Software now powers everything from smartphones and cars to medical devices and critical infrastructure. However, with the rise of cyber threats and recent government orders, it is crucial to clearly understand what components are in the system, where they came from, who has had access to them, whether they are subject to licenses, and whether they harbor known vulnerabilities. This is where Software Bill of Materials (SBOM) comes in.
CISA Releases Sixteen Industrial Control Systems Advisories
CISA released sixteen Industrial Control Systems (ICS) advisories on April 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.
CISA Releases updated Zero Trust Maturity Model
Today, the Cybersecurity and Infrastructure Security Agency (CISA) published Zero Trust Maturity Model version 2, incorporating recommendations from a public comment period, and furthering the federal government’s continued progress toward a zero trust approach to cybersecurity in support of the National Cybersecurity Strategy. While the Zero Trust Maturity Model is specifically intended for federal agencies, all organizations should review this guidance and take steps to advance their progress toward a zero trust model.
Chip equipment exports to China tumble as U.S. pushes decoupling
Exports of semiconductor-manufacturing equipment from the U.S. and Japan to China fell for the first time in three years in 2022 as Washington stepped up its trade restrictions on advanced chip technology. In the October-December quarter, Japanese exports of such equipment to China slid 16% on the year by value, while the U.S. saw a 50% plunge and the Netherlands logged a 44% drop, according to trade and other data.
US, Canada Plan North American Chip Corridor, Starting With IBM Expansion
The United States and Canada said on Friday they would work together to create a bilateral semiconductor manufacturing corridor, as International Business Machines signaled its intent to expand in Canada. The news came as U.S. President Joe Biden, who is visiting Canada, issued a joint pledge with Canadian Prime Minister Justin Trudeau to stand together against authoritarian regimes in part by reducing their dependence on other countries for critical minerals and semiconductors.
When working in cybersecurity, there’s still risk ‘everywhere in the software supply chain’
The National Counterintelligence and Security Center (NCSC) leads counterintelligence for the national government. Among its myriad missions is securing the software supply chain.
“My directorate is certainly concerned with the supply chain of all critical infrastructure, certainly the supply chain that the IC has to source from as well,” Jeanette McMillian, assistant director of NCSC’s Supply Chain and Cyber Directorate said on Federal Monthly Insights – Securing the Supply Chain.
Japan, Canada in Talks Over Collaboration in Battery Metals Supply Chain
Japan and Canada are discussing collaboration on building strong supply chains for battery metals, Japan’s industry minister, Yasutoshi Nishimura, said on Tuesday. A public-private mission led by Japan’s Ministry of Economy, Trade and Industry (METI) and including 16 companies that work with batteries visited Canada last week for talks on building sustainable and resilient supply chains, he said.
Developing Supply Chain Capabilities Through Digitalization and Viability for Controlling the Ripple Effect
The COVID-19 pandemic affected all industries and presented manufacturing firms with enormous challenges, with considerable changes in consumer demand for goods and services. Supply chain management disruption caused by the COVID-19 outbreak resulted in several socio-economic roadblocks. The slow propagation of disruption risk results in a ripple effect along the entire chain. The lack of resilience and risk management capability is the prime cause, attributed to the unavailability of digital resources, skills, and knowledge.
Cybercriminals exploit SVB collapse to steal money and data
The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it’s becoming an excellent opportunity.
As multiple security researchers report, threat actors are already registering suspicious domains, conducting phishing pages, and gearing up for business email compromise (BEC) attacks.
US introduces new rules to protect water systems from hackers
The US Environmental Protection Agency on Friday announced new requirements for public water facilities to boost their cybersecurity while expressing concern that many facilities have failed to take basic steps to protect themselves from hackers.
The new EPA memo requires state governments to audit the cybersecurity practices of public water systems — and then use state regulatory authorities to force water systems to add security measures if existing ones are deemed insufficient.