The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

CSIAC Webinar, Wednesday, August 12 @ 1100 EDT: A Fistful of Data, or the Good, Bad and Ugly of Adversarial Machine Learning - CSIAC

This webinar provides an overview of Adversarial Machine Learning (AML), its relationship to Generative (Deep) Learning, and ways to view AML as a potential enabler for deploying more comprehensive system-level Machine Learning capabilities. The basic ideas driving AML and the system-level architecture needs of an effective integrated ML capability are compared to find areas of commonality and future utility beyond single-shot, algorithm-by-algorithm approaches to AML and remediation techniques.

RECENT HEADLINES:

CISA Adds Top Cybersecurity Experts to Join COVID-19 Response Efforts - CISA.gov

The Cybersecurity and Infrastructure Security Agency (CISA) announced today the addition of two leading cybersecurity experts to support the agency's COVID-19 response efforts. Josh Corman is joining CISA as a Visiting Researcher, and Rob Arnold will join CISA's National Risk Management Center as a Senior Cybersecurity and Risk Management Advisor. Corman and Arnold were both hired using authorities granted under the CARES Act, which allows agencies to hire staff to temporarily support the COVID-19 response.
Tags: CISA, COVID-19, Cybersecurity

Enhancing Understanding of Legacy Code to Simplify Software Re-engineering Process - DARPA

Defense and commercial systems alike are riddled with legacy software that is difficult to modernize, enhance, and re-engineer, largely due to a lack of effective understanding of the underlying legacy code, which makes predicting the effect of modifications a challenge. From a defense perspective, there is a growing need to enhance or replace components of existing software in critical platforms and systems with more secure and performant code, as well as a desire to use legacy software on new hardware to improve system performance. When introducing enhancements or replacements into large legacy code bases however, there is a high risk that the new code will not safely compose with the rest of the system. Existing means of verifying that updated software is correct-by-construction focus on clean-slate software development, essentially limiting their effectiveness to software that is developed from scratch. Further, these methods assume an existing formal specification that is typically not available for a legacy system, and they require a certain level of expertise in formal methods not readily found in most developers.
Tags: Cyber, Formal, Programming, Security

Protect Operational Technologies and Control Systems against Cyber Attacks - CISA

Cyber actors have demonstrated their willingness to conduct cyber attacks against critical infrastructure by exploiting Internet-accessible Operational Technology (OT) assets. Due to the increase in adversary capabilities and activities, the criticality to U.S. national security and way of life, and the vulnerability of OT systems, civilian infrastructure makes attractive targets for foreign powers attempting to harm to US interests or retaliate for perceived US aggressive.
Tags: Cybersecurity, Infrastructure Security

Army prototypes IVAS network capabilities for tactical vehicles - Army.mil

Army Futures Command (AFC) is using rapid prototyping to integrate tactical network systems, which will enhance functionality of the Soldier-worn Integrated Visual Augmentation System (IVAS), onto combat vehicles.
Tags: Army, Soldier-worn Integrated Visual Augmentation System (IVAS)

CISA Releases Guide to Vulnerability Reporting for America’s Election Administrators - CISA

WASHINGTON Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Guide to Vulnerability Reporting for America s Election Administrators. The guide walks election officials through the steps of establishing a vulnerability disclosure program. Vulnerability disclosures can be an effective way for organizations to benefit from cybersecurity expertise without having it resident to their organization.
Tags: Election Security

US Defense, Air Force Departments invite hackers to re-imagine how space systems are secured - AirForce.mil

The U.S. Department of the Air Force and Department of Defense are changing the way they approach building secure and resilient space systems by inviting the global security research community to hone their space domain hacking skills in an open and collaborative environment.
Tags: Air Force, Cybersecurity

CISA Announces Second Annual President’s Cup Cybersecurity Competition - CISA

Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the opening of individual and team registration for the second annual President s Cup Cybersecurity Competition. The competition is open to any Federal Executive branch employee, including the Department of Defense and uniformed service members, with a knack for cybersecurity.
Tags: CISA, Cybersecurity

CISA to Host 3rd Annual National Cybersecurity Summit - CISA

Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced that it will host its 3rd annual National Cybersecurity Summit.
Tags: Cybersecurity

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.