Defense Innovation Board Pushing Zero Trust Architecture for Military
The Pentagon’s Defense Innovation Board (DIB) has approved a white paper that calls on the Department of Defense (DOD) to implement zero trust architecture (ZTA) for network access. The paper notes DOD’s currently reliance perimeter-based cybersecurity and says that “Zero Trust Architecture (ZTA) can significantly offset vulnerabilities and threats across DoD networks by creating discrete, granular access rules for specific applications and services within a network.”
Read more in:
– media.defense.gov: The Road to Zero Trust (Security) (PDF)
US Coast Guard Issues Marine Cybersecurity Warning and Advice(July 8 & 9, 2019)
An incident earlier this year led the US Coast Guard to issue a Marine Safety Alert that offers providing advice for implementing cybersecurity protocols. In February, the Coast Guard led an interagency team in an investigation of “a significant cyber incident” affecting the shipboard network of a deep draft vessel. The recommendations in the alert include segmenting networks; eliminating generic access credentials for multiple individuals; enforcing least privilege access; and regular patching.
Read more in:
– www.dco.uscg.mil: Cyber Incident Exposes Potential Vulnerabilities Onboard Commercial Vessels (PDF)
Microsoft Patch Tuesday Includes Fixes for Two Zero-Days and a Critical Flaw in Windows DHCP Server(July 9, 2019)
On Tuesday, July 9, Microsoft released software updates to address nearly 80 vulnerabilities in a range of products. Fifteen of the flaws have been rated critical. Arguably one of the most severe of these is a memory corruption vulnerability in Windows DHCP server; the issue affects most supported versions of Windows Server. Two of the flaws fixed in the update are being actively exploited, and four others were disclosed before the fixes were made available.