February 26, 2024 at 05:25PM
Summary:
CISA, NSA, and FBI warn of U.S. critical infrastructure attacks by “Volt Typhoon,” linked to CCP. Fortress Information Security partners with power companies to mitigate exposure, offering File Integrity Assurance (FIA) for compliance with CIP standards. Research reveals high likelihood of vulnerabilities in software from Russia or China, emphasizing the need for enhanced security measures. More information at fortressinfosec.com.
Key Takeaways from the meeting notes:
1. The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have issued a warning that U.S. critical infrastructure is under attack by the “Volt Typhoon” group, affiliated with the Chinese Communist Party (CCP), posing a serious challenge to operators of key services like transportation, commerce, clean water, and electricity.
2. Fortress Information Security is partnering with leading power companies to mitigate exposure to threats by ensuring timely security updates through their File Integrity Assurance (FIA) solution that automates patch management and verifies software integrity.
3. FIA also supports compliance with Critical Infrastructure Protection standards CIP-007 and CIP-010 and offers a cost-effective means for companies to meet these standards while improving security.
4. Fortress researchers found that over 90% of software products used by US electric companies contained contributions from developers aligned with Russia or China, which were more likely to have vulnerabilities and critical vulnerabilities.
5. The FIA solution provides an added layer of defense against known vulnerable software, alerting users to new updates and validating their authenticity to prevent potential attacks.
6. FIA users are alerted on average within a day of new updates being released to protect against threat actors using known vulnerable software.
For more information on Fortress’s Software Supply Chain Security solutions, visit https://ift.tt/yNQVUWJ.