6864 stories
·
0 followers

Microsoft, Defense Firms Partnering on Modeling and Simulation Capabilities

1 Share
Microsoft is collaborating with defense sector companies as DOD seeks to increase its gaming, exercising, modeling and simulation capabilities.
Read the whole story
tain
7 hours ago
reply
Share this story
Delete

Toxic Christmas Tree Water, and Other Holiday Pet Dangers You Never Knew About

1 Share

Whether you’re hosting a huge Thanksgiving dinner or plan to spend New Years Eve cuddled up inside this year, your home is likely to be the setting of at least some of your holiday plans. You might be thinking about how to maximize your hosting capabilities to please the humans entering your space, but you shouldn’t…

Read more...

Read the whole story
tain
12 days ago
reply
Share this story
Delete

Chinese Official Says Virtual Reality Funding Doubled in 2021, China Entering Period of ‘Explosive’ Growth

1 Share

In an article highlighting China’s efforts to develop virtual reality technology, Tech Times cites CSET Director Dewey Murdick’s testimony before the U.S. Senate Intelligence Committee calling for more dedicated efforts to understand the scope of China’s technological investments. See Tech Times for the original article.

The post Chinese Official Says Virtual Reality Funding Doubled in 2021, China Entering Period of ‘Explosive’ Growth appeared first on Center for Security and Emerging Technology.

Read the whole story
tain
16 days ago
reply
Share this story
Delete

A Garment-by-Garment Guide to How Often You Really Need to Wash Your Clothes

1 Share

When you’re a kid, no one tells you how much stuff you have to figure out to be a fully functional adult. Laundry, for example, can remain a mystery for much longer than it should. Not that it needs to be done—most of us have figured that part out—but the how and then when. I have a partner whose genetic code includes…

Read more...

Read the whole story
tain
29 days ago
reply
Share this story
Delete

State Dept working toward SBOM adoption to improve supply chain risk management

1 Share

Software bills of material (SBOMs) are getting a lot of attention as tools to help federal agencies improve their supply chain risk management. Although there’s some disagreement over when agencies will actually start benefiting from them, many agencies are currently laying the foundation to start using SBOMs. For example, the State Department is currently forming a working group to develop guidance and procedures on how to capture and store them.

“We’re not there yet,” said Zetra Batiste, enterprise chief information security officer for cybersecurity supply chain risk management (C-SCRM) at the State Department’s Bureau of Information Resource Management said on Federal Monthly Insights – Supply Chain Risk Management. “However, we do realize the need for ongoing collaboration with industry and government stakeholders to ensure that we’re harmonizing that federal effort on automating and building a repository of SBOMs for reciprocity.”

Often described as an ingredient list for software, SBOMs create transparency by detailing the various components in a piece of software, and the various dependencies between those components.

Batiste said there are currently a number of challenges inherent in the use of SBOMs that need to be solved. For one thing, they need to be automatically generated and machine readable. Developing the processes and formats for that isn’t easy. Add on top of that a general lack of training and knowledge of how SBOMs work, since they’re a fairly new concept.

And when they are used, a software development team has to stop what it’s doing every time an SBOM reveals a vulnerability, and mitigate that. That takes time. And sometimes those vulnerabilities turn out to be false positives. That’s why Batiste said the C-SCRM team is currently working on a solution to ingest SBOMs.

Until that happens, agencies have to work with self-attestations. Batiste said State is also looking into options for third-party tools to verify the accuracy of those self-attestations, but that will take time as well.

“Without a tool, it’s hard to really verify beyond the self attestation,” she said on the Federal Drive with Tom Temin. “But I think it starts with forming that relationship with the developer, so that you understand, you’re forming that bond, that relationship, so that you understand his third party vendors, etc. And you use processes too, such as assessments to validate where required, where you can.”

In the meantime, Batiste said State is pursuing continuously monitoring software for any vulnerabilities. Her team created an assessment process for risk, including examining a vendor’s foreign relationships and potential threats to infrastructure that software might pose. From there, they make a decision about whether to try to mitigate that risk, or simply avoid using that software altogether.

Another thing State is focusing on is collaborating with the Cybersecurity and Infrastructure Security Agency and cybersecurity working groups to promote information sharing about threats and vulnerabilities. Those groups are also working together on surmounting the barriers to SBOM adoption.

“Vulnerability that hits one eventually touches us all,” Batiste said. “So the more we learn, the better we’re able to collectively protect our infrastructure.”

Read the whole story
tain
33 days ago
reply
Share this story
Delete

White House announces 100-day cyber sprint for chemical sector

1 Share

The chemical industry is the next sector to take up President Biden’s 100-day cybersecurity sprint, the administration announced Wednesday, an effort designed to sharpen operators’ focus on the most significant risks such as gas leaks and other contaminations.

The sprint also aims to improve information sharing and “analytical coordination” between the public and private sector and encourage chemical manufacturers to deploy threat detection on control systems.

The sprints were first launched as a pilot with the electric sector in April 2021 and followed up with the pipeline, water and railway sectors. Biden’s memorandum on improving critical infrastructure control systems codified the exercises and amounted to a rare moment for the White House to acknowledge industrial control cybersecurity.

The fact sheet released by the Biden administration noted that the chemical sector sprint would incorporate lessons learned from previous sprints.

A CISA official told Axios, which first reported the announcement, that the Cybersecurity and Infrastructure Security Agency and the Chemical Sector Coordinating Council will set up new task force to implement the sprint. CISA is the sector risk management agency for the chemical sector.

The sprint comes as the Department of Homeland Security and the National Institute of Standards and Technology, among other agencies, are expected to soon announce voluntary cybersecurity performance goals for critical infrastructure.

The announcement also comes as CISA is asking for industry feedback on the new cyber incident reporting law.

The post White House announces 100-day cyber sprint for chemical sector appeared first on CyberScoop.

Read the whole story
tain
35 days ago
reply
Share this story
Delete
Next Page of Stories