Open Access Publisher and Free Library
03-crime prevention.jpg

CRIME PREVENTION

CRIME PREVENTION-POLICING-CRIME REDUCTION-POLITICS

Posts tagged Cyber Strategy
CISA Analysis: Fiscal Year 2023 Risk and Vulnerability Assessments

By United States. Cybersecurity & Infrastructure Security Agency

The following passage from the document contains multiple links embedded in the text: "The Cybersecurity and Infrastructure Security Agency (CISA) conducts Risk and Vulnerability Assessments (RVAs) for the federal civilian executive branch (FCEB), high priority private and public sector critical infrastructure (CI) operators, and select state, local, tribal, and territorial (SLTT) stakeholders. Concurrently, the United States Coast Guard (USCG) conducts RVAs on maritime CI operated by SLTT and private-sector organizations. The RVA is intended to assess the entity's network capabilities and network defenses against known threats. In Fiscal Year 2023 (FY23), CISA and the USCG conducted a combined total of '143' RVAs across multiple CI sectors. [...] The goal of the RVA analysis is to develop effective strategies to improve the security posture of FCEB, CI, maritime, and SLTT stakeholders. During each RVA, CISA and the USCG collect data through remote and onsite actions. This data is combined with national threat and vulnerability information to provide organizations with actionable remediation recommendations prioritized by risk of compromise. CISA designed RVAs to identify vulnerabilities threat actors could exploit to compromise network security controls. After completing an RVA, CISA and the USCG provide the assessed entity a final report that includes recommendations, specific findings, potential mitigations, and technical attack path details. The FY23 reports provided these general observations: [1] Assessors completed their most successful attacks via common methods, such as phishing, valid accounts, and default credentials. [2] Assessors used a variety of tools and techniques CISA has captured in previous RVA analyses to successfully conduct common attacks. [3] Many organizations across varying CI sectors exhibited the same vulnerabilities. [4] CISA assessment personnel used common vulnerabilities facilitated by shortcomings in secure by design and default principles and other misconfigurations to compromise systems."

UNITED STATES. Government. Washington DC. SEP, 2024. 24p.

IT Outage from CrowdStrike's Update: Impacts to Certain Public Safety Systems and Considerations for Congress

Pechtol, Colby; Gallagher, Jill C.

The following passage from the document contains multiple links embedded in the text: "On July 19, 2024, CrowdStrike, a U.S. cybersecurity firm, released a software update to their customers. The update caused certain systems to crash, disrupting services across several industries, including airlines, banks, hospitals, government agencies, and public safety systems. CrowdStrike reported that the incident was caused by 'a defect found in a single content update of its software on Microsoft Windows operating systems' and was not a cyberattack. Though the update affected less than 1% of all Windows machines, the impacts were widespread and global. The incident illustrates the vulnerabilities of information technology (IT) systems, increased dependence and risks in relying on third-party vendors for critical IT services, and lack of protocols and backup systems in the event of IT system failures. This In Focus discusses the incident's impact on certain U.S. public safety communications systems and services."

LIBRARY OF CONGRESS. CONGRESSIONAL RESEARCH SERVICE. 26 JUL, 2024.. 3p.

Optimizing Cyberdeterrence

By Robert Mandel

Optimizing Cyberdeterrence by Robert Mandel provides a comprehensive analysis of strategies to enhance cybersecurity on a global scale. Mandel delves into the concept of cyberdeterrence and how it can be optimized to prevent cyberattacks effectively. Through detailed case studies and theoretical frameworks, the book offers valuable insights into the evolving landscape of cyber threats and the necessary steps to mitigate them. A must-read for policymakers, cybersecurity professionals, and anyone interested in safeguarding against cyber risks.

Georgetown University Press, 2017 - 287 pages