NIST report presents overview of international cybersecurity standardisation for IoT

From: OpenGovAsia

By: Priyankar Bhunia

The Report identifies possible gaps in standards; for example, the application of blockchain in cryptographic techniques, the inability to use software patches to fix flaws in cyber incident management.

The National Institute of Standards and Technology in the US recently released an interagency report on cybersecurity for the Internet-of-Things (IoT).

The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council’s Cyber Interagency Policy Committee. The purpose of the IICS WG is to coordinate on major issues in international cybersecurity standardisation and thereby enhance U.S. federal agency participation in international cybersecurity standardization.

US warns Malcolm Turnbull not to use Huawei for 5G network

Editor’s Note: See here.

From: Financial Review

by John Kehoe, Angus Grigg, Lisa Murray

***

The AFR Weekend has been told Prime Minister Malcolm Turnbull was briefed on US concerns about Chinese involvement in 5G networks during a meeting with the heads of the National Security Agency and the Department of Homeland Security on Friday [AEDT] in the US.

One person present said Mr Turnbull was told of the security risks posed by Huawei’s potential involvement and noted Beijing’s cyber espionage was among the “top two” risks on the US-Australia cyber security agenda.

Read Complete Article

Facebooktwittergoogle_plusredditpinterestlinkedinmail

To Build a More Capable Cyber Policy Field, Teach Policy to Technologists

From: Council on Foreign Relations

Technologists love to criticise policymakers for their ignorance of of how computer security actually works. Instead of criticising from the sidelines, maybe they should get involved. 

SEC Issues Statement and Interpretative Guidance on Public Company Cybersecurity Disclosures

Editor’s Note: Read the SEC Press Release on the here and the complete guidance document here.

First, this release stresses the importance of maintaining comprehensive policies and procedures related to cybersecurity risks and incidents. Companies are required to establish and maintain appropriate and effective disclosure controls and procedures that enable them to make accurate and timely disclosures of material events, including those related to cybersecurity. Such robust disclosure controls and procedures assist companies in satisfying their disclosure obligations under the federal securities laws.

 

Cybersecurity Risk Assessment: Supply Chain Contractors Falling Behind Federal Agencies

From: Security Intelligence

By Douglas Bonderud

***

Cybersecurity Risk Assessment Reveals Supply Chain Security Gaps

While federal agencies are under increasing pressure to meet security best practices, such as National Institute of Standards and Technology (NIST) security guidance and standards, supply chain organizations further down the pipeline may escape direct observation, making it easy to avoid costly IT changes.

***

Of greater concern were specific issues common to supply chain contractors, which were rated on an A–F scale. For example, 20 percent of those surveyed said they still use outdated internet browsers, putting them at risk of new malware vectors. In addition, almost 50 percent of contractors received a C grade for their use of protective technologies in line with the NIST cybersecurity framework.