Author Archive
Cybersecurity
The plan to secure open source software
The open source community outlined key initiatives that can immediately address goals for hardening the software supply chain.
Cybersecurity
Managed service contracts deserve extra cyber scrutiny, intel agencies advise
A joint advisory from CISA, domestic partners and counterpart agencies in the Five Eyes intelligence alliance warns of a heightened threat to managed service providers and their customers.
Cloud & Infrastructure
NIST is building a 5G network to model cybersecurity for operators
NIST's draft publication is designed to clarify how cloud security capabilities can help protect a 5G network.
Cybersecurity
CISA points to water sector in seeking $80 million more for FEMA grants
CISA and FEMA are currently rolling out the first of $1 billion in Rescue Act funding to help target-rich, resource-poor state and local entities improve their cybersecurity.
Cybersecurity
Malware enables less skilled adversaries to attack industrial control systems
The sophisticated malware features a modular design that would make it more accessible to less skilled adversaries targeting operational technology in power plants and water treatment facilities, specialists say.
Emerging Tech
The push toward climate-friendly grid security and resilience
The Department of Energy is funding research to make a greener energy grid less vulnerable to cyberattack.
Cloud & Infrastructure
CISA seeks comments on securing cloud business applications
A new program aims to develop consistent, effective, modern and manageable security configurations that will help secure information assets stored within cloud environments.
Cybersecurity
CISA details cyber incident reporting for infrastructure operators
CISA wants critical infrastructure partners to report information on repeated attempts to gain unauthorized access to systems, malicious code and ransomware.
Cybersecurity
Hackers build tool to penetrate industrial control systems, feds warn
Enabling full system access to operational technologies, the tool is intuitive enough for less sophisticated threat actors to target power plants and water treatment facilities.
Cybersecurity
Google survey suggests government workers dissatisfied with legacy software, concerned over cyberattacks
A Google survey of federal, state or local government employees revealed a heavy reliance on Microsoft products and expectations of cyberattacks.
Cybersecurity
White House warns of potential Russian cyberattack based on new intel
Distressed by the continued lack of cybersecurity basics implemented in critical infrastructure sectors, the White House issued “a call to action.”
Cybersecurity
Financial regulator says use of crypto helps—not hurts—ransomware investigations
While cryptocurrency is preferred by ransomware perpetrators because of its perceived anonymity, it has significant visibility and investigative benefits over opaque banking, a FinCEN official told a Senate committee.
Cybersecurity
CISA warns of ransomware gang, issues indicators of compromise
Processes spurred by the Ragnar Locker Ransomware have affected at least 52 critical infrastructure organizations since January, but will terminate if it encounters systems in certain Russian and near-Russian locations.
Cybersecurity
Insurance policies may tighten amid U.S.-Russia tensions, cyber pros warn
What a recent court decision means for insurers’ attempts to avoid payouts associated with “acts of war” and breaches where nation-state actors may have played a role.
Cybersecurity
Layered defenses, segmented networks key in shoring up infrastructure, NSA says
A new report from the NSA details why layered defenses are especially important in environments incorporating industrial control systems, which have been targeted in Russian state-sponsored operations.
Cybersecurity
NIST refreshing voluntary Cybersecurity Framework amid push for mandates
The agency is soliciting comments to update a core document that lets entities pick and choose which technical standards they want to apply to their systems based on their own risk assessment.
Cybersecurity
FBI: Ransomware attackers have code to halt critical infrastructure
Monitoring remote access technology will be especially important for limiting the reach of malicious actors, allied cybersecurity agencies said in a report on trends they’ve observed over the last year in a booming ransomware industry.
Cybersecurity
NIST suggests agencies accept the word of software producers per executive order
The standards agency said an attestation from vendors themselves would be sufficient when screening for cybersecurity, unless an agency's risk calculus suggests otherwise.
Cybersecurity
EPA leading White House effort to secure the water sector against cyberattacks
This is the third in a series of 100-day sprints to shore up industrial control systems used in critical infrastructure.
Cybersecurity