Cloud Certification Scheme: Building Trusted Cloud Services Across Europe

Agency News, Cyber Security CII sector, Industry News
ENISA launches a public consultation on a new draft candidate cybersecurity certification scheme in a move to enhance trust in cloud services across Europe.
The European Union Agency for Cybersecurity (ENISA) launched a public consultation, which runs until 7 February 2021, on its draft of the candidate European Union Cybersecurity Certification Scheme on Cloud Services (EUCS). The scheme aims to further improve the Union’s internal market conditions for cloud services by enhancing and streamlining the services’ cybersecurity guarantees. The draft EUCS candidate scheme intends to harmonise the security of cloud services with EU regulations, international standards, industry best practices, as well as with existing certifications in EU Member States.
EU Agency for Cybersecurity Executive Director Juhan Lepassaar said: “Cloud services play an increasing role in the life of European citizens and businesses under lockdown; and their security is essential to the functioning of the Digital Single Market. A single European cloud certification is critical for enabling the free flow of data across Europe, and is an important factor in fostering innovation and competitiveness in Europe.”
Speaking at the ENISA Cybersecurity Certification Conference on 18 December 2020, Director of Digital Society, Trust and Cybersecurity at the European Commission Directorate-General for Communications Networks, Content and Technology (DG CONNECT) Lorena Boix Alonso said: “We must ensure that cybersecurity certification strikes the right balance, following a sensible risk-based approach, with flexible solutions and certification schemes designed to avoid being outdated quickly. And we need a clear roadmap to allow industry, national authorities and standardisation bodies to prepare in advance.”
There are challenges to the certification of cloud services, such as a diverse set of market players, complex systems and a constantly evolving landscape of cloud services, as well as the existence of different schemes in Member States. The draft EUCS candidate scheme tackles these challenges by calling for cybersecurity best practices across three levels of assurance and by allowing for a transition from current national schemes in the EU. The draft EUCS candidate scheme is a horizontal and technological scheme that intends to provide cybersecurity assurance throughout the cloud supply chain, and form a sound basis for sectoral schemes.
More specifically, the draft EUCS candidate scheme:
- Is a voluntary scheme;
- The scheme’s certificates will be applicable across the EU Member States;
- Is applicable for all kinds of cloud services – from infrastructure to applications;
- Boosts trust in cloud services by defining a reference set of security requirements;
- Covers three assurance levels: ‘Basic’, ‘Substantial’ and ‘High’;
- Proposes a new approach inspired by existing national schemes and international standards;
- Defines a transition path from national schemes in the EU;
- Grants a three-year certification that can be renewed;
- Includes transparency requirements such as the location of data processing and storage.
Leave a comment ,

Cybercriminals Favourite VPN Taken Down in Global Action

Agency News, Cyber Security CII sector, Industry News
The virtual private network (VPN) Safe-Inet used by the world’s foremost cybercriminals has been taken down in a coordinated law enforcement action led by the German Reutlingen Police Headquarters together with Europol and law enforcement agencies from around the world.
The Safe-Inet service was shut down and its infrastructure seized in Germany, the Netherlands, Switzerland, France and the United States. The servers were taken down, and a splash page prepared by Europol was put up online after the domain seizures. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
Active for over a decade, Safe-Inet was being used by some of the world’s biggest cybercriminals, such as the ransomware operators responsible for ransomware, E-skimming breaches and other forms of serious cybercrime.
This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections.
Law enforcement were able to identify some 250 companies worldwide which were being spied on by the criminals using this VPN. These companies were subsequently warned of an imminent ransomware attack against their systems, allowing them to take measures to protect themselves against such an attack.
The service has now been rendered inaccessible.
Investigations are ongoing in a number of countries to identify and take action against some of Safe-Inet’s users.
International police cooperation was central to the success of this investigation as the critical infrastructure was scattered across the world.
Europol’s European Cybercrime Centre (EC3) supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy and to organise the intensive exchange of information and evidence needed to prepare for the final phase of the takedown.
Leave a comment , , ,

Resilient buildings offer protection and boost recovery

Agency News, Health & Social Care, Industry News
Resilient infrastructure protects people during disasters and enables communities to recover quickly in the immediate aftermath of a crisis.
Two examples from Vanuatu during and after Tropical Cyclone Harold – a Category 5 storm – illustrate the point powerfully.
During the devastating storm, the two classrooms of Balon School on the island of Santo served as official cyclone shelters protecting around 10 families (approximately 50 people) over two days during the worst weather. One week after Harold passed over the island of Santo, Balon School played an important role in local recovery efforts through the hosting of a psycho-social workshop to help locals deal with the compounded stress from TC Harold.
School teachers shared important information to help families recover quickly in a workshop that was coordinated by School Improvement Officers from the Sanma Education Office.
“The classrooms were very strong, very resilient. Once we closed the wooden shutters, only a small amount of water came in, mostly through the crack under the door, even though we could hear the wind whistling outside, moving trees and branches around and the rain crashing on the roof,” said School Principal John Harry. “There was no damage to either of the classrooms after the storm which meant we could start teaching again soon after.”
The example of Balon School highlights the value of disaster resilient infrastructure in disaster-exposed countries such as Vanuatu, where many of rural schools act as social and educational hubs for local communities.
Balon School caters for 150 students ranging from kindergarten through to Year 6. It was selected as a pilot under the Australian Government-funded Pacific Humanitarian Social Infrastructure as part of the Recovery Acceleration through Prefabricated Infrastructure Deployment (RAPID) programme.
Another good example of resilient infrastructure is Market House in Luganville, Vanuatu’s second major city.
Built in 1977, Market House was renovated in 2019 to strengthen its disaster and climate resilience so that its many vendors – predominantly women and including persons with disabilities – could continue to trade. The renovation included a Category 5 cyclone-resistant roof, more durable flooring and a new water drainage system to reduce the risk of flooding and damage during extreme weather events.
Cyclone Harold hit the town only six months after the renovations. Despite wind speeds of up to 270 kilometers per hour, the Luganville Market House sustained only minor roof damage. As a result, many of the more than 3,000 registered market vendors were able to start selling goods and produce within a week of the storm.
It is a good example of how climate-informed design, construction and renovation of social infrastructure strengthens local and gender-sensitive resilience in the face of increasing climate change threats and disasters. The renovations were under UN Women’s Markets for Change programme, which is mainly funded by the Australian Government.
Leave a comment ,

NCSC releases cyber security advice for agriculture sector

Agency News, Cyber Security CII sector, Industry News
Farmers will for the first time have access to tailor-made cyber security advice published in response to the growing use of technology in the agriculture sector.
The new Cyber Security for Farmers guidance from the National Cyber Security Centre – a part of GCHQ – and the National Farmers’ Union (NFU) will provide the farming community with the tools and information it needs to protect itself from the most common cyber attacks, including scam emails and malicious software.
Businesses in the agricultural sector are increasingly taking advantage of the benefits modern farming technology can provide, such as GPS, remote sensors, and farm management software.
But with official statistics showing a rise in reports of cyber attacks against the farming community, and in the wake of well-documented incidents such as spoof farm machinery adverts leaving farmers thousands of pounds out of pocket, the NCSC and NFU are urging the sector to act on the new guidance.
Sarah Lyons, NCSC Deputy Director for Economy and Society, said: “Technology plays a huge role in modern farming and offers many benefits that will help the industry to thrive in the 21st century.
“We are teaming up with the NFU to share best online practice to the sector, as an increased use of technology also sees an increased risk of being targeted by cyber criminals.
“Staying safe online might seem daunting, but the actionable advice in ‘Cyber Security for Farmers’ will help the sector to stay as safe as possible while embracing the latest technology.”
The advice, which can be found in full on the NCSC’s website, includes guidance on
- protecting your farm against malware;
- keeping devices up to date;
- where to go for help;
- backing up data, and;
- dealing with scam emails, text messages, and phone calls.
Stuart Roberts, Deputy President at the NFU, said: “Rural crime is a huge issue for farm businesses and we rightly look to protect our farm buildings, machinery and our livestock. However, we all live and work in a digital world and we must be conscious of the threats this can bring to our businesses.
“It’s incredibly important that farmers take this seriously, which is why we’ve teamed up with the experts in the National Cyber Security Centre to help produce this guidance. I would urge all farmers to read this advice and take the necessary steps to reinforce their cyber security and protect their farm business.”
The NCSC is committed to raising cyber security and resilience across every part of the UK, and this includes supporting businesses, academia, and the charity sector, as well as the public through the Cyber Aware campaign.
Leave a comment ,

NSA Cybersecurity Advisory: Malicious Actors Abuse Authentication Mechanisms to Access Cloud Resources

Agency News, Cyber Security CII sector, Industry News
In response to ongoing cybersecurity events, the National Security Agency (NSA) released a Cybersecurity Advisory Thursday “Detecting Abuse of Authentication Mechanisms.” This advisory provides guidance to National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to detect and mitigate against malicious cyber actors who are manipulating trust in federated authentication environments to access protected data in the cloud. It builds on the guidance shared in the cybersecurity advisory regarding VMware with state-sponsored actors exploiting CVE 2020-4006 and forging credentials to access protected files, though other nation states and cyber criminals may use this tactic, technique, and procedure (TTP) as well.
This advisory specifically discusses detection and mitigation of two TTPs to forge authentications and gain access to a victim’s cloud resources. While these TTPs require the actors to already have privileged access in an on-premises environment, they are still dangerous as they can be combined with other vulnerabilities to gain initial access, then undermine trust, security, and authentication. Initial access can be established through a number of means, including known and unknown vulnerabilities. The recent SolarWinds Orion ® code compromise is one serious example of how on-premises systems can be compromised, leading to abuse of federated authentication and malicious cloud access.
Mitigation actions include hardening and monitoring systems that run local identity and federation services, locking down tenant single sign-on (SSO) configuration in the cloud, and monitoring for indicators of compromise. NSA remains committed to providing provide timely, actionable and relevant guidance, and is partnering across the public and private sectors in ongoing incident response efforts. Releasing this advisory with further technical guidance allows NSA’s customers to apply preventative measures to the fullest extent along with the detection and mitigation actions.
Summary
Malicious cyber actors are abusing trust in federated authentication environments to access protected data. An “on premises” federated identity provider or single sign-on (SSO) system lets an organization use the authentication systems they already own (e.g. tokens, authentication apps, one-time passwords, etc.) to grant access to resources, including resources in “off premises” cloud services. These systems often use cryptographically signed automated messages called “assertions” shared via Security Assertion Markup Language (SAML) to show that users have been authenticated. When an actor can subvert authentication mechanisms, they can gain illicit access to a wide range of an organizations assets.
In some cases, actors have stolen keys from the SSO system that allow them to sign assertions and impersonate any legitimate user who could be authenticated by the system. On 7 December, NSA reported on an example where a zeroday vulnerability was being used to compromise VMware Access®1 and VMware Identity Manager®2 servers, allowing actors to forge authentication assertions and thus gain access to the victim’s protected data. In other cases, actors have gained enough privileges to create their own keys and identities such as “service principals” (cloud applications that act on behalf of a user) or even their own fake SSO system. According to public reporting, in some cases, the SolarWinds Orion code compromise provided actors initial access to an on-premises network which led to access within the cloud.
Note that these techniques alone do not constitute vulnerabilities in the design principles of federated identity management, the SAML protocol, or on-premises and cloud identity services. The security of identity federation in any cloud environment directly depends on trust in the on-premises components that perform authentication, assign privileges, and sign SAML tokens. If any of these components is compromised, then the trust in the federated identity system can be abused for unauthorized access.
To defend against these techniques, organizations should pay careful attention to locking down SSO configuration and service principal usage, as well as hardening the systems that run on-premises identity and federation services.
Monitoring the use of SSO tokens and the use of service principals in the cloud can help detect the compromise of identity services. While these techniques apply to all cloud environments that support on-premises federated authentication, the following specific mitigations are focused on Microsoft Azure federation. Many of the techniques can be generalized to other environments as well.
Leave a comment , ,

ENISA AI Threat Landscape Report Unveils Major Cybersecurity Challenges

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA) released its Artificial Intelligence Threat Landscape Report, unveiling the major cybersecurity challenges facing the AI ecosystem. ENISA’s study takes a methodological approach at mapping the key players and threats in AI. The report follows up the priorities defined in the European Commission’s 2020 AI White Paper. The ENISA Ad-Hoc Working Group on Artificial Intelligence Cybersecurity, with members from EU Institutions, academia and industry, provided input and supported the drafting of this report.
The benefits of this emerging technology are significant, but so are the concerns, such as potential new avenues of manipulation and attack methods. The technology takes many steps across the supply chain and requires vast amounts of data to function efficiently. The AI Threat Landscape report underlines the importance of cybersecurity and data protection in every part of the AI ecosystem to create trustworthy technology for end-users.
Executive Director of the EU Agency for Cybersecurity Juhan Lepassaar said: “Cybersecurity is one of the bases of trustworthy solutions for Artificial Intelligence. A common understanding of AI cybersecurity threats will be key to Europe’s widespread deployment and acceptance of AI systems and applications.”
This new work by ENISA aims to serve as a baseline for initiatives to secure AI: both in terms of policies, as it frames the problem and provides guidance on cybersecurity threats, as well as in terms of technical controls, as it highlights specific threats for which action may be needed. The report is directed to policy makers when developing future guidance on secure AI deployments, to technical experts to support customised risk assessments and to standardisation bodies to support upcoming AI security standards.
The main highlights of the report include:
Definition of AI’s scope in the context of cybersecurity by following a lifecycle approach. The ecosystem of AI systems and applications is defined by taking into account the different stages of the AI lifecycle -- from requirements analysis to deployment.
- Identification of assets of the AI ecosystem as a fundamental step in pinpointing what needs to be protected and what could possibly go wrong in terms of the security of the AI ecosystem.
- Mapping of the AI threat landscape by means of a detailed taxonomy. This serves as a baseline for the identification of potential vulnerabilities and attack scenarios for specific use cases.
- Classification of threats and listing of relevant threat actors. The impact of threats to different security properties is also highlighted.
The ENISA AI Threat Landscape identifies the challenges and opportunities to deploy secure AI systems and services across the Union. The report highlights the need for more targeted and proportionate security measures to mitigate the identified threats, as well as the need for an in-depth look into AI’s use in sectors such as health, automotive and finance.
The EU Agency for Cybersecurity continues to play a bigger role in the assessment of Artificial Intelligence (AI) by providing key input for future policies.
Earlier this year, the Agency set up the ENISA Ad Hoc Working Group on Cybersecurity for Artificial Intelligence, which supports ENISA in the process of building knowledge on AI Cybersecurity. The group includes members from the European Commission Directorate-General Communications Networks, Content and Technology (DG CONNECT), the European Commission Directorate-General Joint Research Committee (DG JRC), Europol, the European Defence Agency (EDA), the European Union Agency for the Operational Management of Large-Scale IT Systems in the Area of Freedom, Security and Justice (eu-LISA), the European Telecommunications Standards Institute (ETSI), as well as academics and industry experts.
One comment , ,

ENISA 5G Threat Landscape Report Updated to Enhance 5G Security

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA) published an updated version of its 5G threat assessment report to address advancements in the areas of fifth generation of mobile telecommunications networks (5G) and to contribute to the implementation of the EU 5G toolbox cybersecurity risk mitigating measures.
The new ENISA Threat Landscape for 5G Networks report is a major update of the previous edition as it captures recent developments in 5G standardisation. The publication includes a vulnerability analysis, which examines the exposure of 5G components. The analysis explores how cyber threats can exploit vulnerabilities and how technical security controls can help mitigate risks.
European Union Agency for Cybersecurity Executive Director Juhan Lepassaar explained: “By providing regular threat assessments, the EU Agency for Cybersecurity materialises its support to the EU cybersecurity ecosystem.  This work is part of our continuous contribution to securing 5G, a key infrastructure for the years to come.”
The New Threat Landscape includes:
- An updated system architecture of 5G, indicating introduced novelties and assessed security considerations;
- A detailed vulnerability analysis of all relevant 5G assets, including their exposure to threats;
- A mapping of related security controls aiming at the reduction of threat surface;
- An update of the relevant threats in accordance with their exploitation potential of the assessed vulnerabilities;
- The consideration of implementation options – migration paths from 4G to 5G infrastructures;
- The development of a process map showing the contribution of operational, life cycle and security assurance processes to the overall security of 5G infrastructures;
- A new inventory of critical components.
The information produced for this report is based on publicly available content published by 5G market players (operators, vendors, and national and international organisations), standardisation groups and bodies (for example: 3rd Generation Partnership Project (3GPP); International Telecommunications Union (ITU); European Telecommunications Standardisation Institute (ETSI); International Organisation for Standardisation (ISO); the Global System for Mobile Communications (GSMA)).
One comment , ,

Asia-Pacific resolves to move from crisis to resilience

Agency News, Industry News, Power/Energy/Oil & Gas sector, Transport sector, Water sector
In 2019, the United Nations Office for Disaster Risk Reduction’s (UNDRR) Global Assessment Report called on countries to abandon “hazard-by-hazard” risk management, in favour of a holistic approach that examines risk in the context of its impact in systems, including cascading impacts.
A year later, the COVID-19 pandemic presented the world with an unfortunate case study of how systemic risk, if left untreated, can snowball into a disaster and a global crisis.
However, the pandemic was not the only disaster of the year, as 2020 saw countries in Asia-Pacific deal with a perfect storm of dual and multiple disasters, including droughts, floods and typhoons.
For countries in the region to guard against future disasters and mitigate the compounded impact of disasters, a fundamental shift in risk governance at national and local levels is required.
The post-COVID recovery process is one avenue to embed this new approach in socio-economic development processes, to avoid the creation of new risks while risk-proofing development gains.
However, some preconditions need to be met to facilitate this transformation, including committed leadership, investments, engagement of all sectors and stakeholders, and an embrace of science-based multi-hazard risk reduction. All of these elements are in line with the commitments that countries made in the adoption of the Sendai Framework for Disaster Risk Reduction 2015-2030.
The 2021 Asia-Pacific Ministerial Conference for Disaster Risk Reduction (APMCDRR), as the first major UNDRR regional platform since the onset of COVID-19, offers countries and stakeholders an opportunity to determine how these conditions can be met to achieve a transformation in risk governance.
With that goal, UNDRR and Australian Government, as the convener and host of the APMCDRR respectively, completed this week a major step in the roadmap to the ministerial conference, the organizing of the Asia-Pacific Partnership for Disaster Risk Reduction (APP-DRR) Forum.
The APP-DRR was organized on 1-2 December as a virtual meeting with 175 participants from 30 Asia-Pacific governments, over 10 intergovernmental organisations, several UN and international organizations, and stakeholder groups.
The Forum was kicked off with a statement by Ms. Mami Mizutori, Special Representative of the UN Secretary-General for Disaster Risk Reduction, who exhorted the participants to “think big and out of the box”. Opening remarks were made by the Australian Government:
"This forum is an important opportunity to take stock of how we're progressing against our Sendai commitments and to work together to accelerate this process," said Ms. Rebecca Bryant, Assistant Secretary at the Australian Department of Foreign Affairs and Trade, adding:
"Australia is firmly committed to working with countries to further enhance our region's resilience to disasters and to learn from each other's experience."
Of importance to the APMCDRR is building the disaster resilience of small island developing states in the Pacific. These countries are often the most vulnerable countries to extreme weather events, and still have to mobilize resources to counter a global pandemic.
Speaking on both aspects, the Honorable Dr. Ifereimi Waqainabete, Minister of Health and Medical Services in Fiji, said:
“Our coordinates cannot change... we need to understand as a nation that we are prone to disasters. We are prone to cyclones, droughts and other extreme weather events, almost every year,” emphasizing that “as leaders in our own right, we must continue to make better decisions in building resilience to ensure that the devastating impacts of disasters are mitigated and reduced.”
To make the right decisions, countries need to strengthen their data collection systems and understanding of risk, which in turn contributes to the development of sound national and local disaster risk reduction strategies.
On that front, UNDRR noted that the region was making progress in reporting on several Sendai Framework indicators, as 67% of countries in Asia-Pacific have reported some data as of October 2020.
However, challenges remain around the collection of data that is disaggregated by sex, age and disability, which hinders the effectiveness of planning to ensure no one is left behind.
Moreover, countries continue to face challenges in adopting integrated approaches that combine climate change adaptation with disaster risk reduction and expanding their risk governance mechanisms to other sectors.
As the availability of funding is often a hindrance to the implementation of risk reduction strategies, UNDRR presented recommendations on how countries could finance risk prevention.
Green investment offers a particularly effective way to fund climate change adaptation and risk reduction measures, as is highlighted in a report that was launched by UNDRR at the APP-DRR, titled ‘Ecosystem-Based Disaster Risk Reduction: Implementing Nature-based Solutions for Resilience.’
However, as a result of the downturn in economic activity caused by the COVID-19 crisis, it might be necessary for governments to increase their support for green investments as part of their recovery efforts.
“Financially constrained firms have weaker environmental performance and COVID-19 could be detrimental to environmental investments. Going forward, there will be a need for some forms of public support to encourage green recovery,” said Dr. Hiroko Oura from the International Monetary Fund.
The APP-DRR was also an opportunity for countries and stakeholder groups to voice their priorities and concerns. These reflections were posted on the event page and will help inform planning for APMCDRR.
Leave a comment , , ,

NIS Directive has Positive Effect, though Study Finds Gaps in Cybersecurity Investment Exist

Agency News, Cyber Security CII sector, Industry News
The European Union Agency for Cybersecurity (ENISA) released a new report on information security spending for network and information services (NIS) under the NIS Directive, the first EU-wide legislation on cybersecurity. The NIS Investments report is based on a survey of 251 organisations of operators of essential services (OES) and digital service providers (DSP) from France, Germany, Italy, Spain and Poland. Eighty-two percent of those surveyed reported the NIS Directive had a positive effect on their information security.
The new ENISA study examining cybersecurity spending states that 82% of Operators of Essential Services and Digital Services Providers find that the NIS Directive has a positive effect. However, gaps in investment still exist. When comparing organisations from the EU to those from the United States, data shows that EU organisations allocate on average 41% less to cybersecurity than their US counterparts.
NIS Directive Implementation
The report provides input to the European Commission’s review of the NIS Directive on the 16th of December, four years after the Directive entered into force and two years after the transposition into national law.
Challenges remain after the implementation of the Directive -- the lack of clarity of the NIS Directive expectations after transposition into national law was a common issue. More than 35% of organisations surveyed believe the NIS Directive expectations are unclear. Twenty-two percent of respondents listed limited support from national authorities as one of their top challenges when implementing the Directive.
Cybersecurity Investments: EU vs. US
When comparing organisations from the EU to organisations from the United States, the study shows that EU organisations allocate on average 41% less to information security than their US counterparts.
Key findings about the NIS Directive implementation in the NIS Investment report
- The average budget for NIS Directive implementation projects is approximately €175k, with 42.7% of affected organisations allocating between €100k and €250k. Slightly less than 50% of surveyed organisations had to hire additional security matter experts.
- Surveyed organisations prioritised the following security domains: Governance, Risk & Compliance and Network Security.
- When implementing the NIS Directive, 64% of surveyed organisations procured security incident & event log collection solutions, as well as security awareness & training services.
- “Unclear expectations” (35%)  and “Limited support from the national authority” (22%) are among the top challenges faced by surveyed organisations when implementing the NIS Directive.
- 81% of the surveyed organisations have established a mechanism to report information security incidents to their national authority.
- 43% of surveyed organisations experienced information security incidents with a direct financial impact to up to €500k, while 15% experienced incidents with over half a million euro.
Leave a comment ,

CISA Issue Emergency Directive to Mitigate Compromise of Solarwinds Orion Network Management Products

Agency News, Cyber Security CII sector, Industry News
The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “This directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA.
Leave a comment ,
1 38 39 40 41 42 54