The experts at NIST have created a simple Cybersecurity Basics page[1] that takes technical information down to a set of guidelines for small business owners and managers. For a simpler, more practical collection of guidelines, try the Secure Our World website, https://www.cisa.gov/secure-our-world run by the Cybersecurity & Infrastructure Security Agency (CISA). It is targeted at an audience of consumers without a technical background, which makes it a good source of information you can share
nist (10)
As we enter the age of the software-defined automobile, especially those with electric drivetrains, we’re facing unprecedented risk from cyberattacks, say a wide coterie of experts. According to the Israel-based Upstream firm, from 2019 to 2023 disclosed cybersecurity incidents in the automotive and mobility space increased by more than 50%, with 295 such occurrences in 2023. Some 64% of these attacks were executed by “bad hat actors” with malevolent intent, the report said. And 65% of deep and
In the face of unrelenting pressure from significant cyber incidents and regulatory action to mitigate them, enterprises are assessing whether they are doing enough to deal with cybersecurity. Public companies are evaluating responses to new SEC rules calling for disclosures regarding cybersecurity strategy, risk management, and governance practices. The SEC’s action against Solar Winds is setting off alarm bells throughout the cybersecurity community, causing CISOs to worry about personal lia
The Biden administration recently announced a new cyber initiative to label smart devices considered safe and less vulnerable to attacks. As part of the new cybersecurity labeling program, a new ‘US Cyber Trust Mark’ shield logo will be applied to products that meet specific cybersecurity criteria.
Proposed by Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel, the program aims to improve the cybersecurity of smart devices, including smart consumer products and electronics,
There are several ways in which an organization may discover that it has been the victim of a cyberattack or that an unauthorized third party has gained a foothold within its information technology (IT) environment. Perhaps most commonly, an organization’s own endpoint detection, network monitoring, and other technical security controls identify and quarantine malicious cyber activity and allow for an investigation into the nature and scope of the event. In some rare occasions, an organization
The end of encryption, also called the “Cryptopocalypse,” is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption. Since public key encryption is used to secure almost all data in transit, both between separate IT infrastructures and even within individual infrastructures, that data will become accessible by anyone with a sufficiently powerful quantum computer. Shor’s algorithm is a quantum computer algorithm for finding the prime factors o
US President Biden signed the Quantum Computing Cybersecurity Preparedness Act into law on 21 December 2022. The law is designed to secure the federal government systems and data against the threat of quantum-enabled data breaches ahead of ‘Q Day,’ the point at which quantum computers can break existing cryptographic algorithms. Experts believe quantum computing will advance to this stage in the next five to 10 years, potentially leaving all digital information vulnerable to cyber-threat actor
The US Department of Commerce's National Institute of Standards and Technology (NIST) has selected four quantum-resistant cryptographic algorithms for general encryption and digital signatures. NIST, a US standards-setting body and research organization within the Department of Commerce, announced the four algorithms after a six-year period of assessing potential quantum-resistant (QR) alternatives to today's cryptographic algorithms for public key encryption, digital signatures, and key excha
New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector as well. NIST's release of best practices carries out a mandate in President Joe Biden's May executive order on cybersecurity, which, in part, called for agencies to address supply chain threats, such as that posed by the SolarWinds incident
The National Institute of Standards and Technology (NIST) has published its definition of what "critical software" means for the U.S. federal government, as the standards agency begins fulfilling some of the requirements laid out in President Joe Biden's executive order on cybersecurity.
As part of Biden's executive order published on 12 May 2021, federal agencies are now required to reexamine their approach to cybersecurity, which includes developing new ways to evaluate the software that depar
