Because cybersecurity events are complicated, we rely on analogies to understand how they work. Analogies are useful, but certain oversimplifications are perpetuating inaccurate narratives. These inaccuracies misdirect productive discussion and as a result, proposed policy and solutions are being based on faulty assumptions. A faulty premise can only yield flawed results…and cyber national security is not an area in which the United States has margin for error.
The FBI has designated 40 shootings in 2020 as active shooter incidents. The FBI defines an active shooter as one or more individuals actively engaged in killing or attempting to kill people in a populated area.
Secretary of Homeland Security Alejandro N. Mayorkas announced the Department’s largest cybersecurity hiring initiative in its history with the onboarding of nearly 300 cybersecurity professionals and the extension of an additional 500 tentative job offers.
The Biden cybersecurity executive order maps out how the U.S. government will implement cybersecurity requirements and standards – but it is just the beginning. The federal government won’t be the last entity demanding more security transparency from software vendors and this is likely a sign of what’s to come for any organization creating software in any industry.
The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Justice’s Federal Bureau of Investigation (FBI) announced a new pilot program called “Operation Flashpoint” to build awareness in communities across the U.S. about how to prevent bomb attacks.
D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE. The National Security Agency funded MITRE’s research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base.
The International Security Foundation (ISF) announced that Secretary Madeleine Albright is the ISF 10th Anniversary Speaker for the ISF Virtual Reception on Wednesday, November 17, 2021, 5 PM EDT. The global virtual event, hosted by the ISF during OSAC’s virtual Annual Briefing week, celebrates OSAC’s private-public partnership with the OSAC Awards and celebrates the ISF’s 10th anniversary.
Just as organizations require a show of security and compliance due diligence for their enterprise applications, so should they be doing for their IoT devices. They should also be putting this same pressure on their suppliers.
The National Security Agency (NSA) released the Cybersecurity Advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology.” The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.