The Cyber Security and Information Systems Information Analysis Center (CSIAC) will host a webinar on the cybersecurity of Department of Defense Critical Infrastructure on April 25 @ 12:00 pm EDT.
The presenter will be Dr. Paul Losiewicz, Senior Scientific Advisor at Quanterion Solutions Incorporated and the Cybersecurity and Information Systems Information Analysis Center (CSIAC).
The webinar will cover DoD policy concerns and current R&D efforts in the field of cybersecurity & critical infrastructure protection. Topics will include Weasel Board being developed at Sandia National Laboratory, More Situational Awareness for Industrial Control Systems (MOSAICS), sponsored by PACOM and NORTHCOM, and recent policy concerns relating to cyber security and Utilities Privatization of Critical Infrastructure. This webinar will also report the results of a panel discussion from the DHS Joint Industrial Control Systems Working Group (JICSWG) meeting April 9-11 at Albuquerque NM.
To register please go to: Cybersecurity of DoD Critical Infrastructure
The National Institute of Standards and Technology (NIST) Cybersecurity Center of Excellence (NCCoE) is proposing a model use case project to enhance the energy sector’s asset management capabilities for operational technology (OT). Arch Street is currently a member of the NCCoE Energy Sector Community of Interest that provides guidance to NCCoE on energy sector cybersecurity challenges.
The objective of this use case is to provide guidance on how energy companies may enhance OT (Operational Technology)/ICS (Industrial Controls System) asset management by leveraging capabilities that may already exist in an operating environment or by implementing new ones.
The new NIST project will include the development of a reference design and use commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.
This project will describe methods for managing, monitoring, and baselining assets and will also include information to help identify threats to OT assets. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.
Technology vendors are encouraged to provide products and technical expertise to NIST via a CRADA to support and demonstrate security platforms for the Energy Sector Asset Management Project. Applications are open on a first-come, first-served basis. For more information see the announcement in the Federal Register released today, March 26, 2018.
After a long saga, the FY 2018 Omnibus Appropriations is out.
For full text of the various sections see the Consolidated Appropriations Act, 2018
One area of interest for Arch Street is funding for cybersecurity R&D and technology transfer activities in the Department of Homeland Security Science and Technology Directorate. Earlier budgets had proposed major cuts to these programs but at first glance, funding has been boosted and language prioritizing technology transfer and partnership intermediaries included.
More to come.
Full text of the DHS S&T appropriations (pdf)
Arch Street is pleased to work with IgniteU-NY, a partnership intermediary of Department of Homeland Security (DHS) Science and Technology Directorate (S&T). In this role we help S&T bring leading-edge technologies flowing from government and university laboratories to the commercial marketplace — to better protect the critical infrastructure of the United States such as the energy grid, water systems and transportation networks.
That is why Arch Street is excited to see that DHS has released two new guides focused on transitioning mature cybersecurity solutions and spurring community discussion about its R&D priorities.
The two publications are the 2018 Cyber Security Division Portfolio Guide and the 2018 Cyber Security Division Technology Guide. These informational guides outline the scope of the S&T’s broad cybersecurity research portfolio and provide insight into numerous R&D efforts that are at or nearing the transition phase, respectively. Each is available for free download from the S&T website.
The Office of Management and Budget (OMB) initially developed the Grants 101 Training for federal government employees, but now these eLearning materials are available free to the public.
This grants training is comprised of five modules, most of which contain multiple online lessons:
1 Laws, Regulations, and Guidance
2 Financial Assistance Mechanisms
3 Uniform Guidance Administrative Requirements
4 Cost Principles
5 Risk Management and Single Audit
This workshop at the National Cybersecurity Center of Excellence in Rockville, MD is open to the public and will center on a draft report about actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”
See: Enhancing Resilience of the Internet and Communications Ecosystem (Second Workshop) | NCCoE
The Crypto-Wars 2.0 erupted a few years ago as fall-out from the Snowden revelations and major industry players such as Apple and Google rushed out new encryption technologies for their customers. In the interim, use of an encrypted iPhone by the attacker in the San Bernandino terrorist incident alarmed many law enforcement and intelligence officials to the “going dark” problem — the loss of ability to intercept criminal and terrorist communications — with the FBI making a very public push for exceptions or technological back-doors. Industry and civil liberties groups made an equally strong and strident push back on such exceptions citing impracticality, unintended consequences, greater insecurity, fundamental legal objections, economic loss and wide-scale privacy violations.
A new report by the National Academy of Sciences, Engineering and Medicine attempts to lower the heat on the crypto wars by reviewing the available (and often very difficult) policy options and discussing the tough tradeoffs associated with each. The report does not make a hard and fast judgement as to whether to grant law enforcement access to encrypted, private information. Rather it concludes with a framework that the authors hope will guide discussion among the public and policymakers.