encryption

HHS’ HCCIC Takes a Quantum Leap Forward to Secure the Health Sector

HHS is aggressively working with industry to introduce organizational cybersecurity resiliency to the Health Care Industry and move organizations away from self-regulating, checkbox-driven security standards which provide little more than security theatre.  The Healthcare Cybersecurity and Communications Integration Center (HCCIC), HHS’s new cybersecurity intelligence-sharing clearing-house, is a major step toward this goal and acts as .. read more

ICIT Publication: I Got 99 Problems But a Breach Ain’t One

Critical Infrastructure Information Security systems are failing under persistent adversarial efforts because too many organizations still depend on antiquated legacy systems, un-cyber-hygienic personnel, and devices that lack security-by-design. This is not merely a cyberwar, we are now in a state of cyber-kinetic-meta war. There was no clear beginning and there will be no end. The .. read more

ICIT Analysis: The Surveillance State & Censorship Legislation Conundrum: Dragnet Surveillance & Censorship Legislation Will Do Nothing to Eliminate Cyber Jihad & Lone Wolf Recruiting

Recent efforts by governments to weaken encryption, introduce exploitable vulnerabilities into applications, and to develop Nation-state dragnet surveillance programs will do little to stymie the rise in terrorist attacks.  These efforts will be a detriment to national security and only further exhaust law enforcement resources and obfuscate adversary communiqués within a massive cloud of noise. .. read more

Next Generation Defenses for a Hyper Evolving Threat Landscape: An Anthology of ICIT Fellow Essays Volume I

The onslaught of attacks on our Critical Infrastructure sectors by nation state, mercenary, criminal and cyber jihadist APTs is robbing organizations of millions worth of IP and victimizing citizens whose inadequately protect PII is being exfiltrated and used for economic gain or counterintelligence purposes. Organizations must be on the forefront of bleeding-edge cybersecurity technologies and .. read more

The Necessity of Encryption for Preserving Critical Infrastructure Integrity: Protecting Data At-Rest, In-Transit, and During-Processing with Format Preserving Encryption

The Necessity of Encryption for Preserving Critical Infrastructure Integrity: Protecting Data At-Rest, In-Transit, and During-Processing with Format Preserving Encryption by James Scott, Sr. Fellow, ICIT DOWNLOAD A PDF OF THIS POST HERE Breaches Result in Loss of Trust Cybersecurity is rooted in trust. Organizations expend resources purchasing and maintaining the systems and applications that they .. read more

ICIT Brief: In 2017, The Insider Threat Epidemic Begins

Just as American and European critical infrastructure executives were beginning to wrap their minds around the devastation of the Office of Personnel Management breach, ransomware erupted onto the scene, followed by concentrated DDoS attacks such as the Mirai botnet attack on Dyn, which enabled a quantum leap for cyber criminals.  Now, all techno-forensic indicators suggest .. read more

ICIT Analysis: The Wound Collectors – Profiling the Self Radicalized Lone-Wolf Terrorist

Acts of domestic terrorism in the West are escalating at an alarming rate. Lone wolf attacks and attackers have sparked public, political and law enforcement curiosity due to the, seemingly, random and independent action of a self-radicalized extremist with modest or no ties directly to the group in which they proclaim the action to be .. read more

ICIT Brief: Combatting the Ransomware Blitzkrieg with Endpoint Security

Ransomware, the weaponization of encryption, has struck fear and confusion into the hearts of PC users and critical infrastructure communities alike. While it is impossible for organizations to prevent malware from infecting their networks, those who deploy a multi-layered security strategy and teach proper cybersecurity hygiene to their employees have a strong chance of defending against these .. read more

Securing Federal Data Post OPM: Lunch & Learn Summary + Slides

                This week the Institute for Critical Infrastructure Technology held a Lunch and Learn called “Securing Data for Today’s Federal Agency” which focused on the increasingly daunting task of protecting federal data in an age of information sharing and increased threats both inside and outside an agency.  An .. read more