NSA and ESF Partners Release Recommended Practices for Software Bill of Materials Consumption

The National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have released a cybersecurity technical report (CTR), “Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption.” The guidance in this release aids software developers, suppliers, and customer stakeholders in ensuring the integrity and security of software via contractual agreements, software releases and updates, notifications, and mitigations of vulnerabilities.

Read Full Report

DHS Launches New Critical Infrastructure Security and Resilience Campaign

The DHS and two of its agencies, CISA and FEMA, on Tuesday announced the launch of a new campaign whose goal is to help critical infrastructure organizations become more secure and resilient. 

The new campaign, called Shields Ready, complements an existing campaign named Shields Up, which focuses on providing recommendations and other resources that can help critical infrastructure organizations reduce risk in response to specific threat intelligence.

Read Full Article

Empowering SMBs: Developing a Resilient Supply Chain Risk Management Plan

Wednesday, November 15, 2023

Time: 11 AM – 12 PM (EDT)

Location type: Virtual/Online

Location: Virtual

The Cybersecurity and Infrastructure Security Agency’s (CISA) Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force presents its latest product, “Empowering SMBs: A Resource Guide for Developing a Resilient Supply Chain Risk Management Plan.”

Register Now

DoD to release first industrial strategy by end of year

The Defense Department will release its first defense industrial strategy by the end of the year to better utilize the defense industrial base, while helping to secure supply chains to ensure the DoD is well prepared for the future.

The strategy will focus on four key pillars, said Justin McFarlin, the deputy assistant secretary of Defense for industrial base development and international engagement: resilient supply chains, workforce readiness, flexible acquisition and economic deterrence.

McFarlin said that supply chain and workforce are issues also affecting industry, which is still experiencing the impact of the COVID-19 pandemic and retention challenges.

Read Full Article

FBI shares AvosLocker ransomware technical details, defense tips

The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.

In a joint cybersecurity advisory, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) also share a YARA rule for detecting malware in the guise of a legitimate network monitoring tool.

Read Full Article