could be terminated if he continues to refuse engagement.

“I think that would be the logical consequence of an employee that is denying their supervisory board the ability to supervise them,” Allen said. “What other logical outcome would there be? I’m not saying that is what we are wanting or desiring, I’m saying that would have to be the logical step.”

EXCLUSIVE — America First Legal is seeking answers about a planned Department of Education regulation on an obscure parental rights law after the group filed a series of complaints under the statute.

The conservative legal group led by former Trump administration senior adviser Stephen Miller filed a Freedom of Information Act request with the U.S. Department of Education, seeking records from the department related to the Protection of Pupil Rights Amendment, a little-known 1974 law that allows parents to access their child's school materials and opt-out of third party contractor surveys.

CALIFORNIA SCHOOL DISTRICT HIT WITH CIVIL RIGHTS COMPLAINT FOR SEGREGATED TEACHER PROGRAM

The Biden administration has indicated that it plans to pursue a rulemaking process to change the rules surrounding the parental rights law. According to the Office of Information and Regulatory Affairs, the administration aims to release the notice of proposed rulemaking in August 2023 to "update, clarify, and Strengthen the current regulations by addressing outstanding policy issues," and "make changes related to the enforcement responsibilities of the office concerning PPRA."

The FOIA request seeks records after Feb. 2, 2022, the day that America First Legal released a legal toolkit that sought to educate parents about the provisions of the PPRA and how it could be used to assert parental rights.

"Given the importance of the PPRA and its existing regulations to parents seeking to exercise their Constitutional rights of oversight and control regarding their children’s education, this Freedom of Information Act request is crucial to provide transparency on the Department’s process and motivations for the proposed rulemaking, and to ensure the Department’s current political leadership is held accountable for any action that limits or impairs parental rights," the legal group wrote in the records request.

In the past year, the group has filed two lawsuits against school districts in Wisconsin and Ohio that relied, in part, on the statutory interpretation of the PPRA. In 2021, the legal organization also filed a complaint with the Education Department against Cedar Grove School District in New Jersey that alleged the school district had violated the law.

America First Legal senior adviser Ian Prior said the group will "vigorously" highlight the results of its investigation and push to maintain and increase protections provided to parents by the PPRA.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

“The Protection of Pupil Rights Amendment is a key tool for parents dealing with school districts who refuse to be transparent and accountable, to parents seeking to exercise their fundamental constitutional rights to guide the upbringing of their children," Prior said in a statement. "As the Biden administration, teachers’ unions, and local school districts continue to shut parents out of key decisions related to their children’s education, it is paramount that the public have visibility into what changes the administration is planning and the reasons behind those proposed changes."

The Washington Examiner has reached out to the Department of Education for comment.

Two top Republican congresswomen from New York are demanding that the Biden administration answer questions about secretly transporting migrants across the US — after dozens of Colombian immigrants recently arrived in the small upstate community of Jamestown.

“We write following reports that your administration is actively settling migrants in Upstate New York communities,” upstate Reps. Claudia Tenney and Elise Stefanik — the number three Republican in the US House of Representatives — wrote in a Wednesday letter obtained by The Post.

New York GOP Congressmen Nick Langworthy, Michael Lawler and Marc Molinaro also signed the message.

The lawmakers cited a shocking Post report that over 30 migrants have been living in the city of Jamestown, located in rural Chautauqua County, since late last year.

Most of the migrants traveled to Jamestown on their own after learning about the safety of the city from fellow border-crossers in El Paso, Texas, several had previously told The Post.

But leaders of the city — which only has a reported population of 28,393 people — are worried that the influx of immigrants will quickly overwhelm Jamestown’s local services and infrastructure, especially because neither the migrants nor the city has received additional state or federal aid.

“[W]e wish to express our outrage at the secrecy with which your administration has and continues to carry out these national relocation operations,” the lawmakers wrote. “This unprecedented influx of migrants into the United States is an obvious sign of your administration’s failed policies at the Southern Border.”

Tenney and Stefanik submitted a list of six demands:

• The number of illegal migrants who were apprehended at the southern border and relocated to New York by the government since January 2021.
• A full list of which New York counties and municipalities the migrants were sent to and which areas can expect migrants to be sent there in the future.
• Documentation proving executive branch agencies notified those counties, municipalities and local law enforcement that migrants would be coming, or an explanation of why the government chose not to do so.
• Information on how the White House is monitoring the status and locations of the migrants it’s relocated since January 2021.
• The whereabouts of every migrant who has been relocated by the government to New York state since January 2021.
• A promise that the Biden administration will commit to notifying Tenney and Stefanik’s offices and local officials whenever illegal migrants are relocated to the state.

The pols requested a response from the White House by the end of the month and threatened to take action against the administration if it failed to do so, “including but not limited to withholding additional federal funding.”

“Rather than shifting the burden to the small communities we represent, that are not equipped to handle the influx, the answer is to secure the border,” they said.

“Already, your current policies have created a humanitarian and national security catastrophe which undermines the rule of law and empowers human traffickers and criminal gangs.”

The White House did not return an immediate request for comment.

The missive comes almost exactly one year after Stefanik submitted a letter to Biden demanding that he stop sending migrants to New York.

The crisis has only accelerated in the past year, especially in New York City.

At least 41,000 migrants have arrived in the Big Apple from the southern border since the spring, according to City Hall.

Mayor Eric Adams has said that housing and providing services to incoming migrants may cost the Big Apple as much as $2 billion as the city planned to open a sixth emergency shelter in Midtown for migrants.