China’s policymaking body, the Central Comprehensively Deepening Reforms Commission (I did not make up this name) approved a plan yesterday for developing home grown science and technology with an eye toward self-sufficiency. According to a press release by the state run news agency, Xi said that while China has made substantial progress in trying to […]
Continue reading → [DISPLAY_ACURAX_ICONS]As part of the Executive Order on Improving the Nation’s Cybersecurity (EO 14028), NIST is required to do several things. among those are guides and standards for improving supply chain security and they have already released a number of draft documents related to their tasks. IF you sell to the executive branch, these will become […]
Continue reading → [DISPLAY_ACURAX_ICONS]The Washington Post had an eye opening story on just how bad things are when it comes to responding to cyber attacks. Based on a congressional review by the House Oversight Office of three very major cyber attacks (CNA, Colonial and JBS), we have some insight into why incident response preparation is so important. #1 […]
Continue reading → [DISPLAY_ACURAX_ICONS]Zero Trust is the new silver bullet in cybersecurity. Well, not really, but many people are treating it that way. However, it is an important positive and everyone should be looking into how they can implement it in their organization. The DoD is about to open an office dedicated to implementing zero trust. It will […]
Continue reading → [DISPLAY_ACURAX_ICONS]CMMC just became more complicated or more simple. The feds published an advance notice of proposed rulemaking (ANPR) for CMMC 2.0 and then just as quickly, unpublished it. The Federal Register, the place where official notices are published only said that they asked for it to be unpublished. So people saw the ANPR for about […]
Continue reading → [DISPLAY_ACURAX_ICONS]Hackers are targeting the cloud. Why? To paraphrase Willie Sutton, because that is where the data is. Historically, penetration testers gain access to network devices through the “perimeter defense” and then they move around (the so-called east-west movement) trying to get access to data, wherever it lives inside the network perimeter. But in the cloud, […]
Continue reading → [DISPLAY_ACURAX_ICONS]