Friday, March 17, 2023

Short Takes – 3-17-23

NIAC report finds security, resilience of critical infrastructure depends on collaboration; calls for mandatory standards. IndustrialCyber.co article. Summary of 18-page report. Pull quote: “Late last year, the National Security Council (NSC) tasked the NIAC to examine cross-cutting infrastructure policy challenges. The Cross-Cutting Infrastructure Policy Challenges Subcommittee, which was composed of 13 Subcommittee members, was formed to draft a report to address the tasking on behalf of the broader NIAC.” NIAC report.

FERC expands cybersecurity supply chain standards to low-impact assets. UtilityDive.com article. Pull quote: ““This order is the latest product of our joint cybersecurity efforts with NERC and stakeholders in support of the reliable operation of the bulk power system,” he said. “We must continue to focus on cybersecurity, physical security, extreme weather events, and the rapidly changing resource mix.””

Hands up who DIDN'T exploit this years-old flaw to ransack a US govt web server... TheRegister.com article. Pull quote: “So although the Feds don't identify the advanced persistent threat (APT) player in their alert, we'd be willing to bet it's one of President Xi Jinping's cyber-goon squads. And it's clear someone in the federal government didn't get the memo about applying security fixes in a timely manner.”

Vultures at the gate: The national security risk of Silicon Valley Bank’s failure. TheHill.com opinion piece. An interesting tank on the SVB problem. Pull quote: “The U.S. should be wary of China sweeping into the vacuum, or foothold, created by SVB’s collapse — or that of any other key player in the U.S. tech ecosystem. But if history is any guide, Beijing will try to do just that. And those efforts, if successful, will feed directly into China’s military modernization program and tech-enabled surveillance state.”

No comments:

 
/* Use this with templates/template-twocol.html */