Joint ODNI, FBI, and CISA statement on Russian interference in US elections
On Oct. 28, the Office of the Director of National Intelligence (ODNI), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released the following statement:
“The IC assesses that Russian actors manufactured and amplified a recent video that falsely depicted an individual ripping up ballots in Pennsylvania, judging from information available to the IC and prior activities of other Russian influence actors, including videos and other disinformation activities. Local election officials have already debunked the video’s content.
This Russian activity is part of Moscow’s broader effort to raise unfounded questions about the integrity of the US election and stoke divisions among Americans, as detailed in prior ODNI election updates. In the lead up to election day and in the weeks and months after, the IC expects Russia to create and release additional media content that seeks to undermine trust in the integrity of the election and divide Americans.”
(Source: CISA)
NIST releases Cybersecurity Supply Chain Risk Management Due Diligence Assessment Quick-Start Guide for public comment
Cybersecurity supply chain risk management (C-SCRM) assessments start with due diligence. Acquirers who make procurement decisions need to be informed about potential supplier risks before those decisions are executed. Consequently, many acquisition operating procedures strongly recommend or even require an assessment of a supplier’s risk prior to entering into an agreement with them.
The National Institute of Standards and Technology (NIST) has released a first draft of a new Special Publication, Cybersecurity Supply Chain Risk Management: Due Diligence Assessment Quick-Start Guide.
This draft Quick-Start Guide proposes an implementation-ready approach to conducting the minimum amount of investigative rigor on potential suppliers. Identifying the primary risk factors that an acquirer should consider can enable quick turnarounds with limited resources.
The Quick Start Guide is based on the widely adopted content in NIST Special Publication (SP) 800-161r1, Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.
NIST welcomes comments on this initial public draft by December 16, 2024. Please email feedback to scrm-nist@nist.gov.
(Source: NIST)
Five Eyes agencies launch startup security initiative
The UK, US, Canada, New Zealand and Australian governments have launched a new program designed to help their tech startups improve baseline cybersecurity measures, in the face of escalating state-backed threats.
Secure Innovation was originally a UK initiative run by GCHQ’s National Cyber Security Centre (NCSC) and MI5’s National Protective Security Authority (NPSA). However, it has now been adopted and promoted by all Five Eyes intelligence agencies in regionalized versions.
In the UK version, startup owners answer a few simple questions to access a personalized action plan, designed to provide them with advice on how to protect their technology, reputation and success. There’s also security advice and detailed guidance for both founders and investors of emerging technology vendors.
The launch of Secure Innovation across the Five Eyes follows a first-ever public meeting of the heads of the domestic intelligence agencies, at an event hosted by the Hoover Institution at Stanford University, and the FBI. During that event, attendees warned that hostile states are going after startup intellectual property in order to accelerate their own technological and military capabilities and undermine others’ competitive edge.
(Source: Infosecurity Magazine)
Georgia election official says battleground state fended off cyberattack likely from a foreign country
Georgia’s secretary of state’s office this month fended off a cyberattack believed to have come from a foreign country against the website voters use to request absentee ballots, the office told CNN.
Hundreds of thousands of IP addresses from numerous countries flooded the Georgia website with bogus traffic. The state’s cyber defenses — aided by tech firm Cloudflare — repelled the hackers’ attempts to knock the absentee ballot website offline, and there was no disruption to voters’ ability to request ballots.
The cyberattack likely originated from overseas and had “the hallmarks of a foreign power or a foreign entity [acting] at the behest of a foreign power,” Gabe Sterling, an official in Georgia’s secretary of state’s office, which oversees elections in the battleground state, told CNN. US officials have yet to publicly confirm that assessment.
(Source: CNN)
How New Hampshire defends Its drinking water from cyber attacks
Federal agencies recently sent governors a letter urging them to defend their water and wastewater systems against disabling cyberattacks, noting that many water systems lack even basic precautions.
New Hampshire is one state that's taken up the call. New Hampshire's state IT is partnering with the state Department of Environmental Services and the regional Cybersecurity and Infrastructure Security Agency (CISA) representative to begin assessing cyber maturity at community drinking water systems.
Weeks said they've assessed more than 150 community drinking water systems across the state, and one of their takeaways was "this security is bad, even for a water system."
The next step for New Hampshire was to provide the tools and training to get these utilities up to speed. To do so, the state has provided funding to Overwatch Foundation, a not-for-profit, to bring water systems a turnkey solution. Dubbed "Drinking Water Cybersecurity in a Box," the solution provides cybersecurity assessments where needed, as well as training for water system staff, new equipment and software with several years of support.
(Source: New Hampshire Union Leader)
|
