At a glance.
- More on the World Economic Forum’s Cyber Resilience Pledge.
- NIST looks back on developments in cryptography.
- 5G security evaluation guidance from CISA and the DoD.
- China spreads stale rumors about US espionage.
More on the World Economic Forum’s Cyber Resilience Pledge.
As we noted yesterday, eighteen global oil and gas organizations have agreed to the World Economic Forum’s (WEF) Cyber Resilience Pledge, which, as the WEF explains, “aims to mobilize global commitment towards strengthening cyber resilience across industry ecosystems.” The goal of the initiative is to change how the concept of cyber resilience is perceived by helping industry see cybersecurity not as a cost, but as an opportunity to maximize a company’s business goals. Signers of the pledge commit to engaging their organizations' senior cyber leaders to develop global approaches and improve cyber resilience across ecosystems. Dragos CEO Robert M. Lee said, “Common industry-wide cyber resilience strengthens the Oil and Gas community while providing guidance for people to navigate their cybersecurity journey. As our world becomes more digitally connected it is imperative, especially for our industrial and operational technology, to ensure our infrastructure's secure and safe operation.”
Edward Liebig, Global Director of Cyber-Ecosystem at Hexagon PPM, commented on the relevance of the pledge to infrastructure security: "As the threats against Critical Infrastructure become more prevalent and brazen, there is a growing and deep concern for strengthening cyber resiliency across industry ecosystems. For the OT/ICS industry operators at large, this pledge makes a bold 'first step' statement of solidarity to reinforce that 'nobody is a competitor' when it comes to cybersecurity. 'We are in this together.”'There is much to do, however, in empowering senior leadership to act. Cyber resiliency needs to be deeply rooted in corporate culture and flow down from the top, through every aspect of an organization. This Cyber Resilience Pledge is certainly going to reinvigorate the cyber discussion in many more boardrooms than just those signatory companies."
NIST looks back on developments in cryptography.
The US’s National Institute of Standards and Technology (NIST) is celebrating the fiftieth anniversary of cybersecurity research and development with a series of articles looking back at the history of key advancements in the field. The most recent installment reflects on the role NIST has played in the history of cryptography, from the 1970s, when the National Bureau of Standards (now NIST) launched a program to develop the Data Encryption Standard (DES), to present day, as NIST looks toward the future with the Migration to Post-Quantum Cryptography project. Other milestones include NIST’s launch of a global public competition to determine the world’s Advanced Encryption Standard (AES) in the 1990s, and NIST’s collaboration with the American National Standards Institute in developing a standard for public-key cryptography.
5G security evaluation guidance from CISA and the DoD.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Defense (DoD) yesterday released their 5G Security Evaluation Process Investigation Study, a joint effort between CISA, the Department of Homeland Security’s Science and Technology Directorate, and DoD’s Under Secretary of Defense for Research and Engineering. CISA notes that the study is not a required framework, but instead offers a five-step process for assessing a 5G system and identifying the potential security requirements necessary to begin production. By applying the process to a private 5G network case, the study’s goal is to demonstrate how 5G technology can be applied in low-, mid-, and high-band spectrum usage scenarios, and specify what considerations must be taken during the process. Vincent Sritapan, section chief of the cyber quality services management office at CISA, explained, “You have all types of applications that are out there: AR/VR for training, smart warehouse, you name it. But the key thing is, there has to be a common way to look at this and understand the policies.” As the Federal News Network explains, federal officials planning to launch 5G wireless projects at their agencies now have the necessary security guidance to proceed past the prototype phase.
China spreads stale rumors about US espionage.
There has been a recent wave of disclosures from China’s Foreign Ministry and the country’s cybersecurity firms accusing the US of purported cyberespionage. However, Wired reports, the accusations are based on years-old intel void of any fresh information, seemingly intended to ignite national concern over US intentions. The reports come with commentary from spokespersons representing China’s Foreign Ministry. After one announcement in April, Foreign Ministry spokesperson Wang Wenbin stated, “China is gravely concerned over the irresponsible malicious cyber activities of the US government. We urge the US side to explain itself and immediately stop such malicious activities.” Che Chang, a cyber threat analyst at the Taiwan-based cybersecurity firm TeamT5, explains that the stale information is being used as retaliation for recent US accusations about China’s own espionage. “These are useful materials for China’s tit-for-tat propaganda campaigns when they faced US accusation and indictment of China’s cyberespionage activities,” Chang says.