Zero-day, supply-chain attacks drove data breach high for 2023

Zero-day exploits, supply chain attacks fuel 72% increase over previous record for incidents of compromise. Another increase is expected for 2024.A new record for data breaches reported to the Identity Theft Resource Center (ITRC) was set in 2023, spurred by zero-day and supply chain attacks, according to the organization’s annual data breach report released Thursday. The report noted that the number of data compromises in 2023 jumped 78% over 2022, to 3,205 from 1,801 and exceeded, by 72%, the previous high of 1,860 breaches recorded in 2021.

Read Full Article

Chips Trade War ‘Will See Surge in E-Recycling’ – Deloitte

In its Tech, Media and Telecom Predictions 2024 report, Deloitte says the supply chain sector will face “significant” raw material shortages, particularly gallium and germanium – vital minerals needed for chip manufacturing.

Deloitte says that interest in electronic waste (e-waste) recycling is likely to grow in response to these shortages. E-waste recycling is the disassembly and separation of components and raw materials of waste electronics from devices such as PCs and mobile phones.

Read Full Article

States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities

The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack.

It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the new $18.5 million one it is building.

Then it — along with several other water utilities — was struck by what federal authorities say are Iranian-backed hackers targeting a piece of equipment specifically because it was Israeli-made.

Read Full Article

Biden-Harris Administration Announces Supply Chain Resilience Center to Protect U.S. Supply Chain from Evolving Threats

WASHINGTON – As part of the inaugural meeting of the White House Council on Supply Chain Resilience, President Biden and Secretary of Homeland Security Alejandro N. Mayorkas unveiled the Supply Chain Resilience Center (SCRC), a new U.S. government entity designed to collaborate with the private sector to better secure our supply chains. The SCRC will analyze vulnerabilities and conduct scenario planning with private sector stakeholders to help mitigate supply chain disruptions, ensure reliable and efficient deliveries of goods and services, and lower costs for the American people.

Read Full Article

NSA and ESF Partners Release Recommended Practices for Software Bill of Materials Consumption

The National Security Agency (NSA), Office of the Director of National Intelligence (ODNI), the Cybersecurity and Infrastructure Security Agency (CISA), and industry partners have released a cybersecurity technical report (CTR), “Securing the Software Supply Chain: Recommended Practices for Software Bill of Materials Consumption.” The guidance in this release aids software developers, suppliers, and customer stakeholders in ensuring the integrity and security of software via contractual agreements, software releases and updates, notifications, and mitigations of vulnerabilities.

Read Full Report

DHS Launches New Critical Infrastructure Security and Resilience Campaign

The DHS and two of its agencies, CISA and FEMA, on Tuesday announced the launch of a new campaign whose goal is to help critical infrastructure organizations become more secure and resilient. 

The new campaign, called Shields Ready, complements an existing campaign named Shields Up, which focuses on providing recommendations and other resources that can help critical infrastructure organizations reduce risk in response to specific threat intelligence.

Read Full Article

DoD to release first industrial strategy by end of year

The Defense Department will release its first defense industrial strategy by the end of the year to better utilize the defense industrial base, while helping to secure supply chains to ensure the DoD is well prepared for the future.

The strategy will focus on four key pillars, said Justin McFarlin, the deputy assistant secretary of Defense for industrial base development and international engagement: resilient supply chains, workforce readiness, flexible acquisition and economic deterrence.

McFarlin said that supply chain and workforce are issues also affecting industry, which is still experiencing the impact of the COVID-19 pandemic and retention challenges.

Read Full Article