On Jan. 5, 2018, the Department of Homeland Security (DHS) and the Department of Commerce (DOC) released their joint draft report on “Enhancing the Resilience of the Internet and Communications Ecosystem against Botnets and Other Automated, Distributed Threats” for public comment. The report provides a series of recommendations for addressing the threats presented by botnets … Continue Reading
On Monday, May 11, 2017, President Donald Trump signed an Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The Executive Order comes after Trump had postponed signing a similar executive order on cybersecurity on Feb. 1, and another draft executive order had been circulated Feb. 10. The final Executive Order aligns … Continue Reading
This post was written by Timothy J. Nagle. NIST published the “Preliminary Cybersecurity Framework,” comprised of a Core, a Profile, and Information Tiers, in October. Comments were due by December 13th, and many industries, sectors and organizations have provided input. There is general industry support for the purpose, content, and collaborative development of the Framework, … Continue Reading
This post was also written by Timothy J. Nagle. “Electric Grid Vulnerability: Industry Responses Reveal Security Gaps,” by the staffs of U.S. Reps. Ed Markey (D-Mass.) and Henry Waxman (D-Cal.), resulted from a survey of more than 100 utilities. The report and the contemporaneous House Energy and Commerce Committee hearing on “Cyber Threats and Security Solutions” … Continue Reading
On February 12, the executive order “Improving Critical Infrastructure Cybersecurity” was issued, accompanied by a Presidential Policy Directive as well as a mention from President Obama in the State of the Union address. Similar to the previously discussed November 2012 draft, the executive order addresses: improvements in information sharing between the public and private sectors; … Continue Reading
This post was written by Timothy J. Nagle. An earlier blog post analyzed a draft Executive Order on critical infrastructure cybersecurity. A newer version of the order is similar to its predecessor, but the ultimate goals remain: using existing regulatory authority, improving information sharing, developing a “voluntary” framework of standards, incentivizing (or punishing?) owners and … Continue Reading