I commend our colleagues at NIST's Smart Grid and Cyber-Physical Systems Program Office for providing this timely and necessary update to the NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 4.0.
BlackBerry Jarvis Named Best In Breed Tool to Protect Mission Critical Software Supply Chains
News provided by
Share this article
Share this article
WATERLOO, Ontario, Feb. 16, 2021 /PRNewswire/ BlackBerry Limited (NYSE: BB; TSX: BB) today announced that BlackBerry® Jarvis™, a software composition analysis tool, has been recognized as Best in Breed by an Internal Research & Development project (IRAD). The analysis was conducted on behalf of the United States Department of Defense (DoD) by The Aerospace Corporation, and recommends the most proficient binary analysis solutions on the market for embedded software, citing BlackBerry Jarvis as the most promising and robust after a rigorous assessment of key players.
708 views
The NY Times recently published an article about the Solarwinds cybersecurity incursions that affected government and commercial enterprises in December. A consensus is forming, among the cybersecurity monitors, that Russia’s S.V.R. intelligence service, a/k/a CozyBear, appears to be behind this attack. Two items contained in the NY Times article are particularly disturbing and noteworthy:
SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised.
None of the SolarWinds customers contacted by The New York Times in recent weeks were aware they were reliant on software that was maintained in Eastern Europe. Many said they did not even know they were using SolarWinds software until recently.
1370 views
This article is co-authored by Shuli Goodman PhD, Executive Director, LF Energy, Chris Blask, Global Director Industrial and IoT Security, Unisys and Dick Brooks, Co-Founder, Reliable Energy Analytics LLC
The energy industry is well aware of the risks from cyber threats. However, the visibility and sheer scale and scope of the Solarwinds software breach that ripped through the US Federal government and 425 of the Fortune 500 reveals that our software supply-chains need attention, immediately. While it may take years or months to unwind the destruction, solutions for securing software supply-chains need to be identified now. The SolarWinds breach raises the central question, “how do you know if you can trust a software object, before you install it in a critical system?”
US Government Reliance on Commercial Software Makes It Susceptible to Future Cyber Attacks
On 12/17/20 at 8:59 PM EST
The cyber supply chain attack that infiltrated a software company used by top federal and corporate institutions is just a preview of larger risks that lie ahead. A certain level of system vulnerability is unavoidable in a world where the government must assume that private sector certifications consistently meet the security standards that adequately protect some of our most valued information.
Experts say the problem, at its heart, is a matter of time and trust. How do you know what s going on in your computer? asks Herbert Lin, leading cybersecurity expert at Stanford University. The answer is you don t, you just trust that the thing works.