Resource Center

Software Assurance in the Cyber-Supply Chain Risk Management (C-SCRM) Lifecycle. This guide focuses on the “secure by demand” elements by providing recommendations for agency personnel, including mission owners and contracting staff or requirements office to engage in more relevant discussions with their enterprise risk owners and candidate suppliers such that better, risk-informed decisions can be made associated with acquisition and procurement of software and cyber-physical products.

This document guides the U.S. Federal Government and CI community for the next three years. It aligns CI efforts with national security priorities and updates CI priorities based on the current and future foreign intelligence threat landscape. It communicates these priorities to CI practitioners, allies, partners, customers, and the public, providing a framework for planning, programming, resourcing, and evaluation.

The concept of zero trust “always trust, never verify” premise has become a widely accepted strategy, with the idea that risk is internally and externally inherent. This evolution has led to the  development of new architectures, models, concepts, paradigms and solutions in the implementation of zero trust, all of which are crucial for security practitioners and professionals in operational technology (OT) and industrial control systems (ICS).

Cyber supply chain challenges are increasing, impacting U.S. national security and economic resilience. Collaboration among all corporate security stakeholders is essential to counter these challenges and reduce foreign adversary exposure to critical supply chains. The U.S. Government is highlighting risks in the ICTS marketplace, informing organizations about potential nation-state adversaries exploiting their supply chains.

2023 was marked by significant developments in an increasingly fraught global cybersecurity landscape. Cybercriminals and Advanced Persistent Threat (APT) groups leveraged vulnerabilities in supply chains and popular third-party services to conduct several high-profile cyber-attacks. At the same time, hacktivist groups expanded their targets and operations, demonstrating increased sophistication in their tactics and techniques.

This, the inaugural edition, reveals how firms operating in industrial sectors worldwide are designing and deploying their operational technology estate to improve security, increase efficiency and provide a platform for innovation. We spoke to decisionmakers at firms in 17 countries, operating in more than 20 sectors including manufacturing, utilities, energy, and transportation.

The EU Council in its May 2022 Conclusions on the EU’s cyber posture, requested various bodies to carry out a risk evaluation and develop risk scenarios from a cybersecurity perspective in a situation of threat or possible attack against Member States or partner countries. It was decided to focus this report on two sectors: telecommunications and electricity.

In 2023, ransomware attacks, child sexual exploitation (CSE) and online fraud remained the most threatening manifestations of cybercrime in the European Union (EU). The cybercriminal landscape remained diverse, comprising both lone actors and criminal networks offering a wide range of expertise and capabilities. Some cybercriminals targeting the EU were based within the EU, while others preferred to operate from abroad, concealing their illicit operations and funds in third countries.

The Coast Guard Should Take Additional Steps to Secure the Marine Transportation System Against Cyberattacks. The US Coast Guard took steps to enhance the cyber posture of the Marine Transportation System (MTS) but faces challenges fully implementing cybersecurity readiness efforts to protect the U.S. supply chain. Over the past 2 years, in accordance with its statutory requirements, Coast Guard established maritime cybersecurity teams to deter and respond to transportation cybersecurity incidents.