The Federal Communications Commission recently determined that security products from Kaspersky posed an unacceptable risk to US national security and added the company to a covered list of other firms not eligible for FCC funds. Kaspersky becomes the first security company and first Russian entity to be added to the US security threat list. Companies that appear on the list are ineligible to receive any of the $8 billion available annually under the FCC’s Universal Service Fund. The fund supports telecom services in rural areas or is for low-income consumers or entities like schools, libraries, and hospitals. The move adds Kaspersky to the same covered list that Huawei and ZTE landed on in 2021.
Senate Revving up to Finish COMPETES/USICA Reconciliation
Source: MeriTalk
Senate leadership is making the legislative moves necessary to begin work in earnest on reconciling two different versions of innovation and competition legislation that features billions of funding to boost domestic semiconductor production and create a new technology directorate at the National Science Foundation (NSF).
Along those lines, Senate Majority Leader Chuck Schumer, D-N.Y., filed cloture on the House-passed America Creating Opportunities for Manufacturing, Pre-Eminence in Technology, and Economic Strength (COMPETES) Act on March 17.
On the Senate floor, Schumer then laid out his plan of action that involves the Senate taking up the America COMPETES to amend it with the text of the Senate-passed United States Innovation and Competition Act (USICA), passing it, then sending the resulting legislation back to the House for conferencing.
“Last summer the Senate passed an overwhelmingly bipartisan bill that will bring manufacturing jobs back to America, fix supply chains, fuel scientific research, and ultimately lower costs by a significant amount,” Sen. Schumer said. “The bipartisan bill would be great news for our economy, our entrepreneurs, our innovators, and especially families who are feeling the sting because of the chip shortage.”
“We all know the chip shortage is hurting so many people,” he continued. “It’s hurting the auto industry that’s had to temporarily shut down factories. It’s hurt our tech industry, our health care industry, and so many others. So let’s solve this quickly.”
Each of the bills contains $52 billion to fully fund the CHIPS Act – a measure included in the fiscal year (FY) 2021 National Defense Authorization Act – in addition to other investments in domestic research and development.
Russian Hackers Are Targeting American Oil Refineries
Russian Hackers Are Targeting American Oil Refineries
Source: The Street
Published: March 15, 2022
Cyber criminals are targeting the energy infrastructure in the U.S, including pipelines, refineries and power grids to attack their operations and supply chain systems, experts said. Hackers have targeted oil and gas producers in the past, such as the attack of the Colonial Pipeline, the largest U.S. fuel pipeline that resulted in shortages along the East Coast in April 2021.
White House Outlines Strategy to Revitalize and Fortify U.S. Manufacturing, Supply Chains
- The White House has announced key government-wide initiatives for the coming year that are focused on long-term domestic supply chain resilience.
- The Biden Administration released a capstone report on key actions it has taken over the past year to reduce U.S. supply chain vulnerability across a range of key sectors.
- As a complement to the capstone report, seven cabinet agencies published reports identifying weaknesses and strategies to strengthen supply chains for these sectors.
RSA Conference (RSAC) 2022
San Francisco, CA
June 6-9, 2022
The theme for RSAC 2022 is “Transform.” This conference offers a dialogue on the rapidly evolving information security industry by providing insight into trends and breaking news in information security. It is intended for military, government, academia, and industry information security experts.
Protecting Data & the Supply Chain
This track explores the cascading security requirements of the extended enterprise and the classification, tracking, and protection of data. It covers data protection regulations, DLP and threats to sensitive data, and emerging trends in software supply chain security as well as vendor and partner SLAs, supply chain mapping, continuous enforcement, and how to future-proof vendor contracts and risk assessments for evolving requirements.
For more information, follow these links:
2022 USA | RSA Conference
Trust, but Verify: Protecting Your Business from Supply Chain Attacks | RSA Conference
NIST Refreshing Voluntary Cybersecurity Framework Amid Push for Mandates
NIST Refreshing Voluntary Cybersecurity Framework Amid Push for Mandates
Source: Nextgov
Published: February 22, 2022
The National Institute of Standards and Technology wants to know how it might improve its landmark framework of cybersecurity standards and practices and streamline similar efforts related to particular issues like privacy and supply-chain security. “Every organization needs to manage cybersecurity risk as a part of doing business, whether it is in industry, government or academia,” said Commerce Deputy Secretary Don Graves in a news bulletin NIST published Tuesday. “It is critical to their resilience and to our nation’s economic security. There are many tools available to help, and the CSF is one of the leading frameworks for private sector cybersecurity maintenance. We want private and public sector organizations to help make it even more useful and widely used, including by small companies.”
New Pentagon Report Raises Alarm Over Industry Consolidation, Future of Competition
Feb. 16, 2022
Air Force Magazine
The Defense Department faces a future of high-price, sole-source contracts, reduced innovation, and possible critical shortages if it doesn’t take steps to increase competition and the number of suppliers in the defense industrial base, according to a new Pentagon report. But changing the conditions creating the situation won’t be easy, it said.
To prevent these issues, the U.S. must limit further defense industry consolidation; fix intellectual property issues; attract new businesses to the industry—especially small businesses—and put “sector-specific supply chain resiliency plans” into effect for critical items, ranging from missiles to castings, strategic metals, and microelectronics, according to the report, released Feb. 15.
Pentagon Report: State-of-Competition-Within-the-Defense-Industrial-Base
Three Ways to Enhance Supply Chain Cybersecurity
Three Ways To Enhance Supply Chain Cybersecurity
Source: Forbes
Published: February 16, 2022
It’s a familiar headline: Your supply chain may be your biggest cybersecurity risk. And for good reason. Between pressure to maintain business continuity and exceed profits amid inflation and global supply chain issues, organizations across industries have a lot to contend with. This focus elsewhere can lead to threat actors slipping under the radar more easily while also making a big splash. For instance, beyond the potential exposure of credit card data, we’ve seen a rise in ransomware and nation-state threat activity in an attempt to further disrupt stressed infrastructures. While these challenges are broad, if we approach cybersecurity as a collective whole, rather than as individual organizations, they are not insurmountable.
Cyber Attack Strikes German Fuel Supplies
Cyber-attack strikes German fuel supplies
Source: BBC
Published: February 1, 2022
A major fuel supplier in Germany is operating at a “limited capacity” after a cyber-attack disrupted IT systems at the weekend. Oiltanking Deutschland GmbH & Co. KG stores and transports oil, vehicle fuels and other petroleum products for companies like Shell. It says it discovered it had been hacked on Saturday. It has declared “force majeure” for the majority of its inland supply activities in Germany.
A cyber attack at the Patent Office led to increased eyes on supply chain risk
Many people think of cybersecurity as threats coming from the outside, but with the government relying on private companies to provide hardware and software, the very tools that agencies use could be a threat within themselves.
Supply chain issues are wracking the nation, but the government is also thinking about its supply chain in terms of what companies are providing goods and services.
The U.S. Patent Office is one organization that pays particularly close attention to supply chain issues in order to keep clients proprietary information safe. Just recently, the Patent Office found a zero day vulnerability in one of its logging libraries, according to Stephan Mitchev, director of the Office of Application Engineering and Development and acting chief technology officer at the Patent Office.
That infiltration caused the office to look harder at its supply chain to see what could have been infected.