Short Takes – 5-13-24

Agency Information Collection Activities: Safety Act Collection of Qualitative Feedback. Federal Register DHS/S&T 30-day ICR notice. Summary: “The Department of Homeland Security Science and Technology Directorate (S&T), DHS will submit the following information collection request (ICR) to the Office of Management and Budget (OMB) for review and clearance in accordance with the Paperwork Reduction Act of 1995. DHS previously published this information collection request (ICR) in the Federal Register on September 14, 2023, for a 60-day public comment period. Two comments were received by DHS. The purpose of this notice is to allow additional 30-days for public comments.” Comment due date: June 12^th, 2024.

Mean Time Between Cyber Failures. SELINC.com article. Pull quote: “Figure 2 illustrates this revised state behavior for cybersecurity. A system is securely commissioned at Time t0. Then a security incident happens somewhere in the system at Time t1, resulting in the system becoming insecure. Security mitigations are applied, and the system is once again secure at Time t2. The system is secure until another security incident occurs at Time t3. The mean time between security failures (MTBSF) is the population average of (t2 – t3). The mean time to security repair (MTTSR) is the population average of (t1 – t2).” It is becoming increasingly apparent that this discussion should include a measure for the time between when a security incident occurs and the time it is discovered.

Pipedream ICS malware toolkit is a nightmare. PentestPartners.com blog post. Pull quote: “For administrators and controllers of OT networks, staying ahead of potential cyber threats is paramount. One proactive measure they can take is to conduct off-network compromise assessments. These take periodic forensic reviews of the estate, rather than in response to a known compromise, providing early warnings of Indicators of Compromise, without the need for continuous monitoring solutions.”

In the race for space metals, companies hope to cash in. ArsTechnica.com article. Pull quote: “Regardless of environmental pros and cons, making the leap to cosmic extraction will likely require further constraints on Earth—for example, stricter environmental regulations—that make space mining more appealing than digging another hole in the ground at home.”