One Third of Industrial Control Systems Breached →
via DarkMatters at Norse Corporation, and written by Anthony Freed, comes this troubling post detailing the true scope of Industrial Control Systems (ICS) security fails in the previous twelve month period... Astounding.
"Of the reported attacks, 32% targeted the Energy Sector, with attacks against Critical Manufacturing systems following up at a close second place at 27%, Healthcare with 6%, Water supply systems and Communications each with 6%, and Government Facilities at just over 5%." - via DarkMatters writer Anthony Freed
National Cybersecurity Center of Excellence →
News, from the National Cybersecurity Center of Excellence (NCCOE) at the National Institute of Standards and Technology (NIST), detailing updates in a wide range of sectors.
Of interest is the Center's Building Block Updates. Comprised of DNS-Based Secured Email and Derived PIV Credentials, the NCCOE is certainly moving forward (as opposed to executing a flawed mandate laterally, as many Agencies appear to be orchestrating as of this writing...) as we had hoped for at the inception of the Center of Excellence. Outstanding!
NIST Revises Random Number Recommended Methods →
In a surprise (but welcomed) action, the National Institute of Standards and Technology (NIST) has officially modified the Institutes' recommended methodology targeting the generation of random numbers.
SANS Spring 2015 PenTest Poster →
Click either image for the SANS link to download your PenTest poster. Enjoy.
Tempus, Cifíxus Præcisione Introrsum →
Outstanding →
via the United States Navy, comes this image created by Mass Communication Specialist 3rd Class Gerald Dudley Reynolds, capturing for perpetuity, a United States Naturalization Ceremony, while aboard the USS Midway Museum, in San Diego, California. Nearly fifty Marines and Sailors from twenty-two countries, as well as many civilians, were sworn in as United States Citizens on July 1st, 2015.
Mother's Security
via Norse Security's Glen Norman (also from Hacker High School), comes this interesting opinion piece on the difficulty of security implementations at the desktop... Today's Must Read!
Wassenaar, The Arrangement →
via Wired's Kim Zetter, comes reportage, detailing the proposed ban on bitwise munitions, in this case, the United State's attempts at the utilization of the Wassenaar Arrangement as a foundational source for all things bannable, particularly systems, code, applications, and research in the information security realm...
Evidently, certain interested parties missed that day in law school when the discussion turned to the prohibition of the export of PGP, and the jailing of Phil Zimmermann, including the miniscule effect that effort had on the acquisition of the bits by parties unknown... History - apparently - does offer a repeatable repast.
AgitProp de la Journée: PRC PLA Focuses on Cyberwar →
Apparently, The Hill's Cory Bennett possesses a strong belief the PRC PLA are putting a 'new' focus on their cyber-this-or-that.
Mercatus Assessment Report Opens Federal Can o' Worms
The Mercatus Assessment Report illustrates the true nature of profound information security issues in both federal information and cybersecurity realms. Via George Mason University's Mercatus Center Eli Dourado (Research Fellow at the Mercatus Center at George Mason University and director of its Technology Policy Program) and Andrea Castillo (Program Manager of the Technology Policy Program for the Mercatus Center at George Mason University) comes this tour de force assesment paper exposing the information security challenges in federal systems architecture. Today's Must Read It And Weep.