Category Archives: Cybersecurity

As China Hacked, U.S. Businesses Turned A Blind Eye – NPR

Technology theft and other unfair business practices originating from China are costing the American economy more than $57 billion a year, White House officials believe, and they expect that figure to grow.

Yet an investigation by NPR and the PBS television show Frontline into why three successive administrations failed to stop cyberhacking from China found an unlikely obstacle for the government — the victims themselves.

In dozens of interviews with U.S. government and business representatives, officials involved in commerce with China said hacking and theft were an open secret for almost two decades, allowed to quietly continue because U.S. companies had too much money at stake to make waves. …

More at NPR

Advertisements

Cybersecurity Vulnerabilities Affecting Medtronic Implantable Cardiac Devices, Programmers, and Home Monitors: FDA Safety Communication

“… The FDA has confirmed that these vulnerabilities, if exploited, could allow an unauthorized individual (for example, someone other than the patient’s physician) to access and potentially manipulate an implantable device, home monitor, or clinic programmer. …”

More at FDA.gov

Chinese Hackers Breach U.S. Navy Contractors – WSJ

WASHINGTON—Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities….

More @ WSJ

DOD Just Beginning to Grapple with Scale of Vulnerabilitie (GAO-19-128: Published: Oct 9, 2018)

In recent cybersecurity tests of major weapon systems DOD is developing, testers playing the role of adversary were able to take control of systems relatively easily and operate largely undetected. …

More at GAO

Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War

“Today, various parts of the Department of Defense (DoD) and the Intelligence Community (IC) are generally aware of cyber and supply chain threats, but intra- and inter-government actions and knowledge are not fully coordinated or shared. …
This report examines options that span legislation and regulation, policy and administration, acquisition and oversight, programs and technology. …”

More at MITRE

Supply Chain Risk Management Reliability Standards

A Proposed Rule by the Federal Energy Regulatory Commission …

The Federal Energy Regulatory Commission (Commission) proposes to approve supply chain risk management Reliability Standards CIP-013-1 (Cyber Security – Supply Chain Risk Management), CIP-005-6 (Cyber Security – Electronic Security Perimeter(s)) and CIP-010-3 (Cyber Security – Configuration Change Management and Vulnerability Assessments). The North American Electric Reliability Corporation (NERC), the Commission-certified Electric Reliability Organization, submitted the proposed Reliability Standards for Commission approval in response to a Commission directive. In addition, the Commission proposes that NERC develop and submit certain modifications to the supply chain risk management Reliability Standards.

More at federalregister.gov

Final Report of the Defense Science Board (DSB) Task Force on Cyber Supply Chain

Attached is the final report of the Defense Science Board Task Force on Cyber Supply Chain. The task force assessed the organization, missions, and authorities that encompass the use of microelectronics and components in Department of Defense (DoD) weapons systems. Continue reading

Final Rule re: “Department of Defense (DoD)’s Defense Industrial Base Cybersecurity Activities”

“This final rule responds to public comments to the interim final rule published on October 2, 2015. This rule implements statutory requirements for DoD contractors and subcontractors to report cyber incidents that result in an actual or potentially adverse effect on a covered contractor information system or covered defense information residing therein, or on a contractor’s ability to provide operationally critical support….”

More at federalregister.gov

Chinese man to serve U.S. prison term for military hacking

A Chinese businessman who pleaded guilty in March to conspiring to hack into the computer networks of Boeing (BA.N) and other major U.S. defense contractors was sentenced on Wednesday to nearly four years in prison, prosecutors said. …

More at Reuters

NDIA’s 7th Trusted Microelectronics Workshop will feature Ms. Kristen Baldwin, Dr. Bill Chappell, and Dr. Robert Latiff (Maj Gen, USAF, Ret.)

NDIA is pleased to announce that our seventh Trusted Microelectronics Workshop has now been expanded to two days, with the second day focused on Technology Based Solutions for Trusted Microelectronics.

Ms. Kristen Baldwin, Acting Deputy Assistant Secretary of Defense for Systems Engineering, will keynote Day 1 of our workshop with a presentation on OSD’s current and future security framework to ensure our defense systems have access to trusted technology components.

Dr. Bill Chappell, Director, DARPA Microelectronics Technology Office will keynote Day 2 with an introduction to the work being done at DARPA to explore technology based Trust solutions.

Presentations by DARPA MTO program managers and IARPA’s Dr. Carl McCants will follow Dr. Chappell’s talk on Day 2.

Dr. Robert Latiff (Maj Gen, USAF, Ret) will provide observations from the Air Force Science Board study, “Optimizing the Air Force Acquisition Strategy of Secure and Reliable Electronic Components”.

More at NDIA

Advertisements