Tag Archive for: Controls

Intrusion Preclusion: BIS Issues Long-Awaited Controls on Cybersecurity Items, Creates New License Exception | Wilson Sonsini Goodrich & Rosati

/in


On October 21, 2021, the Department of Commerce’s Bureau of Industry and Security (BIS) issued an interim final rule (the rule) implementing expanded export controls on cybersecurity items based on the belief that these items “could be used for surveillance, espionage, or other actions that disrupt, deny or degrade the network or devices on it.” The new controls on cybersecurity items stem from the 2013 addition by the Wassenaar Arrangement1 (WA) of cybersecurity items, including intrusion software to Wassenaar’s list of controlled items. Public comments in 2015 indicating significant concerns over BIS’s implementation and scope of the proposed controls resulted in renegotiation of these controls at the WA’s 2017 meeting. Last week’s rule implements the WA 2017 controls. The rule is intended to prevent malicious “intrusion software” from being exported to certain countries of concern without a BIS license and not to hinder responses to cybersecurity flaws and incidents.

New Cybersecurity Related ECCNs

The rule creates new controls on hardware and software (ECCNs 4A005 and 4D004, respectively) specially designed or modified for the generation, command and control, or delivery of intrusion software. The EAR defines intrusion software as software specially designed or modified to avoid detection by monitoring tools2 or to defeat protective countermeasures,3 of a computer or network capable device (such as a mobile device or smart meter). Intrusion software either 1) extracts data or information (from the computer or network-capable device) or modifies system or user data or 2) modifies the standard execution path of a program or process in order to allow the execution of externally provided instructions. According to the proposed rule, it does not include any of the following: Hypervisors, debuggers or Software Reverse Engineering (SRE) tools; Digital Rights Management (DRM) software; or software designed to be installed by manufacturers, administrators, or users, for the purposes of asset tracking or recovery.

The rule also adds paragraph 5A001.j “IP network communications surveillance systems or equipment” to ECCN 5A001 which is similar to controls on…

Source…

Understanding the Importance of the CIS Controls

/in


Given that attacks are only increasing and there needs to be greater efficacy in how companies protect themselves, let us reference how the financial industry has created and relies on a body of standards to address issues in financial accounting as a defined comparison for Information Security.

To support this argument, there is a defined contrast between information security and Generally Accepted Accounting Principles.

We’ll explore this relationship in more detail below. First, we’ll provide an overview of GAAP.

What Are Generally Accepted Accounting Principles?

According to Investopedia, the Generally Accepted Accounting Principles (GAAP) are a set of accounting principles, standards and procedures issued by the Financial Accounting Standards Board (FASB). They provide commonly accepted ways of recording and reporting accounting information. They also seek to standardize and regulate the definitions, assumptions and methods used in accounting across all industries.

Public companies in the United States must follow GAAP when their accountants compile their financial statements.

These 10 general concepts can help you remember the main mission of GAAP:

  1. Principle of Regularity: The accountant has adhered to GAAP rules and regulations as a standard.
  2. Principle of Consistency: Accountants commit to applying the same standards throughout the reporting process from one period to the next in order to ensure financial comparability between periods. Accountants are expected to fully disclose and explain the reasons behind any changed or updated standards in the footnotes to the financial statements.
  3. Principle of Sincerity: The accountant strives to provide an accurate and impartial depiction of a company’s financial situation.
  4. Principle of Permanence of Methods: The procedures used in financial reporting should be consistent to allow for a comparison of the company’s financial information.
  5. Principle of Non-Compensation: Both negatives and positives should be reported with full transparency and without the expectation of debt compensation
  6. Principle of Prudence: This emphasizes fact-based financial data representation that is not clouded by speculation.
  7. Principle…

Source…

Reactions to the US sanctions against Russia. Sweden and the GRU. Export controls on personal data. Power grid security.

/in


At a glance.

  • Reaction to the US sanctions against Russia.
  • Sweden thinks the GRU did it, but that there’s no point in prosecuting individuals.
  • Export controls on US personal data?
  • Emerging US policy for enhancing power grid security.

The carrot as the stick: more reactions on the US response to Russian hacking.

The Biden Administration’s much-anticipated response to Holiday Bear’s tear was coupled with an invitation to improve bilateral relations, as SecurityWeek observes. President Biden gave President Putin a heads up about the measures and pitched a summer summit, according to NBC, claiming this “is the time to de-escalate” and expressing the desire to dodge a “downward spiral.” Secretary of State Blinken clarified that Washington seeks “opportunities for cooperation, with the goal of building a more stable and predictable relationship.” Breaking Defense recounts Stanford researcher Herbert Lin’s doubts that the sanctions will steer Moscow towards better behavior, as the Kremlin promises an “inescapable” riposte.  

Atlantic Council notes that the response “leave[s] room for escalation,” for example against Kremlin “cronies,” though the measures have already had significant economic impact. (Foreign Policy mentions that some anticipated stronger action, finding the fiscal policy “timid,” since the more important secondary market for Russian debt was left alone.) Council contributors characterized the move as “big politics,” in contrast to available incremental alternatives, explaining that the approach takes on “Putinism” writ large. They worried, however, that the message delivered was not one of resetting relations, and the simultaneous Black Sea and Nord Stream 2 backtracking, which the Moscow Times and Politico detail, send mixed signals about the US’ resolve.  

In the Administration’s view (via NBC), the reaction was “resolute but proportionate” and preserved the opportunity for mutually beneficial partnership. On Moscow’s view, per Foreign Policy, President Biden is “trying to destroy relations between the two countries.” Others—without holding out hope for a productive reply from Russia— see in the approach a direct…

Source…

Johnson Controls makes Coppernic C-One2 terminal available | Security News – SourceSecurity.com

/in



Johnson Controls makes Coppernic C-One2 terminal available | Security News  SourceSecurity.com

Source…