The Cybersecurity (CS) Digest is a curated bi-weekly news summary for cybersecurity professionals. It is transmitted in an HTML-formatted email and provides links to articles and news summaries across a spectrum of cybersecurity topics.
HTML smuggling was previously used with Dropbox for file sharing. Dropbox is no longer a preferred file sharing application. HTML smuggling is making its appearance on phishing emails as a means to increase their success rate. Attackers are constantly changing their strategy in order to make it more difficult to detect and evade security measures.
On a daily basis, hackers target businesses and individuals to steal data or damage digital systems. In many cases hostile foreign powers directly sponsor or otherwise enable the attackers. A maritime tactic popular from the Middle Ages through the 19th century could find renewed life to counter and deter international cyber-attacks. Letters of Marque were essentially licenses granted by governments to private ship owners for the purpose of allowing the grantees to take war-like reprisal actions against enemy states outside of the grantor nation’s borders.
A Cyber Letter of Marque would permit (vetted, trained, and bonded) American businesses to watch outside its network to look for pre-attack indicators and when attacked respond beyond the network borders. Published in April 2020 by the Cyber Security & Information Systems Information Analysis Center (CSIAC) – one of three DoD IACs managed by the Defense Technical Information Center – this article examines the constitutional and international legal bases for potential employment of this tool. Read the full article at https://www.csiac.org/journal-article/rebooting-letters-of-marque/.
Tags: CSIAC, CSIAC Journal, Cybersecurity, Private Sector
Join CSIAC Thursday, May 27, 1100 – 1200 EDT, for a webinar titled “Missile Defense Agency (MDA) Software Assurance Approach.” Please register in advance for the webinar at: https://www.anymeeting.com/PIID=E055D98286493D
The objectives of this presentation are to provide an introduction to the topic of Software Assurance (SwA) – what it is and why it is needed – as well as an overview of the Missile Defense Agency’s (MDA) approach to implementing SwA. The MDA has holistically integrated key aspects of software assurance into its business and engineering practices to bring order to disparate issues. This process includes incorporating SwA throughout the MDA software development and systems engineering lifecycle.
The goal of the MDA’s SwA program is to improve the integrity of MDA software and minimize risk, by identifying and mitigating software vulnerabilities before fielding. This will be accomplished using a three-phase approach that includes: 1) building software security into the development process; 2) performing an independent SwA assessment and 3) managing any unmitigated software vulnerabilities.
Tags: CSIAC, CSIAC Webinar, Missle Defense Agency (MDA)
The National Security Agency (NSA), in partnership with the Office of the Director of National Intelligence (ODNI), and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), published an analysis paper today which identifies and assesses risks and vulnerabilities introduced by 5G adoption. The Potential Threat Vectors to 5G Infrastructure analysis paper informs national 5G stakeholders of these issues to develop a comprehensive approach to solutions.
Tags: 5G, Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), ODNI
The National Security Agency (NSA), the United Kingdom’s National Cyber Security Centre (NCSC), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) jointly released an unclassified cybersecurity advisory, “Further TTPs associated with SVR cyber actors” today. This advisory expands on the NSA, CISA, and FBI joint advisory released in April, “Russian SVR Targets U.S. and Allied Networks,” by outlining additional techniques the Russian Foreign Intelligence Service (SVR) leveraged to gain footholds into victim networks.
Tags: Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Russia
Statement from CISA Acting Director Wales on Executive Order to Improve the Nation’s Cybersecurity and Protect Federal Networks - CISA
Yesterday, President Biden signed an executive order to improve the nation’s cybersecurity and protect federal government networks. Cybersecurity and Infrastructure Security Agency (CISA) Acting Director Brandon Wales released the following statement...
Tags: Cybersecurity, Cybersecurity and Infrastructure Security Agency (CISA)
The Cybersecurity and Infrastructure Security Agency (CISA) today announced the formation of a Space Systems Critical Infrastructure Working Group, a mix of government and industry members that will identify and develop strategies to minimize risks to space systems that support the nation’s critical infrastructure. The Working Group will operate under the Critical Infrastructure Partnership Advisory Council (CIPAC) framework, bringing together space system critical infrastructure stakeholders.
Tags: Critical Infrastructure Security, Cybersecurity and Infrastructure Security Agency (CISA), Space Systems
Two Hanscom Air Force Base teams are helping to build the “base of the future” by integrating an exciting new force protection technology at Tyndall AFB, Florida. Teams within Hanscom AFB’s Force Protection and Special Programs Divisions, supplied and integrated the 325th Security Forces Squadron with four prototype Quad-legged Unmanned Ground Vehicles, sometimes referred to as ‘robotic dogs,’ in March.
Tags: Air Force, Artificial Intelligence (AI), Robotics
As Microsoft Commercial Virtual Remote Teams phases out on June 15, a cross-functional team of Air Force communication and acquisition experts are working diligently to welcome the workforce back to the enterprise Office 365 platform, primed to offer more robust features than ever before.
Tags: Air Force, CHES, Microsoft
CSIAC supports several communities of practice, such as the Cyber Community of Interest (COI) Group and research & development working groups.
This list of related sites provides additional sources to pursue the topic of Cybersecurity. The sites include Government organizations, including federal agencies, Department of Defense and military service agencies, commercial organizations, and academic institutions.
The CS Digest provides links to third party Websites. The CSIAC is not responsible for the availability of, and content provided on, third party Websites. You should refer to the policies posted by other Websites regarding their privacy and other topics before you use them. The CSIAC is not responsible for third party content accessible through the CSIAC CS Digest, including opinions, advice, statements, advertisements and endorsements, and you bear all risks associated with the use of such content.