Saturday, May 13, 2023

Short Takes – 5-13-23

New white paper addresses challenges faced in federal facility control system cybersecurity. IndustrialCyber.co article. Pull quote: “The white paper presents a paradigm change for control system cybersecurity to move from a primarily network-based approach to an engineering issue that will result in improved process reliability, process safety, predictive maintenance, improved productivity and product quality, resilience, and cybersecurity. It also outlines significant cultural gaps between the IT and control systems communities, despite many efforts to bring them together.” NAP document.

National Maritime Security Advisory Committee; June 2023 Virtual Meeting. Federal Register CG meeting notice. Summary: “The National Maritime Security Advisory Committee (Committee) will meet virtually to review and discuss matters relating to national maritime security, including enhancing the sharing of information related to cybersecurity risks that may cause a transportation security incident, between relevant Federal agencies and State, local, and tribal governments; relevant public safety and emergency response agencies; relevant law enforcement and security organizations; maritime industry; port owners and operators, and; terminal owners and operators. The virtual meeting will be open to the public.” Registration deadline: June 1st, 2023. Meeting date: June 5th, 2023.

Extension of the Comment Period. Federal Register CISA 30-day ICR notice. Summary: “The Infrastructure Security Division (ISD) within the Cybersecurity and Infrastructure Security Agency (CISA) is extending the comment period for the Information Collection Request (ICR) 1670–0007, Request to Revise and Extend the Chemical Security Assessment Tool (CSAT), published in theFederal Register on April 20, 2023. CISA is extending the comment period through May 26, 2023.”

National Cybersecurity Center of Excellence (NCCoE) Software Supply Chain and DevOps Security Practices. Federal Register NIST request for statements of interest. Summary: “The National Institute of Standards and Technology (NIST) invites organizations to provide letters of interest describing products and technical expertise to support and demonstrate an applied risk-based approach and recommendations for secure DevOps (software development and operations) and software supply chain practices for the Software Supply Chain and DevOps Security Practices project. This notice is the initial step for the National Cybersecurity Center of Excellence (NCCoE) in collaborating with technology companies to address DevOps and software supply chain security challenges identified under the Software Supply Chain and DevOps Security Practices project. Participation in the project is open to all interested organizations.”

Unwarranted Confidence On Mount Stupid. Dale-Peterson.com opinion piece. Pull quote: “And yet we are doubling and tripling down on this consensus. The community is called to implement an increasing long list of cyber hygiene from an increasing in number and vehemence organizations (government, industry groups, insurance, media). With little or no serious attempt to measure or otherwise test if this is the right approach to OT cyber risk management. Having asked leaders and practitioners this question the past three years I’m usually told it can’t be done.”

The Untalented Mr. Santos. StatusKuo.Substack.com commentary. Pull quote: “That’s because in two critical instances, Santos’s “yes” provided the deciding vote: McCarthy would not have been elected Speaker after 15 rounds of balloting without Santos’s support, and the debt ceiling bill would not have passed either. To underscore his own importance, Santos waited till the end to cast the decisive 217th yes vote in favor of the debt ceiling bill—as if to signal to McCarthy that he cannot afford to lose his vote in the House going forward.”

No comments:

 
/* Use this with templates/template-twocol.html */