More on the World Economic Forum’s Cyber Resilience Pledge. NIST looks back on developments in cryptography. 5G security evaluation guidance from CISA and the DoD. China spreads stale rumors about US espionage.

Summary

By the CyberWire staff

At a glance.

More on the World Economic Forum’s Cyber Resilience Pledge.
NIST looks back on developments in cryptography.
5G security evaluation guidance from CISA and the DoD.
China spreads stale rumors about US espionage.

More on the World Economic Forum’s Cyber Resilience Pledge.

As we noted yesterday, eighteen global oil and gas organizations have agreed to the World Economic Forum’s (WEF) Cyber Resilience Pledge, which, as the WEF explains, “aims to mobilize global commitment towards strengthening cyber resilience across industry ecosystems.” The goal of the initiative is to change how the concept of cyber resilience is perceived by helping industry see cybersecurity not as a cost, but as an opportunity to maximize a company’s business goals. Signers of the pledge commit to engaging their organizations' senior cyber leaders to develop global approaches and improve cyber resilience across ecosystems. Dragos CEO Robert M. Lee said, “Common industry-wide cyber resilience strengthens the Oil and Gas community while providing guidance for people to navigate their cybersecurity journey. As our world becomes more digitally connected it is imperative, especially for our industrial and operational technology, to ensure our infrastructure's secure and safe operation.”

Edward Liebig, Global Director of Cyber-Ecosystem at Hexagon PPM, commented on the relevance of the pledge to infrastructure security: "As the threats against Critical Infrastructure become more prevalent and brazen, there is a growing and deep concern for strengthening cyber resiliency across industry ecosystems. For the OT/ICS industry operators at large, this pledge makes a bold 'first step' statement of solidarity to reinforce that 'nobody is a competitor' when it comes to cybersecurity. 'We are in this together.”'There is much to do, however, in empowering senior leadership to act. Cyber resiliency needs to be deeply rooted in corporate culture and flow down from the top, through every aspect of an organization. This Cyber Resilience Pledge is certainly going to reinvigorate the cyber discussion in many more boardrooms than just those signatory companies."

NIST looks back on developments in cryptography.

The US’s National Institute of Standards and Technology (NIST) is celebrating the fiftieth anniversary of cybersecurity research and development with a series of articles looking back at the history of key advancements in the field. The most recent installment reflects on the role NIST has played in the history of cryptography, from the 1970s, when the National Bureau of Standards (now NIST) launched a program to develop the Data Encryption Standard (DES), to present day, as NIST looks toward the future with the Migration to Post-Quantum Cryptography project. Other milestones include NIST’s launch of a global public competition to determine the world’s Advanced Encryption Standard (AES) in the 1990s, and NIST’s collaboration with the American National Standards Institute in developing a standard for public-key cryptography.

5G security evaluation guidance from CISA and the DoD.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DoD) yesterday released their 5G Security Evaluation Process Investigation Study, a joint effort between CISA, the Department of Homeland Security’s Science and Technology Directorate, and DoD’s Under Secretary of Defense for Research and Engineering. CISA notes that the study is not a required framework, but instead offers a five-step process for assessing a 5G system and identifying the potential security requirements necessary to begin production. By applying the process to a private 5G network case, the study’s goal is to demonstrate how 5G technology can be applied in low-, mid-, and high-band spectrum usage scenarios, and specify what considerations must be taken during the process. Vincent Sritapan, section chief of the cyber quality services management office at CISA, explained, “You have all types of applications that are out there: AR/VR for training, smart warehouse, you name it. But the key thing is, there has to be a common way to look at this and understand the policies.” As the Federal News Network explains, federal officials planning to launch 5G wireless projects at their agencies now have the necessary security guidance to proceed past the prototype phase.

China spreads stale rumors about US espionage.

There has been a recent wave of disclosures from China’s Foreign Ministry and the country’s cybersecurity firms accusing the US of purported cyberespionage. However, Wired reports, the accusations are based on years-old intel void of any fresh information, seemingly intended to ignite national concern over US intentions. The reports come with commentary from spokespersons representing China’s Foreign Ministry. After one announcement in April, Foreign Ministry spokesperson Wang Wenbin stated, “China is gravely concerned over the irresponsible malicious cyber activities of the US government. We urge the US side to explain itself and immediately stop such malicious activities.” Che Chang, a cyber threat analyst at the Taiwan-based cybersecurity firm TeamT5, explains that the stale information is being used as retaliation for recent US accusations about China’s own espionage. “These are useful materials for China’s tit-for-tat propaganda campaigns when they faced US accusation and indictment of China’s cyberespionage activities,” Chang says.

Notes.

A note to our readers.

We'll be observing the US Memorial Day holiday Monday, and won't be publishing that day. We'll be back as usual on Tuesday. In the meantime, spare a thought for the sacrifices made by those who've served honorably in the military, everywhere.

Selected Reading

Cyber Resilience Pledge (World Economic Forum) The Cyber Resilience Pledge aims to mobilize global commitment towards strengthening cyber resilience across industry ecosystems.

The Cornerstone of Cybersecurity – Cryptographic Standards and a 50-Year Evolution (NIST) In today’s connected digital world, cryptographic algorithms are implemented in every device and applied to every link to protect information in transmission

CISA and DoD Release 5G Security Evaluation Process Investigation Study (CISA) CISA and the Department of Defense (DoD) have released their 5G Security Evaluation Process Investigation Study for federal agencies. The new features, capabilities, and services offered by fifth-generation (5G) cellular network technology can transform mission and business operations; and federal agencies will eventually be applying different 5G usage scenarios: low-, mid-, and high-band spectrum.

DHS, DoD publish 5G security guidance to help agencies think through key ATO process (Federal News Network) The “5G Security Evaluation” was developed by a joint study team led by the Department of Homeland Security and the Department of Defense.

Space Force rolls out cybersecurity standards for commercial providers of satellite services (SpaceNews) The Space Systems Command announced May 26 the official rollout of a new process to assess the cybersecurity of commercial satellite operators that do business with the Defense Department.

China, Russia veto U.S. push for more U.N. sanctions on North Korea (Reuters) China and Russia vetoed on Thursday a U.S.-led push to impose more United Nations sanctions on North Korea over its renewed ballistic missile launches, publicly splitting the U.N. Security Council for the first time since it started punishing Pyongyang in 2006.

UK Government sets out position for applying international law in cyberspace (Business Leader) Attorney General Suella Braverman recently set out the UK government's position on applying international law to cyberspace.

Spain vows legal reforms in wake of spying allegations (MSN) The Spanish government will tighten judicial control over the country’s intelligence agency, Prime Minister Pedro Sánchez said Thursday, weeks after the agency admitted it had spied on several pro-independence supporters in the region of Catalonia with judicial authorization.

Spain’s PM vows to reform intelligence services following phone hacking scandal (The Record by Recorded Future) Spanish prime minister Pedro Sánchez pledged to further regulate and oversee the country’s spy agencies on Thursday following the discovery of unauthorized spyware on the phones of top politicians earlier this year.

Spain set to strengthen oversight of secret services after NSO spying scandal (Times of Israel) PM Sanchez, who was targeted by Pegasus spyware, says move is about 'ensuring maximum respect for the individual and political rights of people'

The Mystery of China’s Sudden Warnings About US Hackers (Wired) The Chinese government recently began saber-rattling about American cyberespionage. The catch? It’s all old news.

Russian aggression must not distract from China threat, Blinken says (Washington Post) Beijing represents “the most serious long-term challenge to the international order,” the top diplomat said in a long-awaited speech on Biden’s China policy.

Our battle with China over the future of the Internet is just beginning (Washington Post) The United States has mostly won the fight to restrict China’s role in building next-generation 5G telecom systems over spying concerns.

Cyber EO One Year Later: Implementing Holistic Zero Trust Security (MeriTalk) MeriTalk recently sat down with Fortinet’s Jim Richberg, public sector CISO, Peter Newton, senior director, product marketing, and Fortinet Federal’s Felipe Fernandez, senior director, system engineering, to gain their insights into how Federal technology teams can integrate all of the components of a zero trust architecture to achieve holistic cybersecurity in a cloud, hybrid, or closed environment.

In private, vulnerable Senate Dems back off tech bill (POLITICO) Democratic leaders want to crack down on Big Tech. Others in the party think it's too big of a risk.

Updated autonomous weapons rules coming for the Pentagon: Exclusive details - Breaking Defense (Breaking Defense) "We want to make sure, of course, that the directive still reflects the views of the department and the way the department should be thinking about [autonomous] weapon systems,” Michael Horowitz told Breaking Defense in an exclusive interview.

General tapped for NATO supreme command vows to prioritize cyber, information ops (FedScoop) President Biden’s nominee to be the head of U.S. European Command and NATO’s next supreme allied commander in Europe intends to prioritize cyber capabilities and information operations if he’s confirmed by the Senate. NATO has enhanced its ability to detect, deter and respond to cyberattacks, Gen. Christopher Cavoli told lawmakers Thursday. But more effort is […]

Sgt. 1st Class Antonio Rey Rodriguez honored during NSA Cryptologic Memorial Wall ceremony (National Security Agency/Central Security Service) On Thursday, GEN Paul M. Nakasone, Commander, U. S. Cyber Command, Director, NSA/Chief CSSNakasone hosted the 2022 Memorial Wall Ceremony to honor those who fell in the line of duty in service to the

Senate confirms Cyber Command deputy, new Navy cyber leader (The Record by Recorded Future) The Senate confirmed a pair of senior defense nominees on Thursday, including a new deputy for U.S. Cyber Command.