Mediaboss Marketing

FORT MEADE, Md. - The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) are partnering with international partners cybersecurity agencies to encourage technology manufacturers to create products that are secure-by-design and secure-by-default.The group of nine agencies has published the Cybersecurity Information Sheet, Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and Default, to raise awareness and facilitate international conversations about key priorities, investments, and decisions necessary to manufacture technology that is safe, secure, and resilient.Insecure technology products can pose risks to individual users and our national security, said NSA Cybersecurity Director Rob Joyce. If manufacturers consistently prioritize security during design and development, we can reduce the number of malicious cyber intrusions we see. The international coalition partnering on this report speaks to the importance of this issue.The international coalition includes Australias Cyber Security Centre (ACSC), Canadas Centre for Cyber Security (CCCS), Germanys Federal Office for Information Security (BSI), the UKs National Cyber Security Centre (NCSC-UK), Netherlands National Cyber Security Centre (NCSC-NL), and New Zealands Computer Emergency Response Team (CERT NZ) and National Cyber Security Centre (NZ NCSC).In the new report, the agencies highlight the importance of prioritizing security throughout a products lifecycle to reduce the likelihood of security incidents. The principles ensure technology products are built and configured in a way that protects against malicious cyber actors gaining access to devices, data, and connected infrastructure.NSA and its partners recommend technology manufacturers and organization executives prioritize the implementation of secure-by-design and default principles outlined in the report.In addition to the recommendations listed in the report, the authoring agencies encourage the use of the Secure Software Development Framework (SSDF), also known as the National Institute of Standards and Technologys (NIST) SP 800-218. The SSDF helps software producers become more effective at finding and removing vulnerabilities in released software, mitigate the potential impact of the exploitation of vulnerabilities, and address the root causes of vulnerabilities to prevent future recurrences.Read the full report here. Visit our full library for more cybersecurity information and technical guidance.

NSA Media RelationsMediaRelations@nsa.gov443-634-0721

Read more from the original source:
NSA, U.S. and International Partners Issue Guidance on Securing ... - National Security Agency

The federal government needs to further enhance information sharing partnerships with the private sector to counter potentially crippling cyberattacksparticularly as hostile nation states like China pose a growing threat to U.S. intereststhe National Security Agencys cybersecurity chief said during an event hosted by the Center for Strategic and International Studies on Tuesday.

NSA Cybersecurity Director Rob Joyce said that intelligence agencies need to continue getting faster at being able to take the things that are sensitive, and get them into the operational space, where they can be leveraged by companies to patch software vulnerabilities and better defend against specific cyber threats.

A large portion of this, Joyce said, entails providing private sector entitiessuch as large technology companies, cloud service providers and defense contractorswith streamlined access to actionable, declassified information in a collaborative environment that ultimately benefits both industry and government.

Joyce cited NSAs Cybersecurity Collaboration Centerwhich serves as the agencys collaborative hub for sharing unclassified intelligence with the private sectoras a key initiative and model for deterring threat actors and cyberattacks across the nations digital ecosystem. He said that the goal of the center is to operationalize the things we know with the people who could do something about it, largely by getting those secrets sanitized to the point they can be actioned by private companies.

We can take and understand a threat, and get it to that ecosystem at an unclassified level, Joyce said. And that's the key, because if I give a company a secret at a classified level, most of the time, even if the person receiving it is able to receive it at that level, the people who action it arent.

Joyce said that roughly 300 companies have voluntarily partnered with the center since it launched in 2021, adding that we interact with many of them on a daily basis.

This type of public-private collaboration also benefits NSAs work, Joyce noted, since companies can also provide other things associated with that [threat] that we never would have seen because it lives in their ecosystem, which makes the agency more effective. Companies are able to take immediate action to remediate security concerns, while also providing the agency with valuable information about the threats they are seeing.

One thing we've found is we can work with one company one-on-one, they can bring their unique understanding, their intellectual property or their perspective to the problem, and then they publish the blog that then illuminates all of the activity they know about, Joyce said. And then industry dog piles onto that and continues to tear that thread up. And that's really a beautiful cycle to watch, where it starts from an intel threat to a company that just grabs the adversary hard, and then the whole community piles on and pulls it apart.

Joyce also cited a component within the center, known as the enduring security framework, as an example of the real-time collaboration being undertaken between agencies and the private sector to address cyber-related threats. Under the public-private partnership, NSA works with industry CEOs and the Cybersecurity and Infrastructure Security Agency to focus on specific risks to critical infrastructure services and national security systems.

These are long-term, joint government and industry security efforts, Joyce said, such as a recent focus on 5G cloud security over the past year.

What people often don't recognize is, when you want to do 5G security, you're really talking about the concepts of securing the cloud, because that's how the architecture is broken down, he added. And we took telecommunications companies, high tech vendors and brought them together with the government threat expertise and put out a series of how you architect 5G for security.

Beyond working with agenciessuch as NSA and CISAto identify and mitigate cyber threats, Joyce said that tech firms and companies within the defense industrial base should be working to proactively shore up their cyber defenses and supply chains in response to the potentially cataclysmic scenario of a Chinese invasion of Taiwan.

Joyce cited the upheaval that some U.S. companies faced as a result of Russias invasion of Ukraine last February, noting that we had a lot of companies who had to endure hard decisions and take rapid action at the time of the invasion. Some of these firms, he noted, had network segments in both countries and had to think about whether they severed that or firewalled that against attack.

But think about if you scratched out Russia and Ukraine, and wrote China and Taiwan, how that changes and how much more intertwined and difficult that is, he added.

Joyce said companies that could be impacted by a Chinese invasion of Taiwan need to tabletop and see where your pain points are now, rather than waiting for international tensions to reach a boiling point.

You don't want to be starting that planning the week before an invasion, when you're starting to see the White House saying it's coming, Joyce said. You want to be doing that now and buying down your risk and making those decisions in advance.

Read the original:
Enhanced Information Sharing With Industry Key to Deterring Digital ... - Nextgov

A logo for Google is seen in a reflection. (Reuters-Yonhap)

The top South Korean court sided with internet users here on Thursday, ruling that Google should disclose records of how its consumer data had been transmitted to a US spy agency upon the request of consumers.

The ruling by the Supreme Court of Korea, after a decadelong wait, indicates that Google's policy of prohibiting the provision of such records to consumers and mandating that lawsuits be filed in US jurisdiction are both superseded by Korean law. A customer living in Korea may file a lawsuit against a business entity based in a foreign country, the ruling shows.

Seoul's top court judges also stated that records of user data transferred to US investigative authorities should be provided if the user's US case has been closed.

The final court judgment on California-based Google in Korea will be domesticated or put into effect in the US through recognition and enforcement by a US court, according to Korea's Supreme Court.

This decision signals an end to the legal fight of human rights activists here against the US-based Big Tech giant that has persisted for nearly a decade.

Six activists filed a suit against Google and its Korean unit in 2014 upon revelations by high-profile whistleblower Edward Snowden the previous year that the US National Security Agency had spied on internet users via tools to collect user data by operating a secret program called Prism.

The plaintiffs suspected that user data such as emails could have been monitored by the NSA under the revealed scheme.

A district court in 2015 sided with Korean consumers regarding Google's duty to disclose the data collection by the US authorities, but dismissed the request for Google to pay compensation to consumers.

Seoul High Court in 2017 upheld the district court ruling, but on the condition that Google would not breach US privacy rules.

The case at the Supreme Court had four plaintiffs, after two others dropped out of the litigation.

We will review the Supreme Courts full written decision carefully. ... We remain committed to making ongoing updates that give users in Korea control and transparency," a Google spokesperson said in a statement.

By Son Ji-hyoung (consnow@heraldcorp.com)

Visit link:
Google ordered to disclose records of customer data given to US NSA - The Korea Herald

Joint product outlines clear steps that technology providers can take to increase the safety of products used around the world

WASHINGTON The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the cybersecurity authorities of Australia, Canada, United Kingdom, Germany, Netherlands, and New Zealand (CERT NZ, NCSC-NZ) published today Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default. This joint guidance urges software manufacturers to take urgent steps necessary to ship products that are secure-by-design and -default. To create a future where technology and associated products are safe for customers, the authoring agencies urge manufacturers to revamp their design and development programs to permit only secure-by-design and -default products to be shipped to customers.

This guidance, the first of its kind, is intended to catalyze progress toward further investments and cultural shifts necessary to achieve a safe and secure future. In addition to specific technical recommendations, this guidance outlines several core principles to guide software manufacturers in building software security into their design processes prior to developing, configuring, and shipping their products, including:

Ensuring that software manufacturers integrate security into the earliest phases of design for their products is critical to building a secure and resilient technology ecosystem, said CISA Director Jen Easterly. These secure by design and secure by default principles aim to help catalyze industry-wide change across the globe to better protect all technology users. As software now powers the critical systems and services we collectively rely upon every day, consumers must demand that manufacturers prioritize product safety above all else.

Insecure technology products can pose risks to individual users and our national security, said NSA Cybersecurity Director Rob Joyce. If manufacturers consistently prioritize security during design and development, we can reduce the number of malicious cyber intrusions we see. The international coalition partnering on this report speaks to the importance of this issue.

The FBI is committed to identifying ways to better protect our citizens from the agility and versatility of cyber crime, and today's announcement is a direct example of this, said Bryan Vorndran, Assistant Director of the FBI's Cyber Division. Working with our federal and international partners on this cyber security guide provides us with the opportunity to pave the way forward to ensure safety and security in a digitally connected world.

Cyber security cannot be an afterthought, said Abigail Bradshaw CSC, Head of the Australian Cyber Security Centre. Consumers deserve products that are secure from the outset. Strong and ongoing engagement between government, industry and the public is vital to putting cyber security at the centre of the technology design process.

As our lives become increasingly digital, it is vital technology products are being designed and developed in a way that holds security as a core requirement, said Lindy Cameron, UK National Cyber Security Centre CEO. Our new joint guide aims to drive the conversation around security standards and help turn the dial so that the burden of cyber risk is no longer carried largely by the consumer. We call on technology manufacturers to familiarise themselves with the advice in this guide and implement secure-by design and by-default practices into their products to help ensure our society is secure and resilient online.

The Communications Security Establishment and its Canadian Centre for Cyber Security are proud to be a part of this important effort alongside our international partners, said Sami Khoury, Head, Canadian Centre for Cyber Security. We recommend that organizations adopt these secure-by-design and secure-by-default principles, creating safe products for all and ultimately shifting the balance of cyber security risk away from customers. This release is the first step towards creating a more secure technological future for everyone. We look forward to continued work with partners in industry and cybersecurity to implement the recommendations in this important guide.

Secure soft- and hardware are the foundation for a secure use of IT products in government, business and society, said Gerhard Schabhser, acting President of Federal Office for Information Security Germany. In view of this, the BSI requests manufacturers to consider IT security right from the beginning and to enable users to securely utilise their products by secure configuration settings by default.

In a world rapidly digitalizing, citizens should be protected from digital threats, said Hans de Vries, Director of National Cyber Security Centre Netherlands. It is important that governments and industry take their responsibility for the security of end-users, with, for example, taking security-by-design and security-by-default as a starting point when developing software.

An essential read for organisations wanting to contribute to global cyber resilience, said Rob Pope, Director of Computer Emergency Response Team New Zealand. By creating products that are secure, both by design and by default, manufacturers can take much of the burden from end-users. We know many manufacturers are already doing this and hopefully we can encourage others to take it up. These steps are the cyber equivalent of seatbelts, simple inbuilt default practices that keep people safe. This publication shows that the government of Aotearoa New Zealand is serious about keeping people secure online.

Customers should have confidence that technology products are designed with information security as a key factor from the outset, and that security remains a central consideration throughout the products lifecycle, said Lisa Fong Deputy Director-General National Cyber Security Centre New Zealand (NCSC-NZ). We recognise the need for governments to work closely with industry and we hope this guidance prompts useful conversations, as well as helping organisations to understand the importance of robust security as a factor when making purchasing decisions.

Many private sector partners have made invaluable contributions toward advancing security-by-design and security-by-default. With this joint guide, the authoring agencies seek to progress an international conversation about key priorities, investments, and decisions necessary to achieve a future where technology is safe, secure, and resilient by design and default. Feedback on this guide is welcome and can be sent to SecureByDesign@cisa.dhs.gov.

For more information on CISAs efforts to promote secure-by-design and -default principles, visit our webpage.

About CISA

As the nations cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.

Visit CISA.gov for more information and follow us onTwitter,Facebook,LinkedIn, Instagram.

See the original post here:
U.S. and International Partners Publish Secure-by-Design and ... - CISA

By Manjeet Sehgal: The Punjab Police has so far arrested nine aides of fugitive Khalistani separatist Amritpal Singh, who has been on the run since the crackdown began last month. The crackdown came almost over three weeks after Amritpal's supporters clashed with police personnel at the Ajnala police station demanding the release of one of his aides.

Here is all about the eight associates of Amritpal Singh who were arrested, charged under the stringent National Security Act and flown to high-security Dibrugarh central jail in Assam.

Read More

Papalpreet Singh

Amritpal Singh's mentor Papalpreet Singh, who was with the Khalistani separatist when he managed to escape a police dragnet in Hoshiarpur, is the latest to be flown to Dibrugarh prison.

Papalpreet, who was Amritpal's media advisor, is a former aide of Deep Sidhu who died in a road accident in 2022. He was previously booked for sedition in 2015 for having alleged links with the ISI. He was also arrested in 2016 for holding a Sarbat Khalsa and in an attempt to murder in 2019.

READ | Extramarital affairs, kisses on video calls: Amritpal Singh's seamy life

The Income Tax department had also issued him a notice to declare his source of income in December 2022 after a suspicious transaction of over Rs 4 lakh was made to his account. Sources said Amritpal's aides, including Papalpreet, received funding from ISI and foreign-based Khalistani sympathisers.

Before joining hands with Amritpal, Papalpreet worked with another Khalistani separatist, Simranjeet Singh Maan.

Daljeet Kalsi

Daljeet Kalsi alias Sarabjit Singh Kalsi used to run a marketing firm called Sterling India. He had directed five firms out of which three were dissolved. These firms allegedly ran a ponsi scheme.

Daljeet Kalsi reportedly received foreign funding worth over Rs 35 crore during the past two years and reportedly made over a dozen mobile phone calls to Pakistan.

Bhagwant Singh 'Pradhan Mantri'

Bhagwant Singh, who calls himself a prime minister (Pradhan Mantri), is also lodged in Dibrugarh. Bhagwant hails from Moga's Bajeke village and is a school dropout. He has been very active on social media till his handles were blocked by the authorities.

ALSO READ | Is Amritpal Singh, who has been on run since March, hiding in Uttar Pradesh?

He was booked under NSA and also faces charges in eight other cases including the Arms Act.

Harjit Singh

Amritpal's UK resident uncle Harjit Singh and his driver Harpreet Singh, who had surrendered before the Punjab police in Shahkot on March 19, have no criminal history. However, they have been accused of trespassing, criminal intent and wrongful confinement at gunpoint.

Gurinder Pal Singh

Gurinder Pal alias Gur Aujla, who was handling the social media accounts of Amritpal Singh, has also been charged under the NSA. He was shifted to the Dibrugarh jail on March 21.

Varindar Singh 'Fauji'

Varindar Singh was arrested on March 27 from a Tarn Taran village. He is a former army constable and was among 10 bodyguards who protected Amritpal Singh. He had obtained his arms licence from Jammu and Kashmir, which was revoked after the Ajnala incident.

ALSO READ | Khalistani separatist Amritpal Singh underwent surgery in Georgia to look like Bhindranwale: Sources

Gurmeet Singh Bhukhanwala

Gurmeet Singh Bukkanwala (35) hails from Bhukkanwala village of Moga. He owns a furniture store and is a former Deep Sidhu supporter. He has no previous criminal record, but was involved in the Ajnala police station attack.

Bukkanwal was also in-charge of Amritpal Singh's outfit 'Waris Punjab De' in Moga. He is believed to have helped Amritpal with creating a local network.

Basant Singh

Basant Singh Daulatpura (28) hails from Moga and previously worked in Dubai for two years as a labourer and became a supporter of Deep Sidhu during the farmer agitation. He was handling the drug de-addiction centre at Jallupur Kheda. Like Gurmeet Singh, he had no criminal record but was involved in the Ajnala attack.

He also worked as Amritpal Singhs treasurer and had allegedly received funds from Pakistan's ISI.

Kulwant Singh Dhaliwal

Kulwant Singh Dhaliwal is the ninth aide of fugitive Khalistani separatist Amritpal Singh who has been arrested by Punjab Police. All these aides have been relocated to Dibrugarh jail.

View original post here:
All about Amritpal Singh's henchmen booked under NSA, flown to Dibrugarh - India Today