Key Points:

• The business promise of 5G networks can only be realized if they are secure, despite new cyber risks on a vastly expanded attack surface.
• Congress recently passed an Internet of Things security bill, showing bipartisan support for 5G security policy.
• The incoming administration and Congress could accelerate a 5G national security strategy in 2021.

U.S. government and industry have been setting the stage for 5G technology to achieve its full potential in America and launch the next wave of digital business transformation. But only if the 5G network is secure will it deliver on its business promise of quantum leaps in productivity, innovation and cost reduction.

A new 5G security report from AT&T addressed this challenge directly: ‘Many scenarios will broaden connections among humans and machines more quickly and efficiently but also bring advanced attacks that can take down businesses,…

Read More…

The number of fines for anti-money laundering (AML) failures during the first half of 2020 has already outstripped those for the entirety of 2019. It’s evident, then, that we’re sitting on the cusp of another potential surge in financial crime, as the COVID-19 pandemic increases pressure on people, processes and systems across the world.

How then, can banks and major financial institutions mitigate the risk of financial crime and the increasing sophistication of money launderers, especially when criminals thrive in such chaotic and uncertain times?

History Predicts the Future

When we look back, the common denominator tying together the 21^st century financial crime timeline is exploitation of a crisis. Possibly one of the most significant occurrences this side of the millennium took place on September 11, 2001 in New York City. The 9/11 tragedy prompted some of the biggest overhauls in anti-money laundering law and financial crime legislation in history, as the U.S. government sought to cut off terrorism funding at the source in the war against terror.[1]

The 2008 financial crisis provided another catalyst for…

Подробнее…

Image: blackred/iStock

In a recently published document addressing supply chain risk, the Office of the Director of National Intelligence warns against “foreign attempts to compromise the integrity, trustworthiness, and authenticity of products and services purchased and integrated into the operations of the U.S. Government, the Defense Industrial Base, and the private sector.”

Attacks on the supply chain represent “a complex and growing threat to strategically important U.S. economic sectors and critical infrastructure,” the agency notes. Foreign adversaries are attacking key supply chains at multiple points: From concept to design, manufacture, integration, deployment and maintenance.

GovCon leaders say the government does well to take the risks seriously, and they point to ways in which the contracting community can work hand-in-glove with federal officials to mitigate the threat.

“ODNI is definitely right to be concerned,” said Justin Shirk, vice president of asymmetric analytics at Novetta. “An area of real emerging risk on which we focus is in the provenance of software, both open-source or commercial. This is unfortunately inherently…

Read More…

by DH Kass • Aug 28, 2020

The Department of Homeland Security’s cyber wing has released a five point plan to safeguard the nation’s budding 5G mobile network infrastructure against cyber threats.

The document, entitled CISA 5G Strategy: Ensuring the Security and Resilience of 5G Infrastructure in Our Nation, details five “strategic initiatives” the Cybersecurity and Infrastructure Security Agency (CISA) is focused on:

• Support 5G policy and standards development by emphasizing security and resilience.
• Expand situational awareness of 5G supply chain risks and promote security measures.
• Partner with stakeholders to strengthen and secure existing infrastructure to support future 5G deployments.
• Encourage innovation in the 5G marketplace to foster trusted 5G vendors.
• Analyze potential 5G use cases and share information on risk management strategies.

Of the strategic initiatives, each addresses “critical risks to secure 5G deployment, such as physical security concerns, attempts by threat actors to influence the design and architecture of the network, vulnerabilities within the 5G supply chain, and an increased attack surface for malicious actors to exploit…

Read More…

by DH Kass • Aug 28, 2020

The Department of Homeland Security’s cyber wing has released a five point plan to safeguard the nation’s budding 5G mobile network infrastructure against cyber threats.

The document, entitled CISA 5G Strategy: Ensuring the Security and Resilience of 5G Infrastructure in Our Nation, details five “strategic initiatives” the Cybersecurity and Infrastructure Security Agency (CISA) is focused on:

• Support 5G policy and standards development by emphasizing security and resilience.
• Expand situational awareness of 5G supply chain risks and promote security measures.
• Partner with stakeholders to strengthen and secure existing infrastructure to support future 5G deployments.
• Encourage innovation in the 5G marketplace to foster trusted 5G vendors.
• Analyze potential 5G use cases and share information on risk management strategies.

Of the strategic initiatives, each addresses “critical risks to secure 5G deployment, such as physical security concerns, attempts by threat actors to influence the design and architecture of the network, vulnerabilities within the 5G supply chain, and an increased attack surface for malicious actors to exploit…

Read More…

The U.S. government identifies 16 sectors as critical infrastructure, but inconsistent regulations and management leave many sectors lacking security.

The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) lists the 16 critical infrastructure sectors on its website, and of those, only three — energy, government and nuclear — are under regulations mandating that security requirements be mapped to all five sections of the NIST Cybersecurity Framework (CSF). The health sector has HIPAA requirements, which map to the Protect section of the CSF, and the water sector has requirements that map how to Identify and Respond to cybersecurity incidents based on CSF guidelines.

At least one expert believes the risks could be exacerbated because of the interconnected nature of the sectors. Steven Briggs, senior program manager at Tennessee Valley Authority, spoke on the state of critical infrastructure cybersecurity at the virtual CircleCityCon, a security conference normally held in Indianapolis, and discussed his research with SearchSecurity. Briggs said one problem is cybersecurity rules have historically been reactionary: Of those…

Read More…