Security News

The Biden administration is taking steps to harden cybersecurity defenses for critical infrastructure, announcing on Wednesday the development of performance goals and a voluntary public-private partnership to protect core sectors. The actions, outlined in an order from President Joe Biden, are an acknowledgment of the cybersecurity vulnerabilities of critical industries - a reality made clear by the May hack of the nation's largest pipeline, which delivers about 45% of the fuel consumed on the East Coast.

I was fortunate to be in Military/Federal Government service for over 30 years spending the last 17 years working in the Cybersecurity and Infrastructure Security Agency whose central mission is the security of our nation's critical infrastructure and working with other critical Departments and Agencies that share a similar mission such as the Department of Energy, Department of Defense, Transportation Administration, and Health and Human Services to name a few. Our Nation's cyber and physical infrastructure underpins our national and economic security, public health, and safety, and provides the critical functions our citizens depend on in their everyday lives.

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems, and grants for state and local governments. One of the bills focusing on critical infrastructure is the Cybersecurity Vulnerability Remediation Act, which aims to authorize the DHS's Cybersecurity and Infrastructure Security Agency to assist owners and operators of critical infrastructure with mitigation strategies against serious vulnerabilities.

Needless to say, Geyer has a lot to say about the threat ransomware poses to OT, ICS and critical infrastructure. How to prepare for the future of ransomware risk management.

Sysdig announced intent to acquire Apolicy to shift security further left and expand the Sysdig offering to include Infrastructure as code security. Checking for security as configurations are defined 'shifts security further left,' allowing teams to identify and resolve issues before infrastructure is deployed.

The US is offering a $10m reward to anyone who dobs in digital outlaws responsible for foreign government-backed cyberattacks on critical national infrastructure such as pipelines, power grids, and communication networks. The cash incentive is part of the US State Department's Rewards for Justice programme and the ongoing war on cybercrime that has in recent months crippled fuel pipelines and meat production.

Sunlight launches its Sunlight Infrastructure Manager and Marketplace to make it simple to deploy and manage infrastructure and applications in highly distributed Edge environments as well as in the Cloud - enabling true Edge 'Software as a Service' models. The SIM joins Sunlight's NexVisor HCI to provide a complete software-defined Edge computing stack at a fifth of the cost of trying to deploy the leading data center hyperconverged solution at the Edge.

Cyber incidents continue to rise, ransomware accounts for nearly two-thirds of all malware attacks, and more cybercriminals are customizing malware for attacks on virtual infrastructure, Positive Technologies finds. According to the research, the number of attacks increased by 17% compared to Q1 2020, with 77% being targeted attacks, and incidents with individuals accounting for 12% of the total.

Spending on compute and storage infrastructure products for cloud infrastructure, including dedicated and shared environments, increased 12.5% year over year in the first quarter of 2021 to $15.1 billion, according to IDC. Investments in non-cloud infrastructure increased 6.3% year over year in 1Q21 to $13.5 billion. Shared cloud infrastructure spending is expected to surpass non-cloud infrastructure spending in the near future.

StrikeReady launched StrikeReady Recon, a combination of internal and external intelligence that provides a cross-section of the most active and in-the-wild campaigns, intrusions, and attacks targeting organizations globally, assisting them in protecting their mission-critical infrastructure and systems. Because of this, StrikeReady has developed a threat model-based approach aka StrikeReady Recon for organizations to prioritize and focus on threats that affect their operations or goals.