U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing

October 29, 2024 at 03:52AM The U.S. government has released guidance on the Traffic Light Protocol (TLP) for sharing threat intelligence among the private sector and federal agencies. TLP’s color codes (Red, Amber, Green, White) guide information sharing levels to enhance trust and collaboration in cybersecurity while ensuring controlled distribution. ### Meeting Notes Takeaways – … Read more

Using Transparency & Sharing to Defend Critical Infrastructure

September 6, 2024 at 10:05AM Summary: Protecting critical infrastructure from state-sponsored cyber threats, such as Volt Typhoon, is crucial for public safety and national security. Transparency, information sharing, and strong partnerships between public and private sectors are essential for combating these threats. Utilizing software bills of materials and observability can help enhance cybersecurity efforts and … Read more

After the Dust Settles: Post-Incident Actions

August 8, 2024 at 11:00AM After a cybersecurity incident, organizations should conduct a thorough review of the attack to understand its timeline, actions taken, and response efficiency. This post-mortem analysis helps in identifying gaps and potential improvements in processes. Sharing incident data and learnings with others in the industry enhances cybercrime prevention. Establishing a timeframe … Read more

SolarWinds Charges Tossed Out of Court in Legal Victory Against SEC

July 18, 2024 at 06:05PM A judge dismissed part of the SEC’s case against SolarWinds and its CISO Tim Brown, post-breach, but allowed claims related to misrepresenting cybersecurity posture pre-breach to proceed. The ruling is seen as guidance for public companies in disclosing cyber incidents. SolarWinds is pleased but will defend claims in the upcoming … Read more

FS-ISAC Announces Appointments to Global Board of Directors

June 21, 2024 at 04:36PM FS-ISAC announced its 2024 Board of Directors, adding four new directors and re-electing two incumbents. Kris Fador, CISO for Bank of America, was named Chair. The Board oversees global activities and coordinates with related boards. The new directors bring expertise in cybersecurity and resilience. FS-ISAC thanked outgoing directors and welcomed … Read more

Why Regulated Industries are Turning to Military-Grade Cyber Defenses

June 14, 2024 at 07:42AM Amid escalating cyber threats, regulated industries are increasingly turning to military-grade cyber defenses to protect sensitive data and assets. Collaboration with government agencies and cybersecurity experts, adoption of military strategies, and implementing robust internal security measures help organizations enhance their resilience against cyber threats, uphold regulatory compliance, and mitigate risks. … Read more

NRECA Signs MOU With Electricity Information Sharing and Analysis Center

May 29, 2024 at 04:50PM The National Rural Electric Cooperative Association has signed an agreement with the North American Electric Reliability Corporation’s Electricity Information Sharing and Analysis Center to enhance electric sector cybersecurity through increased information sharing and collaboration. The partnership aims to prioritize sharing intelligence about security threats and vulnerabilities and facilitate collaborative efforts … Read more

The SEC’s New Take on Cybersecurity Risk Management

May 28, 2024 at 11:02AM Generative AI presents new risks, prompting the SEC to introduce cybersecurity rules for publicly traded companies. Clorox incurred $49M in costs due to a cyberattack, with ongoing financial impacts. Prudential Financial voluntarily disclosed a breach, and UnitedHealth faced a massive attack that could cost up to $1.6B. Lessons emphasize visibility, … Read more

OpenSSF Siren to Share Threat Intelligence for Open Source Software

May 21, 2024 at 08:08AM The Open Source Security Foundation has announced the launch of an email mailing list called Siren, which aims to share real-time security threat intelligence and create a community-driven knowledge base. The list will allow members to exchange information on tactics, techniques, and procedures related to attacks on open source software. … Read more

White House Issues National Security Memorandum for Critical Infrastructure

May 3, 2024 at 05:33AM The White House issued a new national security memorandum focused on protecting critical infrastructure from cyber and physical threats. Replacing a decade-old policy, the memorandum addresses malicious cyber activities, strategic competition, and advancements in AI. It involves refining government roles, promoting a risk-based approach, leveraging federal agreements, and designating CISA … Read more