CyberScoop.com

"The CyberSecurity executive order is out."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 16 January 2025, 1710 UTC.

Content and Source:  Email subscription to "CyberScoop.com."

https://mail.google.com/mail/u/0/?tab=rm&ogbl#inbox/FMfcgzQZSjfPHvDVNbwVFCVDCFmBwflW

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

READ IN BROWSER

THURSDAY, JAN. 16, 2025 The cybersecurity executive order has finally been released. CISA chased Salt Typhoon off federal networks. And what the future holds for CISA's secure-by-design program. This is CyberScoop for Thursday, January 16. U.S. President Joe Biden speaks from the Oval Office of the White House on July 24. (Photo by Evan Vucci-Pool/Getty Images) The EO is out President Biden finally issued the cybersecurity executive order we've been telling you about for months, intended to enhance and promote innovation in the nation's cybersecurity infrastructure. The order mandates federal agencies to strengthen cybersecurity across critical infrastructure by adopting rigorous software acquisition practices, enhancing cloud and identity management security, and exploring innovative technologies, including AI, for defenses. Additionally, the order emphasizes transparency, secure software development, and operational security to mitigate potential risks associated with software supply chains and promote resilience in federal and critical infrastructure systems. You can read the full order here. Even Managed Devices Can Cause Security Risks. MDMs struggle to keep up with the influx of vulnerabilities on company-managed devices. The key to getting ahead is to enable your employees to respond themselves. Join 1Password’s upcoming webinar to discover how to secure your organization by empowering employees to self-remediate device issues. Salt Typhoon was on federal networks CISA Director Jen Easterly revealed that the Salt Typhoon hacking activity, linked to a Chinese group targeting the U.S. telecommunications industry, was first identified by CISA threat hunters, though initially it was not recognized as part of a larger campaign. This discovery enabled both public and private sectors to respond more effectively by connecting the dots of the malicious activity, leading to the seizure of virtual private servers used by the hackers. Despite efforts to remove Salt Typhoon hackers from some networks, U.S. telecommunications firms continue to face significant challenges securing critical infrastructure from sophisticated foreign threats, including those exploiting vulnerabilities in outdated systems and external technologies. Derek B. Johnson reports. CIA will try to push for offensive cyber measures CIA director nominee John Ratcliffe testified that, if confirmed, he plans to enhance the development of offensive cyber tools and establish a cyber-specific deterrence strategy. Ratcliffe emphasized the need for consequences against U.S. adversaries, like China, committing cyberattacks, likening these threats to invasions through digital borders. He expressed a desire for the CIA to have the necessary capabilities to go on the offensive in cyberspace, while acknowledging that the deployment of such tools would ultimately be a policy decision. Tim Starks has more. Even Managed Devices Can Cause Security Risks. MDMs struggle to keep up with the influx of vulnerabilities on company-managed devices. The key to getting ahead is to enable your employees to respond themselves. Join 1Password’s upcoming webinar to discover how to secure your organization by empowering employees to self-remediate device issues. A look at a key CISA program Jack Cable, a key figure behind CISA's secure-by-design initiative, highlighted its importance in countering Chinese cyber threats and emphasized that many exploited vulnerabilities have been known and preventable for decades. While initially met with skepticism, the initiative has gained traction with over 250 companies, motivated by peer pressure and alignment with CISA's goals to enhance product security. Cable affirms that fostering these secure practices among software manufacturers is crucial, with CISA and potentially Congress playing pivotal roles in advancing these efforts to reduce exploitable flaws and protect critical infrastructure. Read the full interview Tim had with Jack. Feds need more cloud for better cybersecurity A report from the Center for Strategic and International Studies highlights the cybersecurity risks posed by federal agencies' slow adoption of cloud technologies and recommends overhauling contracting, regulatory, and budgeting practices. Despite private-sector advancements, federal agencies lag in IT modernization, with only a small portion of their IT spending allocated to cloud services. The report suggests consolidating data centers, implementing mandatory cybersecurity standards for cloud contracts, and notes that embracing cloud technology is crucial for leveraging advanced tools like AI. Tim has more. Tweet of the day Every week feels like a month, every month feels like a year. Want more? Catch our events for all things cybersecurity! Copyright © CyberScoop 2025.  All rights reserved. Scoop News Group 2001 K Street NW Washington DC  Update your email preferences Unsubscribe