ICIT CERTIFIED:  This article from Luther Martin, Distinguished Technologist at ICIT Fellow Circle Member Micro Focus Government Solutions, was featured as the Crypto Corner entry in the October 2019 ISSA Journal. The article has been reviewed by ICIT researchers and was deemed a valuable educational document the Institute encourages you to read and share among your community. On August 29, 2019, the US government reactivated its Space Command . The previous Space Command was

In Modernization Requires Leadership: Leading the way to Cloud Security, Zero Trust, and Threat Intelligence , DLT and ICIT experts detail the role of leadership in ensuring the success of three aspects of modernization: the cloud, zero trust, and threat intelligence. As Executive Order 13800 of May 2017 states, we must modernize to keep pace with our adversaries. Cloud computing, zero trust architecture, and effective threat intelligence promise to improve the security of go

ICIT CERTIFIED:  This brief from ICIT Fellow Circle Member Federal News Network offers viewpoints from executives of the  General Services Administration, the Small Business Administration, U.S. Citizenship and Immigration Services, and CenturyLink discussing how agencies can manage IT complexities in a multi-cloud world. It has been reviewed by ICIT researchers and is a valuable educational document the Institute encourages you to read and share among your community. Frictio

In “The Rise of Disruptionware: A Cyber-Physical Threat to Operational Technology Environments,” ICIT experts explore an alarming trend which sees adversaries disrupting business continuity and introducing severe risk into OT environments through the use of malware that can degrade or halt manufacturing processes, damage reputations, extort money from victims, or accomplish other targeted outcomes. Disruptionware is an emerging category of malware designed to suspend operatio

ICIT CERTIFIED:  This brief from ICIT Fellow Circle Member Federal News Network offers viewpoints from executives of the  General Services Administration, the Small Business Administration, U.S. Citizenship and Immigration Services, and CenturyLink discussing how agencies can manage IT complexities in a multi-cloud world. It has been reviewed by ICIT researchers and is a valuable educational document the Institute encourages you to read and share among your community. The clo

Cybersecurity researchers often walk a fine line between objectively presenting the facts surrounding cybersecurity threats without fearmongering to garner the attention necessary to pressure policy makers and decision makers to take action. This is particularly true in the Energy sector, where the exploitation of vulnerabilities can lead to genuine high-risk outcomes such as regional black-outs and potential loss-of-life incidents. While emphasis is rightfully placed by the

In this Bright Minds Q&A, we speak with longtime ICIT partner and Federal Reserve System V.P. and CISO Devon Bryan about his views on diversity in the field of cybersecurity. ICIT and Mr. Bryan have a long history of action in this space, with Mr. Bryan co-founding the International Consortium for Minority Cybersecurity Professionals (ICMCP) and ICIT helping launch ICMCP with a Town Hall in Congress sponsored by Congresswomen Sheila Jackson-Lee (D-TX) and Judy Chu (D-CA) in

In this essay, entitled “The Rise of the Cyber Industrial Complex and Expense in Depth,” ICIT Fellow Malcolm Harkins discusses how the lack of progress toward managing cyber risk, despite thousands of new security vendors and thousands of new capabilities sold that purport to control for these risks, is a result of a “cyber industrial complex” that has a lack of a proper economic incentive to solve the problem. Mr. Harkins explores the idea that it is the hidden hand of t

This spring, The Institute for Critical Infrastructure Technology (ICIT) sponsored a Capstone Project for students at the Heinz College at Carnegie Mellon University. As part of this project, students were tasked with conducting an assessment of the cybersecurity posture of the healthcare sector which included an analysis of threats to healthcare IT, IoT, and OT, supply chain security, emerging cybersecurity solutions, and technical and non-technical security controls to imp

This draft publication and the abstract below were released by NIST in June 2019. ICIT strongly encourages you to visit the NIST Publication Library to search for additional information security resources which are freely available. Draft NIST Special Publication 800-171B: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations The protection of Controlled Unclassified Information (CUI) resident in nonfederal systems and organizations is of par

ICIT CERTIFIED: In this paper from Federal News Network, and ICIT Fellow Circle Member, executives from Customs and Border Protection, NOAA, Veterans Affairs, Justice, Education, and Carbon Black discuss current best practices for threat hunting, compliance and cyber data analytics. It has been reviewed by ICIT researchers and is certified as an educational document. ICIT encourages stakeholders to read this paper and distribute it widely to share its contents. Threat hunting

ICIT CERTIFIED: In this essay, ICIT Contributor Luther Martin from Micro Focus Government Solutions (an ICIT Fellow Program Member) discusses how governments that do not enforce cybercrime laws may in effect be decriminalizing cybercrime; and offers a possible solution to incentivize governments to enforce cybercrime laws. It has been reviewed by ICIT researchers and is certified as an educational document. ICIT encourages stakeholders to read this paper and distribute it wid

ICIT CERTIFIED:  In this paper, the researchers at IOActive, an ICIT Fellow Circle Member, offer three real-world scenarios involving serious vulnerabilities that affect the aviation, maritime, and military industries. It has been reviewed by ICIT researchers and is certified as an educational document.  ICIT encourages stakeholders to read this paper and distribute it widely to share its contents. This research comprehensively details three real-world scenarios involving ser

Most of the 8 million people estimated to fly every day directly or indirectly interact with the technologies running the “typical airport’ experience” – avionics software on planes, air traffic control systems, fuel pumps, baggage handling systems, ticketing systems, security systems, etc. – without considering the resiliency and security of the software or equipment they interact with. However, like most technology, the software and equipment used to run the operations of

Software development that does not incorporate comprehensive security throughout the lifecycle of the application jeopardizes national security by increasing the threat landscape surrounding high-value networks and sensitive data. Unfortunately, many of today’s technology manufacturers prioritize speed to market over security, have adopted a ‘deploy now, patch later’ culture, and shift the liability of their vulnerable technology onto consumers through EULAs and SLAs. It is v