The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.

CSIAC ANNOUNCEMENTS:

CSIAC Webinar, Tomorrow, September 17 @ 1300 EDT: Threat Intelligence Program - CSIAC

Join CSIAC on Thursday, Sept. 17 at 1300 EDT for a webinar presentation titled, "Threat Intelligence Program." Please register in advance at https://www.anymeeting.com/PIID=EF54DD89824F3E. This webinar covers important building blocks to establish, maintain, and manage a threat intelligence program at your organization.

RECENT HEADLINES:

Iran-Based Threat Actor Exploits VPN Vulnerabilities - US-CERT

CISA and FBI are aware of an Iran-based malicious cyber actor targeting several U.S. federal agencies and other U.S.-based networks. Analysis of the threat actor's indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) indicates a correlation with the group known by the names, Pioneer Kitten and UNC757.
Tags: Iran-Based Threat Actor, VPN Vulnerabilities

CISA to Overse CVE Numbering Authorities for Industrial Control Systems and Medical Devices - CISA

WASHINGTON - The Common Vulnerabilities and Exposures (CVE) Program announced today it is granting authority to the Cybersecurity and Infrastructure Security Agency (CISA) for managing the assignment of CVE Identifiers (IDs) for the CVE Program.
Tags: CISA, Industrial Control Systems (ICS), Medical

Air Force, Navy accelerate quantum research with international virtual event - Air Force

ROME, N.Y. (AFNS) -- The Air Force Research Laboratory s Information Directorate is spearheading an international alliance of principal investigators across government, academia and industry to accelerate quantum enabling technologies.
Tags: AF, AFRL, Air Force, Air Force Office of Scientific Research, Air Force Research Laboratory, FS, Griffiss Institute, NYSTEC, Office of Naval Research, USAF

CISA & EAC Develop Risk Profile Tool for Election Officials - CISA

WASHINGTON Today, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Election Assistance Commission (EAC), released the Election Risk Profile Tool, a user-friendly assessment tool to equip election officials and federal agencies in prioritizing and managing cybersecurity risks to the Election Infrastructure Subsector.
Tags: Election Security

Trump Administration Launches First Cybersecurity Principles for Space Technologies - DHS

The Trump Administration announced the first comprehensive cybersecurity policy for systems used in outer space and near space today. Space Policy Directive- 5 (SPD-5) makes clear the lead role the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have in in enhancing the nation s cyber defenses in space, notably on key systems used for global communications, navigation, weather monitoring, and other critical services.
Tags: Cybersecurity

CISA Issues Final Vulnerability Disclosure Policy Directive for Federal Agencies - CISA

WASHINGTON Today, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 20-01, which requires individual federal civilian executive branch (FCEB) agencies to develop and publish a vulnerability disclosure policy (VDP) for their internet-accessible systems and services, and maintain processes to support their VDP. This BOD is part of CISA s agency-wide priority to make 2020 the year of vulnerability management, with a particular focus on making vulnerability disclosure to the civilian executive branch easier for the public.
Tags: Cybersecurity

Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity - US-CERT

The Cybersecurity and Infrastructure Security Agency (CISA) has consistently observed Chinese Ministry of State Security (MSS)-affiliated cyber threat actors using publicly available information sources and common, well-known tactics, techniques, and procedures (TTPs) to target U.S. Government agencies. CISA has observed these-and other threat actors with varying degrees of skill-routinely using open-source information to plan and execute cyber operations. CISA leveraged the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) and Pre-ATT&CK frameworks to characterize the TTPs used by Chinese MSS-affiliated actors. This product was written by CISA with contributions by the Federal Bureau of Investigation (FBI).
Tags: Chinese Ministry of State Security

CISA, Colorado Rockies Team Up for Virtual Tabletop Exercise to Keep Fans Safe - CISA

DENVER Earlier today, the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) joined the Colorado Rockies, along with the Rockies state, local and federal partners for a virtual tabletop exercise to review incident preparedness measures and response plans at Coors Field in a continuing effort to ensure fan, staff and team safety. These partners included Major League Baseball, Downtown Denver Partnership, Denver Health Paramedics, Denver Fire Department, Denver Police, Denver Office of Emergency Management, FBI and others. These exercises are critical for everyone involved to stay sharp should an incident occur, and they are an integral part of the Rockies regular review of their emergency planning. In the future, when it is deemed safe for these groups to coordinate in person, an operational exercise will take place at Coors Field.
Tags: Infrastructure Security

CSIAC Supported Communities

CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.

Technical Resources, Policy and Guidance

This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.

The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.