Tag Archive for: strategy

Draft cybersecurity strategy has been formulated: Centre

/in


A draft National Cyber Security Strategy has been formulated to address the issue of security of national cyberspace. Image for representational purpose only.

A draft National Cyber Security Strategy has been formulated to address the issue of security of national cyberspace. Image for representational purpose only.
| Photo Credit: Reuters

The National Security Council Secretariat (NSCS) has formulated a draft National Cyber Security Strategy, which holistically looks at addressing the issue of security of national cyberspace, said the government in the Lok Sabha on Wednesday.

Responding to a query from Lok Sabha members Rajveer Singh and Sukanta Majumdar raised in the wake of recent cyber attacks, Minister of Electronics and Information Technology Ashwini Vaishnaw said the NSCS had formulated a draft strategy. However, the timeline for its implementation and other details were not mentioned.

To a question whether the government had taken any steps to mitigate citizens’ vulnerability to cyber attacks, the Minister said its policies were aimed at ensuring an open, safe, trusted and accountable Internet for the users. Listing the measures being taken, the written reply said: “The Indian Computer Emergency Response Team (CERT-In) issues alerts and advisories regarding latest cyber threats/vulnerabilities and countermeasures to protect computers and networks on an ongoing basis”.

Also read | Ransomware attacks jump 51% this year: CERT-In

Security tips have been published for users to secure their desktops and mobile phones and to prevent phishing attacks. CERT-In operates the Cyber Swachhta Kendra (Botnet Cleaning and Malware Analysis Centre) “to detect malicious programmes and free tools to remove the same, and to provide cyber security tips and best practices for citizens and organisations”, it said.

“The organisation regularly disseminates information and shares tips on cyber safety and security through its official social media handles and websites. CERT-In and the Reserve Bank of India [RBI] jointly carry out a cyber security awareness campaign on ‘Beware and be aware of financial frauds’ through the Digital India Platform. The Ministry also carries out awareness programmes,” the reply added.

The Indian Cyber Crime Coordination Centre (I4C), under the Ministry of Home Affairs (MHA), has been designated as the nodal…

Source…

China Automotive Cybersecurity Hardware Research Report 2022: OEMs Generally Adopt the Security Chip + HSM Strategy to Build their Cybersecurity Protection System – ResearchAndMarkets.com

/in


DUBLIN–()–The “China Automotive Cybersecurity Hardware Research Report, 2022” report has been added to ResearchAndMarkets.com’s offering.

Security chip and HSM that meet the national encryption standards will build the automotive cybersecurity hardware foundation for China.

OEMs generally adopt the security chip + HSM strategy to build their cybersecurity protection system.

At the core of cybersecurity hardware are security chip and hardware security module (HSM).

Security chip, or secure element (SE), is an integrated circuit that integrates cryptographic algorithms and features physical attack prevention design.

Hardware security module (HSM) is a computer device used to protect and manage the keys and sensitive data applied by the strong authentication system, and also provide related cryptographic operations. It is the basic support for automotive security solutions.

At present, most OEMs employ the security chip + HSM strategy to build an automotive cybersecurity protection system.

For example, in its automotive cybersecurity security system, NIO uses security chips and HSM to reinforce hardware and networks; in terms of secure communication, the HSM and certificate system featuring integrity, encryption, pseudonymization and anonymity is the basis for enabling data privacy protection. In addition, bug fixes over the air (OTA) are available in the case of emergency.

GAC completes the hardware security design and creates the four systems of border protection, automotive security, PKI certification & transmission, and security services, using security chip (SE) + HSM, and secure boot, trusted zone and encryption technologies. And at the vehicle end, GAC conducts in-depth research on vehicle inside and outside multi-node security protections, such as Linux OS for T BOX 4G module, Android OS for vehicle head unit, QNX OS for gateway and MCU, and communication interaction, aiming to establish an in-depth protection system for in-vehicle security.

Homemade SE chips are mass-produced and applied in vehicles.

As the US passed CHIPS Act, the localization of semiconductors in China assumes greater urgency. More chip equipment, materials and…

Source…

Here’s How to Ensure Your Incident Response Strategy is Ready for Holiday Hackers

/in


Holiday Hackers

The best line of defense against holiday hacking schemes is a comprehensive incident response strategy that focuses on end-user vulnerabilities.

The holiday season is upon us and with it a slew of cybersecurity scams preying on end-user vulnerabilities.

Because employees often use their business emails and cell phones as their primary point of contact, these scams quickly become a threat to employer computer systems. With so many people shopping online, tracking shipments, and entering sensitive data across multiple websites, holiday hackers are primed and ready to attack your networks by taking advantage of your employees’ online actions and cell phone usage.

According to the FBI, the two most frequent types of holiday scams include non-delivery and non-payment crimes – when a consumer either pays for a product or service that is never delivered or products being shipped without the seller receiving payment. Cybercriminals are also keen on gift card fraud and auction fraud, as well as phishing attempts over email or text messages that disguise malicious links as purchasing confirmations, order tracking information, or shipment notifications.

This time of year especially, cyber criminals are relying on people being too distracted to realize that they have clicked on a malware link or entered their login credential on a fraudulent website.

The heightened number of cybersecurity threats around the holidays underscore just how important it is to have a comprehensive incident response (IR) strategy in place, protecting both your employees and your company’s digital infrastructure.

Building an Incident Response Strategy for the Holidays

A thorough incident response plan – which is essentially the cybersecurity policies and procedures used to identify, contain and eliminate attacks – is critical to business operations throughout the year. But because the holidays come with a unique set of cybersecurity threats, it is worth revisiting your plan to make sure it is “prepped” for the holiday season.

According to the SANS Institute, a comprehensive IR strategy is centered on six core objectives: preparation, identification, containment, eradication, recovery and lessons learned….

Source…

Ukraine, Irregular-War Changes Are Reshaping Pentagon’s Info-Ops Strategy

/in


Lessons from Ukraine and changes in irregular warfare will be reflected in the upcoming revision of the Pentagon’s information-operations strategy, defense policy leaders said.

“Everyone has a cell phone; that’s what we’re seeing in the Ukraine. Not just soldiers having cell phones and watching the Javelin strike. Civilians are reporting the movement of Russian forces,” said Maj. Gen. Matthew Easley, a top information-ops advisor to the assistant defense secretary for special operations.

Among other things, Easley said, this means special operators need to be thinking about public narratives—how they might change and how U.S. forces can shape them—long before fighting erupts. And that means ensuring that troops have the right digital skills, including data analysis and messaging. 

“Our information operators and forces must engage throughout the spectrum of operational planning and execution, and cannot wait until a crisis begins to start setting the theater for messaging,” the general said Friday at the National Defense Industrial Association’s Special Operations/Low-Intensity Conflict Symposium in Washington, D.C. “We must reinforce campaign planning to start with objectives in the cognitive domain. Understand what narratives are needed to reinforce those objectives, and then develop plans for physical action that show commitment to that narrative.”

The new strategy, required by the 2020 defense policy act and slated for publication in March, will update the 2016 version, Easley said. A joint info-ops doctrine was published in 2018. 

It builds on several sweeping tech policy efforts the Pentagon is working through, including cyber, data, and digital modernization strategies. It will have four lines of effort with an emphasis on personnel training needs and force design. That also means doing a better job integrating information operations, he said, noting the U.S. Marine Corps’ Information Groups as an example.

Other lines of effort include building programs that enhance information operations, such as cloud-based infrastructure and data analytics; creating effective policies and governance; and maintaining partnerships. In a 2021 report, the Government…

Source…