Category: Agency News

NSA Funds Development, Release of D3FEND

Agency News, Cyber Security CII sector, Industry News
D3FEND, a framework for cybersecurity professionals to tailor defenses against specific cyber threats is now available through MITRE.  NSA funded MITRE’s research for D3FEND to improve the cybersecurity of National Security Systems, the Department of Defense, and the Defense Industrial Base. The D3FEND technical knowledge base of defensive countermeasures for common offensive techniques is complementary to MITRE’s ATT&CK, a knowledge base of cyber adversary behavior.
D3FEND establishes terminology of computer network defensive techniques and illuminates previously-unspecified relationships between defensive and offensive methods. This framework illustrates the complex interplay between computer network architectures, threats, and cyber countermeasures.
MITRE released D3FEND as a complement to its existing ATT&CK framework, a free, globally-accessible knowledge base of cyber adversary tactics and techniques based on real-world observations. Industry and government use ATT&CK as a foundation to develop specific cyber threat models and methodologies.
Complementary to the threat-based ATT&CK model, D3FEND provides a model of ways to counter common offensive techniques, enumerating how defensive techniques impact an actor’s ability to succeed. By framing computer network defender complexity of countermeasure functions and techniques as granularly as ATT&CK frames computer network attacker techniques, D3FEND enables cybersecurity professionals to tailor defenses against specific cyber threats, thereby reducing a system’s potential attack surface. As a result, D3FEND will drive more effective design, deployment, and defense of networked systems writ large.
Frameworks such as ATT&CK and D3FEND provide mission-agnostic tools for industry and government to conduct analyses and communicate findings. Whether categorizing adversary behavior or detailing how defensive capabilities mitigate threats, frameworks provide common descriptions that empower information sharing and operational collaboration for an ever-evolving cyber landscape.
Leave a comment , , ,

WMO Executive Council endorses unified data policy

Agency News, Industry News, Water sector
In a milestone decision, the World Meteorological Organization’s Executive Council has endorsed a unified policy on the international exchange of Earth system data to help its Members meet the explosive growth in demand for weather, climate and water services as the world grapples with the dual challenges of climate change and the increasing frequency of extreme weather events.
The draft data policy resolution, which must be adopted by the full 193-Member World Meteorological Congress extraordinary session scheduled for October 2021, paves the way for a sweeping update of policies on the free and unrestricted exchange of data that have been the bedrock of WMO since it was established more than 70 years ago.
The WMO Unified Policy for the International Exchange of Earth System Data is based on WMO’s strategic integrated Earth system approach to all monitoring and prediction of weather, climate, water and related environmental phenomena, and it will serve as the foundation of a wider push to strengthen the global observing networks and help overcome regional disparities.
“In order to meet the demand for services and forecasts, it is paramount to improve the exchange of weather, climate, water and ocean data. Severe gaps in data and weather observations, especially in Africa and island states, have a major negative impact on the accuracy of early warnings both locally and globally,” said WMO Secretary-General Prof. Petteri Taalas.
“A revision of WMO’s data policy will leverage benefits for the whole of society and will allow our global community to work better together to deliver services that protect life, livelihoods and property,” said Prof. Taalas.
“It is a very, very important step to have such a unified data policy for WMO,” said WMO President Gerhard Adrian. “We have many decisions on data policy, and now we have a united approach where all these parts are collected.”
“This is a great milestone, and a historical moment,” said Michel Jean, President of WMO’s Infrastructure Commission, which had developed the data policy resolution approved.
Numerical Weather Prediction
Delivery of weather and climate services depends on routine international exchange of weather and climate data, 24/7, 365 days per year, often within minutes of real time.
Observations are ingested into numerical prediction models, and the output from these models is used as a basis for weather and climate services. A primary aim with the establishment of WMO in 1951 was to create a coordination mechanism for the acquisition and international exchange of such data.
WMO’s current data policies are laid out in three separate Congress resolutions - Resolution 40 (Congress-XII, 1995, covering weather) and two subsequent resolutions (Resolution 25 (Cg-XIII) and Resolution 60 (Cg-17)) covering water and climate.
The new WMO Unified Data Policy resolution, in comparison, covers seven domains and disciplines - covering all WMO-relevant Earth system data - in a single policy statement, and it thus extends beyond the traditional areas of weather, climate and water data to incorporate also the areas of atmospheric composition, oceans, cryosphere and space weather.
Increasing the volume of observations that are shared internationally for use in global and regional Numerical Weather Prediction (NWP) models will help significantly improve the quality of these data products. The policy will also provide developing countries with better access to these key data products. The resulting improvement in forecasts and other services will be felt everywhere on the globe, but it will be especially pronounced in areas where the current observational data coverage is poor, including in many developing countries.
In addition, the data policy resolution expands from addressing just national meteorological and hydrological services to endorsing relevant data exchange among all partners, including agencies beyond meteorological and hydrological services, the rapidly growing private sector and academia.
Leave a comment ,

GAO Cybersecurity Report and Recommendations for HHS

Agency News, Cyber Security CII sector, Industry News
The Government Accountability Office (GAO) wants HHS to improve cybersecurity efforts by strengthening collaboration within the department and with the broader healthcare sector.
Health care organizations' IT systems are critical to the nation's well-being. Cyberattacks on them could, for example, put patient privacy at risk or disrupt essential telehealth services. (The nation's cybersecurity is on our High Risk List.)
The Department of Health and Human Services coordinates with health care organizations and others to support cybersecurity efforts. Its policies and procedures clearly describe roles and responsibilities, which is good for collaboration.
GAO is making seven recommendations to HHS to improve its collaboration and coordination within the department and the sector:
1. The HHS secretary should have the CIO overseeing the coordination and sharing of cybersecurity information between the Health Sector Cybersecurity Coordination Center and Healthcare Threat Operations Center.
2. The HHS secretary should order the CIO to monitor, evaluate and report on the progress and performance of the HHS Chief Information Security Officer Council, Continuous Monitoring and Risk Scoring Working Group, and Cloud Security Working Group.
3. HHS should direct the assistant secretary for preparedness and response to monitor, evaluate and report on the progress and performance of the Government Coordinating Council's Cybersecurity Working Group and HHS Cybersecurity Working Group.
4. HHS should have the CIO regularly monitor and update written agreements that describe how the HHS Chief Information Security Officer Council, Continuous Monitoring and Risk Scoring Working Group, and Cloud Security Working Group will collaborate and ensure that officials review and approve the updated agreements.
5. HHS should direct the assistant secretary for preparedness and response to ensure that authorizing officials review and approve the charter describing how the HHS Cybersecurity Working Group will manage collaboration.
6. HHS should have the assistant secretary for preparedness and response do the following: finalize written agreements that include a description of how the Government Coordinating Council's Cybersecurity Working Group will work together; identify the working group's roles and responsibilities; monitor and update the written agreements on a regular basis; and ensure that authorizing officials leading the working group approve the final agreements.
7. HHS should tell the assistant secretary for preparedness and response to update the charter for the Joint Healthcare and Public Health Cybersecurity Working Group for the current fiscal year and ensure that authorizing officials overseeing the group review and approve the updated charter.
Leave a comment , , ,

AIAA and the Space Information Sharing and Analysis Center (Space ISAC) Enter Cooperative Agreement

Agency News, Cyber Security CII sector, Industry News, Space Sector
The American Institute of Aeronautics and Astronautics (AIAA) and the Space Information Sharing and Analysis Center (Space ISAC) have entered into a Memorandum of Agreement (MOU) enabling the two organizations to collaborate on aerospace and space cybersecurity endeavors. The two organizations will cooperate to build the knowledge foundations of space cybersecurity. The Space ISAC brings cybersecurity situational awareness and operational excellence and AIAA offers its long history of convening and promoting aerospace expertise, knowledge, and leadership.
“AIAA is committed to bringing cyber protection to the heart of the aerospace industry. It is becoming more and more essential to address cybersecurity on an ongoing basis in the mainstream of our core processes – from the design and development of new space systems, to manufacturing and production, to operations,” said Dan Dumbacher, executive director of AIAA. “We look forward to our continued work with the Space ISAC, to use its frontline role in the cyber defense of aerospace to foster open dialogue and cooperation around this topic.”
The Space ISAC facilitates collaboration across the global space industry to prepare for and respond to vulnerabilities, incidents, and threats; to disseminate timely and actionable information among member entities; and to serve as the primary communications channel for the sector with respect to this information. Space ISAC is the only all-threats security information source for the public and private space sector. It will be the most comprehensive, single point source for data, facts and analysis on space security and threats to space assets. Space ISAC will also provide analysis and resources to support response, mitigation, and resilience initiatives.
Erin Miller, Space ISAC Executive Director, commented, “Space ISAC and AIAA coming together in partnership is a wonderful complement. Our initial collaboration efforts began in 2020 on the first ever ISAC-led tabletop exercise for the space sector. We are formalizing our partnership now and anticipate the impact will be seen through efforts in workforce development, education, space sector cybersecurity awareness, and more.”
The two organizations have already begun collaborating. In 2020, the Space ISAC staged a cybersecurity tabletop exercise for space industry executives at AIAA’s ASCEND event, a global gathering of 3,000 aerospace professionals and others who are focused on accelerating our off-world future faster. Both organizations also value the importance of infusing the  global space industry with content to educate industry professionals and students and will identify opportunities to leverage AIAA’s extensive educator outreach programs.
“Digital technology has made aerospace safer, smarter, and more connected than ever. We must now establish cybersecurity as a priority on par with safety. We look forward to working with the Space ISAC to expand cybersecurity awareness throughout the aerospace community and supply chain,” Dumbacher concluded.
Through the MOU, the Space ISAC and AIAA intend to cooperate on learning opportunities and explore other areas of mutual concern.
Leave a comment , ,

ENISA Report: New Light Shed on Capabilities in Energy & Healthcare

Agency News, Cyber Security CII sector, Industry News
A new report released by the EU Agency for Cybersecurity (ENISA) showcases the product vulnerability management landscape, unveiling challenges faced by sectoral CSIRTs and PSIRTs.
Europeans can count on more than 500 Computer Incident Response Teams (CSIRTs) and on the CSIRTs network to respond to cybersecurity incidents and attacks.
In addition to CSIRTs, Product Security Incident Response Teams (PSIRTs) have emerged more recently. Their role is to manage the vulnerabilities of a company’s products and services.
PSIRTs have been mostly developed in a heterogeneous way. For instance, while some of them are well developed and independent from the main Incident Response (IR) team of the host company, others belong to their Security Operations Centre (SOC) or are just part of the development team.
Why a report on CSIRTs and PSIRTs capabilities?
The Directive on Security of Network and Information Systems (NISD) adopted in 2016 provides legal measures to boost the level of cybersecurity in the EU. Both CSIRTs and PSIRTs are essential players in the global Incident Response (IR) ecosystem.
The study published today - PSIRT Expertise and Capabilities Development - provides recommendations on the role of PSIRTs in the IR setup of the Member States according to the NISD, specifically in the energy and health sectors.
ENISA had already explored in details the IR setup across all sectors of the NISD in a study published in 2019: “EU Member States incident response development status report”.
Sectoral PSIRTs as energy or healthcare ones may benefit from an aligned approach in terms of processes and collaboration to ensure legal compliance in relation to their business partners, clients and possibly Operators of Essential Services or other actors subject to EU cybersecurity regulation.
Leave a comment , , ,

Iceland prepares for next-generation cybersecurity

Agency News, Cyber Security CII sector, Industry News
A booming data-centre industry and plans to improve connectivity are amplifying Iceland’s role in the global digital ecosystem.
Experts estimate that Iceland loses nearly USD 72 million (ISK 10 billion) to cybercrime each year – equivalent to roughly 0.3 per cent of the north Atlantic island nation’s gross domestic product.
Bringing together the wide range of institutions and experts that regulate, implement, and maintain cybersecurity systems can be a daunting task.
The GCI measures each country’s level of development and engagement in terms of five dimensions of cybersecurity: legal measures, technical measures, organizational measures, capacity development, and cooperation. The result is aggregated into an overall score and ranked among others worldwide.
In fast-moving fields like cybersecurity important steps related to documentation, coordination, and deliberation are easily neglected. To address this challenge, the Cyber Security Council used the GCI framework to review and revise national cybersecurity priorities, considering the framework in the context of Iceland’s priorities.
At the 2020 ITU Global CyberDrill online events, a series of sessions promoting hands-on exercises for national Computer Incident Response Teams (CIRTs), discussions on current cybersecurity issues and information sharing sessions, Iceland’s Cyber Security Council worked with practitioners from across the island to document the island’s readiness to withstand cyberattacks. Identifying best practices from around the world, the local experts discussed ways to improve their own ecosystem.
Efforts like this helped Iceland boost its GCI performance from 87th to 77th in the global rankings between 2017 and 2018 – and the results of this continued commitment will be revealed in the forthcoming 2020 edition of the Global Cybersecurity Index.
Room to improve
Iceland’s mapping of its cybersecurity progress demonstrates the GCI’s versatility. While such tools are mainly promoted to build capacity in developing countries, similar kinds of engagement can also benefit the most developed.
Technical measures, such as its frameworks for implementing cybersecurity standards, are similarly ripe for improvement. These actions would complement the country’s existing Computer Emergency Response Team (CERT-IS) and the Icelandic National Cybersecurity Strategy.
[Source: ITU]
Leave a comment , ,

NCSC CEO warns that ransomware is key cyber threat

Agency News, Cyber Security CII sector, Industry News
The chief of the UK’s National Cyber Security Centre said ransomware was the key threat facing the UK and urged the public and business to take it seriously.
Speaking virtually to an audience at the Royal United Services Institute (RUSI) Annual Security Lecture, Lindy Cameron warned of the “cumulative effect” of failing to properly deal with the rising threat.
She also revealed the threat faced by think tanks, noting that it is “almost certain” that the primary cyber threat they face is from nation state espionage groups, and it is highly likely that they seek to gain strategic insights into government policy and commercially sensitive information.
The CEO of the NCSC – which is a part of GCHQ – also warned that for the vast majority of UK citizens and organisations, the primary key threat is not state actors but cyber criminals.
She highlighted the importance of building organisational cyber resilience which, in combination with government capabilities and law enforcement action, is the most effective way to counter threats in cyberspace.
Lindy Cameron said:
“For most UK citizens and businesses, and indeed for the vast majority of critical national infrastructure providers and government service providers, the primary key threat is not state actors but cyber criminals, and in particular the threat of ransomware.
“While government is uniquely able to disrupt and deter our adversaries, it is network defenders in industry, and the steps that all organisations and citizens are taking that are protecting the UK from attacks, day in, day out.
“The protection they provide is crucial to the digital transformation of the economy, and every organisation, large and small, has a role to play.”
On the recent rise in ransomware attacks, Lindy Cameron noted that the ecosystem is evolving through the Ransomware as a Service (RaaS) model, whereby ransomware variants and commodity listings are available off the shelf for a one-off payment or a share of the profits.
As the RaaS model has become increasingly successful, with criminal groups securing significant ransom payments from large profitable businesses who cannot afford to lose their data to encryption or to suffer the down time while their services are offline, the market for ransomware has become increasingly “professional”.
Elsewhere, Lindy Cameron also set out the context of the Integrated Review and forthcoming cyber strategy, highlighting the need to better integrate our security, economic, technical, and diplomatic capabilities in support of shared national objectives.
She outlined how our allies and adversaries alike are betting on cyber, and that the UK needs to continue setting the pace.
Leave a comment , , , ,

eu-LISA to Extend its Portfolio with a New Large-Scale IT System

Agency News, Cyber Security CII sector, Industry News
The Council of the EU approved a general approach on the regulation on cross-border judicial tool e-CODEX, which foresees handing over its operational management to eu-LISA, in order to provide a sustainable, long-term legal framework for the system.
e-CODEX – which aims to improve the efficiency of cross-border communication between European judicial authorities and facilitate access to justice for citizens and businesses – has been developed by a consortium of Member States, who are in charge of its management until 2024.
The draft regulation introduces provisions protecting the independence of the judiciary and details the governance and management structure to be implemented within eu-LISA.
The decision was taken during the Justice and Home Affairs Council meeting taking place 7-8 June 2021. "The COVID-19 pandemic has put the spotlight on the need to, among others, speed up the digitalisation and interoperability of our justice systems. Providing our judicial authorities with a sustainable, secure system to communicate in cross-border procedures is an important step in this direction", said Francisca Van Dunem, Portuguese Minister of Justice, during the segment dedicated to discussing e-CODEX.
As part of eu-LISA's growing role in the justice domain, the Agency is set to take over operational management of the system as of 1 July 2023.
e-CODEX – which stands for "e-Justice Communication via Online Data Exchange" – offers a digital, decentralised infrastructure for secure communication between national systems, facilitating its users (judicial authorities, legal practitioners and citizens) to send and receive documents, legal forms and evidence. The reasoning behind e-CODEX is that access to justice should not be discouraged by the complex variety of the different legal systems across EU Member States.
The transfer of the system to eu-LISA is not an end in itself, as very soon e-CODEX will be ready for further expansion and will require the introduction of new security and interoperability features. As with all new technology, the implementation must occur hand in hand with the respect of fundamental rights, data protection and privacy regulations. eu-LISA will be responsible, among others, for technical development, maintenance, bug fixing, updates and support, as well as development of new features in order to respond to emerging requirements.
Leave a comment , ,

Critical Infrastructure Protection and Resilience North America announce Preliminary Conference Programme for October

Agency News, Association News, Industry News

Download your Preliminary Conference Program guide today at www.ciprna-expo.com/PSG

As the recent Ransomware attacks on Colonial Pipeline, JBS, Dassault Falcon Jet Corp, CNA Financial, and others has demonstrated, as well as the on-going threats from natural hazards/disasters, terrorist attacks and man-made disasters, it is becoming increasingly important for policies and procedures to be implemented to protect our critical infrastructure for a more secure nation.

It gives us great pleasure to invite you to join us at Critical Infrastructure Protection and Resilience North America in New Orleans, Louisiana, for what will be 3 days of exciting and informative discussions on securing North America’s critical infrastructure.

With a leading line up of international expert speakers, sharing their knowledge, expertise and experiences, we know you will find this a most rewarding and enjoyable event and look forward to seeing you in New Orleans, for the next in-person meeting on October 19th-21st, 2021, where we will ensure a safe and Covid compliant environment for discussing how to secure North America's critical infrastructure.

Download your Preliminary Conference Program guide today at www.ciprna-expo.com/PSG and discover more on this premier conference program, expert speakers and showcase exhibiting companies.

Register today and save $$$ on your conference delegate pass with the early bird.
You can register online today at www.ciprna-expo.com/onlinereg

#criticalinfrastructureprotection #resilience #cybersecurity #disasterprevention #riskmanagement #businesscontinuity #government #emergencymanagement #security #infrastructure

Leave a comment , , ,

TSA Could Better Monitor Its Efforts to Reduce Infectious Disease Spread at Checkpoints

Agency News, Industry News, Transport sector
Within TSA, approximately 46,000 TSOs stationed across the nation's commercial airports perform screening and other activities that often require close interaction with passengers. As a result, both passengers and TSOs may be at an increased risk of infection during pandemics such as COVID-19.
The CARES Act included a provision for GAO to conduct monitoring and oversight of the federal government's response to the COVID-19 pandemic. This report identifies 1) what steps TSA has taken to reduce the spread of COVID-19 at passenger screening checkpoints; and 2) how TSA is monitoring TSOs' implementation of amended safety and screening procedures, among other objectives.
GAO analyzed TSA data on TSOs' use of paid leave, reviewed documentation on policies and procedures, and interviewed TSA officials at headquarters and eight U.S. airports. We selected these airports to reflect diversity in the number of COVID-19 cases among TSOs, airport size, and geographic region. In addition, for six of these airports, GAO reviewed closed circuit television footage to observe how TSOs were implementing COVID-19 procedural changes.
To reduce the spread of COVID-19 at passenger checkpoints, Transportation Security Administration (TSA) officials issued amended safety measures to require that Transportation Security Officers (TSOs) use surgical masks and face shields, change gloves after pat-downs, and physically distance themselves from coworkers and passengers as practicable. TSA also adjusted some screening procedures, such as asking passengers to remove more items from carry-on baggage to reduce the potential for alarms that require bag searches. In addition, TSA modified the use of certain checkpoint screening technologies, and granted TSOs additional paid leave. In January 2021, TSA began an employee vaccination program, and is in the process of vaccinating TSA employees, including TSOs.
TSA's monitoring and analysis of its measures to reduce the spread of COVID-19 is limited. For example, supervisors' operational checklists do not specifically include the revised COVID-19 procedures, and the data that TSO monitors collect (e.g., on whether TSOs are properly wearing masks or changing gloves) reflect implementation at a point in time rather than throughout a shift. Conducting more complete monitoring would help TSA ensure that its TSOs are properly implementing COVID-19 procedures. In addition, TSA field leadership analyzes available monitoring data for different subsets of airports to understand how COVID-19 procedures are being implemented. However, TSA headquarters officials said they had no plans at the time of our review to analyze this data across all airports nationwide to identify common implementation problems, such as incorrectly wearing face shields and challenges with maintaining physical distance. Analyzing monitoring data across all airports would help TSA identify and address any system-wide deficiencies in implementing COVID-19 procedures, so that it may better protect its workforce and the traveling public.
Leave a comment ,
1 28 29 30 31 32 44