Mar 04 2022

What Security Engineers Hate About SIEM

Category: cyber security,Security Operations Center,Security Tools,Threat detectionDISC @ 4:09 pm
What Security Engineers Hate About SIEM

SIEM Satisfaction is Mediocre

When CISOs, CIOs, CTOs, security engineers, security analysts and security architects were asked to rank the primary capabilities of a traditional SIEM according to how satisfied they were with those capabilities, an interesting picture emerged. The survey results indicated that every primary capability of traditional SIEM solutions, at best, only somewhat met the majority of users’ needs. Some capabilities were irrelevant to many users. This tepid level of satisfaction is what drove many security teams to undertake the effort to build their own security monitoring tools. 

Data Coverage and Data Use

Less than 25% of the respondents believed that their SIEM covered more than 75% of their security-relevant data. Nearly 17% responded that their existing platform covered less than a quarter of their data.

Furthermore, when asked if they believed their current SIEM platform were capable of handling the volume of security data their organization will generate in the future, a third of the respondents said they expected their existing platform to keep falling behind. 

These results underscore the risks security teams (and their organizations) are forced to tolerate due to the cost and overhead required to bring high volumes of security-relevant data into traditional SIEM platforms. Without full visibility into all necessary data, security teams will undoubtedly have blind spots that impede their ability to protect their organizations.

OK, so what can they do instead? Well, a cloud-native architecture capable of ingesting, normalizing and analyzing terabytes of data per day cost-effectively is necessary to keep up.

Moving From Static to Dynamic

Security professionals are well aware of the static nature of traditional SIEM platforms. Many believe they pay too much for the capabilities provided and are concerned about what the future holds. 

SIEMs were designed over ten years ago when the world was a very different place. The technology hasn’t evolved its approach to keep up with the needs of cloud-scale environments. Adequate security today depends on full visibility into security-relevant data, structured, scalable data lakes, cloud-native workflows and fast detection and response times. Security teams need a modern approach to security monitoring built for the cloud-first world.

Security Information and Event Management (SIEM) Implementation 

Tags: SIEM

Feb 28 2022

Cyber security for construction businesses

Category: cyber securityDISC @ 10:54 am

Cyber-security-for-Construction-Business-1Download

Building an Effective Cybersecurity Program

Tags: Building an Effective Cybersecurity Program, Cyber security for construction businesses

Feb 08 2022

3 key elements of a strong cybersecurity program

Category: cyber security,Information Security,Security programDISC @ 10:04 am
3 key elements of a strong cybersecurity program

The world relies on technology. So, a strong cybersecurity program is more important than ever. The challenge of achieving good cyber hygiene can be especially acute for small- and medium-sized businesses. This is particularly true for those with fully remote or hybrid work environments. Add to the mix limited resources and limited talent focused on cybersecurity, and the challenges can seem overwhelming.

Considering this, we’ve simplified things down to three key elements of a strong cybersecurity program. You need to know how to assess, remediate, and implement security best practices at scale. In more detail, this means:

  • Assessing your organization’s current cybersecurity program and its prioritization
  • Remediating endpoints at scale, bringing them into compliance with security best practices
  • Implementing cybersecurity policies and monitoring them to stay in compliance

1. Assess your organization’s current cybersecurity program

Taking the first step toward better cyber hygiene means understanding where your organization stands today. Conduct an honest assessment of your strengths and weaknesses in order to prioritize where to focus your efforts for your cybersecurity program. The challenge here is finding the right bar to measure yourself against. There are several frameworks that will do the job. Thus, it can be daunting to figure out which one is the right fit, especially if this is the first time you’re doing an assessment. Starting with the CIS Controls and CIS Benchmarks can help take the guesswork out of your assessment and provide peace of mind that you’re covering all of your bases.

Here’s what makes these two sets of best practices especially useful:

  • They tell you the “what” and the “how”: Many frameworks tell you what you should do, but not how to do it. CIS best practices give you both.
  • They are comprehensive and consensus-based: CIS best practices are developed in collaboration with a global community of cybersecurity experts. They’re also data-driven as explained in the CIS Community Defense Model.
  • They are mapped to other industry regulatory frameworks: CIS best practices have been mapped or referenced by several other industry regulatory requirements, including: NIST, FINRA, PCI DSS, FedRAMP, DISA STIGs, and many others. This means you can get the proverbial “two birds with one stone” by assessing against CIS best practices.

The CIS Controls are a prioritized and prescriptive set of safeguards that mitigate the most common cyber-attacks against systems and networks. The CIS Benchmarks are more than 100 configuration guidelines across 25+ vendor product families to safeguard systems against today’s evolving cyber threats. Both are available as free PDF downloads to help you get started.

2. Remediate endpoints at scale with CIS Build Kits

One of the challenges in applying any best practice framework is dedicating the time and resources to do the work. Luckily, CIS offers tools and resources to help automate and track the assessment process. The CIS Controls Self Assessment Tool (CIS CSAT) helps organizations assess the implementation of the CIS Controls. Additionally, the CIS Configuration Assessment Tool (CIS-CAT Pro Assessor) scans target systems for conformance to the CIS Benchmarks. CIS-CAT Pro Assessor allows you to move more quickly toward analyzing results and setting a strategy to remediate your gaps.

CIS resources and tools are designed to help you move toward compliance with best practices by remediating the gaps. Once you understand where your gaps are and how to fix them, you can use CIS Build Kits to achieve compliance at scale. CIS Build Kits are automated, efficient, repeatable, and scalable resources for rapid implementation of CIS Benchmark recommendations. You can apply them via the group policy management console in Windows, or through a shell script in Linux (Unix,*nix) environments.

Interested in trying out a Build Kit? CIS offers sample Build Kits that contain a subset of the recommendations within the CIS Benchmark. They provide you a snapshot of what to expect with the full CIS Build Kit.

3. Implement cybersecurity policies and monitor for compliance

Lastly, creating strong policies and monitoring conformance helps ensure that an organization is working toward a more robust cybersecurity program. Regularly monitoring conformance over time is critical. It helps you avoid configuration drift, and helps identify any new issues quickly. CIS tools can help monitor conformance and identify gaps.

CIS-CAT Pro Dashboard provides an easy-to-use graphical user interface for viewing CIS Benchmark conformance assessment results over time. Similarly, CIS CSAT Pro enables an organization to monitor implementation of the CIS Controls over time.

A strong cybersecurity program with CIS SecureSuite Membership

Any organization can start improving its cyber hygiene by downloading CIS’s free best practices, like the PDF versions of the CIS Benchmarks. But it’s important to know that you don’t have to go it alone. A cost-effective CIS SecureSuite Membership can be both a solution to your immediate security needs, as well as a long-term resource to help optimize your organization’s cybersecurity program.

You’ll get access to:

  • CIS-CAT Pro Assessor and Dashboard
  • CIS CSAT Pro
  • CIS Build Kits
  • CIS Benchmarks in various formats (Microsoft Word, Microsoft Excel, XCCDF, OVAL, XML) and more

Get the most out of CIS best practices for your cybersecurity program by signing up for a cost-effective CIS SecureSuite Membership.

Learn more about CIS SecureSuite

Building an Effective Cybersecurity Program

Information Security Governance: Framework and Toolset for CISOs and Decision Makers

Tags: strong cybersecurity program

Feb 07 2022

Critical Infrastructure Attacks Spur Cybersecurity Investment

Category: cyber security,Cyber Strategy,OT/ICS,Selling cyber securityDISC @ 12:40 pm
Critical Infrastructure Attacks Spur Cybersecurity Investment

The attacks on critical industrial systems such as Colonial Pipeline last year pushed industrial cybersecurity to center stage. And with the threat of war between Russia and Ukraine, experts warned nations that a global flare-up of cybersecurity attacks on critical infrastructure could be looming. In late January, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) put critical infrastructure organizations on notice: Take “urgent, near-term steps” to mitigate the risk of digital attacks. The alert cited tension in eastern Europe as the catalyst for possible attacks against U.S. digital assets.

Critical Infrastructure Under Attack

Unfortunately, critical systems have long been under significant attack. In fact, an overwhelming 80% of critical infrastructure organizations experienced ransomware attacks last year, according to a survey released today by PollFish on behalf of cyber-physical systems security provider Claroty. The survey, completed in September 2021, gathered responses from full-time information technology and operational technology (OT) security professionals in the United States (500 professionals), Europe (300) and Asia-Pacific (300). The industries surveyed include IT hardware, oil and gas (including pipelines), consumer products, electric energy, pharmaceutical/life sciences/medical devices, transportation, agriculture/food and beverage, heavy industry, water and waste and automotive.

Globally, 80% of respondents reported experiencing an attack and 47% of respondents said the attack impacted their operational technology and industrial control systems environment. A full 90% of respondents that reported their attacks to authorities or shareholders said the impact of those attacks was substantial in 49% of cases.

Attacking Digital Transformation

Cybersecurity Investments

Effectiveness of National Cyber Policy to Strengthen the Security and Resilience of Critical Infrastructure Against Cyber Attacks

Tags: Critical Infrastructure Attacks

Feb 02 2022

10 Steps to Cyber Security

Category: Cyber resilience,cyber securityDISC @ 4:34 pm

10-Steps-to-Cyber-Security-2-1Download

8 Steps to Better Security: A Simple Cyber Resilience Guide for Business

Harden your business against internal and external cybersecurity threats with a single accessible resource. 

In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, cybersecurity researcher and writer Kim Crawley delivers a grounded and practical roadmap to cyber resilience in any organization. Offering you the lessons she learned while working for major tech companies like Sophos, AT&T, BlackBerry Cylance, Tripwire, and Venafi, Crawley condenses the essence of business cybersecurity into eight steps.  

Tags: Cyber Resilience, Steps to Cyber Security

Jan 13 2022

14 CYBER SECURITY PREDICTIONS FOR 2022 AND BEYOND

Category: cyber security,Information SecurityDISC @ 10:46 am

14 Cyber Security Predictions For 2022 – by Mandiant

14-CYBER-SECURITY-PREDICTIONS-1Download

Blackout Warfare: Attacking The U.S. Electric Power Grid A Revolution In Military Affairs

Tags: Blackout Warfare, CYBER SECURITY PREDICTIONS

Jan 10 2022

Cyber Security in mergers and acquisitions

Category: cyber securityDISC @ 1:34 pm
Cyber Security in Mergers and Acquisitions

Guide to Cybersecurity Due Diligence in M&A Transactions

Tags: Cyber Security mergers and acquisitions, Guide to Cybersecurity Due Diligence in M&A Transactions

Dec 29 2021

10 Steps to Cyber Security

Category: cyber securityDISC @ 3:57 pm

10-Steps-to-Cyber-Security-1Download

Cybersecurity Program Development for Business: The Essential Planning Guide

Cybersecurity Program Development for Business: The Essential Planning Guide

Dec 28 2021

Cyber security small business guide

Category: cyber securityDISC @ 10:18 am

Cyber-Security-Small-Business-Guide-by-NCSC-1Download

Cybersecurity Program Development for Business: The Essential Planning Guide

Cybersecurity Program Development for Business: The Essential Planning Guide

Tags: cyber security guide, Cybersecurity Program Development for Business

Nov 21 2021

How can a business ensure the security of their supply chain?

Category: cyber securityDISC @ 3:50 pm
How can a business ensure the security of their supply chain?

10 best practices to evaluate a supplier’s risk

While there are no guarantees that a business can detect a supply chain attack before it happens, there are 10 best practices that a business can consider to help mitigate risk and validate the security of its supply chain.

1. Evaluate the impact each supplier can have on your business if the supplier’s IT infrastructure is compromised. While a full-risk assessment is preferred, smaller organizations might not have the resources to conduct one. At a minimum, however, they should analyze the worst-case scenarios and ask questions such as:

  • How would a ransomware attack on this supplier’s systems impact my business?
  • How would my business be affected if the supplier’s source code was compromised by a Trojan virus?
  • If the supplier’s databases are compromised and data is stolen, how would that impact my business?

2. Evaluate internal IT resources and competencies for each supplier. Do they have a dedicated cybersecurity team led by a security manager or a CISO? It is important to identify the supplier’s security leadership because that is who can answer your questions. If the team is non-existent or poorly staffed with no real leadership, you may want to reconsider engaging with this supplier.

3. Meet with the supplier’s security manager or CISO to discover how they protect their systems and data. This can be a short meeting, phone call, or even an email conversation, depending on the risks identified in step 1.

4. Request evidence to verify what the supplier is claiming. Penetration reports are a useful way to do this. Be sure the scope of the test is appropriate and, whenever possible, request a report on two consecutive tests to verify that the supplier is acting on its findings.

5. If your supplier is a software provider, ask for an independent source code review. In some cases, the supplier may require an NDA to share the full report or may choose not to share it. When this happens, ask for an executive summary.

6. If your supplier is a cloud provider, you can scan the supplier’s networks, perform a Shodan search, or ask the supplier for a report of their own scans. If you plan to scan yourself, obtain a permit from the supplier and ask them to segregate customer addresses from their own so you are not scanning something irrelevant.

7. If the supplier is a software or cloud provider, find out if the supplier is running a bug bounty reward program. These programs help an organization find and fix vulnerabilities before attackers have a chance to exploit them.

8. Ask your suppliers how they are prioritizing their risks. For example, the Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities and assign severity scores so the supplier can prioritize risk responses.

9. Request the supplier’s patching reports. The fact that they have a report demonstrates their commitment to security and managing vulnerabilities. If possible, try to get a report that is produced by an independent entity.

10. Steps 1 through 9 should be repeated annually, depending on the risk to and impact on your business. For a low-impact supplier, this may be performed less often. For a supplier that is mission-critical to the business’s success and is high risk, the business may want to develop a permanent evaluation process. However, large SaaS and IaaS providers may not be willing to participate in ongoing evaluations.

How can a business ensure the security of their supply chain?

Cyber Security and Supply Chain Management

Tags: Supply Chain at Risk, supply chain security

Nov 18 2021

How Virtualization Helps Secure Connected Cars

Category: Cyber Communication,cyber security,data security,Hardware Security,VirtualizationDISC @ 11:11 pm
How Virtualization Helps Secure Connected Cars

Connected cars create opportunities to deliver enhanced customer experiences. At the same time, they also have the potential to provide high cost and revenue benefits. This is true for connected car companies, OEMs, suppliers and insurers (and much, much more).

However, car companies haven’t really explored the opportunities to monetize customer data adequately. We can probably attribute this to cybersecurity threats and a mad rush to market. But as the industry evolves and accelerates adoption, we must address these concerns now.

According to Allied Market Research, experts forecast the worldwide connected car market to be worth $225.16 billion by 2027. As we strive to achieve continuous connectivity, what’s the best approach to secure it? How do we keep drivers and their data safe from threat actors?

Before we dive into the solution, let’s look at some of the connected car challenges.

What Are the Threats to Connected Car Security?

#CarSecurity #Car Hacking

Tags: #CarSecurity #Car Hacking, Secure Connected Cars

Nov 08 2021

Pakistan government approves new cybersecurity policy, cybercrime agency

Category: cyber security,Information SecurityDISC @ 9:38 am

The Pakistan Ministry of Information Technology has announced that a new cybersecurity policy and accompanying cybersecurity agency has been approved for the South Asian nation.

The new policy aims to support both public and private institutions, including national information systems and critical infrastructure, replacing a system whereby government institutions have separate security operations.

It comes at a delicate time for Pakistan, which recently accused India of using the Israeli spyware Pegasus to spy on Prime Minister Imran Khan – and designates cyber-attacks on any Pakistani institution as an attack on national sovereignty.

“The IT ministry and all relevant public and private institutions will be provided all possible assistance and support to ensure that their data, services, ICT products and systems are in line with the requirements of cybersecurity,” said IT minister Syed Aminul Haq, as quoted in local press.

Tags: cybercrime agency, pakistan

Nov 01 2021

Cybersecurity can drive business transformation instead of holding it back

Category: cyber securityDISC @ 9:15 am
Cybersecurity can drive business transformation instead of holding it back

A security strategy that doesn’t offer the flexibility for innovation undermines the key competitive driver in a modern environment. So how do organizations bake trust into their security posture to provide the confidence to innovate and grow?

To achieve a balance between trust and innovation, businesses must rethink their approach by weaving security into every part of their digital fabric. Instead of creating a steel fortress around their digital ecosystem, they must have the flexibility to respond to market opportunities, confident that they can intercept and respond to risks in real-time.

Complexity undermines security ROI

The security market has never garnered more interest, with Gartner estimating spending on cybersecurity to exceed $150 billion by the end of 2021. However, according to a recent IBM study, despite more significant enterprise investment, enterprise security effectiveness has declined by 13%.

Businesses often fail to consider that their increased investment in security technology often creates toolset sprawl, which introduces complexity that degrades their ability to detect and manage threat vectors.

More layers of security seem, in theory, like a good thing – in fact, the average enterprise deploys over 45 unique pieces of security-related technology across its networks. Yet, according to IBM, organizations that deploy over 50 tools are 8% less effective in detecting threats than companies employing fewer toolsets or one provider managing the entire ecosystem.

Security talent is challenging to hire and retain

Cybersecurity: The Insights You Need from Harvard Business Review

Tags: business transformation, cybersecurity business enabler

Oct 28 2021

The first step to being cybersmart: Just start somewhere

Category: cyber securityDISC @ 8:57 am
The first step to being cybersmart: Just start somewhere

When company leaders and IT staff begin looking at their options around improving their security and discover hundreds of possible solutions, they can become overwhelmed. However, the best thing they can do is just start somewhere. IT and security specialists can get started by simply identifying the most critical risk areas in their business. Once they’ve taken that crucial first step, they can build the next steps around that risk assessment.

Cybersecurity is an ongoing strategic project. The initial goal shouldn’t be perfection. Instead, the goal can simply be to be better than yesterday.

Just start with a risk assessment

IT and security specialists can begin by pinpointing their organizations’ most critical risk areas and then taking the steps to secure them. IT specialists should conduct a full data and asset inventory and assess where the greatest risk lies.

There are two areas that IT specialists should examine:

Tags: cybersmart

Oct 06 2021

Arizona governor announces the launch of Command Center to protect state computer systems

Category: cyber securityDISC @ 9:52 am
Arizona governor announces the launch of Command Center to protect state computer systems

The governor of Arizona, Doug Ducey, has announced the launch of a Cyber Command Center to address the thousands of attacks that daily target government computers.

The governor of Arizona, Doug Ducey, has launched a Cyber Command Center to repel the huge amount of attacks that every day hit the computer systems of the state.

The move is the response of the Arizona administration to hundreds of thousands of cyberattacks that hit the state.

At a ceremony Monday at the Department of Public Safety’s Arizona Counter Terrorism Information Center in Phoenix, Ducey explained that Cyber Command Center has been established to protect the IT infrastructure of the state.

“The Cyber Command Center brings four state public safety agencies together in one room with one mission: Guard the state’s computers against attacks and by extension, help protect the over 7 million residents of the Grand Canyon State.” reads a post published by AZCentral.

“When we protect your data, we protect you at home as well,” Arizona Department of Homeland Security Director Tim Roemer said in an interview. “We help you not fall victim to identity theft, for example. Because once your data is compromised, they use that to open up accounts.”

In the case of a severe cyber attack, experts at the center will coordinate the incident response activities.

Tags: Command Center to protect state computer systems

Sep 03 2021

New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Category: cyber security,Information Security,Laptop Security,Wi-Fi Security,Windows SecurityDISC @ 9:35 am
New BrakTooth flaws potentially impact millions of Bluetooth-enabled devices

Security flaws in commercial Bluetooth stacks dubbed BrakTooth can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks.

A set of 16 security flaws in commercial Bluetooth stacks, collectively tracked as BrakTooth, can be exploited by threat actors to execute arbitrary code and crash the devices via DoS attacks.

The issues were discovered by the ASSET (Automated Systems SEcuriTy) Research Group from the Singapore University of Technology and Design (SUTD), their name comes from the Norwegian word “Brak” which translates to ‘crash’.

The BrakTooth flaws impact 13 Bluetooth chipsets from 11 vendors, including Intel, Qualcomm, and Texas Instruments, experts estimated that more than 1,400 commercial products may be impacted.

As of today, the researchers discovered 16 security vulnerabilities, with 20 common vulnerability exposures (CVEs) already assigned and four vulnerabilities are pending CVE assignment from Intel and Qualcomm.

“we disclose BrakTooth, a family of new security vulnerabilities in commercial BT stacks that range from denial of service (DoS) via firmware crashes and deadlocks in commodity hardware to arbitrary code execution (ACE) in certain IoTs.” reads the post published by the researchers. “All the vulnerabilities are already reported to the respective vendors, with several vulnerabilities already patched and the rest being in the process of replication and patching. Moreover, four of the BrakTooth vulnerabilities have received bug bounty from Espressif System and Xiaomi. â€œ

The attack scenario tested by the experts only requires a cheap ESP32 development kit (ESP-WROVER-KIT) with a custom (non-compliant) LMP firmware and a PC to run the PoC tool they developed. The tool communicates with the ESP32 board via serial port (/dev/ttyUSB1) and launches the attacks targeting the BDAddress (<target bdaddr>) using the specific exploit (<exploit_name>).

The ASSET group has released the PoC tool to allow vendors to test their devices against the vulnerabilities

braktooth

Guide to Bluetooth Security: Recommendations of the National Institute of Standards and Technology (Special Publication 800-121 Revision 1)

Tags: Bluetooth security

Sep 02 2021

DoJ Launches Cybersecurity Fellowship Program as Threats Rise

Category: cyber security,Cyber StrategyDISC @ 9:35 am
DoJ Launches Cybersecurity Fellowship Program as Threats Rise

The U.S. Department of Justice (DoJ) announced the creation of a cybersecurity fellowship program that will train prosecutors and attorneys to handle emerging national cybersecurity threats.

Fellows in the three-year Cyber Fellowship program will investigate and prosecute state-sponsored cybersecurity threats, transnational criminal groups, infrastructure and ransomware attacks and the use of cryptocurrency and money laundering to finance and profit from cybercrimes.

Cyber Fellowship Program

The program will train selected attorneys to deal with emerging cybercriminal threats and the ability to secure a top-secret security clearance is a prerequisite. All participants will be based in the Washington, D.C. area.

As part of the fellowship, participants will rotate through the multiple departments charged with protecting the country from cybersecurity threats, including the Criminal Division, the National Security Division and the U.S. Attorneys’ Offices.

The program is coordinated through the Criminal Division’s Computer Crime and Intellectual Property Section and the creation of the Fellowship is the result of a recommendation from the department’s ongoing comprehensive cybersecurity review, which was ordered by Deputy Attorney General Lisa Monaco in May 2021.

fellowship web app election security government

Enhancing Efforts Against Cybersecurity Threats

Tags: Cybersecurity Fellowship Program

Aug 26 2021

Samsung can remotely disable their TVs worldwide using TV Block

Category: cyber security,Cyber Spy,Cyber ThreatsDISC @ 1:39 pm
Samsung can remotely disable their TVs worldwide using TV Block

Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide.

This was revealed by the South Korean multinational in a press release issued earlier this month in response to the July South African riots that led to large-scale looting, which also impacted Samsung warehouses and stores.

“TV Block is a remote, security solution that detects if Samsung TV units have been unduly activated, and ensures that the television sets can only be used by the rightful owners with a valid proof of purchase,” Samsung said.

“The aim of the technology is to mitigate against the creation of secondary markets linked to the sale of illegal goods, both in South Africa and beyond its borders. This technology is already pre-loaded on all Samsung TV products.”

As Samsung explains, the goal behind remotely disabling stolen TV sets is to limit looting and “third party purchases,” and ensuring that the TVs can only be used by “rightful owners with a valid proof of purchase.”

How TV Block works

Tags: Samsung can remotely disable, Smart TV, Smart TV Security, TV Block

Aug 05 2021

U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats

Category: cyber security,Information SecurityDISC @ 7:23 am

Creation of the Joint Cyber Defense Collaborative follows high-profile cyberattacks on critical U.S. infrastructure

The U.S. government is enlisting the help of tech companies, including Amazon.com Inc., Microsoft Corp. and Google, to bolster the country’s critical infrastructure defenses against cyber threats after a string of high-profile attacks.

The Department of Homeland Security, on Thursday, is formally unveiling the initiative called the Joint Cyber Defense Collaborative. The effort will initially focus on combating ransomware and cyberattacks on cloud-computing providers, said Jen Easterly, director of the DHS’s Cybersecurity and Infrastructure Security Agency. Ultimately, she said, it aims to improve defense planning and information sharing between government and the private sector.

“This will uniquely bring people together in peacetime, so that we can plan for how we’re going to respond in wartime,” she said in an interview. Ms. Easterly was sworn in as CISA’s director last month. She was previously a counterterrorism official in the Obama White House, and the commander of the Army’s first cyber operations unit at the National Security Agency, America’s cyberspy agency.

‘This will uniquely bring people together in peacetime, so that we can plan for how we’re going to respond in wartime.’— Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency

U.S. Taps Amazon, Google, Microsoft, Others to Help Fight Ransomware, Cyber Threats

Department of Homeland Security and Information Sharing: Is It Working? 

Department of Homeland Security and Information Sharing: Is It Working? by [United State Army War College, U.S Army U.S Army]

Tags: Department of Homeland Security, DHS

Aug 02 2021

CISA launches US federal vulnerability disclosure platform

Category: cyber securityDISC @ 8:15 am
CISA launches US federal vulnerability disclosure platform

“Through this crowdsourcing platform, Federal Civilian Executive Branch (FCEB) agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified,” Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, explained.

The VDP platform

Binding Operational Directive 20-01, released in September 2020, mandates that all FCEB agencies must develop and publish a vulnerability disclosure policy.

At the moment, this newly established VDP platform collects eleven vulnerability disclosure programs, published by the:

  • Federal Communications Commission (FCC)
  • Department of Homeland Security (DHS)
  • National Labor Relations Board (NLRB)
  • Federal Retirement Thrift Investment Board (FRTIB)
  • Millennium Challenge Corporation (MCC)
  • Department of Agriculture (USDA)
  • Department of Labor (DOL)
  • Privacy and Civil Liberties Oversight Board (PCLOB)
  • Equal Employment Opportunity Commission (EEOC)
  • Occupational Safety and Health Review Commission (OSHRC)
  • Court Services and Offender Supervision Agency (CSOSA)

This newly established VDP platform is run by BugCrowd, a bug bounty and vulnerability disclosure company, and EnDyna, a government contractor that provides science and technology-based solutions to several US federal agencies.

CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY: Actions Needed to Ensure Organizational Changes Result in More Effective Cybersecurity for Our Nation by [United States Government Accountability Office]

Tags: CISA, Cybersecurity and Infrastructure Security Agency

« Previous PageNext Page »