Merlin

Cybersecurity - Research / Commentary

Digital Hygiene is not enough!

Does this apply to your organization? - Last Update: Sep 12, 2022

Warning! All Internet connected systems are vulnerable to cyber-attack. It cannot reliably be prevented and a growing number of defense planners believe that preparations should be made to enable critical services to operate disconnected from the Internet. This may seem a radical approach but given the capabilities of state sponsored hackers, maybe not. In the near future, national security may require that this type of contingency planning be performed by those organizations that provide critical services.

INL Logo

Consequence-driven Cyber-informed Engineering (CCE)

"...INL's innovative approach to securing critical infrastructure systems like the electric power grid, oil and natural gas refineries and water treatment facilities."

Related Links

Consequence-driven Cyber-informed Engineering (CCE)

Consequence Based ICS Risk Management

Digital Pearl Harbor

How secure is our Cyber Infrastructure? - Last Update: Aug 7, 2022

Pearl Harbor

Former CIA director and Secretary of Defense, Leon Panetta warned that a devastating "Cyber Pearl Harbor" could hit the U.S. An attack by hackers from, or sponsored by, foreign governments could impact businesses and the military.

Related Links

Panetta Warns of 'Cyber Pearl Harbor'

Russia's war on Ukraine: Timeline of cyber-attacks

China's Hacking Spree Will Have a Decades-Long Fallout

Homeland Security - Data Security Business Advisory: 12/2020

Reminder of the PRC's intent. - Last Update: Aug 24, 2022

The PRC (People's Republic of China) continues to indicate that it will pursue global dominance in its next phase of data-driven technological growth by leveraging its "asymmetrical advantages," which implicitly include:

  • the lack of privacy laws,
  • intellectual property rights, and
  • human rights protections.

The PRC National Intelligence Law of 2017: This law forms the baseline of the modern data collection regime, and compels all PRC firms and entities to support, assist, and cooperate with the PRC intelligence services, creating a legal obligation for those entities to turn over data collected abroad and domestically to the PRC. Article 7 of this law states "any organization or citizen shall support, assist and cooperate with the state intelligence work in accordance with the [National Intelligence] Law, and keep the secrets of the national intelligence work from becoming known to the public."

A PRC intelligence agency may request that any PRC firm or entity secretly share access to a U.S. business or individual's data, or otherwise face penalties. In addition, the National Intelligence Law may compel PRC firms to create backdoors and other security vulnerabilities in equipment and software sold abroad so that the PRC government can easily access data not controlled by PRC firms.

CISA icon
DHS China Advisory

Related Links

DHS - Data Security Business Advisory