At a glance.
- New CISA guidance on cloud interface security.
- How do you measure cybersecurity?
- Revitalizing NATO’s yearly wargames with live bait.
- Lessons to be learned from the SVR cyberespionage campaign.
- Paid attention to GDPR? Now do likewise with the the Digital Services Act and Digital Markets Act.
New CISA guidance on cloud interface security.
The Cybersecurity and Infrastructure Security Agency (CISA) published a provisional Trusted Internet Connections (TIC) Use Case covering remote web access and connection to agency cloud services and onsite resources, Meritalk reports. A MFA-protected VPN, virtual desktop, or security-as-a-service broker would mediate the connections. Additional guidelines can be found in CISA’s TIC 3.0 Core Guidance Documents and National Cybersecurity and Protection System (NCPS) Cloud Interface Reference Architecture (CIRA).
How do you measure? Measure…cybersecurity.
The Record lets readers in on a “dirty little secret”: cybersecurity isn’t readily quantified, given computers’ “impossibly large” attack surface and enemies’ intelligence. This makes choosing investments and services difficult. The National Institute of Standards and Technology is addressing this quandary by building a taxonomy of current and possible practices. Next on the list is revising SP 800-55. Since the marketplace hasn’t demanded improved cybersecurity, it may take differential insurance rates to push any changes to the private sector.
Revitalizing NATO’s yearly wargames with live bait.
A Foreign Policy essay recommends NATO enliven its cyber aerobics with genuine hackers for a messy, no holds barred (i.e. realistic) experience. Nimble nonmilitary players could uncover blind spots and simulate a diversity of threats. At present, the games either presume complete understanding of the attacker or reimagine 19th century campaigns.
Lessons to be learned from the SVR cyberespionage campaign.
An opinion in Politico outlines “bold” measures the US should take in response to Huggy’s raid that go beyond what the Cyberspace Solarium Commission has suggested:
- Invest in “state-of-the-art” products for non-military organizations
- Merge “siloed” reconnaissance efforts
- Involve intelligence agencies in the defense of domestic networks
- Impose “robust sanctions” in partnership with allies
- Boost public-private threat intelligence sharing
Paid attention to GDPR? Now do likewise with the the Digital Services Act and Digital Markets Act.
Daniel Markuson, Digital Privacy Expert at NordVPN, thinks businesses ought to pay close attention to pending European legislation: “Tech companies mustn't disregard European legislative developments. As of now, free sharing of information was impossible to implement, but, if the EU succeeds, it might add another good spin to the global tech economy, especially the one that relies on data, like Artificial Intelligence.”