Just as organizations require a show of security and compliance due diligence for their enterprise applications, so should they be doing for their IoT devices. They should also be putting this same pressure on their suppliers.
The National Security Agency (NSA) released the Cybersecurity Advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology.” The CSA details how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. Information technology (IT) exploitation can serve as a pivot point for OT exploitation, so carefully evaluating the risk of connectivity between IT and OT systems is necessary to ensure unique cybersecurity requirements are met.
U.S. President Biden has signed a new executive order imposing new sanctions on Russia for actions by "its government and intelligence services against the U.S. sovereignty and interests." The administration formally named Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures.
NSA released the first video of its new Cybersecurity Collaboration Center speaker series. In these talks, NSA experts will share insights, lessons, and contributions of their cybersecurity work. The Center works with government and industry partners to protect U.S. National Security Systems, the Department of Defense (DoD) and the Defense Industrial Base (DIB).
The final rules requiring remote identification of drones and allowing some flights over people, over moving vehicles and at night under certain conditions will go into effect on April 21, 2021, the Federal Aviation Administration (FAA) announced.
The National Security Agency announced a new GenCyber Call for Proposals for 2022 GenCyber summer camps. The new Call for Proposals for GenCyber goes out to institutions interested in hosting a 2022 summer camp and to provide young students with the skills they need to better prepare for a career in the fast-changing field of cybersecurity.
Researchers from the Counter Threat Unit (CTU) at Secureworks have discovered a possible link to China while examining how SolarWinds servers were used to deploy malware. According to Secureworks' new report, the authentication bypass vulnerability in SolarWinds Orion API, tracked as CVE-2020-10148, that can lead to remote execution of API commands, has been actively exploited by Spiral. When vulnerable servers are detected and exploited, a script capable of writing the SUPERNOVA web shell to disk is deployed using a PowerShell command.
The National Basketball Association (NBA) announced that Leon Newsome, the Deputy Director of the U.S. Secret Service, has been named Senior Vice President, Chief Security Officer. Newsome will oversee all aspects of security operations for the NBA, WNBA, NBA G League, NBA 2K League and soon-to-launch Basketball Africa League as well as the NBA’s 15 offices worldwide. He will join the NBA on March 15 and report to President, Administration Bob Criqui.
In order to combat cybersecurity threats, the Biden administration and state governors across the country should immediately work to foster deeper relationships with the private sector. Tech and government certainly don’t always get along, but the threats we face now require a national effort that would rival the Space Race of the 1960s. This can be done through state and federal governments offering financial incentives to businesses that prioritize the development and integration of cybersecurity measures, amplified communication from the government concerning the importance of cybersecurity, as well as the potential bolstering of compliance standards to minimize threats and the negative impact of breaches.
The National Security Agency (NSA) published a cybersecurity guidance, “Embracing a Zero Trust Security Model.” This guidance shows how deploying Zero Trust security principles can better position cybersecurity professionals to secure enterprise networks and sensitive data.
