Cybersecurity Saturday

October is National Cybersecurity Awareness Month. The FEHBlog reminds readers that

CISA will host its fourth annual National Cybersecurity Summit on Wednesdays during the month of October. The 2021 Summit will be held as a series of four virtual events bringing stakeholders together in a forum for meaningful conversation:

Oct. 6 – Assembly Required: The Pieces of the Vulnerability Management Ecosystem 

Oct. 13 – Collaborating for the Collective Defense 

Oct. 20 – Team Awesome: The Cyber Workforce 

Oct. 27 – The Cyber/Physical Convergence

Register for this free summit and read more about the presentations at CISA.gov/cybersummit2021

Security Week offers an article on ways to support this national effort.

Also yesterday, October 1, according to ZDNet,

The White House plans to convene a 30-country meeting this month to address cybersecurity, President Biden said in a statement Friday. 

The topics of the meeting, Biden said, will include combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, building trusted 5G technology and better securing supply chains. 

From Capitol Hill, Senator Gary Peters (D Mich.) tells us about American Rescue Plan funding totaling $1 billion that is being used to modernize federal IT systems. Here is a complete list of the unclassified Technology Modernization Funds projects.

With respect to cybersecurity practices

  • Earlier this week, CISA and the National Security Administration “released the cybersecurity information sheet Selecting and Hardening Standards-based Remote Access VPN Solutions to address the potential security risks associated with using Virtual Private Networks (VPNs). Remote-access VPN servers allow off-site users to tunnel into protected networks, making these entry points vulnerable to exploitation by malicious cyber actors.” Here is a Cyberscoop article on this development.
  • Helpnetsecurity.com offers an interesting article about the move from password verification to identity verification to secure networks against cyberattacks. “Identity verification is the most important step in an organization’s system for providing access, and authentication cannot occur until identity is established. This is known as identity-based authentication and it is the foundation of effective security measures. Once identity is established with a high level of efficacy, password-based credentials become obsolete. The end goal is not passwordless solutions – the goal is identity-based authentication, with passwordless as a means to that end.”
  • The National Institute of Standards and Technology issued its 2020 annual report (SP 800-214) last week.

As always, here is a link to Bleeping Computer’s The Week in Ransomware.