While ATT&CK focuses on standardizing the way cyber warriors understand and talk about offensive cyber, D3FEND focuses on common defensive measures.
By Brad D. WilliamsOSCAL’s goal is to enable compliance and security assessments to keep pace in complex, fast-moving, ever-changing DevSecOps environments.
By Brad D. Williams“Someone told me I was like Chicken Little, but I prefer Paul Revere,” said Sen. King, who co-chaired the commission that recommended creating the national cyber director.
By Brad D. WilliamsThe single biggest increase in proposed year-over-year cyber funding appears to be for cryptology, and the budget includes a new line item for zero-trust architectures.
By Brad D. Williams“We are disappointed, though unsurprised, to learn of the cyberattack,” Sen. King and Rep. Gallagher said. “We can and must be better… in navigating the threats of the Age of Cyber Aggression.”
By Brad D. WilliamsOperational technologies, or OT, are prevalent in critical infrastructure environments. “Without direct action to harden OT networks and control systems against vulnerabilities… owners and operators will remain at indefensible levels of risk,” NSA says.
By Brad D. WilliamsZero-trust security “is not one single product that one can purchase off the shelf,” a NIST scientist observes. But underlying zero trust’s many component parts are a few critical elements, including identity and automation.
By Brad D. WilliamsThe Midshipmen edged out other competitors in this year’s virtual cyber competition to bring home the prestigious trophy. “I think the structure and dynamic of our team is what makes us so effective: We are completely student run, trained, and managed,” Gallagher said.
By Brad D. Williams“That was a list of about as many awful things in 10 minutes as I may have heard in recent time,” Sen. Mark Warner said of the DNI’s threat assessment. Top of mind: China, cyber, and emerging tech.
By Brad D. WilliamsThe administration is set to nominate two NSA veterans, one for the newly created national cybersecurity director position and one to head CISA. The new leaders, once confirmed by Congress, will have their hands full.
By Brad D. WilliamsTeams will face a series of rigorous challenges over three days as they compete to win the prestigious NCX trophy.
By Brad D. WilliamsThe guidance will “outline threats and risks to 5G infrastructure,” NSA Executive Director Noble said. It’s one way NSA is “focusing our expertise in cryptography and cybersecurity to help industry and government to integrate security into all aspects of the 5G ecosystem.”
By Brad D. Williams“We should understand what our adversaries are doing,” Gen. Nakasone told Congress. “They are no longer launching attacks from different parts in the world. They understand that they can come into the US, use our infrastructure, and there’s a blind spot for us not being able to see them.”
By Brad D. WilliamsMicrosoft President Brad Smith testified that a team of internal Microsoft security experts investigating the breach at the company estimated that the SolarWinds hack involved the work of “at least 1,000 engineers,” the sort of scale that would require a government’s commitment of people and money. Three top cyber leaders told lawmakers that old security models are no longer adequate for today’s IT environments.
By Brad D. Williams