Saturday, August 27, 2022

Vacation Shorts – 8-27-22


Yeah, I am on vacation this week, but like last night’s post on the CISA advisories makes clear, I am still watching the news and my information sources. To keep the wife happy, I will not be writing any in depth articles (well not many….), but I will publish this short note to point at potential items of interest. This is the last day of my vacation, but I am considering continuing the periodic publication of these short posts for stuff that I don’t normally get around to covering here in the blog due to time constraints.


The mother of all ‘zero-days’ — immortal flaws in semiconductor chips. Interesting article over on looking at the failure of the CHIPS Act to require cybersecurity considerations in supporting new chip manufacturing supported by that bill. Pull quote: “They [0-day chip vulnerabilities] exist because it is impossible for designers and manufacturers to test every possible combination of paths in or out of a device. Zero-days enable destructive cyberattacks on physical systems.” Not a new problem by any measure.


CISA's Cyber Info-Sharing Program Didn't Always Deliver, Watchdog Says. Interesting article on about DHS OIG report on CISA information sharing problems. Link to report. Pull quote: “Although CISA generally increased the number of AIS participants and number of cyber threat indicators shared and received, the quality of the cyber threat indicators was not adequate for participants to take necessary actions”.


OMB Approves CISA Cybersecurity Reporting ANPRM. OIRA approves ‘pre-rule’ submission by CISA. Should be in Federal Register this week.


NOTE: I should be publishing my weekly Public ICS Disclosure post tomorrow. It looks like it should be fairly short.

No comments:

/* Use this with templates/template-twocol.html */