Mediaboss Marketing

Joint product outlines clear steps that technology providers can take to increase the safety of products used around the world

WASHINGTON The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand (CERT NZ, NCSC-NZ) published today Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default. This joint guidance urges software manufacturers to take urgent steps necessary to ship products that are secure-by-design and -default. To create a future where technology and associated products are safe for customers, the authoring agencies urge manufacturers to revamp their design and development programs to permit only secure-by-design and -default products to be shipped to customers.

This guidance, the first of its kind, is intended to catalyze progress toward further investments and cultural shifts necessary to achieve a safe and secure future. In addition to specific technical recommendations, this guidance outlines several core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products, including:

Ensuring that software manufacturers integrate security into the earliest phases of design for their products is critical to building a secure and resilient technology ecosystem, said CISA Director Jen Easterly. These secure by design and secure by default principles aim to help catalyze industry-wide change across the globe to better protect all technology users. As software now powers the critical systems and services we collectively rely upon every day, consumers must demand that manufacturers prioritize product safety above all else.

Insecure technology products can pose risks to individual users and our national security, said NSA Cybersecurity Director Rob Joyce. If manufacturers consistently prioritize security during design and development, we can reduce the number of malicious cyber intrusions we see. The international coalition partnering on this report speaks to the importance of this issue.

The FBI is committed to identifying ways to better protect our citizens from the agility and versatility of cyber crime, and today's announcement is a direct example of this, said Bryan Vorndran, Assistant Director of the FBI's Cyber Division. Working with our federal and international partners on this cyber security guide provides us with the opportunity to pave the way forward to ensure safety and security in a digitally connected world.

Cyber security cannot be an afterthought, said Abigail Bradshaw CSC, Head of the Australian Cyber Security Centre. Consumers deserve products that are secure from the outset. Strong and ongoing engagement between government, industry and the public is vital to putting cyber security at the centre of the technology design process.

As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement, said Lindy Cameron, UK National Cyber Security Centre CEO. Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer. We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by design and by-default practices into their products to help ensure our society is secure and resilient online.

The Communications Security Establishment and its Canadian Centre for Cyber Security are proud to be a part of this important effort alongside our international partners, said Sami Khoury, Head, Canadian Centre for Cyber Security. We recommend that organizations adopt these secure-by-design and secure-by-default principles, creating safe products for all and ultimately shifting the balance of cyber security risk away from customers. This release is the first step towards creating a more secure technological future for everyone. We look forward to continued work with partners in industry and cybersecurity to implement the recommendations in this important guide.

Secure soft- and hardware are the foundation for a secure use of IT products in government, business and society, said Gerhard Schabhser, acting President of Federal Office for Information Security Germany. In view of this, the BSI requests manufacturers to consider IT security right from the beginning and to enable users to securely utilise their products by secure configuration settings by default.

In a world rapidly digitalizing, citizens should be protected from digital threats, said Hans de Vries, Director of National Cyber Security Centre Netherlands. It is important that governments and industry take their responsibility for the security of end-users, with, for example, taking security-by-design and security-by-default as a starting point when developing software.

An essential read for organisations wanting to contribute to global cyber resilience, said Rob Pope, Director of Computer Emergency Response Team New Zealand. By creating products that are secure, both by design and by default, manufacturers can take much of the burden from end-users. We know many manufacturers are already doing this and hopefully we can encourage others to take it up. These steps are the cyber equivalent of seatbelts, simple inbuilt default practices that keep people safe. This publication shows that the government of Aotearoa New Zealand is serious about keeping people secure online.

Customers should have confidence that technology products are designed with information security as a key factor from the outset, and that security remains a central consideration throughout the products lifecycle, said Lisa Fong Deputy Director-General National Cyber Security Centre New Zealand (NCSC-NZ). We recognise the need for governments to work closely with industry and we hope this guidance prompts useful conversations, as well as helping organisations to understand the importance of robust security as a factor when making purchasing decisions.

Many private sector partners have made invaluable contributions toward advancing security-by-design and security-by-default. With this joint guide, the authoring agencies seek to progress an international conversation about key priorities, investments, and decisions necessary to achieve a future where technology is safe, secure, and resilient by design and default. Feedback on this guide is welcome and can be sent to SecureByDesign@cisa.dhs.gov.

For more information on CISAs efforts to promote secure-by-design and -default principles, visit our webpage.

About CISA

As the nations cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us onTwitter,Facebook,LinkedIn, Instagram.

See the original post here:
U.S. and International Partners Publish Secure-by-Design and ... - CISA

By Manjeet Sehgal: The Punjab Police has so far arrested nine aides of fugitive Khalistani separatist Amritpal Singh, who has been on the run since the crackdown began last month. The crackdown came almost over three weeks after Amritpal's supporters clashed with police personnel at the Ajnala police station demanding the release of one of his aides.

Here is all about the eight associates of Amritpal Singh who were arrested, charged under the stringent National Security Act and flown to high-security Dibrugarh central jail in Assam.

Read More

Papalpreet Singh

Amritpal Singh's mentor Papalpreet Singh, who was with the Khalistani separatist when he managed to escape a police dragnet in Hoshiarpur, is the latest to be flown to Dibrugarh prison.

Papalpreet, who was Amritpal's media advisor, is a former aide of Deep Sidhu who died in a road accident in 2022. He was previously booked for sedition in 2015 for having alleged links with the ISI. He was also arrested in 2016 for holding a Sarbat Khalsa and in an attempt to murder in 2019.

READ | Extramarital affairs, kisses on video calls: Amritpal Singh's seamy life

The Income Tax department had also issued him a notice to declare his source of income in December 2022 after a suspicious transaction of over Rs 4 lakh was made to his account. Sources said Amritpal's aides, including Papalpreet, received funding from ISI and foreign-based Khalistani sympathisers.

Before joining hands with Amritpal, Papalpreet worked with another Khalistani separatist, Simranjeet Singh Maan.

Daljeet Kalsi

Daljeet Kalsi alias Sarabjit Singh Kalsi used to run a marketing firm called Sterling India. He had directed five firms out of which three were dissolved. These firms allegedly ran a ponsi scheme.

Daljeet Kalsi reportedly received foreign funding worth over Rs 35 crore during the past two years and reportedly made over a dozen mobile phone calls to Pakistan.

Bhagwant Singh 'Pradhan Mantri'

Bhagwant Singh, who calls himself a prime minister (Pradhan Mantri), is also lodged in Dibrugarh. Bhagwant hails from Moga's Bajeke village and is a school dropout. He has been very active on social media till his handles were blocked by the authorities.

ALSO READ | Is Amritpal Singh, who has been on run since March, hiding in Uttar Pradesh?

He was booked under NSA and also faces charges in eight other cases including the Arms Act.

Harjit Singh

Amritpal's UK resident uncle Harjit Singh and his driver Harpreet Singh, who had surrendered before the Punjab police in Shahkot on March 19, have no criminal history. However, they have been accused of trespassing, criminal intent and wrongful confinement at gunpoint.

Gurinder Pal Singh

Gurinder Pal alias Gur Aujla, who was handling the social media accounts of Amritpal Singh, has also been charged under the NSA. He was shifted to the Dibrugarh jail on March 21.

Varindar Singh 'Fauji'

Varindar Singh was arrested on March 27 from a Tarn Taran village. He is a former army constable and was among 10 bodyguards who protected Amritpal Singh. He had obtained his arms licence from Jammu and Kashmir, which was revoked after the Ajnala incident.

ALSO READ | Khalistani separatist Amritpal Singh underwent surgery in Georgia to look like Bhindranwale: Sources

Gurmeet Singh Bhukhanwala

Gurmeet Singh Bukkanwala (35) hails from Bhukkanwala village of Moga. He owns a furniture store and is a former Deep Sidhu supporter. He has no previous criminal record, but was involved in the Ajnala police station attack.

Bukkanwal was also in-charge of Amritpal Singh's outfit 'Waris Punjab De' in Moga. He is believed to have helped Amritpal with creating a local network.

Basant Singh

Basant Singh Daulatpura (28) hails from Moga and previously worked in Dubai for two years as a labourer and became a supporter of Deep Sidhu during the farmer agitation. He was handling the drug de-addiction centre at Jallupur Kheda. Like Gurmeet Singh, he had no criminal record but was involved in the Ajnala attack.

He also worked as Amritpal Singhs treasurer and had allegedly received funds from Pakistan's ISI.

Kulwant Singh Dhaliwal

Kulwant Singh Dhaliwal is the ninth aide of fugitive Khalistani separatist Amritpal Singh who has been arrested by Punjab Police. All these aides have been relocated to Dibrugarh jail.

View original post here:
All about Amritpal Singh's henchmen booked under NSA, flown to Dibrugarh - India Today

There is a fascination in the security industry with the threats and actors that reside at the top of the pyramid, the apex predators who employ the most sophisticated tools and tactics and have the budgets and patience to penetrate the hardest of targets. The fancier the bear, the more attention it attracts. But, for most organizations, the threats they face on a daily basis are far more mundane, if no less difficult to address.

Those threats come in the form of everyday issues such as someone typing a password into the wrong website, clicking on a link in a phishing email, or inadvertently sharing a sensitive document with the wrong person. They may not be as interesting as an APT team spending months to develop and execute a software supply chain attack, but the consequences can be just as dire. And for most security teams, defending against those unsexy threats is the core of their mission and occupies the bulk of their time.

But despite decades of work on defending against everyday threats, many modern networks still are not built to be resilient against them and one mistake or minor intrusion can have devastating, cascading effects. The time to address that issue was 20 years ago, but the next best time is now.

I'm the cybersecurity director at NSA and you could absolutely craft a phishing message that would get me to click a link. Youve got to design your architecture to assume the humans are humans and bad things will happen, Rob Joyce, the director of cybersecurity at the NSA, said during a discussion at the Center for Strategic and International Studies on Tuesday.

Though there is no small amount of cognitive dissonance involved in hearing the director of cybersecurity at the nations premier signals intelligence agency make that kind of statement, its a mantra that many in the security community have adopted and have been repeating in one form or another for many years. Worrying about what Russian or Chinese or North Korean or Iranian APT groups are plotting will mainly serve to prematurely age the security team members and likely do little to actually secure the organization's network. Its the small, boring, practical measures, implemented day by day and practiced year after year that often make the difference in making a network resilient and resistant to attacks.

But another challenge lies in wait there: money.

The infosec team in most organizations is lucky if it gets six percent of the IT budget, and probably 25 percent of that will go to antivirus and firewall licenses. It doesnt leave a lot of money for other things. The money dries up fast. Do they want to do the right thing? Hell yes. But its about meeting what the risks are for the organizations, said Dave Lewis, advisory CISO at Cisco.

The low-hanging fruit is what they should be picking off, but many people tend to focus on the high end threats.

"Youve got to design your architecture to assume the humans are humans and bad things will happen."

The challenge in building networks and security processes that are resilient by design is both a human one and a technological one. Technology often changes and advances more quickly than humans do, and adapting to those changes can be difficult. The shift to the cloud in the last decade has transformed many organizations IT strategies and presented new challenges for security teams who now find much of their datas security in the hands of Amazon or Google or Microsoft.

The current push for secure by design is something weve got to apply to the cloud and it starts with secure by default. Cloud deployments are often optimized for ease of use rather than security. Those companies are getting better about the default being secure, but were not all the way there, Joyce said.

The same obviously applies to the on-premises portions of corporate networks, and finding ways to make life easier and more secure for users starts with figuring out what assets the organization actually owns and where they are. Thats no small task for many organizations, especially those with distributed operations and years or decades of accumulated stuff.

We talk about building resilient networks, but how do you secure anything if you dont know what you have? Lewis said. Many people dont know these basics because we suck at capturing lessons learned and passing them on. A lot of security practices are tactical and not strategic and theres no strategic vision behind them.

In a plot twist few would have seen coming a few years ago, NSA is actively involved in trying to help enterprises make this shift, defend themselves more efficiently, and be more pragmatic about their security practices. The agency is sharing more of its security knowledge publicly than it ever has before and Joyce said there is more to come.

We work hard at getting those secrets sanitized so they can get actioned. We dont just throw it over the fence. Weve learned that lesson. What we know is not nearly as secret as how we know it and we never unbundled that in the past, Joyce said.

The most useful thing is context. If we can point to something and explain in a classified exchange why something is important, then all of us can work in an unclassified environment to stop it. We have to continue getting faster at taking things that are sensitive and getting them into the operational space. Thats really where weve got to be.

Continued here:
'Assume the Humans are Human and Bad Things Will Happen' - Duo Security

Russian hackers are monitoring CCTV cameras in Ukrainian cafes to gather information, a US intelligence official said on Tuesday.

Supported by the state, they are trying to find out information about passing aid convoys, according to National Security Agency (NSA) Cybersecurity Division Director Rob Joyce.

Speaking at the Center for International and Strategic Studies think tank in Washington, he said Russian hackers have attacked Ukrainian information systems since the start of their country's broader offensive.

"Attacks are persistent on Ukrainian interests, whether financial, state, individual [or] business," said Joyce, pointing out they were often "just to disrupt" operations.

The NSA official called some Russian hackers "creative".

"We are watching Russian hackers connect to web cameras to observe convoys and trains delivering aid," he said.

"Instead of using [cameras] from a public place that are available on the internet, theyre looking at the coffee shop security camera and seeing the road they need to see".

Russian hackers are also focusing their operations on US defence industries and logistics companies to learn more about arms shipments to Ukraine, Joyce continued.

"They are under daily pressure from the Russians," he said.

In March, the US news outlet CCN obtained a report that claimedEuropean military, energy, and transportation organisations were targetted by Russian hackers in an apparent spying campaign.

It went undetected for months as the war in Ukraine raged, despite the heightened defensive posture of Western governments.

Read the rest here:
Russian hackers tapping into CCTV in Ukrainian cafes, says US - Euronews

New Delhi: Union Home Minister Amit Shah chaired a high-level review meeting in the Ministry of Home Affairs at the North Block and examined the Jammu and Kashmir security situation on Thursday, reported news agency ANI.

Security representatives from the central government and the union territory administration provided Shah with a comprehensive presentation on the current state of law and order in J-K. The situation along the Line of Control and International Border, as well as attempts to target members of minority communities and infiltration attempts from across the border, were discussed at the meeting in Delhi.

The meeting included attendance by Lieutenant Governor Manoj Sinha, Union Home Secretary Ajay Kumar Bhalla, Jammu and Kashmir Director General of Police Dilbag Singh, and other high-ranking officials.

In the past three years, Jammu and Kashmir have seen a number of targeted killings.

Since the abrogation of Article 370 in 2019 and through July 2022, the government had informed Parliament that as many as 118 civilians, including five Kashmiri Pandits and 16 other Hindus and Sikhs, had been killed in J-K.

In May, four Hindu pilgrims were killed and something like 20 were injured when their bus caught fire close to Katra in Jammu. The fire might have been started by a sticky bomb, according to the police.

On August 5, 2019, Article 370, which granted Jammu and Kashmir special status, was repealed, resulting in the state's division into Jammu and Kashmir and Ladakh, two Union Territories.

Also Read: Covid Variant 'Arcturus', Driving Recent Surges, May Show A New Symptom 'Not Seen In Earlier Waves': Paediatrician

Read this article:
Home Minister Amit Shah Reviews J&K Security Situation, NSA Doval And LG Attend Meet - ABP Live