Security News

Today's requirements [PDF] stem from US President Joe Biden's cybersecurity executive order from May 2021, which was in response to the SolarWinds disaster and other high-profile software supply chain meddling. This is essentially a guarantee from the vendor that their product meets minimum NIST standards for secure software development.

A number of companies pledged to do their parts to help assuage the shortage of cybersecurity professionals during the White House National Cyber Workforce and Education Summit on Tuesday. "The summit's goal was to"raise the bar on cybersecurity through greater awareness, education and training,'' the White House said in a statement.

President Joe Biden signed a national security memorandum on Thursday asking government agencies to implement measures that would mitigate risks posed by quantum computers to US national cyber security. The multi-year effort to migrate all vulnerable cryptographic systems to quantum-resistant cryptography will span over 50 government departments and agencies that use National Security Systems.

The White House is urging U.S. organizations to shore up their cybersecurity defenses after new intelligence suggests that Russia is preparing to conduct cyberattacks in the near future. With the U.S. imposing strict sanctions against Russia and aiding Ukraine in the war, the White House is expecting the Kremlin to retaliate with cyberattacks against critical infrastructure and U.S. interests.

The Russian government is exploring "Options for potential cyberattacks" on critical infrastructure in the U.S., the White House warned on Monday, in retaliation for sanctions and other punishments as the war in Ukraine grinds on. "The current conflict has put cybersecurity initiatives in hyperdrive, and today, industry leaders aren't just concerned about adversaries breaching critical infrastructure but losing access and control to them," Saket Modi, co-founder and CEO at Safe Security, said via email.

The White House has issued its starkest warning that Russia may be planning cyberattacks against critical-sector U.S. companies amid the Ukraine invasion. Context: The alert comes after Russia has lobbed a series of digital attacks at the Ukrainian government and critical industry sectors.

The White House has denied reports that President Biden has been presented with an arsenal of ways to launch massive cyberattacks against Russia - attacks designed to disrupt the country's ability to sustain its military operations in Ukraine. Russia's military forces have been deployed in a ?full-scale attack against Ukraine.

Today, the White House has linked the recent DDoS attacks that knocked down the sites of Ukrainian banks and defense agencies to Russia's Main Directorate of the General Staff of the Armed Forces. Neuberger also added that, although "Of limited impact" these incidents could be part of a more significant Russian effort to prepare for other, "Laying groundwork" for more disruptive attacks that would come together with a potential invasion of Ukraine's territory.

A newly released Federal strategy wants the US government to adopt a "Zero trust" security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies. The executive order initiated a government-wide effort to migrate toward zero trust and modernize the nation's defenses against cyberattacks.

Discussions on this topic took place during the Open Source Software Security Summit convened by the Biden administration on Thursday. Participants focused on three topics: preventing security defects and vulnerabilities in open source software, improving the process for finding security flaws and fixing them, and shrinking the time needed to deliver and deploy fixes.