CISA, FBI, AND NSA RELEASE CONTI RANSOMWARE ADVISORY TO HELP ORGANIZATIONS REDUCE RISK OF ATTACK

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA) published a cybersecurity advisory today regarding increased Conti ransomware cyberattacks. The advisory includes technical details on the threat and mitigation steps that public and private sector organizations can take to reduce their risk to this ransomware.

CISA and the FBI have observed over 400 attacks using Conti ransomware against U.S. and international organizations to steal files, encrypt servers and workstations, and demand a ransom payment to return stolen sensitive data. While Conti is considered a ransomware-as-a-service (RaaS) model ransomware variant, there is variation in its structure that differentiates it from a typical affiliate model. It is likely that Conti developers pay the deployers of the ransomware a wage rather than a percentage of the proceeds from a successful attack..

Read Full Article

Americans Have No Idea What the Supply Chain Really Is

At this point, the maddeningly unpredictable Delta variant has changed the expected course of the coronavirus pandemic so much that it can be hard to know exactly what you’re waiting for, or if you should continue waiting at all. Is something like before-times normalcy still coming, or will Americans have to negotiate a permanently changed reality? Will we recognize that new normal when it gets here, or will it be clear only in hindsight? And how long will it be before you can buy a new couch and have it delivered in a timely manner?

Read Full Article

USG Warns Of ‘Critical’ Vulnerability That Poses ‘Serious Risk’ To Defense Contractors, Others

WASHINGTON: The US government issued a joint advisory Thursday warning of the ongoing “active exploitation” of a “critical” vulnerability in a popular password management solution, which “poses a serious risk to critical infrastructure companies, US-cleared defense contractors, academic institutions, and other entities that use the software.”

A Cybersecurity and Infrastructure Security Agency (CISA) official told Breaking Defense after this report’s original publication, “As exploitation of this product can lead to full identity compromise, CISA is taking this vulnerability very seriously and requests information from any organizations that may have been impacted.”

Read entire article

Sen. Peters Calls for Resilient Supply Chains Amid Chip Shortage

Sen. Gary Peters, D-Mich., chairman of the Committee on Homeland Security and Governmental Affairs, said on Sept. 15 that the United States’ supply chains are not resilient, and strengthening those supply chains is going to be critical for U.S. competitiveness going forward.

During a Politico event on Sept. 15, Sen. Peters described how the shortage of semiconductor chips and the overreliance on foreign manufacturers for critical supplies poses a huge concern for the United States.

“Although we have highly efficient supply chains, they are not resilient, and they’re not resilient to disruptions,” Sen. Peters said during the event. “We’ve got to create more resilience in our supply chains and particularly critical equipment, whether it’s medical supplies or as was mentioned, chips, which are basically in all of our products.”

Read entire article

House E&C Directs $10B for Supply Chain Security in Reconciliation Print

The House Energy and Commerce Committee was still in the process late Monday of marking up its portion of the $3.5 trillion budget reconciliation bill working its way through the House, but at our deadline was making a big splash with $10 billion of proposed funding for supply chain security.

The E&C committee’s portion of the legislation features billions of proposed spending for supply chains, distance learning, and more.

Read entire article

DoD Forms New Task Force To Shore Up Supply Chain

WASHINGTON: The Defense Department has created a new task force dedicated to addressing ongoing challenges with its supply chain visibility and resiliency, including ways to mitigate risk.

Gregory Kausner, who is currently handling the duties of under secretary of defense for acquisition and sustainment, stood up the Supply Chain Resiliency Working Group on Aug. 30, the Pentagon said last week.

“A comprehensive strategic approach will take time, dedicated attention, and resources,” Kausner said in a Department release announcing the task force. “Effective implementation begins with understanding our vulnerabilities and the necessary responses, so we can focus our efforts to build greater resiliency across critical supply chains.”

Read entire article

On-the-Record Press Call by Office of Science and Technology Policy Director Dr. Eric Lander and NSC Director for Global Health Security and Biodefense Dr. Beth Cameron on American Pandemic Preparedness

MS. RAYMOND:  Good morning, everyone.  And thank you so much, Brad.  To all our participants, thank you for joining us for this embargoed briefing today.

     We will be providing an overview of the American Pandemic Preparedness Plan, also entitled “Transforming our Capabilities,” which will advance the President’s commitment to building back better for the next biological threat.

We’ll start with some comments from our speakers.  Today, we have the President’s Science Advisor and Director of the White House Office of Science and Technology Policy, as well as a member of the President’s Cabinet, Dr. Eric Lander; as well as the Special Assistant to the President and National Security Council Senior Director for Global Health Security and Biodefense, Dr. Beth Cameron.

After they both give initial remarks, we’ll open it up for question-and-answer.

     As a reminder, this briefing is on the record, but the call contents and the materials that we shared prior to the call are embargoed until 3:00 p.m. this afternoon.  

And with that, I’ll turn it over to our speakers, starting with Dr. Lander.

DR. LANDER:  Well, thank you very much, and good morning to everybody and thank you for joining the call.  So, my name is Eric Lander.  I’m the President’s Science Advisor and I’m the Director of the White House Office of Science and Technology Policy.

     And today, we’re releasing a plan for transforming U.S. capabilities to prepare for and respond rapidly and effectively to future pandemics and other high-consequence biological threats.

Defending digital supply chains: Evidence from a decade-long research program

Digital Supply Chains (DSCs) are highly integrated global internet communities of customers, distributors, producers, and suppliers. DSCs have increasingly incorporated Internet of Things (IoT) innovations such as field sensors and real time condition monitoring; and have served as effective platforms for IoT technology diffusion. However, as IoT has become more pervasive, pushing the edges of networks further out, new cyber threat windows have opened everywhere. More recently, Cyber-Supply Chain Risk Management (C-SCRM) has emerged as a critical discipline combining expertise from cybersecurity, supply chain management and enterprise risk management; and designed to stem the proliferation of digital supply chain attacks seeking illicit access to corporate networks for competitive espionage, financial and intellectual property theft, and disruption of operations. Yet to date, there has been little evidence that C-SCRM practices are actually effective in containing all or even some types of breaches.

Read entire article