Read More…

© Shutterstock

The Department of Homeland Security’s (DHS) Small Business Innovation Research (SBIR) Program has awarded $1.96 million to a pair of businesses to aid emergency communication network risk management assessments.

Orem, Utah-based Achilles Heel Technologies and SecureLogix, of San Antonio, Texas, were selected to participate in Phase II of the program based on demonstration of feasibility in Phase I for Network Modeling for Risk Assessment technology solutions.

During Phase II, each company is slated to continue its research and development efforts. Achilles Heel Technologies would further develop a software tool suite for holistic cyber risk management of Next-Generation 9-1-1 (NG9-1-1) systems. SecureLogix would continue developing a modeling tool aiding 9-1-1 decision makers in planning…

Read More…

DHS

The Department of Homeland Security (DHS) has awarded SecureLogix and Achilles Heel Technologies a total of $1.96 million in funds through Phase II of the Small Business Innovation Research program to build technologies that will support dynamic network modeling capabilities for emergency communication and risk management networks. 

SecureLogix will continue the development of a modeling tool that will assist 911 decision makers in planning prevention approaches for telephony denial of service attacks, DHS said Tuesday.

Achilles Heel will build a suite of software tools designed to perform cyber risk management activities for Next-Generation 911 platforms such as dynamic network models.

“Now, many new data types are accepted by NG9-1-1 centers, such as text, video, images, and even information directly from an automobile in the event of an accident. All these data types increase the attack surface in cyberspace, in addition to the traditional TDoS and other attacks that originate in the phone system at 9-1-1 centers,” said Ann Cox, SBIR topic manager at DHS’ science and technology directorate.

The awardees may compete for Phase III contracts after the completion of their…

Read More…

by DH Kass • Aug 28, 2020

The Department of Homeland Security’s cyber wing has released a five point plan to safeguard the nation’s budding 5G mobile network infrastructure against cyber threats.

The document, entitled CISA 5G Strategy: Ensuring the Security and Resilience of 5G Infrastructure in Our Nation, details five “strategic initiatives” the Cybersecurity and Infrastructure Security Agency (CISA) is focused on:

• Support 5G policy and standards development by emphasizing security and resilience.
• Expand situational awareness of 5G supply chain risks and promote security measures.
• Partner with stakeholders to strengthen and secure existing infrastructure to support future 5G deployments.
• Encourage innovation in the 5G marketplace to foster trusted 5G vendors.
• Analyze potential 5G use cases and share information on risk management strategies.

Of the strategic initiatives, each addresses “critical risks to secure 5G deployment, such as physical security concerns, attempts by threat actors to influence the design and architecture of the network, vulnerabilities within the 5G supply chain, and an increased attack surface for malicious actors to exploit…

Read More…

by DH Kass • Aug 28, 2020

The Department of Homeland Security’s cyber wing has released a five point plan to safeguard the nation’s budding 5G mobile network infrastructure against cyber threats.

The document, entitled CISA 5G Strategy: Ensuring the Security and Resilience of 5G Infrastructure in Our Nation, details five “strategic initiatives” the Cybersecurity and Infrastructure Security Agency (CISA) is focused on:

• Support 5G policy and standards development by emphasizing security and resilience.
• Expand situational awareness of 5G supply chain risks and promote security measures.
• Partner with stakeholders to strengthen and secure existing infrastructure to support future 5G deployments.
• Encourage innovation in the 5G marketplace to foster trusted 5G vendors.
• Analyze potential 5G use cases and share information on risk management strategies.

Of the strategic initiatives, each addresses “critical risks to secure 5G deployment, such as physical security concerns, attempts by threat actors to influence the design and architecture of the network, vulnerabilities within the 5G supply chain, and an increased attack surface for malicious actors to exploit…

Read More…

The Office of Management and Budget has tried at least two other times to get agencies to consolidate and optimize their security operations centers (SOC).

At some departments, there are eight or 10 SOCs, meaning there is no single pane of glass for the chief information security officer, the Department of Homeland Security, or OMB to understand what’s really going on.

Grant Schneider, the federal chief information security officer (CISO), said the latest attempt to improve the value and reduce the number of security operations centers is well underway.

“We have been looking for all agencies to raise the bar. One of the ways we know we want to do that is the focus on shared services,” Schneider said in recent interview on Ask the CIO. “With SOC-as-a-service, DHS is in the process now, as the management office, of setting the standards for what would any service provider in this space need to deliver, and what would they need to be able to achieve. This doesn’t mean DHS will be the only service provider in this space. The Department of Justice is already working to be a service provider in this space as…

Read More…

Athens State University has received a national designation for one of its areas of study.

According to the university, the National Security Agency and Department of Homeland Security have designated the school as a National Center of Academic Excellence in Cyber Defense Education through the 2025 academic year for its bachelors of science degree in management of cybersecurity operations and minor in information systems management.

The university said the recognition has come as the result of two years of “specifically-targeted” work by Darren Waldrep, an instructor of information assurance management.

“The goal of the CAE-CD program is to reduce vulnerability in our national information infrastructure by promoting higher education and research in cyber defense and producing professionals with cyber defense expertise,” according to a release from Athens State. “It addresses the critical shortage of professionals with cybersecurity skills and highlights the importance of higher education as a…

Read More…

Cybersecurity

CISA hires cyber risk experts to meet emerging threats

• By Mark Rockwell
• Jul 22, 2020

 

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency brought on two hired hands to help it grapple with shifting infrastructure cyber risks as the COVID-19 crisis grinds ahead.

The agency brought on Josh Corman as a visiting researcher and Rob Arnold to join CISA’s National Risk Management Center as a senior cybersecurity and risk management advisor. The positions are temporary and set up under CARES Act authority, according to a July 22 CISA statement.

“The COVID-19 pandemic has resulted in noticeable shifts in cyber risk calculations for organizations of all sizes,” said CISA Director Christopher Krebs in the statement. “The hardware, software, and services that underpin our connected infrastructure have absolutely been tested and stressed in this telework-heavy environment. At the same time, certain organizations and sectors of our economy have become more attractive targets for adversaries.”

Krebs said the shifting threats require an…

Read More…

by DH Kass • Jul 18, 2020

Three newly introduced bills would add weight and influence to the Department of Homeland Security’s cyber wing through increased stability in leadership positions, additional resources and a public-private workforce exchange program.

The package of bipartisan legislation, sponsored by Rep. John Katko (R-NY), the ranking member of the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation, includes:

• The Cybersecurity and Infrastructure Security Agency Director and Assistant Directors Act.
• Strengthening the Cybersecurity and Infrastructure Security Agency Act of 2020.
• The CISA Public-Private Talent Exchange Act.

Taken together, the measures aim to enrich the Cybersecurity and Infrastructure Security Agency’s (CISA) national cybersecurity profile. Of note, all three Katko bills are tied to the Cyberspace Solarium Commission’s (CSC) report delivered last March that offered dozens of cybersecurity-related recommendations to improve the nation’s defenses. Along those lines, Katko was also among a bipartisan group of legislators who recently proposed the CSC-inspired National Cyber Director Act…

Read More…

NEW YORK (PRWEB)
July 16, 2020

Axonius, the cybersecurity asset management company, today announced it has been added to the Department of Homeland Security (DHS) Continuous Diagnostics and Mitigation (CDM) Program Approved Products List (APL), allowing for purchase through the General Services Administration (GSA). The company has also received Cryptographic Algorithm Validation Program (CAVP) certification for its product’s use of the OpenSSL Federal Information Processing Standard (FIPS) Object Module.

Prior to the COVID-19 pandemic, federal, state, and local governments were already investing in IT modernization and digitization. Now, with the explosion of remote work, agencies face an increasing proliferation of devices and more assets hosted in the cloud. This is generating immediate urgency for federal CISOs to make quick and large strides to gain a comprehensive view of assets and activity within their infrastructure. By adopting a solution like Axonius, federal agencies immediately gain this…

Read More…