banner
LightNews
istorg.bsky.social
Institute for Security and Technology
@istorg.bsky.social
520 followers 140 following 570 posts
We are the 501(c)(3) critical action think tank that unites technology and policy leaders to create solutions to emerging security challenges. https://securityandtechnology.org/
securityandtechnology.org
Posts Media Videos Starter Packs
Pinned
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 8d
As tech evolves across the world, so do #cyber threats. This #CybersecurityAwarenessMonth, IST will share practical resources, novel research & critical insights to help individuals, orgs & communities strengthen their #cybersecurity practices. The NCA’s #Core4 highlights tips to #StaySafeOnline.
1 2
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 20h
“If we are looking at this through an appropriations lens, or, how does the US government fund it on more stable footing so we don't want to contract less, we have missed the point. The point is, you need a diversity of funding,” Nicholas said.
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 20h
IST Senior VP for Policy Nicholas Leiserson spoke on the #CyberNextDC vulnerability management panel with experts from Venable, Wiz, and the CVE Foundation. What are the possible solutions for the CVE’s funding problems?
1 1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 22h
...And right now, we have a glass jaw.,” Josh said, referencing his work through #UnDisruptable27 to boost defenses for water facilities in hospital communities.
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 22h
"...We know who’s coming, when they’re coming, how they’re acting, and we can take more surgical, prescriptive steps to harden those. Let me remind you, our ability to throw a punch is entangled with our ability to take a punch, or to counterpunch..."
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 22h
Josh emphasized the importance of building resilience, especially in the lifeline critical infrastructure sectors that carry implications for human life and public safety. “If we can’t stop teenagers, we should not assume our water facilities can stop a military unit...
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 22h
At #CyberNextDC, IST Adjunct Jen Ellis moderated the Cyber Luminaries panel with Jaya Baloo, COO & CISO at a stealth startup, Sam Curry, Zscaler CISO & IST Exec in Residence @joshcorman.bsky.social to discuss the latest developments in the fields of AI, cybersecurity, and critical infrastructure.
1 1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 23h
"I think the White House, and Director Cairncross in particular, have a unique opportunity in their forthcoming strategy to let the good flourish, push the bureaucracy to overcome the bad, and lead the country to tackle the ugly," she said.
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 23h
What’s next for #cyber policy? In her keynote at #CyberNextDC, IST CSO @megans.bsky.social laid out how to look at cyber policy ‘through the looking glass’ of the RTF & identified areas she sees as ripe for novel policy solutions.
🛡️ Read her full remarks: securityandtechnology.org/blog/what-cy...
1 2
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
This year’s Veil Storm II sought to build an operational plan to further disruptive efforts to reduce cybercrime. Stay tuned for the next after action report!
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
It resulted in an after-action report released earlier this summer that generated valuable takeaways for enhancing operational collaboration and information sharing.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
Veil Storm I, held last year in The Hague, focused on information sharing across international law enforcement agencies and private sector firms in responding to cyber incidents.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
IST Director for Digital Security Taylor Grossman was in The Hague last week to carry out Veil Storm II, the second exercise conducted by the Ransomware Task Force (RTF) in partnership with Europol’s European Cyber Crime Center.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
The exercise brought together key stakeholders in the ransomware information ecosystem and asked them to consider challenges to operational collaboration & info sharing in response to a ransomware attack. IST’s Taylor Grossman summarized the key takeaways of the exercise in her report.
🛡️ Read more:
Exercise VEIL STORM I: After Action Report
In partnership with Europol, the Institute for Security and Technology and the Ransomware Task Force’s International Engagement Working Group designed and delivered Exercise VEIL STORM I, a tabletop e...
securityandtechnology.org
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
Last year, in partnership with Europol’s European Cybercrime Centre, IST and the #RansomwareTaskForce’s International Engagement Working Group designed and delivered Exercise VEIL STORM I with support from the NCA and RCMP.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
Ransomware victims who engage with law enforcement reduced breach costs by $1m, IBM reports. But when your business is hit with a cyber attack, what comes next? This #CybersecurityAwarenessMonth, we’re spotlighting our ongoing work to bolster info sharing & operational collaboration. 🧵
1 1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
🛡️ Read “CVE at a Crossroads: A Blueprint for the Next 25 Years:”
CVE at a Crossroads: A Blueprint for the Next 25 Years
The Common Vulnerabilities and Exposures (CVE) Program is a critical public good, yet it is at a crossroads. Established by MITRE with support from the U.S. government, the index of software vulnerabi...
securityandtechnology.org
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
➡️ Key priorities related to data quality standards for CVE records and technical infrastructure modernization to ensure the program serves as a public good for the next 25 years.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
➡️ National (or Regional) Vulnerability Management Programs, which would handle other key functions related to software vulnerabilities—beyond assigning identifiers—for both software producers and users.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
➡️ A Global Vulnerability Catalog, a multistakeholder successor to the CVE Program that would identify, maintain, and manage access for a catalog of “actionable cybersecurity vulnerabilities.”
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
Noting that the data it provides about the prevalence of software defects is also crucial for driving progress in achieving security-by-design, they propose:
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
In “CVE at a Crossroads: A Blueprint for the Next 25 Years,” authors Nicholas Leiserson, Bob Lord, and Lauren Zabierek build a policy framework that separates the creation and cataloging of universal vulnerability identifiers from other vulnerability management functions that rely on them.
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
🚨 NEW from IST: The CVE Program is at a crossroads. Recent funding issues have exposed key challenges, and without action, the vulnerability identification landscape will fragment. Today’s report provides recs for global policymakers to reimagine the CVE Program for the next 25 years.
🛡️ Learn more:
CVE at a Crossroads: A Blueprint for the Next 25 Years
The Common Vulnerabilities and Exposures (CVE) Program is a critical public good, yet it is at a crossroads. Established by MITRE with support from the U.S. government, the index of software vulnerabi...
securityandtechnology.org
1 1 1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
➡️ National (or Regional) Vulnerability Management Programs, which would handle other key functions related to software vulnerabilities—beyond assigning identifiers—for both software producers and users.
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
➡️ A Global Vulnerability Catalog, a multistakeholder successor to the CVE Program that would identify, maintain, and manage access for a catalog of “actionable cybersecurity vulnerabilities.”
1
istorg.bsky.social
Institute for Security and Technology @istorg.bsky.social · 1d
Noting that the data it provides about the prevalence of software defects is also crucial for driving progress in achieving security-by-design, they propose:
1