Cybersecurity

The National Institute of Standards and Technology (NIST) has just published Special Publication (SP) 800-160 Volume 2, Developing Cyber Resilient Systems: A Systems Engineering Approach. It is the first in a series of specialty publications developed to support NIST SP 800-160 Volume 1, the flagship systems security engineering guideline. Volume 2 addresses cyber resiliency considerations for two important yet distinct communities of interest:

The New Zealand National Cyber Security Centre (NCSC-NZ) has released an article on a new cybersecurity governance resource to support public and private sector leaders in making decisions about their cybersecurity resilience and risk. NCSC-NZ developed this governance – a series of documents with practical advice and simple steps – following a cybersecurity resilience assessment of  New Zealand’s nationally significant organizations.

The FBI’s Portland, Oregon office has published an advisory discussing how to build a digital defense in the Internet of Things. The advisory discusses the security risks of using devices that have built-in Internet connections, such as digital assistants, smart watches, security equipment, thermostats, and even kitchen appliances. While providing additional conveniences and amenities for their owners, they can also open a door for hackers into your business or home.

CISA has published an advisory on improper restriction of excessive authentication attempts, uncontrolled resource consumption, missing encryption of sensitive data, unprotected storage of credentials, and predictable from observable state vulnerabilities in Weidmueller Industrial Ethernet Switches. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to gain unauthorized access to the device, affecting the confidentiality, integrity, and availability of the device the attacker is targeting.