Category: infrastructure

Auto Added by WPeMatico

NSA on Supply Chain Security

Posted on By infossl
infrastructure, nsa, operational security, reports, Security technology, supply chain, Uncategorized

The NSA (together with CISA) has published a long report on supply-chain security: “Securing the Software Supply Chain: Recommended Practices Guide for Suppliers.“: Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment. But the … Read More “NSA on Supply Chain Security” »

Securing Open-Source Software

Posted on By infossl
cybersecurity, infrastructure, open source, Security technology, Uncategorized

Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. It bears the qualities of a public good and is as … Read More “Securing Open-Source Software” »

Attacks on Managed Service Providers Expected to Increase

Posted on By infossl
advanced persistent threats, cybersecurity, infrastructure, national security policy, Security technology, Uncategorized

CISA, NSA, FBI, and similar organizations in the other Five Eyes countries are warning that attacks on MSPs — as a vector to their customers — are likely to increase. No details about what this prediction is based on. Makes sense, though. The SolarWinds attack was incredibly successful for the Russian SVR, and a blueprint … Read More “Attacks on Managed Service Providers Expected to Increase” »

White House Warns of Possible Russian Cyberattacks

Posted on By infossl
cyberattack, cyberwar, infrastructure, russia, Security technology, Uncategorized

News: The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. […] Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors. But there’s been no sign so far of major disruptive … Read More “White House Warns of Possible Russian Cyberattacks” »

US Critical Infrastructure Companies Will Have to Report When They Are Hacked

Posted on By infossl
cyberattack, cyberespionage, cybersecurity, defense, espionage, hacking, infrastructure, laws, ransomware, Security technology, Uncategorized

This will be law soon: Companies critical to U.S. national interests will now have to report when they’re hacked or they pay ransomware, according to new rules approved by Congress. […] The reporting requirement legislation was approved by the House and the Senate on Thursday and is expected to be signed into law by President … Read More “US Critical Infrastructure Companies Will Have to Report When They Are Hacked” »

Ransomware Attacks against Water Treatment Plants

Posted on By infossl
cyberattack, infrastructure, ransomware, scada, Security technology, Uncategorized

According to a report from CISA last week, there were three ransomware attacks against water treatment plants last year. WWS Sector cyber intrusions from 2019 to early 2021 include: In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility. The ransomware variant had been in the system for about a … Read More “Ransomware Attacks against Water Treatment Plants” »

Suing Infrastructure Companies for Copyright Violations

Posted on By infossl
copyright, courts, infrastructure, Internet and society, Security technology, Uncategorized

It’s a matter of going after those with deep pockets. From Wired: Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didn’t terminate services for websites that infringed on the dressmakers’ copyrighted designs…. … Read More “Suing Infrastructure Companies for Copyright Violations” »

Is 85% of US Critical Infrastructure in Private Hands?

Posted on By infossl
cybersecurity, infrastructure, national security policy, Security technology, Uncategorized

Most US critical infrastructure is run by private corporations. This has major security implications, because it’s putting a random power company in — say — Ohio — up against the Russian cybercommand, which isn’t a fair fight. When this problem is discussed, people regularly quote the statistic that 85% of US critical infrastructure is in … Read More “Is 85% of US Critical Infrastructure in Private Hands?” »

Hacking Weapons Systems

Posted on By infossl
cyberattack, cyberweapons, hacking, infrastructure, military, national security policy, Security technology, Uncategorized, weapons

Lukasz Olejnik has a good essay on hacking weapons systems. Basically, there is no reason to believe that software in weapons systems is any more vulnerability free than any other software. So now the question is whether the software can be accessed over the Internet. Increasingly, it is. This is likely to become a bigger … Read More “Hacking Weapons Systems” »

GPS Vulnerabilities

Posted on By infossl
cybersecurity, gps, infrastructure, national security policy, Security technology, Uncategorized

Really good op-ed in the New York Times about how vulnerable the GPS system is to interference, spoofing, and jamming — and potential alternatives. The 2018 National Defense Authorization Act included funding for the Departments of Defense, Homeland Security and Transportation to jointly conduct demonstrations of various alternatives to GPS, which were concluded last March. … Read More “GPS Vulnerabilities” »