Collaborate Disseminate
Vince Lombardi, the famous football coach, used to start his training camp each season with a talk about doing the basics. He’d tell the players that they start with the basics, then he’d take a football and hold it up and tell them, “… Continue reading The Center for Internet Security (CIS) Use Cases and Cost Justification
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation. About TeamViewer TeamViewer is an application developed b… Continue reading TeamViewer flaw could be exploited to crack users’ password
The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. Thes… Continue reading Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly
Election officials and nonprofit security advocates on Wednesday announced a pilot program for testing and verifying voter registration databases, election night reporting and other systems meant to support voting. The pilot program will focus on making the software that’s used in election systems more secure as it is developed, and before it is deployed. The aim is to close a gap in security testing for the broad set of election infrastructure outside of voting machines, which are already the subject of voluntary federal security guidelines. “There is no standard process for verifying that non-voting election technology is secure, reliable, and usable,” said the nonprofit Center for Internet Security, which is spearheading the pilot program. “Existing election technology verification processes are costly, slow, and disincentivize updating products at the same pace as technology changes and security threats.” Under the pilot program, election systems vendors will submit their products to CIS for testing. […]
The post Feds, states unveil pilot program meant to secure voter databases and other election systems appeared first on CyberScoop.
The Open Cybersecurity Alliance (OCA) today announced the availability of OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common messaging framework. With open source code freely available to the security c… Continue reading OpenDXL Ontology: An open source language for connecting cybersecurity tools
It has been two years since Equifax announced a data breach that exposed the financial records of more than 147 million people, and the news continues to dominate the headlines. After two years of investigation and negotiations, the company finally ag… Continue reading Cyber Hygiene: Boosting Your Security Posture
As we near the end of 2018, technology professionals and businesses alike are looking back on the last 12 months and evaluating highs and lows. For businesses, this can be an essential step when it comes to evaluating the current state of security pro… Continue reading 6 Ways to Improve Your Security Posture Using Critical Security Controls
Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We talked at length about many issues, including supply chain security, and I asked Sager whether he’d heard anything about rumors that Supermicro — a high tech firm in San Jose, Calif. — had allegedly inserted hardware backdoors in technology sold to a number of American companies. Continue reading Supply Chain Security 101: An Expert’s View
States and localities are getting a new, Department of Homeland Security-backed center to coordinate and share information on election security. The Elections Infrastructure Information Sharing and Analysis Center (ISAC) was announced Thursday, giving the nation’s 8,800 state and local jurisdictions a dedicated venue to share information about cyberthreats and vulnerabilities specific to election systems and remote security monitoring capabilities. DHS has tasked the nonprofit Center for Internet Security with establishing and running the ISAC. CIS already runs the Multi-State ISAC, which states have been using to coordinate on election security in lieu of any official. “The Elections Infrastructure ISAC will significantly improve communications with and among the elections community as well as enhance the cyber defense tools and capabilities available to protect elections systems,” said CIS Chairman John Gilligan in a press release. The new ISAC was announced at a panel event featuring individuals representing DHS, state-level secretaries of state and state […]
The post Election infrastructure ISAC created to share threats specific to voting systems appeared first on Cyberscoop.
Continue reading Election infrastructure ISAC created to share threats specific to voting systems
Federal, state and local officials who oversee election infrastructure and security are optimistic about their ability to share information that’s needed to protect elections from malicious actors. At a Thursday panel hosted by the Center for Internet Security, individuals representing the Department of Homeland Security, state secretaries of state, and state election directors discussed the progress they’ve made on election security coordination since 2016. “The Department of Homeland security and the U.S. government are so involved in election security because starting in 2016, we really did assess that the threat of something happening to our elections was relatively high,” said Bob Kolasky, DHS’s acting undersecretary of the National Protection and Programs Directorate. “That does not mean that the risk to our elections systems has to be high.” When the U.S. intelligence community concluded in January 2017 that Russia meddled in the 2016 election, the DHS designated election systems as part of the country’s critical infrastructure. Kolasky acknowledged that […]
The post Information sharing on election security is getting better, officials say appeared first on Cyberscoop.
Continue reading Information sharing on election security is getting better, officials say