The Cybersecurity and Infrastructure Security Agency (CISA) in partnership with UK National Cyber Security Centre (NCSC) and other US and international partners released this Joint Cybersecurity Advisory providing recent tactics, techniques, and procedures (TTPs) used by Russian Foreign Intelligence Service (SVR) cyber actors—also known as APT29, the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard—to gain initial access into a cloud environment.
The NCSC has previously detailed how SVR cyber actors have targeted governmental, think tank, healthcare and energy targets for intelligence gain. It has now observed SVR actors expanding their targeting to include aviation, education, law enforcement, local and state councils, government financial departments, and military organizations.
The NIST Cybersecurity Framework (CSF) development process all started with Executive Order (EO)13636 over a decade ago, which called for building a set of approaches (a framework) for reducing risks to critical infrastructure. Through this EO, NIST was tasked with developing a “Cybersecurity Framework.” We knew that, to do this the right way, NIST would need to work alongside industry, academia, and other government agencies. This is exactly what we did—and have been doing over the past 10 years—as the CSF became more popular around the globe.
We also knew that the CSF needed to be a living document that should be refined, improved, and evolve over time. To address current and future cybersecurity challenges and improvements, NIST set out on the journey of developing the CSF 2.0. Along the way, NIST has solicited input via formal Requests for Information, workshops and smaller meetings, suggestions from users and non-users alike, and draft documents for public comment. This all resulted in CSF Versions 1.0 and 1.1 and, most recently, a draft of CSF 2.0…
NIST Releases Version 2.0 of Landmark Cybersecurity Framework The National Institute of Standards and Technology (NIST) has updated the widely used Cybersecurity Framework (CSF), its landmark guidance document for reducing cybersecurity risk. The new 2.0 edition is designed for all audiences, industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations — regardless of their degree of cybersecurity sophistication. In response to the numerous comments received on the draft version, NIST has expanded the CSF’s core guidance and developed related resources to help users get the most out of the framework. These resources are designed to provide different audiences with tailored pathways into the CSF and make the framework easier to put into action. Read More
Early Bird Registration is Now Open! June 3 – 5, 2024 | Dallas, Texas Registration is now open for the 2024 NICE Conference and Expo in Dallas, Texas, taking place from June 3 to 5, 2024! Secure early bird rates from February 27 to March 19, 2024. This year’s theme, “Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap,” highlights our shared responsibility to work together to build an integrated ecosystem of cybersecurity education, training, and workforce development. Through collaboration and partnerships, we will cultivate a stronger community that is dedicated to building a knowledgeable and skilled workforce. Register Now! A limited block of discounted rooms will be available at a prevailing government rate of $164/night (room rate does not include tax or any applicable fees) to those registering for the conference.
Make sure to reserve your room at the Sheraton Dallas! Reserve Now!
Our first post in the series introduced the concept of federated learning and described how it’s different from traditional centralized learning – in federated learning, the data is distributed among participating organizations, and share model updates (instead of raw data).
What kinds of techniques can we use to build privacy-preserving federated learning systems? It turns out to depend heavily on how the data is distributed. This post defines and explains the different ways data can be distributed, or partitioned, among participants in federated learning systems. Future posts in the series will describe specific techniques applicable in each situation.
Data partitioning schemes describe how data is distributed among participating organizations, as compared to the centralized scheme in which one party holds all the data.
In a horizontal partitioning scheme, the rows of the data are distributed among the participants.
In a vertical partitioning scheme, the columns of the data are distributed among the participants.
Combinations of the two are also possible—we’ll get to those at the end of this post…
Today, CISA, the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released an update to the joint advisory #StopRansomware: ALPHV Blackcat to provide new indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with the ALPHV Blackcat ransomware as a service (RaaS). ALPHV Blackcat affiliates have been observed primarily targeting the healthcare sector.
CISA, the FBI, and HHS urge network defenders to review the updated joint advisory to protect and detect against malicious activity.
All organizations are encouraged to share information on incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or via our Report page, and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected]. For more on ransomware, visit stopransomware.gov.
AI-powered innovations in cybersecurity are reshaping how businesses of every size—and across every industry—secure and protect their data. Join us at the second annual Microsoft Secure digital event to learn how to bring world-class threat intelligence, complete end-to-end protection, and industry-leading, responsible AI to your organization. Register today to: Be among the first to hear about new products, capabilities, and offerings. Get demos on the latest AI-powered innovations. Learn from industry luminaries and influencers.
Microsoft Secure Wednesday, March 13, 2024 9:00 AM–11:00 AM Pacific Time (UTC-8)
The initial public draft of NIST Internal Report (IR) 8504, Access Control on NoSQL Databases, is now available for public comment. NoSQL (i.e., “not only SQL” or “non-SQL”) database systems and data stores often outperform traditional relational database management systems (RDBMSs) in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users’ availability. However, with an increasing number of people storing sensitive data in NoSQL databases, access control issues have become a fundamental data protection requirement for database management systems.
This document discusses access control on NoSQL database systems by illustrating the NoSQL database types and their support for access control models. It operates under the assumption that the access control system stores and manages access control data (e.g., subjects, objects, and attributes) in the NoSQL database and describes considerations from the perspective of access control in general.
A public comment period is open through March 15, 2024. See the publication details for a copy of the draft and instructions for submitting comments.
Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection, but complicates the performance of these required data audits. The National Institute of Standards and Technology (NIST) has released a practice guide describing methods that are intended to help these industries implement TLS 1.3 and accomplish the required network monitoring and auditing in a safe, secure and effective fashion.
The new draft practice guide, Addressing Visibility Challenges with TLS 1.3 within the Enterprise (NIST Special Publication (SP) 1800-37), was developed over the past several years at the NIST National Cybersecurity Center of Excellence (NCCoE) with the extensive involvement of technology vendors, industry organizations and other stakeholders who participate in the Internet Engineering Task Force (IETF). The guidance offers technical methods to help businesses comply with the most up-to-date ways of securing data that travels over the public internet to their internal servers, while simultaneously adhering to financial industry and other regulations that require continuous monitoring and auditing of this data for evidence of malware and other cyberattacks.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA) jointly released a Water and Wastewater Systems Sector Cybersecurity Toolkit to aid Water and Wastewater Systems Sector stakeholders in bolstering their cybersecurity preparedness across the nation.
To build security and resilience within the Water and Wastewater Systems Sector, CISA works closely with EPA to deliver tools, resources, training and information that can help organizations within this sector. Together, CISA brings technical expertise as the nation’s cyber defense and infrastructure security agency, and EPA offers extensive expertise as the Water and Wastewater Systems Sector Risk Management Agency.
The toolkit includes useful resources, including a newly published Cybersecurity Incident Response Guide, vital CISA and EPA services including free vulnerability scanning assessments, cybersecurity performance goals alignment, cyber hygiene tools, and more.