Today more than ever, millions of lives depend on the availability, accuracy, and integrity of healthcare networks as they treat patients, develop vaccines, and research medical solutions. The COVID-19 global pandemic is shining a spotlight on the critical role that healthcare research plays in national security, creating a unique opportunity to discuss the impact vulnerabilities have on this vital ecosystem. In the months since the outbreak of the virus, Chinese cyberespiona

ICIT Solution Insights offers use case based education on technology products and how they address problems facing our nation’s critical infrastructure sectors. These reports help our community navigate the crowded vendor ecosystem with trusted knowledge from ICIT. Just because we are in the midst of a global pandemic does not mean we get a reprieve from cyber threats. Reports of COVID-19 related incidents show that many adversaries appear emboldened by the ongoing chaos and

ICIT Certified: This content has been reviewed and certified by ICIT researchers as valuable content for the community. We encourage you to study it and socialize it with your networks. The Cyberspace Solarium Commission (CSC) was established in the John S. McCain National Defense Authorization Act for Fiscal Year 2019 to "develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences." The finished

On February 10, 2020, the National Counterintelligence and Security Center (NCSC) unveiled the National Counterintelligence Strategy of the United States of America 2020-2022, outlining a new approach to counterintelligence to address threats that have evolved significantly since the last strategy in 2016. According to the strategy, which was signed by President Trump on January 7, 2020 and is available at www.ncsc.gov , three principal trends characterize today’s counterinte

Since the January 2, 2020 drone strikes that killed Iranian General Qasem Soleimani, cyber and national security experts have worried about retaliatory cyberattacks against US interests. Today, organizations are preparing for the worst, as the potential for a major cyber incident looms large in the minds of government and private sector leaders alike. While current focus is rightfully on Iran, our long-term security posture requires us to take a step back and ask ourselves wh

ICIT Certified Content: This publication from ICIT Fellow Program Member Micro Focus Government Solutions contains expert insights on IT modernization and data center consolidation. Our researchers have reviewed its contents and recommend it as a trusted source of education. Costs and risks associated with government legacy systems continue to rise, as agencies and departments continue to leverage these mission critical systems without a modernization plan.1 While the challen

National security and critical infrastructure resiliency depend on the success of the cybersecurity community’s diversity efforts. Reducing risk to an organization requires cross-functional stakeholder engagement within the business and its supply chain to balance business objectives with security needs. Security teams that bring diversity of thought and perspective to the decision-making process are best equipped to navigate this complex ecosystem of players, technologies,

ICIT Certified Content: This Blackberry publication contains expert insights on Security and technology in the mobility and transportation sectors, including an essay from ICIT. Our researchers have reviewed its contents and recommend it as a trusted source of education. BlackBerry’s new guide – The Road to Mobility: The 2020 Guide to Trends and Technology for Smart Cities and Transportation, a comprehensive resource that government regulators, automotive executives and techn

ICIT CERTIFIED: This article from Luther Martin, Distinguished Technologist at ICIT Fellow Circle Member Micro Focus Government Solutions, was featured as the Crypto Corner entry in the October 2019 ISSA Journal. The article has been reviewed by ICIT researchers and was deemed a valuable educational document the Institute encourages you to read and share among your community. On August 29, 2019, the US government reactivated its Space Command . The previous Space Command was

In Modernization Requires Leadership: Leading the way to Cloud Security, Zero Trust, and Threat Intelligence , DLT and ICIT experts detail the role of leadership in ensuring the success of three aspects of modernization: the cloud, zero trust, and threat intelligence. As Executive Order 13800 of May 2017 states, we must modernize to keep pace with our adversaries. Cloud computing, zero trust architecture, and effective threat intelligence promise to improve the security of go

Cybersecurity researchers often walk a fine line between objectively presenting the facts surrounding cybersecurity threats without fearmongering to garner the attention necessary to pressure policy makers and decision makers to take action. This is particularly true in the Energy sector, where the exploitation of vulnerabilities can lead to genuine high-risk outcomes such as regional black-outs and potential loss-of-life incidents. While emphasis is rightfully placed by the

This spring, The Institute for Critical Infrastructure Technology (ICIT) sponsored a Capstone Project for students at the Heinz College at Carnegie Mellon University. As part of this project, students were tasked with conducting an assessment of the cybersecurity posture of the healthcare sector which included an analysis of threats to healthcare IT, IoT, and OT, supply chain security, emerging cybersecurity solutions, and technical and non-technical security controls to imp

This draft publication and the abstract below were released by NIST in June 2019. ICIT strongly encourages you to visit the NIST Publication Library to search for additional information security resources which are freely available. Draft NIST Special Publication 800-171B: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of par

ICIT CERTIFIED: In this essay, ICIT Contributor Luther Martin from Micro Focus Government Solutions (an ICIT Fellow Program Member) discusses how governments that do not enforce cybercrime laws may in effect be decriminalizing cybercrime; and offers a possible solution to incentivize governments to enforce cybercrime laws. It has been reviewed by ICIT researchers and is certified as an educational document. ICIT encourages stakeholders to read this paper and distribute it wid

ICIT CERTIFIED: In this paper, the researchers at IOActive, an ICIT Fellow Circle Member, offer three real-world scenarios involving serious vulnerabilities that affect the aviation, maritime, and military industries. It has been reviewed by ICIT researchers and is certified as an educational document. ICIT encourages stakeholders to read this paper and distribute it widely to share its contents. This research comprehensively details three real-world scenarios involving ser

Most of the 8 million people estimated to fly every day directly or indirectly interact with the technologies running the “typical airport’ experience” – avionics software on planes, air traffic control systems, fuel pumps, baggage handling systems, ticketing systems, security systems, etc. – without considering the resiliency and security of the software or equipment they interact with. However, like most technology, the software and equipment used to run the operations of

Software development that does not incorporate comprehensive security throughout the lifecycle of the application jeopardizes national security by increasing the threat landscape surrounding high-value networks and sensitive data. Unfortunately, many of today’s technology manufacturers prioritize speed to market over security, have adopted a ‘deploy now, patch later’ culture, and shift the liability of their vulnerable technology onto consumers through EULAs and SLAs. It is v

ICIT CERTIFIED: In this paper, the OT Research Team at Forescout, an ICIT Fellow Program Member, performed an exercise in vulnerability and malware research for devices commonly used in building automation system (BAS). It has been reviewed by ICIT researchers and is certified as an educational document. ICIT encourages stakeholders to read this paper and distribute it widely to share its contents. Vulnerabilities in smart buildings are very dangerous because they open thes

On February 21, 2019, Senator Mark Warner (D-VA), the vice chair of the Senate Intelligence Committee and co-chair of the Senate Cybersecurity Caucus, sent letters to twelve healthcare organizations and four federal agencies soliciting feedback via a series of questions on the security and resiliency of the healthcare sector. In the letter, he stated: “I would like to work with you and other industry stakeholders to develop a short- and long-term strategy for reducing cybers

This publication and the abstract below was published by GAO in March 2019. ICIT strongly encourages you to visit the GAO Reports and Testimonies Library to search for additional information security resources which are freely available. Why GAO Did This Study A key component of mitigating and responding to cyber threats is having a qualified, well-trained cybersecurity workforce. The act requires OPM and federal agencies to take several actions related to cybersecurity work