Department of Homeland Security
Enduring Security Framework Potential Threats to 5G Network Slicing (Department of Homeland Security)
Submitted by dclay@benton.org on Wed, 12/21/2022 - 14:42Assessment of the Critical Supply Chains Supporting the U.S. Information and Communications Technology Industry (Department of Commerce)
Submitted by benton on Thu, 02/24/2022 - 06:31Strategic Principles for Securing the Internet of Things
The growth of network-connected devices, systems, and services comprising the Internet of Things (IoT) creates immense opportunities and benefits for our society. IoT security, however, has not kept up with the rapid pace of innovation and deployment, creating substantial safety and economic risks. This document explains these risks and provides a set of non-binding principles and suggested best practices to build toward a responsible level of security for the devices and systems businesses design, manufacture, own, and operate.
The following principles offer stakeholders a way to organize their thinking about how to address IoT security challenges:
- Incorporate Security at the Design Phase
- Advance Security Updates and Vulnerability Management
- Build on Proven Security Practices
- Prioritize Security Measures According to Potential Impact
- Promote Transparency across IoT
- Connect Carefully and Deliberately
Reaction on “Heartbleed”: Working Together to Mitigate Cybersecurity Vulnerabilities
When a cybersecurity industry report was published about a vulnerability known as “Heartbleed” -- affecting websites, email, and instant messaging -- that can potentially impact Internet logins and personal information online by undermining the encryption process, the Department’s US -- Computer Emergency Readiness Team (US-CERT) immediately issued an alert to share actionable information with the public and suggested mitigation steps.
Subsequently, our Industrial Control System-Cyber Emergency Response Team (ICS-CERT) published information and reached out to vendors and asset owners to determine the potential vulnerabilities to computer systems that control essential systems -- like critical infrastructure, user-facing, and financial systems.
The National Coordinating Center for Communications (NCC) also provided situational awareness to communications sector partners for their review and action. Importantly, the Federal government’s core citizen-facing websites are not exposed to risks from this cybersecurity threat. We are continuing to coordinate across agencies to ensure that all Federal government websites are protected from this threat.