The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

RECENT HEADLINES:

Critical Infrastructure:

US Critical Infrastructure Cybersecurity Milestone - ISBuzzNews

Last week the Idaho National Laboratory (INL) and the Department of Homeland Security (DHS) announced the successful completion of the 100th iteration of the Industrial Control Systems Cybersecurity training on defending systems used across the critical infrastructure sectors.

DHS Focusing Efforts on Strengthening Protection of Critical Infrastructure, Dot-Gov Sites - Federal News Radio

A Homeland Security Department official says part of the Trump administration's cyber agenda is focusing on critical infrastructure through a "neighborhood watch" and identifying high value targets and their respective contingency plans.

Trump Announces $1.5bn for Cyber-Security and Critical Infrastructure - SC Media

Donald Trump's first federal budget puts forward US $1.5 billion for cyber-security to protect the federal government and US critical infrastructure.

Data Security:

Botnet Pummels Retail Websites in Hunt for Gift Card Balances - SecurityWeek

A recently discovered Internet bot is conducting sustained attacks against retailers and checking millions of gift card numbers to determine if any have balances, Distil Networks researchers warn.

Internet-of-Things:

Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware - Motherboard

To avoid the draconian locks that John Deere puts on the tractors they buy, farmers throughout America's heartland have started hacking their equipment with firmware that's cracked in Eastern Europe and traded on invite-only, paid online forums.

Legislation and Regulation:

Your Internet History on Sale to Highest Bidder: US Congress Votes to Shred ISP Privacy Rules - The Register

This approval means that whoever you pay to provide you with internet access - Comcast, AT&T, Time Warner Cable, etc - will be able to sell everything they know about your use of the internet to third parties without requiring your approval and without even informing you.

Mobile Security:

After Attack, UK Calls for Backdoor to Encryption App - Fifth Domain

Westminster Bridge attacker Khalid Masood sent a WhatsApp message that cannot be accessed because it was encrypted by the popular messaging service, a top British security official said Sunday.

House Adopting Cellphone Defense Measures - The Hill

The House of Representatives will begin protecting the mobile devices of members of Congress and staff from cyber threats, the Office of the Chief Administrative Officer confirmed on Wednesday, through a new contract with Lookout Mobile.

The Next Cyberattack Could Come from Sound Waves - The Conversation

You might think your smartphone or laptop is relatively safe from cyber attacks thanks to anti-virus and encryption software. But your devices are increasingly at risk from "side-channel" attacks, where an intruder can bypass traditional network entry points and use another way to compromise the device.

Neuromorphic Computing:

New Brain-Inspired Cybersecurity System Detects ‘Bad Apples’ 100 Times Faster - ScienceDaily

Sophisticated cybersecurity systems excel at finding "bad apples" in computer networks, but they lack the computing power to identify the threats directly.

Neuromorphic, Quantum, Supercomputing Mesh for Deep Learning - ThrNextPlatform

While the steady tick-tock of the tried and true is still audible, the last two years have ushered a fresh wave of new architectures targeting deep learning and other specialized workloads, as well as a bevy of forthcoming hybrids with FPGAs, zippier GPUs, and swiftly emerging open architectures.

Public Sector:

DISA Cyber Program Focuses on Operational Risk - DISA

A new cyber assessment program, known as a Command Cyber Operational Readiness Inspection (CCORI), focuses on providing combatant commands and federal agencies with a greater understanding of the operational risk their missions face because of their cybersecurity posture.

NIST Cyber Framework for Federal Agencies Coming Soon - Nextgov

Expect the document in the next two months or perhaps sooner, said Matthew Barrett, program manager for the National Institute of Standards and Technology’s Cybersecurity Framework.Cyber Framework.

Quantum Computing:

Quantum Computers May Have Higher ‘Speed Limits’ Than Thought - PHYS ORG

How fast will a quantum computer be able to calculate? While fully functional versions of these long-sought technological marvels have yet to be built, one theorist at the National Institute of Standards and Technology (NIST) has shown that, if they can be realized, there may be fewer limits to their speed than previously put forth.

China Making Swift, Competitive Quantum Computing Gains - TheNextPlatform

U.S. officials and scientists have warned that the country that dominates the exascale era will have an edge in everything from business to national security to the military.

FEEDBACK FROM PREVIOUS DIGEST:

Most Popular:

Backup Error Exposes 1.37 Billion-Record Spamming Database - Data Breach Today

One of the world's allegedly most prolific spamming operations inadvertently left backup databases accessible online, exposing upwards of 1.37 billion records and a raft of internal company information.

Foreign Cyber Weapons ‘Far Exceed’ US Ability to Defend Critical Infrastructure, Defense Panel Says - Federal News Radio

On the civilian side, the new report warns that for at least the next five-to-10 years, other nations will have offensive cyber capabilities that "far exceed the United States' ability to defend and adequately strengthen the resilience of its critical infrastructures."

Google Just Discovered A Massive Web Leak… And You Might Want To Change All Your Passwords - Forbes

A Google researcher has uncovered what may be the most worrying web leak of 2017 so far, possibly exposing passwords, private messages and other sensitive data from a vast number of sites, including major services like Uber, FitBit and OKCupid.

CSIAC SUPPORTED COMMUNITIES:

Cyber Security of Critical Infrastructure - Department of Homeland Security

CSIAC serves on the EO 13636/PPD-21 Research & Development (R&D) Working Group (WG) run by DHS S&T. If you would like further information, contact Dr. Paul Losiewicz at plosiewicz@csiac.org

Cyber Community of Interest (COI) Group - CSIAC

The Cyber COI engages in multiple activities and forums for coordinating cyber S&T strategies, sharing innovative ideas and technical approaches, promoting technology transfer and upcoming business opportunities, and in jointly planning programs across the Department of Defense and other government agencies. Membership is based upon approval by the Cyber COI group administrator.

TECHNICAL RESOURCES, POLICY & GUIDANCE:

Presidential Policy Directive – United States Cyber Incident Coordination - The White House

Opportunities Exist for DOD to Share Cybersecurity Resources with Small Businesses - GAO

DOD OSBP officials acknowledged that cybersecurity is an important and timely issue for small businesses -and therefore the office is considering incorporating cybersecurity into its existing outreach and education efforts. During the review, GAO identified 15 existing federal cybersecurity resources that DOD OSBP could disseminate to defense small businesses.

DHS S&T Collaboration Community - Ideascale

The National Conversation is intended to bring together everyone to play a role in shaping the future of homeland security technology. This means responders, operational users, citizens, academia, and industry.

The Department of Defense Cyber Strategy - Department of Defense

The purpose of this strategy is to guide the development of DoD's cyber forces and strengthen our cyber defense and cyber deterrence posture. It focuses on building cyber capabilities and organizations for DoD's three primary cyber missions.

Information Sharing Environment - ISE

The Information Sharing Environment (ISE) broadly refers to the people, projects, systems, and agencies that enable responsible information sharing for national security.

Standards & Reference Documents - CSIAC

View all Best Practices and Reference Documents on the CSIAC website.

The DoD Cybersecurity Policy Chart (Formerly the IA Policy Chart) - CSIAC

DoD Cyber Domain Resources - Department of Defense

DHS Cyber Security Strategy (“Blueprint for a Secure Cyber Future”, 2011) - Department of Homeland Defense

DIB CS/IA Voluntary Information Sharing Program - DoD DIBNet

DoD's DIB CS/IA program is a voluntary program to enhance and supplement DIB participants' capabilities to safeguard DoD information that resides on, or transits, DIB unclassified information systems.

US-CERT Bulletins - Department of Homeland Security

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

US-CERT Alerts - Department of Homeland Security

Alerts provide timely information about current security issues, vulnerabilities, and exploits.

National Vulnerability Database - NIST

NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.

Trustworthy CyberSpace: Strategic Plan For The Federal Cybersecurity Research and Development Program - NITRD

Committee on National Security Systems (CNSS) - Committee on National Security Systems

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.