As I said yesterday, some EOs are a couple of paragraphs long. This one goes on for pages. Today’s post is going to cover the section of the EO that addresses supply chain risk. Supply chain risk, as we saw in both the SolarWinds and Microsoft Exchange attacks, is a huge problem. So what does […]
Continue reading → [DISPLAY_ACURAX_ICONS]While this EO and almost all EOs only affect what executive branch agencies do, it is likely that it will have a big effect on cybersecurity in general. Here are some requirements: The government uses a lot of commercial cloud software. Current contract terms may limit what data a cloud provider is allowed to share […]
Continue reading → [DISPLAY_ACURAX_ICONS]The saga of the Colonial Pipeline hack continues. Colonial says that there is fuel flowing through the pipeline again but it will take time to get all of the tributary lines operational. But more importantly, many sources are reporting that Colonial paid $5 million in cryptocurrency to the Russian hackers on Friday, contradicting earlier reports […]
Continue reading → [DISPLAY_ACURAX_ICONS]It is interesting that this attack has captured the attention of consumers and government alike. For those of you not affected, the Colonial Pipeline company runs the major pipeline for refined petroleum products between Houston and New Jersey with many stops in between. The pipeline covers 5,500 millions and moves 100 million gallons of fuel […]
Continue reading → [DISPLAY_ACURAX_ICONS]For a decade the feds recommended frequent password changes. A couple of years ago NIST changed their mind and said it was the worst recommendation they ever made. Still a lot of companies and regulators require frequent password changes. Is that a good idea? Microsoft used to recommend frequent password changes. Their current guidance: According […]
Continue reading → [DISPLAY_ACURAX_ICONS]The GAO, formerly known as the General Accounting Office, works for Congress and does studies of how horribly inefficient the government is. In theory, that is so Congress can create new laws to make them do what any sensible organization would do without the laws. Here is one example. The GAO reviewed the security practice […]
Continue reading → [DISPLAY_ACURAX_ICONS]