Tuesday, March 21, 2023

Short Takes – 3-21-23

Lots of cyber security companies are going to fail this year. Twitversation. Don’t know a lot about Andrew, but this sounds prescient. Pull quote: “All of those companies at the RSA and Blackhat vendor hall with gigantic booths that claim to solve problems that you as a security person ask constantly yourself: "is this really a problem???" have the largest targets on them and will represent the majority of companies that fail. The failures will start in earnest approximately 12 months after it became clear that money was expensive again (12 months from summer of 2022, which puts the crunch time at this summer). The failures will likely continue for at least one full year and slow down around summer of '24.”

Director Easterly Announces New Members to Join CISA's Cybersecurity Advisory Committee. CISA.gov press release. Pull quote: ““I am thrilled to welcome our newest members, who bring a wealth of experience from across government and industry,” said CISA Director Jen Easterly. “Chosen for their deep expertise in critical infrastructure, cybersecurity, and governance, these members will add important new perspectives to the CSAC’s work, particularly given this year’s additional focus on corporate cyber responsibility, technology product safety, and efforts to raise the cyber hygiene baseline of ‘target rich-cyber poor’ entities like hospitals, K-12 school districts, and water utilities. The insight and counsel to date from our existing members have been instrumental in our evolution as America’s Cyber Defense Agency, and I couldn’t be more excited for tomorrow’s meeting with our new members.””

Journalist opens USB letter bomb in newsroom. BBC.com article. Which would be worse in an USB attack, a small bomb or a worm/trojan? Pull quote: “He [Lenin Artieda] said the explosive device looked like a USB drive. He plugged it into his computer and it detonated.”

A Different Kind of Pipeline Project Scrambles Midwest Politics. NYTimes.com article. Pull quote: “But opponents are concerned about property rights and safety, and are not convinced of the projects’ claimed environmental benefits. They have forged unlikely alliances that have blurred the region’s political lines, uniting conservative farmers with liberal urbanites, white people with Native Americans, small-government Republicans with climate-conscious Democrats.”

Guidance for Implementing Federal Rotational Cyber Workforce Program. CHCOC.gov guidance document. Summary: “The Program allows for 6-month to 1-year interagency details of cyber employees to cyber rotations where they can improve and develop knowledge and skills to not only support their own professional growth but also bring new skills back to their home agency. The Program will help Federal agencies continue to enhance their cyber workforce by developing critical cyber skills and creating environments where employees have ongoing learning and development opportunities. Such rotational opportunities align with an objective in the White House National Cybersecurity Strategy to strengthen the Federal cyber workforce by developing and retaining talent. Cyber rotations help advance career opportunities and support employee engagement, satisfaction, and retention.”

Railroads pilot AskRail data to increase first responder information access. ProgressiveRailroading.com article. Pull quote: “After the Feb. 3 Norfolk Southern Railway train derailment in East Palestine, Ohio, AAR learned that lack of cell phone service and other challenges made using AskRail difficult in the early hours of the response, said AAR President and CEO Ian Jefferies in a press release.”

No comments:

/* Use this with templates/template-twocol.html */