AN EXECUTIVE BRANCH UPDATE: The National Institute of Standards and Technology (NIST) at the Commerce Department posted notice of two new projects for countering threats from ransomware. NIST's National Cybersecurity Center of Excellence posted a notice on the Federal Register discussing the two initiatives, inviting technology vendors to participate in them. Both projects will use open-source technologies available on the market to develop methods aimed at countering ransomware threats. The first project, called the Identifying and Protecting Assets Against Ransomware and Other Destructive Events, will focus on developing technology methods to identify assets that could fall victim to ransomware attacks and protect them against such attacks. The second, called the Detecting and Responding to Ransomware and other Destructive Events, aims to develop methods to deal with ransomware attacks that do occur--to detect the ransomware and mitigate and contain damage from the attack. NIST is encouraging private technology vendors to participate in the collaboration. A REPORT IN FOCUS: MORE EMAIL SECURITY RESEARCH: New research indicates that the vast majority of federal information technology contractors have not implemented an email security tool that helps protect users from phishing attacks. According to a survey released this week by the Global Cyber Alliance, only one of the 50 top federal IT contractors for the federal government is using the anti-phishing tool at its strongest setting, known as the Domain-based Message Authentication, Reporting, and Conformance (DMARC). The Department of Homeland Security (DHS) last year mandated that federal agencies and departments operating .gov domains implement DMARC in order to crack down on fraudulent messages. The directive does not apply to federal contractors. When adopted, DMARC allows organizations to report emails that fail authentication tests and potentially block them from entering a recipient's inbox, if the strongest setting is enabled. Twenty-one of the federal contractors reviewed by the Global Cyber Alliance have implemented DMARC on the weakest setting, meaning that no action is being taken to block the fraudulent emails. or quarantine them to a recipient's spam folder. Homeland Security gave agencies and departments until mid-January to begin using the tool, though some appear to have missed that deadline. A study released Thursday by Valimail found that 68 percent of federal government agencies had implemented DMARC. A LIGHTER CLICK: Rough week? How about some bitcoin yoga. (Motherboard) WHAT'S IN THE SPOTLIGHT NEXT WEEK: NSA DIRECTOR: Congress might be out of town next week, but there will still be plenty of cybersecurity action in and around Washington. On Friday, May 4, Pentagon officials will host a ceremony at which Lt. Gen. Paul Nakasone will officially take over leadership of the National Security Agency and U.S. Cyber Command from Adm. Mike Rogers. Nakasone was confirmed by the Senate to serve in the dual-hat role of NSA director and commander of Cyber Command on Tuesday. Nakasone most recently headed the Army's cyber warfare unit and IS widely cheered by current and former officials for his experience. The event will take place at Fort Meade, according to a media advisory, and also mark the official elevation of Cyber Command--a change that President Trump authorized last August. To read more about Nakasone, click here. IN CASE YOU MISSED IT: Links from our blog, The Hill, and around the Web. Judge tosses Manafort lawsuit challenging Mueller's authority. (The Hill) Trump: Russia probe 'MUST END NOW!' (The Hill) New cyber provisions under consideration for next defense policy bill. (FCW) Google, Microsoft press Georgia's governor to veto active cyber defense bill. (WXIA-TV) Service members bid farewell to NSA Director Adm. Mike Rogers with a run. (NSA) Tech companies battle over military cloud contract. (NextGov) Amazon is hiking Prime prices. (Recode) If you'd like to receive our newsletter in your inbox, please sign up here. |