cybersecurity

ICIT Analysis: Signature Based Malware Detection is Dead

Signature and behavioral based anti-malware are no match for next generation adversaries who utilize mutating hashes, sophisticated obfuscation mechanisms, self-propagating malware, and intelligent malware components. In this analysis, entitled “Signature Based Malware Detection is Dead,” the Institute for Critical Infrastructure Technology provides a thought-provoking analysis of the necessity for critical infrastructure sectors to adopt advanced .. read more

ICIT Publication: Dragnet Surveillance Nation: How Data Brokers Sold Out America

With recent accusations of fake news and the weaponization of information as a mechanism of steering public perceptions dominating headlines around the world, have you ever considered the reality that private dragnet surveillance via social media properties, ISPs, search engines, health sector organizations etc., heavily contribute to the problems of adversarial intervention and streamlined distribution .. read more

The Cybersecurity Show Must Go On: Surpassing Security Theatre and Minimal Compliance Regulations

The United States Cybersecurity culture is heavily rooted in practices of Security Theater, where an organization that suffers a data breach can invest in countermeasures that provide a feeling or sense of security without actually improving the cybersecurity threat posture of the organization. In this publication, entitled “The Cybersecurity Show Must Go On:  Surpassing Security .. read more

“Fake News” Is “Old News” for Nation State and Mercenary APTs

By James Scott, Senior Fellow ICIT Regardless of your partisan persuasion, your opinion of mainstream media or your opinion of the ‘alt-right,’ one thing is for certain, ‘fake news’ is ‘old news’ when it comes to the weaponization of information by nation states and cyber mercenaries. Cyber adversaries tailor spear phishing and malvertising lures to .. read more

ICIT Analysis: Identity and Access Management Solutions: Automating Cybersecurity While Embedding Pervasive and Ubiquitous Cyber-Hygiene-by-Design

Identity and Access Management (IAM) solutions are a critical component of organizational cyber-hygiene and cybersecurity initiatives because IAM solutions automate cyber-hygiene best practices, reduce user fatigue, provide access controls, establish user accountability, institute system auditability, and enable users to mitigate cyberattacks. In this analysis, entitled “Identity and Access Management Solutions: Automating Cybersecurity While Embedding Pervasive .. read more

Overcoming Event Fatigue: ICIT Programs Offer a Platform for True Thought Leader Collaboration

by James Scott (Sr. Fellow, ICIT) & Parham Eftekhari (Sr. Fellow, ICIT) The rapid outbreak of cyber threats over the past few years has resulted in an abundance of events that promote faux experts and ineffective silver bullet solutions, often hosted by organizations who are more focused on luring in massive crowds of attendees and .. read more

The Painfully Vulnerable Election System and Rampant Security Theater

by James Scott, Sr. Fellow, ICIT and Drew Spaniel, Fellow, ICIT ‘Clunky as Heck’ and Security via Obscurity Create Only an Illusion of Secure Elections “Election Officials, consider your voting machines, networks and tabulators infected until you’ve forensically proven otherwise.”  James Scott, Senior Fellow, ICIT The first step to correcting the plague of cyber-kinetic vulnerabilities .. read more

The Categorical Threat Landscape to Consider When Reading NASS’ Open Letter to Congress

Authored By: James Scott, Sr. Fellow, ICIT & Drew Spaniel, Researcher, ICIT On September 26, 2016, the National Association of Secretaries of State (NASS) released an Open Letter to Congress that urged for the informed communication of facts about the security of election systems with the American public. This communique builds upon the NASS letter .. read more

ICIT Report: Utilizing the NSA’s CSfC Process- Protecting National Security Systems with Commercial Layered Solutions

The acceleration of State Sponsored and Mercenary APT cyber-attacks, each of which possess new and more innovative layering of stealth and sophistication, has triggered a much needed response by the National Security Agency’s (NSA) Information Assurance Directorate (IAD). A more expedient path to technology approval has been introduced for qualified organizations. As a result, the .. read more

ICIT Report: CISO Solution Fatigue – Overcoming the Challenges of Cybersecurity Solution Overload

Due to the plague of APTs, malware, ransomware and other malicious initiatives by invisible adversaries, few C-level executive positions are as critical as the CISO. A well informed CISO can improve the engagement of the C-Suite and improve the cyber posture of the organization. However, due to a variety of factors, CISOs combat information overload and vendor .. read more

NIST SP 800-160: For the Rest of Us – An ICIT Summary

NIST Special Publication 800-160: Systems Security Engineering: Consideration for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems, offers useful strategies that can raise the bar for cyber defense and can be implemented quickly to drastically minimize traditionally vulnerable attack surfaces laid siege by state sponsored APTs, hacktivists, sophisticated mercenaries and cyber jihad hackers. This condensed .. read more

ICIT Brief: Combatting the Ransomware Blitzkrieg with Endpoint Security

Ransomware, the weaponization of encryption, has struck fear and confusion into the hearts of PC users and critical infrastructure communities alike. While it is impossible for organizations to prevent malware from infecting their networks, those who deploy a multi-layered security strategy and teach proper cybersecurity hygiene to their employees have a strong chance of defending against these .. read more

ICIT Bulletin: Cerber and KeRanger

Cerber and KeRanger are two of the latest Ransomware debacles to catastrophically affect the ill prepared. Once again we are confronted with the reality of our Nation’s lack of cybersecurity hygiene and the need for a more security-centric  culture among technology users. This ICIT Bulletin entitled, “Cerber & KeRanger: The Latest Weaponized Encryption” consolidates an explanation .. read more

ICIT Fellow Meetings: Change Agents & Operational Innovation

            ICIT’s 2016 monthly Fellow meetings have drawn executives from DHS, DoD, NASA, FDIC, HHS, FCC, and Interior as the Institute shepherds the community through a cybersecurity-centric renaissance and fosters strategic collaboration with industry and academic leaders.  These thought leadership forums have  inspired attendees to move their organization’s cybersecurity strategies forward with innovative .. read more

ICIT Analysis: FDA Guidance on Medical Device Cyber Security

This Institute for Critical Infrastructure Technology blog post, entitled “Assessing the FDA’s Cybersecurity Guidelines for Medical Device Manufacturers: Why Subtle “Suggestions” May Not Be Enough” is an objective analysis of the recent Food and Drug Administration (FDA) “Draft Guidance for Industry and Food and Drug Administration Staff.” The guidance advises medical device manufacturers to address .. read more

ICIT Brief: Hacking Healthcare IT in 2016: Lessons the Healthcare Industry can Learn from the OPM Breach

Among all of America’s critical infrastructures, the healthcare sector is the most targeted and plagued by perpetual persistent attacks from numerous unknown malicious hackers. The goal of these threat actors is to exploit vulnerabilities in insecure and antiquated networks in order to exfiltrate patient data for financial or geopolitical gain. In order to protect patient .. read more

ICIT Senate Briefing: Hacking Hospitals

            On November 19, the Institute for Critical Infrastructure Technology conducted a briefing at the U.S. Senate entitled “Hacking Hospitals” to address the growing threats facing healthcare organizations. During this briefing, senior Senate staffers and attendees from agencies including the Departments of Veterans Affairs, State, Homeland Security, Health and Human .. read more

ICIT Hill Event: “Hacking Hospitals” Briefing @ Senate

“Hacking Hospitals”  The national surge in the number of internet enabled medical devices, electronic health record management systems, mHealth and health information sharing initiatives has increased the attack surface at healthcare organizations and contributed significantly to the increase in successful data breaches at hospitals and insurance companies over the last several years.  Given the current .. read more

ICIT Fellows convene to discuss NextGen cybersecurity with NASA Ames, Army Cyber Institute, Blackberry

At the closed door October 2015 Institute for Critical Infrastructure Technology Fellows Meeting, Fellows and government leaders convened to discuss the top threats facing critical infrastructure sectors and the technologies and strategies which can mitigate risk.  The top challenges identified include an expanding attack surface driven by IoT and increases in mobile devices, better organized .. read more

Congresswomen Lee (TX) and Chu (CA) speak at “Town Hall” on Minority Representation in Cybersecurity

            As part of Cybersecurity Awareness month, the Institute for Critical Infrastructure Technology hosted a Town Hall on Minority Representation in Cybersecurity, a meeting sponsored by Congresswoman Sheila Jackson Lee (TX).  Congresswoman Lee was joined by Congresswoman Linda T. Sánchez, Chair of the Congressional Hispanic Caucus and Congresswoman and Judy Chu, .. read more

ICIT Brief: Who’s Behind the Wheel? Exposing the Vulnerabilities and Risks of High Tech Vehicles

The July 2015 remote hack of a Jeep Cherokee by security researchers from IOActive served as a catalyst which made vehicle cybersecurity a top priority for the automotive industry, consumers and lawmakers.  Since then, Chrysler has recalled 1.4 million Jeeps to patch vulnerabilities and lawmakers have proposed various pieces of legislation to address cybersecurity in vehicles, including the  Security and Privacy .. read more

On September 21st, 2015, posted in: Latest Posts by Tags: , , , , ,

Legislative Brief “Moving Forward: How Victims Can Regain Control & Mitigate Threats in the Wake of the OPM Breach”

In June 2015, the Nation learned that the personnel records of 21.5 million United States citizens had been exfiltrated by an unknown adversary from the Office of Personnel Management, one of the largest known breaches in the history of the U.S. Government.  The immediate public outcry included congressional hearings attributing the breach to OPM administrators and .. read more

Preparing the Battlefield: The Coming Espionage Culture Post OPM Breach

As part of its continued analysis of the OPM breach, ICIT’s most recent brief entitled “Preparing the Battlefield: The Coming Espionage Culture Post OPM Breach” discusses the significant impact the breach will have on America’s national security.  The large number of victims, many of whom hold security clearances, combined with the personal nature of the information stolen gives .. read more

ICIT Brief: OPM Demonstrates that Antiquated Security Practices Harm National Security

The Institute for Critical Infrastructure Technology has published its official analysis of the Office of Personnel Management breach, Handing Over the Keys to the Castle: OPM Demonstrates that Antiquated Security Practices Harm National Security.  This research brief provides insights on several of the most important aspects of the breach, some of which are not being .. read more

Securing Federal Data Post OPM: Lunch & Learn Summary + Slides

                This week the Institute for Critical Infrastructure Technology held a Lunch and Learn called “Securing Data for Today’s Federal Agency” which focused on the increasingly daunting task of protecting federal data in an age of information sharing and increased threats both inside and outside an agency.  An .. read more

Legislative Brief: “Preventative Measures- Ensuring Information Security Prior to mHealth Development”

The Institute for Critical Infrastructure Technology  issued its latest legislative briefing titled “Preventative Measures- Ensuring Information Security Prior to mHealth Development”.  The brief is an analysis of the proliferation of mobile technologies in the healthcare ecosystem, addressing the benefits mobility brings to patients and health providers as well as data privacy risks that exist if these technologies are .. read more

ICIT Fellows Talk on the Convergence of Physical and Cyber Security at the British Embassy

          Members of the Institute for Critical Infrastructure Technology spoke on the convergence of physical and cyber security at the British Embassy June 2, 2015, at a meeting attended by representatives from the United States government, the British government, and critical infrastructure sectors including Energy and Finance. The event featured a presentation by Danyetta Magana .. read more

National Health Sector Fly-in @ United States Senate

  Speakers Include –   Wesley Snell, Director CSIRC, HHS –  Suzanne Schwartz, Director Emergency Preparedness/Operations & Medical Countermeasures, FDA –  Steve Curren, Director (Acting), Division of Resilience and Infrastructure Coordination, HHS –  Julie Chua, Information Security Specialist, ONC –  Deborah Kobza, Executive Director, NH-ISAC –  Dan Waddell, Managing Director, National Capital Region, (ISC)2 – .. read more

Analysis of H.R. 1560 Title I (Protecting Cyber Networks Act) and Title II (National Cybersecurity Protection Advancement Act)

The Institute for Critical Infrastructure Technology (ICIT) today issued a briefing to members of the U.S. House of Representatives, U.S. Senate, Federal Agencies and other Critical Infrastructure Sector Leaders titled “Progress as Two Steps Forward and One Step Back: Analysis of H.R. 1560 Title I and Title II (H.R. 1731).”   The briefing is a detailed .. read more

DHS, ICIT and Federal Agency Leaders Collaborate on ISAOs

              On Thursday April 30th, the Institute for Critical Infrastructure Technology (ICIT) hosted its monthly Fellow Meeting with featured thought leader Michael Echols, Director of Special Initiatives, Critical Infrastructure and Key Resources Cyber Operations Management (CIKR-COM) at the Department of Homeland Security (DHS). Mr. Echols led an interactive discussion with .. read more

ICIT Fellows Brief Congressional and Senate Members on H.R.3696 Cybersecurity and Critical Infrastructure Protection Act of 2014

Week of March 2, 2015:  ICIT presented to members of the Congressional Cybersecurity Caucus and a member of Senate on H.R. 3696: Cybersecurity and Critical Infrastructure Protection Act, in order to discuss certain aspects of the bill which it believes will be included in 2015 legislation. These meetings gleaned important findings and requests for additional briefings .. read more

Department of Energy CIO (acting) Shares Defense in Depth Strategy at ICIT Fellow Meeting

  March 4, 2015:  Last week, the Institute for Critical Infrastructure Technology (ICIT) hosted their monthly Fellow Meeting. The featured thought leader was Donald Adcock, Chief Information Officer (Acting) for the Department of Energy. In the discussion, Mr. Adcock called for organizations to add “breadth” to their “Defense in Depth” strategies as a means to .. read more

On March 2nd, 2015, posted in: Latest Posts by Tags: , , , , , ,

HP, WatchDox, Covenant Announced as ICIT Fellows

February 10, 2015 –   The Institute for Critical Infrastructure Technology (ICIT) announces the addition of HP, Watchdox, and Covenant Security Solutions as ICIT Fellows, organizations who bring highly qualified experts, technologies and solutions to support the niche advisory ICIT provides the policy community in the fields of critical infrastructure technology and cyber security. “With .. read more