Category: Industry News

Industry News

Qakbot botnet infrastructure shattered after international operation

Agency News, Cyber Security CII sector, Industry News

Europol has supported the coordination of a large-scale international operation that has taken down the infrastructure of the Qakbot malware and led to the seizure of nearly EUR 8 million in cryptocurrencies. The international investigation, also supported by Eurojust, involved judicial and law enforcement authorities from France, Germany, Latvia, The Netherlands, Romania, United Kingdom and the United States. Qakbot, operated by a group of organised cybercriminals, targeted critical infrastructure and businesses across multiple countries, stealing financial data and login credentials. Cybercriminals used this persistent malware to commit ransomware, fraud, and other cyber-enabled crimes.

Active since 2007, this prolific malware (also known as QBot or Pinkslipbot) evolved over time using different techniques to infect users and compromise systems. Qakbot infiltrated victims’ computers through spam emails containing malicious attachments or hyperlinks. Once installed on the targeted computer, the malware allowed for infections with next-stage payloads such as ransomware. Additionally, the infected computer became part of a botnet (a network of compromised computers) controlled simultaneously by the cybercriminals, usually without the knowledge of the victims. However, Qakbot’s primary focus was on stealing financial data and login credentials from web browsers.

How does Qakbot work?

- The victim receives an email with an attachment or hyperlink and clicks on it;
- Qakbot deceives the victim into downloading malicious files by imitating a legitimate process;
- Qakbot executes and then installs other malware, such as banking Trojans;
- The attacker then steals financial data, browser information/hooks, keystrokes, and/or credentials;
- Other malware, such as ransomware, is placed on the victim’s computer.

Over 700 000 infected computers worldwide

A number of ransomware groups used Qakbot to carry out a large number of ransomware attacks on critical infrastructure and businesses. The administrators of the botnet provided these groups with access to the infected networks for a fee. The investigation suggests that between October 2021 and April 2023, the administrators have received fees corresponding to nearly EUR 54 million in ransoms paid by the victims. The lawful examination of the seized infrastructure uncovered that the malware had infected over 700 000 computers worldwide. Law enforcement detected servers infected with Qakbot in almost 30 countries in Europe, South and North America, Asia and Africa, enabling the malware’s activity on a global scale.

Over the course of the investigation, Europol facilitated the information exchange between participating agencies, supported the coordination of operational activities, and funded operational meetings. Europol also provided analytical support linking available data to various criminal cases within and outside the EU. The Joint Cybercrime Action Taskforce (J-CAT) at Europol also supported the operation. This standing operational team consists of cybercrime liaison officers from different countries who work on high-profile cybercrime investigations.

Eurojust actively facilitated the cross-border judicial cooperation between the national authorities involved. The Agency hosted a coordination meeting in July 2023 to facilitate evidence sharing and to prepare for this joint operation.

Leave a comment

IOCTA spotlight report on malware-based cyber-attacks published

Agency News, Cyber Security CII sector, Industry News

Following the Internet Organised Crime Assessment (IOCTA) 2023, Europol published the spotlight report “Cyber Attacks: The Apex of Crime-as-a-Service”. It examines developments in cyber-attacks, discussing new methodologies and threats as observed by Europol’s operational analysts. The report also outlines the types of criminal structures that are behind cyber-attacks, and how these increasingly professionalised groups are exploiting changes in geopolitics as part of their modi operandi.

Malware-based cyber-attacks, specifically ransomware, remain the most prominent threat. These attacks can attain a broad reach and have a significant financial impact on industry. Europol’s spotlight report takes an in-depth look at the nature of malware attacks as well as the ransomware groups’ business structures. The theft of sensitive data could establish itself as the central goal of cyber-attacks, thereby feeding the growing criminal market of personal information.

As well as shedding light on the most common intrusion tactics used by criminals, the report also highlights the significant boost in Distributed Denial of Service (DDoS) attacks against EU targets. Lastly, among the report’s key findings are the effects the war of aggression against Ukraine and Russia’s internal politics have had on cybercriminals.
Key findings in “Cyber Attacks: The Apex of Crime-as-a-Service”

- Malware-based cyber-attacks remain the most prominent threat to industry;
- Ransomware affiliate programs have become established as the main form of business organisation for ransomware groups;
- Phishing emails containing malware, Remote Desktop Protocol (RDP) brute forcing and Virtual Private Network (VPN) vulnerability exploitation are the most common intrusion tactics;
- The Russian war of aggression against Ukraine led to a significant boost in Distributed Denial of Service (DDoS) attacks against EU targets;
- Initial Access Brokers (IABs), droppers-as-a-service and crypter developers are key enablers utilised in the execution of cyber-attacks;
- The war of aggression against Ukraine and Russia’s internal politics have uprooted cybercriminals, pushing them to move to other jurisdictions.

Europol’s response in fighting cyber-attacks

Europol provides dedicated support for cybercrime investigations in the EU and thus helps protect European citizens, businesses and governments from online crime. Europol offers operational, strategic, analytical and forensic support to Member States’ investigations, including malware analysis, cryptocurrency-tracing training for investigators, and tool development projects. Based in Europol’s European Cybercrime Centre (EC3), the Analysis Project Cyborg focuses on the threat of cyber-attacks and supports international investigations and operations into cyber criminality affecting critical computer and network infrastructures in the EU.

Leave a comment

Airports Efforts to Enhance Electrical Resilience

Industry News, Transport sector

The nation's commercial service airports require continuous, reliable electricity to power airfield operations and airport facilities. FAA and airports are responsible for ensuring the resilience of airports' electrical power systems—including the ability to withstand and recover rapidly from electrical power disruptions.

GAO was asked to review major power outages at airports and steps federal agencies and airports are taking to minimize future disruptions. This report describes (1) the extent to which selected airports reported they had experienced electrical power outages since 2015, (2) actions selected airports have taken to improve the resilience of their electrical power systems, and (3) actions FAA has taken to help airports develop and maintain resilient electrical power systems.

GAO conducted semi-structured interviews with officials from 41 selected airports of varying sizes, representing 72 percent of passenger enplanements. GAO administered a follow-up survey to these 41 airports, focusing on the extent to which they had experienced electrical outages; 30 responded to the survey, representing 53 percent of total enplanements. GAO also reviewed applicable statutes and regulations and analyzed funding data to identify examples of electrical power projects. Further, GAO interviewed FAA officials and airport, academia, state government, and energy stakeholders.

A power outage can significantly disrupt an airport's operations. One 2017 outage at Hartsfield-Jackson Atlanta International Airport led to about 1,200 cancelled flights and cost an airline around $50 million.

Many of the nation's airports are enhancing their ability to withstand and rapidly recover from power disruptions. They're improving their electrical infrastructure, including installing backup generators or solar panels. Some airports are also considering installing microgrids—systems that independently generate, distribute, and store power. The FAA is offering new and expanded grant programs to help fund these projects.

Twenty-four of the 30 commercial service airports that responded to GAO's survey and interviews reported experiencing a total of 321 electrical power outages—i.e., an unplanned loss of power lasting 5 minutes or longer—from 2015 through 2022. Eleven of these airports reported having six or more outages over this 8 year period. Airports reported that these outages affected a range of airport operations and equipment (see table). Not all responding airports were able to provide detailed information about their outages, and some provided estimates about affected activities.

Selected airports reported taking several actions to improve the electrical power resilience of their airports, including (1) conducting electrical infrastructure assessments, (2) undertaking projects to improve electrical infrastructure, and (3) installing equipment to generate additional backup power. For example, 40 of the 41 airports GAO interviewed reported planning or completing an infrastructure project to increase electrical power resilience. Of these, four airports reported installing microgrids. Such microgrid systems are capable of independently generating, distributing, and storing power.

The Federal Aviation Administration (FAA) is administering new and expanded grant programs and issuing guidance to support airports' electrical resilience efforts. For example:

- Airport Improvement Program funding eligibility was expanded to include the Energy Supply, Redundancy, and Microgrids Program projects, which may include certain electrical power resilience projects.

- The new Airport Terminal Program provides funding for airport terminal development projects, including those that may strengthen resilience.

- FAA issued program guidance and conducted airport outreach to help increase airports' awareness of available federal funding for resilience projects.

Leave a comment , ,

The CNI / Crowded Places Security Debate

Industry News, Transport sector

Sarah-Jane Prew, a security consultant from Arup, discusses the unique security challenges presented by sites that are both Critical National Infrastructure (CNI) and Publicly Accessible Locations (PALs) and offers some insight into how the sometimes opposing priorities can be managed.

Protecting Critical National Infrastructure (CNI) sites is a large part of the security profession’s role; preventing hostile intervention while assuring resilience to ensure that the sec-tor can keep the nation’s critical services operational. As the name suggests, CNI is about critical services and infrastructure and therefore security is usually associated with protecting assets and information by keeping unauthorised people out.

However, what if that CNI site is also a Publicly Accessible Location (PAL) and exists for the very function of allowing people in? How do you maintain and protect the criticality of the asset and function while not being able to keep people out? And how do you deal with the fact that the presence of all those people creates a target in itself, and thus an additional type of threat, one that aims to kill and injure crowds of people but in doing so, disrupts the very CNI function you were originally trying to protect?

Two CNI sectors typically fall into this category by definition …. transport and health. An airport and a hospital, for example, exist for the very purpose of ‘allowing people in’ and yet are often defined as CNI due to their resilience and criticality, therefore requiring the levels of security afforded by their status. Increasingly, other sectors are also opening up their facilities electively to the public - many offering public realm areas in their offices where people can enter freely and enjoy a coffee while others combine the occupation of CNI sites with other, less or non-critical, industries.

In these cases there needs to be a successful blend between protecting both the CNI and PALs elements but often the lines between then are confused. Whereas in the protection of CNI the primary focus is on the protection of the asset and function, in a PAL the focus is on protecting crowds of people. This relatively obvious statement, however, often leads to counter-intuitive responses in the implementation of security processes.

Typically this is seen where screening is placed further and further out, away from the core of an asset. In airports, for example, and often in publicly accessible government buildings, it is common to see screening just inside the doorway or even outside. What is this security design aiming to achieve?
The introduction of this additional screening is often implemented post an incident, such as an explosive device detonating in the check-in area of an airport. The instinctive reaction is to try to prevent that from happening again. Screening before entry to the building will minimise the chances of that happening in the same place again. But will it minimise the chances of it happening elsewhere at the same site? No … if anything it offers the attack-er a more convenient solution and a more accessible target …. a queue outside a building, close to a glazed facade or entrance.

So what, in this instance, is the security policy trying to protect? If it is the asset then the policy may be on the correct lines …. but if it is the crowds of people that frequent the site then they are just moving the threat elsewhere and arguably making the new target an easier and more attractive one. Needless-to-say, whether the target is CNI or people, the ultimate result is the same - a loss of function ….. only the number of casualties varies with the addition of loss of life in the latter case.

Experience has taught us, in both the Manchester Arena incident and in the Paris Stade de France attacks that terrorists, even suicide bombers, can be easily deterred from pushing through security lines into the hearts of sites but will instead maximise the easier opportunities outside the perimeter, even if less crowded, to attack.

So why are we still seeing poor security design in so many of these sites? Is it just a lack of thought process or an unclear view of what to protect? Is it that the vulnerabilities are not sufficiently risk assessed so there is a lack of clear focus on where to concentrate re-source? Or is there sometimes a more complex issue that has something to do with conflicting priorities? This can certainly happen sometimes if the sector is in a regulated space.

Aviation, for example, a sector that has been overseen by regulation since its conception, often struggles to have a clear ability to focus on the broad range of threats now facing it because the regulators’ focus still tends to be very narrow - protecting the aircraft and the parts of the airport that are essential to ensuring this protection. Aviation security regulation is complex and often slow to respond to changes in threat profile. This is especially evident in those soft target, landside, publicly accessible parts of the airport which are essentially non-regulated spaces.

Adding to this, there is a dichotomy around regulation and the acceptance of anything beyond its requirements on the part of sites; while regulation enforces a standard of protection, even accepting that it usually plays to the lowest common denominator of those who have to abide by it, it can be doubly challenging, in a regulated space, to gain engagement with and funding for the implementation of concepts that are beyond minimum requirements.

Commerciality is another major factor that affects security decisions more often than is helpful when aiming to protect both CNI and PALs concurrently. Even where public access is inevitable, such as an airport or railway station, the fashion in some parts of the world is to maximise the public access throughout the site, in an effort to increase commercial re-turn.

Large scale airport cities, for example, where people visit for the experience itself - be-cause the site contains shopping malls with dining opportunities, integrated hotels, swimming pools, cinemas and even event spaces, are becoming increasingly popular - at a time when attacks on airports in recent years have been numerous and on crowds of people even more so.

An attack on crowds of people could happen anywhere, of course, but what architects and designers often forget is that if that attack happens within a CNI site, even if it is not targeting the site itself but the people who have congregated there, the incident does not just close down the shopping mall or the cinema where the attack happened …. it shuts down the entire CNI asset that surrounds it. This is especially so in aviation because it is the larger, more significant airports - the ones more likely to be designated CNI - that tend to be the ones following this trend and offering more in the way of public amenities.

While the problem of combining CNI sites with PALs is challenging enough and the development of commercial ventures within CNI sites increases the associated problems, is-sues are compounded further when little thought is given to the security of the design of such developments because these are the exact areas of the site, especially in airports and railway stations, that are not necessarily considered under transport security regulations. This leaves security managers under pressure to develop and implement security regimes whilst enabling revenue-generating commercial activities.

Managing security design within CNI where large crowds of people are present clearly presents significant challenges. When the challenge is multi-faceted, an equally multi-faceted approach needs to be adopted to achieve the best chances of success. This involves taking a risk-based approach while working alongside a number of agencies and understanding the full range of threats and their inter-operabilities so a layered and intelligent process of security can be adopted.

The first step is to assess the risk to the site, from both the perspective of the site being CNI and a Publicly Accessible Location. Assessments need to be made as to the safety and security priorities and what measures need to be implemented to protect which as-sets.

From a design perspective, it is essential that security professionals are involved in any design projects from the start to undertake these risk assessments early enough in the process that the design itself can ‘design out risk’, therefore reducing the number of security features that need to be added to minimise the risk and mitigate the effects of an at-tack. As well as providing the most robust security in the most aesthetically pleasing way, this is also the most cost and time effective way of ensuring good security.
Without early intervention and assessment of the whole site, security can be compromised due to prioritising the protection of one element over another, rather than addressing the site holistically. This will lead to push-back on developing further security due to lack of space, resource or time.

Take the example of positioning security screening further out to protect an inner asset …. This succeeds in reducing the risk to the inner asset but actually increases the risk to the individuals queuing to be screened by making them an easier target. If the two problems are not addressed together, then one will inevitably lose out, as the design of one in isolation is likely to compromise the security of the other.

While embedding security in the design is essential, it can’t achieve everything and it is important to consider operational factors, especially for sites that attract large numbers of people. It is vital that all stakeholders are involved in security developments to ensure that their requirements are met and their operational needs incorporated. It is also essential that the multi-agency approach is adopted, which ensures that all those involved in man-aging security operations are brought together to ensure a fully co-ordinated strategy in terms of protection, detection, response, resilience and, if things do go wrong, recovery and business continuity.

Beyond the physical measures it is important to move the security perimeter out so there is vigilance far beyond the immediate vicinity of what you are aiming to protect, particularly when this is groups of people. For example, it is too late, at a screening point, to develop a suspicion about someone who may be targeting the crowds in that screening queue. By pushing the perimeter of surveillance out beyond this, operators can monitor the demo-graphic and behaviour of those approaching, giving time for an intervention if required.

In a time when pressure is on sites to reduce operational costs, this level of security operation is often met with reluctance but complex security needs require layers of mitigation and this requires both physical and operational measures.

Ultimately, those areas that are not currently governed under regulation, especially when situated within sites that have areas and operations that are under a regulatory frame-work, would merit from having more published guidance. This would ideally show clear areas of responsibility so organisations can assess their risks and priorities holistically, across the whole site, according to the risk presented, rather than a bias of focus and re-source from having regulatory requirements in one place and a lack of them in another.

The above considerations will give some solutions to the challenge of protecting those CNI sites that are also Publicly Accessible Locations (PALs); a question that is going to continue to face the security industry as more CNI sites are allowing the public into their sites.

Leave a comment

CISA Releases Update to Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to a previously published Cybersecurity Advisory (CSA), Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells. The CSA—originally released to warn network defenders of critical infrastructure organizations about threat actors exploiting CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway—contains victim information gathered in August 2023. Since July 2023, the Joint Cyber Defense Collaborative (JCDC) has facilitated continuous, real-time threat information sharing with and between partners on post-exploitation activity of CVE-2023-3519. JCDC consolidated and shared detection methods, threat actor tactics, techniques, and procedures (TTPs), and indicators of compromise (IOCs) received from industry and international partners. The updated CSA contains new TTPs as well as IOCs received from some of these partners and an additional victim.
CISA strongly urges all critical infrastructure organizations to review the advisory and follow the mitigation recommendations—such as prioritizing patching known exploited vulnerabilities like Citrix CVE-2023-3519.

Leave a comment

International Partners Release Malware Analysis Report on Infamous Chisel Mobile Malware

Agency News, Cyber Security CII sector, Industry News

The United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), on Infamous Chisel a new mobile malware targeting Android devices with capabilities to enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information.

Infamous Chisel mobile malware has been used in a malware campaign targeting Android devices in use by the Ukrainian military.

Infamous Chisel is a collection of components targeting Android devices and is attributed to Sandworm, the Russian Main Intelligence Directorate’s (GRU’s) Main Centre for Special Technologies, GTsST. The malware’s capability includes network monitoring, traffic collection, network backdoor access via The Onion Router (Tor) and Secure Shell (SSH), network scanning and Secure Copy Protocol (SCP) file transfer.

The authoring organizations urge users, network defenders, and stakeholders to review the malware analysis report for indicators of compromise (IOCs) and detection rules and signatures to determine system compromise. For more information about malware, see CISA’s Malware, Phishing, and Ransomware page. The joint MAR can also be read in full on the NCSC-UK website. Associated files relating to this report can also be accessed via the NCSC's Malware Analysis Reports page.

Leave a comment , , ,

CISA and FBI Publish Joint Advisory on QakBot Infrastructure

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA), Identification and Disruption of QakBot Infrastructure, to help organizations detect and protect against newly identified QakBot-related activity and malware. QakBot—also known as Qbot, Quackbot, Pinkslipbot, and TA570—is responsible for thousands of malware infections globally.

Originally used as a banking trojan to steal banking credentials for account compromise, QakBot—in most cases—was delivered via phishing campaigns containing malicious attachments or links to download the malware, which would reside in memory once on the victim network. QakBot has since grown to deploy multiple types of malware, trojans, and highly-destructive ransomware variants targeting the United States and other global infrastructures, including the Election Infrastructure Subsector, Financial Services, Emergency Services, and Commercial Facilities Sectors.

CISA and FBI urge organizations to implement the recommendations contained within the joint CSA to reduce the likelihood of QakBot-related activity and promote identification of QakBot-facilitated ransomware and malware infections.

Leave a comment , ,

Download latest Preliminary Conference Programme Guide for CIPRE

Association News, Cyber Security CII sector, Industry News, Power/Energy/Oil & Gas sector, Space Sector, Telecomms sector, Transport sector

As someone responsible in your organisations for critical assets and/or infrastructure, Critical Infrastructure Protection and Resilience Europe is the leading conference that will keep you abreast of the changes in legislation, current threats and latest developments.

Download the Preliminary Conference Programme Guide at www.cipre-expo.com/guide.

What is the new directive on the Resilience of Critical Entities...

The Directive on the Resilience of Critical Entities entered into force on 16 January 2023. Member States have until 17 October 2024 to adopt national legislation to transpose the Directive.

The Directive aims to strengthen the resilience of critical entities against a range of threats, including natural hazards, terrorist attacks, insider threats, or sabotage, as well as public health emergencies.

Are you up to date on this legislation, and do you know what you need to do to be compliant?

Get updated on the NIS2 Directive and what it means to you...

An important discussion will centre around the EU cybersecurity rules introduced in 2016 and updated by the NIS2 Directive that came into force in 2023. It modernised the existing legal framework to keep up with increased digitisation and an evolving cybersecurity threat landscape.

By expanding the scope of the cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capacities of public and private entities, competent authorities and the EU as a whole.

Businesses identified by the Member States as operators of essential services in the above sectors will have to take appropriate security measures and notify relevant national authorities of serious incidents. Key digital service providers, such as search engines, cloud computing services and online marketplaces, will have to comply with the security and notification requirements under the Directive.

What will this mean for you and how can you meet the Directives goals?

Critical Infrastructure Protection and Resilience Europe is Europe's leading discussion that brings together leading stakeholders from industry, operators, agencies and governments to collaborate on securing Europe's critical infrastructures.
The conferences top quality programme looks at these developing themes and help create better understanding of the issues and the threats, to help facilitate the work to develop frameworks, good risk management, strategic planning and implementation.

The packed event themes include:

- Interdependencies and Cascading Effects
- Emerging Threats against CI
- Crisis Management, Coordination & Communication
- Power & Energy Sector Symposium
- Government, Defence & Space Sector Symposium
- Communications Sector Symposium
- Information Technology (CIIP) Sector Symposium
- Transport Sector Symposium
- CBRNE Sector Symposium
- Technologies to Detect and Protect
- Risk Mitigation and Management
- The Insider Threat
- Business Continuity Management
- EU Horizon Projects Overviews

You are invited to be a part of this program, where you can meet, network and learn from the experiences of over 40 expert international speakers, as well as industry colleagues who share the same challenges and goals.

Please join us and the CI industry in the beautiful city of Prague, on 3rd-5th October, for a great programme of discussions that can help you to deliver enhanced security and resilience for your organisation.

Visit www.cipre-expo.com for further details

 

Leave a comment

CISA Publishes JCDC Remote Monitoring and Management Systems Cyber Defense Plan

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA) published the Cyber Defense Plan for Remote Monitoring and Management (RMM), the first proactive Plan developed by industry and government partners through the Joint Cyber Defense Collaborative (JCDC) as part of our 2023 Planning Agenda. This Plan provides a clear roadmap to advance security and resilience of the RMM ecosystem and further specific lines of effort in the National Cyber Strategy to scale public-private collaboration and in the CISA Cybersecurity Strategic Plan to drive adoption of the most impactful security measures.

Organizations across sectors leverage RMM products to gain efficiencies and benefit from scalable services. These same benefits, however, are increasingly targeted by adversaries – from ransomware actors to nation-states – to compromise large numbers of downstream customer organizations. By targeting RMM products, threat actors attempt to evade detection and maintain persistent access, a technique known as living off the land.

Part of our 2023 Planning Agenda, the RMM Cyber Defense Plan provides a clear roadmap to advance security and resilience of this critical ecosystem, including RMM vendors, managed service providers (MSPs), managed security service providers (MSSPs), small and medium sized businesses (SMBs), and critical infrastructure operators. This Plan was developed through a multi-month process that leveraged deep expertise by vendors, operators, agencies, and other stakeholders, and has already resulted in a significant deliverable with publication of our joint advisory on Protecting Against Malicious Use of Remote Monitoring and Management Software.

The RMM Cyber Defense Plan is built on two foundational pillars, operational collaboration and cyber defense guidance, and contains four subordinate lines of effort:

(1) Cyber Threat and Vulnerability Information Sharing: Expand the sharing of cyber threat and vulnerability information between U.S. government and RMM ecosystem stakeholders.

(2) Enduring RMM Operational Community: Implement mechanisms for an enduring RMM operational community that will continue to mature scaled security efforts.

(3) End-User Education: Develop and enhance end-user education and cybersecurity guidance to advance adoption of strong best practices, a collaborative effort by CISA, interagency partners and other RMM ecosystem stakeholders.

(4) Amplification: Leverage available lines of communication to amplify relevant advisories and alerts within the RMM ecosystem.

“As envisioned by Congress and the Cyberspace Solarium Commission, JCDC Cyber Defense Plans are intended to bring together diverse stakeholders across the cybersecurity ecosystem to understand systemic risks and develop shared, actionable solutions. The RMM Cyber Defense Plan demonstrates the criticality of this work and the importance of both deep partnership and proactive planning in addressing systemic risks facing our country,” said Eric Goldstein,CISA Executive Assistant Director for Cybersecurity. “These planning efforts are dependent on trusted collaboration with our partners, and this Plan was a true partnership with the RMM community, industry and interagency partners that contributed time and effort towards this important work. The collaboration established to develop this plan has already achieved several accomplishments for RMM stakeholders and ecosystem. As the JCDC leads the execution of this plan, we are confident that this public-private collaboration in the RMM ecosystem will further reduce risk to our nation’s critical infrastructure.”

Leave a comment

CISA, NSA, and NIST Publish Factsheet on Quantum Readiness

Agency News, Cyber Security CII sector, Industry News

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA) and National Institute of Standards and Technology (NIST) released a joint factsheet, Quantum-Readiness: Migration to Post-Quantum Cryptography (PQC), to inform organizations—especially those that support Critical Infrastructure—of the impacts of quantum capabilities, and to encourage the early planning for migration to post-quantum cryptographic standards by developing a Quantum-Readiness Roadmap.

CISA, NSA, and NIST urge organizations to review the joint factsheet and to begin preparing now by creating quantum-readiness roadmaps, conducting inventories, applying risk assessments and analysis, and engaging vendors. For more information and resources related to CISA’s PQC work, visit Post-Quantum Cryptography Initiative.

Leave a comment , ,
1 2 3 4 5 6 50