Category Archives: Center for Internet Security

Feds, states unveil pilot program meant to secure voter databases and other election systems

Posted on by

Election officials and nonprofit security advocates on Wednesday announced a pilot program for testing and verifying voter registration databases, election night reporting and other systems meant to support voting. The pilot program will focus on making the software that’s used in election systems more secure as it is developed, and before it is deployed. The aim is to close a gap in security testing for the broad set of election infrastructure outside of voting machines, which are already the subject of voluntary federal security guidelines. “There is no standard process for verifying that non-voting election technology is secure, reliable, and usable,” said the nonprofit Center for Internet Security, which is spearheading the pilot program. “Existing election technology verification processes are costly, slow, and disincentivize updating products at the same pace as technology changes and security threats.” Under the pilot program, election systems vendors will submit their products to CIS for testing. […]

The post Feds, states unveil pilot program meant to secure voter databases and other election systems appeared first on CyberScoop.

Continue reading Feds, states unveil pilot program meant to secure voter databases and other election systems

OpenDXL Ontology: An open source language for connecting cybersecurity tools

Posted on by

The Open Cybersecurity Alliance (OCA) today announced the availability of OpenDXL Ontology, the first open source language for connecting cybersecurity tools through a common messaging framework. With open source code freely available to the security c… Continue reading OpenDXL Ontology: An open source language for connecting cybersecurity tools

Cyber Hygiene: Boosting Your Security Posture

Posted on by

It has been two years since Equifax announced a data breach that exposed the financial records of more than 147 million people, and the news continues to dominate the headlines. After two years of investigation and negotiations, the company finally ag… Continue reading Cyber Hygiene: Boosting Your Security Posture

6 Ways to Improve Your Security Posture Using Critical Security Controls

Posted on by

As we near the end of 2018, technology professionals and businesses alike are looking back on the last 12 months and evaluating highs and lows. For businesses, this can be an essential step when it comes to evaluating the current state of security pro… Continue reading 6 Ways to Improve Your Security Posture Using Critical Security Controls

Supply Chain Security 101: An Expert’s View

Posted on by

Earlier this month I spoke at a cybersecurity conference in Albany, N.Y. alongside Tony Sager, senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. We  talked at length about many issues, including supply chain security, and I asked Sager whether he’d heard anything about rumors that Supermicro — a high tech firm in San Jose, Calif. — had allegedly inserted hardware backdoors in technology sold to a number of American companies. Continue reading Supply Chain Security 101: An Expert’s View

Election infrastructure ISAC created to share threats specific to voting systems

Posted on by

States and localities are getting a new, Department of Homeland Security-backed center to coordinate and share information on election security. The Elections Infrastructure Information Sharing and Analysis Center (ISAC) was announced Thursday, giving the nation’s 8,800 state and local jurisdictions a dedicated venue to share information about cyberthreats and vulnerabilities specific to election systems and remote security monitoring capabilities. DHS has tasked the nonprofit Center for Internet Security with establishing and running the ISAC. CIS already runs the Multi-State ISAC, which states have been using to coordinate on election security in lieu of any official. “The Elections Infrastructure ISAC will significantly improve communications with and among the elections community as well as enhance the cyber defense tools and capabilities available to protect elections systems,” said CIS Chairman John Gilligan in a press release. The new ISAC was announced at a panel event featuring individuals representing DHS, state-level secretaries of state and state […]

The post Election infrastructure ISAC created to share threats specific to voting systems appeared first on Cyberscoop.

Continue reading Election infrastructure ISAC created to share threats specific to voting systems

Information sharing on election security is getting better, officials say

Posted on by

Federal, state and local officials who oversee election infrastructure and security are optimistic about their ability to share information that’s needed to protect elections from malicious actors. At a Thursday panel hosted by the Center for Internet Security, individuals representing the Department of Homeland Security, state secretaries of state, and state election directors discussed the progress they’ve made on election security coordination since 2016. “The Department of Homeland security and the U.S. government are so involved in election security because starting in 2016, we really did assess that the threat of something happening to our elections was relatively high,” said Bob Kolasky, DHS’s acting undersecretary of the National Protection and Programs Directorate. “That does not mean that the risk to our elections systems has to be high.” When the U.S. intelligence community concluded in January 2017 that Russia meddled in the 2016 election, the DHS designated election systems as part of the country’s critical infrastructure. Kolasky acknowledged that […]

The post Information sharing on election security is getting better, officials say appeared first on Cyberscoop.

Continue reading Information sharing on election security is getting better, officials say

Looking to fit it all together, banks adopt standards for cyber automation and integration

Posted on by

To understand the Integrated Adaptive Cyber Defense system that U.S. banks and other financial institutions agreed to adopt this week, you have to think about plumbing. “When you go to the hardware store to buy plumbing supplies, you don’t have to wonder ‘Will this fit with the plumbing I already have in my home?’ because there are universal standards,” said Tony Sager, senior vice president and chief evangelist for the Center for Internet Security. The idea of the Integrated Adaptive Cyber Defense (IACD) system is to bring that approach to cybersecurity, explained Sager, who was a senior executive at the National Security Agency for many years. Government entities like the Pentagon and industries like banking “spend millions on these tools … and then they can’t work together,” he said, because of completely different architectures or proprietary interfaces. Many of the latest tools come equipped with an application programming interface (API) — essentially a software […]

The post Looking to fit it all together, banks adopt standards for cyber automation and integration appeared first on Cyberscoop.

Continue reading Looking to fit it all together, banks adopt standards for cyber automation and integration

Critics slam cyber hygiene bill as redundant, confusing

Posted on by

A new bill that would direct federal scientists to come up with a short list of cybersecurity best practices for consumers, businesses and federal agencies is sparking concern from some observers, who fret it will reinvent the wheel, create confusion, and fail to be effective because best practices are widely ignored. The bill, which has bicameral and bipartisan support, would mandate scientists at the National Institute for Standards and Technology to partner with the Department of Homeland Security and the Federal Trade Commission in order to create concise, voluntary guidelines for basic online security measures, dubbed “cyber-hygiene.” Critics say they are already several existing lists of best practices, including the Top 20 and Top 5 Security Controls list maintained by the non-profit Center for Internet Security. “I am all for improving hygiene, but this bill will have no positive impact and because it will create another set of  ‘best practices’ [and] it […]

The post Critics slam cyber hygiene bill as redundant, confusing appeared first on Cyberscoop.

Continue reading Critics slam cyber hygiene bill as redundant, confusing