An Analysis of Generative AI: How to Be Confidently Wrong

The recent release of the National Cybersecurity Strategy document by the White House prompted me to test Microsoft's new Bing chat feature, which is powered by OpenAI's language model, ChatGPT. This model responds to user prompts and learns from previous interactions to provide relevant answers. My experiment aimed to test how well it could summarize the document and provide insights into its contents.

Read More

Three Quick Takeaways from Biden’s National Cybersecurity Strategy

 

NOTE: We were going to publish our second blog of the S4x23 SBOM Challenge today. However, the new National Cybersecurity Strategy was released this morning, and we thought that dissecting it for our readers took priority. We’ll go back to the S4x23 SBOM Challenge discussion next week.

There is a lot to unpack and there is even more to read between lines in the Biden Administration's new National Cybersecurity Strategy. Let me lay out the three...

Read More

A Flurry of Regulatory Action and the Need for SBOMs

 

Executive Order 14028 on Improving the Nation's Cybersecurity was issued in May of 2021 and provided a roadmap for a series of regulatory initiatives that government agencies (and anyone doing business with them) should prepare for. Recently we’ve seen the rollout of two important mandates:

  • OMB Memorandum M-22-18 dated Sept. 14, 2022 establishes requirements for “Enhancing the Security of the Software Supply Chain through Secure Software...
Read More

Sorry Blackberry: You Are Part of the Supply Chain

Today, reporters Betsy Woodruff Swan and Eric Geller at Politico published a story: “BlackBerry resisted announcing major flaw in software powering cars, hospital equipment.”  They outline how BlackBerry willfully hid the fact that their key operating system QNX contained a collection of vulnerabilities (originally discovered and named BadAlloc by Microsoft). It seems other companies affected by BadAlloc announced the issue way back in May. Not so...

Read More

Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 4

Section 3 - Less Fog, More Cloud

Section 3: Modernizing Federal Government Cybersecurity of the Executive Order is all about government agencies moving to the cloud and doing it right. If you are someone who believes that the cloud has absolutely no place in the industrial control systems (ICS) world, you are going to hate this section.

Read More

Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 3

So you don’t sell to the Feds…

Today’s blog is going to take a break from analyzing a specific section of the Executive Order on Improving the Nation’s Cybersecurity and focus on who will be impacted by the order.

I got thinking about this last week when Tom Clary posted this insightful comment on LinkedIn:

[This] Executive Order in no way compels private sector critical infrastructure to do anything different. It seems intended to better protect...

Read More

Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 2

Removing Barriers to Sharing Threat Information

On Friday we dissected Section 4: Enhancing Software Supply Chain Security of the new Executive Order on Improving the Nation’s Cybersecurity. Today we will look at Section 2: Removing Barriers to Sharing Threat Information. We’ve also updated the EO14028 Timeline I posted previously to include Section 2 deadlines:

Read More

Unpacking EO14028: Improving the Nation's Cybersecurity - Pt. 1

 

Late Wednesday night President Biden signed the Executive Order on Improving the Nation’s Cybersecurity.  

Compared to any Executive Order (EO) I’ve seen, this is a massive and complex policy document: the average length of an EO has been under 3½ pages; most are just 1 or 2 pages. This EO weighs in at 18 pages with 74 actionable directives. Forty-five of those directives have defined due dates, many linked to the completion of other directives....

Read More

3 Month Reprieve for Utilities on Cybersecurity Supply Chain Standards

Earlier this month, as the coronavirus accelerated its alarming sprint across North America, NERC requested that FERC defer a number of looming deadlines for Reliability Standards. For the cybersecurity-related standards (CIP-005-6, CIP-010-3, and CIP-013-1), NERC requested a 3-month delay to “help ensure grid reliability amid the impacts posed by the coronavirus outbreak, a public health emergency that is unprecedented in modern times.”

Read More
Content not found