CISA released two Industrial Control Systems (ICS) advisories on April 25, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
Supply chain attack that hit 3CX caught at least 4 other victims, Symantec says
The software supply chain attack against X_Trader has claimed at least four additional victim organizations, the Symantec Threat Hunter Team said Friday. The compromised software, originally developed by Trading Technology, caused another supply chain attack at 3CX. The newly identified victims include two critical infrastructure organizations in the energy sector and two organizations involved in financial trading.
SBOM 101: How to Control Software Supply Chain Risks Like a Pro
Software now powers everything from smartphones and cars to medical devices and critical infrastructure. However, with the rise of cyber threats and recent government orders, it is crucial to clearly understand what components are in the system, where they came from, who has had access to them, whether they are subject to licenses, and whether they harbor known vulnerabilities. This is where Software Bill of Materials (SBOM) comes in.
CISA Releases Sixteen Industrial Control Systems Advisories
CISA released sixteen Industrial Control Systems (ICS) advisories on April 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA Releases updated Zero Trust Maturity Model
Today, the Cybersecurity and Infrastructure Security Agency (CISA) published Zero Trust Maturity Model version 2, incorporating recommendations from a public comment period, and furthering the federal government’s continued progress toward a zero trust approach to cybersecurity in support of the National Cybersecurity Strategy. While the Zero Trust Maturity Model is specifically intended for federal agencies, all organizations should review this guidance and take steps to advance their progress toward a zero trust model.
Chip equipment exports to China tumble as U.S. pushes decoupling
Exports of semiconductor-manufacturing equipment from the U.S. and Japan to China fell for the first time in three years in 2022 as Washington stepped up its trade restrictions on advanced chip technology. In the October-December quarter, Japanese exports of such equipment to China slid 16% on the year by value, while the U.S. saw a 50% plunge and the Netherlands logged a 44% drop, according to trade and other data.
US, Canada Plan North American Chip Corridor, Starting With IBM Expansion
The United States and Canada said on Friday they would work together to create a bilateral semiconductor manufacturing corridor, as International Business Machines signaled its intent to expand in Canada. The news came as U.S. President Joe Biden, who is visiting Canada, issued a joint pledge with Canadian Prime Minister Justin Trudeau to stand together against authoritarian regimes in part by reducing their dependence on other countries for critical minerals and semiconductors.
When working in cybersecurity, there’s still risk ‘everywhere in the software supply chain’
The National Counterintelligence and Security Center (NCSC) leads counterintelligence for the national government. Among its myriad missions is securing the software supply chain.
“My directorate is certainly concerned with the supply chain of all critical infrastructure, certainly the supply chain that the IC has to source from as well,” Jeanette McMillian, assistant director of NCSC’s Supply Chain and Cyber Directorate said on Federal Monthly Insights – Securing the Supply Chain.
Japan, Canada in Talks Over Collaboration in Battery Metals Supply Chain
Japan and Canada are discussing collaboration on building strong supply chains for battery metals, Japan’s industry minister, Yasutoshi Nishimura, said on Tuesday. A public-private mission led by Japan’s Ministry of Economy, Trade and Industry (METI) and including 16 companies that work with batteries visited Canada last week for talks on building sustainable and resilient supply chains, he said.
Developing Supply Chain Capabilities Through Digitalization and Viability for Controlling the Ripple Effect
The COVID-19 pandemic affected all industries and presented manufacturing firms with enormous challenges, with considerable changes in consumer demand for goods and services. Supply chain management disruption caused by the COVID-19 outbreak resulted in several socio-economic roadblocks. The slow propagation of disruption risk results in a ripple effect along the entire chain. The lack of resilience and risk management capability is the prime cause, attributed to the unavailability of digital resources, skills, and knowledge.