The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) published the Resilient Positioning, Navigation, and Timing (PNT) Conformance Framework today. PNT services, such as the Global Positioning System (GPS), is a national critical function that enables many applications within the critical infrastructure sectors. This framework will inform the design and adoption of resilient PNT systems and help critical infrastructure become more resilient to PNT disruptions, such as GPS jamming and spoofing.
COVID-19 has accelerated a variety of global trends. Some of these are perhaps ultimately good, for example moves towards more investment in AI and automation, or a growing focus on taking this opportunity to making lasting changes to benefit the environment. Many others are, however, quite concerning. Continued threats to the global order, the likelihood of states testing the resolve of the new U.S. administration, and increasingly polarized populations are all factors that will dominate 2021.
As organizations bring their employees back to the workplace, many are looking to leverage location technology as a means to increase safety. Return-to-work solutions ranging from digital contact tracing and social distancing monitoring to sanitation alerts and occupancy analytics are being explored and embraced in varying degrees around the world. However, it’s imperative that any technology deployed works a double shift to also provide value in the post-pandemic times. The same location technology infrastructure used to address infection prevention and mitigation can be used to complement and enhance traditional security efforts.
As we have done in previous years, the Security magazine team compiled our favorite articles from this year. As we head into 2021, we hope you take a moment to review some of 2020’s top articles about lessons learned, thought leadership, security challenges and good practices.
The rise of high-profile data breaches and the implementation of data privacy laws have raised awareness that businesses and institutions rely on consumer information. While there is no single, comprehensive U.S. federal data privacy law, there are enough industry-specific compliance regulations in force in addition to HIPAA, the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Children's Online Privacy Protection Act, and a growing number of state privacy laws, that every organization needs to step up and recognize how subject rights requests fit into its data protection and cybersecurity policies.
FEMA and the U.S. Department of Labor (DOL) signed a Memorandum of Understanding (MOU) creating the Job Corps Emergency Management Advance Training Program (EMATP) recently. This program consists of approximately 12 weeks of advanced emergency management training for Job Corps students to become mission-ready emergency management specialists. The MOU establishes a framework for emergency management capacity building between the two agencies.
The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime.
As companies think about how to navigate this new landscape of privacy laws and cybersecurity threats, here are a few major trends and predictions to consider:
CISA has updated AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations, originally released December 17. This update states that CISA has evidence of, and is currently investigating, initial access vectors in addition to those attributed to the SolarWinds Orion supply chain compromise. This update also provides new mitigation guidance and revises the indicators of compromise table; it also includes a downloadable STIX file of the IOCs.
Meet Issak Davidovich, Vice President of Research and Development at C2A Security. According to Davidovich, the implementation of driver assistance technologies and cybersecurity goes hand-in-hand, and the auto industry is taking its first steps on creating in-vehicle security standards. Here, we talk to him about what this means for automotive cybersecurity.
RSS
