German Federal Government Passed a Draft Law Amending Germany’s Information Technology Laws
On December 16, 2020, the German Federal Government passed a draft law that substantially amends some of Germany’s information technology laws (“IT laws”). These amendments aim to adapt the current legal framework to the increasing digitalization of products and services, the proliferation of IoT products, and the appearance of new cybersecurity threats. The draft law […]
GSA Solicits Feedback on Supply Chain Risk Management Program
The General Services Administration is developing the Vendor Risk Assessment Program: a tool to “identify, assess and monitor supply chain risks of critical vendors.”...
Senator Mark Warner Says White House “Watered Down” Attribution of SolarWinds Hack to Russia
Senator Mark Warner (D-VA), imminent chair of the Senate Intelligence Committee, has accused the White House of diluting the federal government’s identification of Russia as the likely perpetrators of the SolarWinds breach. An inside source says that the earlier drafts of the White House statement did not qualify the attribution to Russia as only “likely,” […]
Federal Judiciary Responds to SolarWinds with Cybersecurity Safeguards
The U.S. Federal Judiciary announced new safeguards and procedures to protect sensitive court records in light of a recent apparent cybersecurity breach. Last month, the Department of Homeland Security issued an emergency directive regarding the compromise involving SolarWinds Orion products. The judiciary was notified of this issue by the Administrative Office of the U.S. Courts, […]
NSA Gives Guidance on Upgrading from Obsolete Encryption Protocols
The National Security Agency has released guidance on how federal agencies and contractors should replace obsolete protocols for encrypting network traffic. NSA recommends that organizations discontinue use of SSL (any version), TLS 1.0, and TLS 1.1, and only use TLS 1.2 or TLS 1.3. It has released a free detection tool for identifying obsolete versions. […]
CMMC Advistory Body Offers Advice for Small Defense Contractors
Les Buday of the CMMC Advisory Body offers advice for small business owners who work for the Defense Department or hope to. “You have some digital hygiene to do – NOW,” he says. Buday offers advice to consider when looking for an advisor to support getting an organization certified. “There is no better time than […]
CISA Warns that SolarWinds Hackers Also Breaching Networks Using Passwords, Other Techniques
The Cybersecurity and Infrastructure Security Agency has evidence that trojanized SolarWinds software isn’t the only way these particular hackers have been getting access to the federal government’s networks. Other methods include “password guessing, password spraying, and inappropriately secured administrative credentials,” according to a new CISA alert. Threat actors abusing Security Assertion Markup Language tokens – […]
Amendment to HITECH Act Incentives Security with Possible Fine Reductions
Just in case your office or company is in the process of compiling a “to-do” list for 2021, here is one item that should have your full attention. On January 5, 2021, an amendment to the HITECH Act (H.R.7898) was signed into law requiring the U.S. Department of Health and Human Services “to consider certain […]
Australian Cyber Security Center Guide to Identifying Supply Chain Cybersecurity Risks
The Australian Cyber Security Center has published a guide on identifying cyber supply chain risks in suppliers, manufacturers, distributors and retailers. A key area flagged is foreign control, influence, and interference, and suggests a questionnaire for the suppliers which includes the following questions: What access might a foreign government gain in controlling or interfering with […]
DOJ, Federal Courts, Other Agencies Targeted by SolarWinds
Various additional federal agencies have confirmed that they were among the targets of the hackers behind the compromise of SolarWinds' Orion software. The US...