Encircle News!

Retro Game Arcade
, ,

The US wants security requirements as standard to stop sensitive data from falling into enemy hands

Efosa Udinmwen

  • CISA is requiring organizations in critical sectors to update their security
  • MFA, vulnerability management, and data encryption will be enforced
  • These changes will help mitigate the potential theft of data by state-sponsored and nation state actors

The US Cybersecurity and Infrastructure Security Agency (CISA) has unveiled a set of proposed security requirements aimed at reducing risks posed by unauthorized access to American data.

The move is due to concerns about the vulnerabilities exposed by recent cyberattacks, state-sponsored hacking campaigns, and the misuse of personal data by hostile nations.

The proposal aligns with Executive Order 14117, signed by President Biden earlier in 2024, which seeks to address gaps in data security that could compromise national interests.

Strengthening protections against foreign threats

The proposed requirements focus on entities that handle large-scale sensitive data, particularly in industries such as artificial intelligence, telecommunications, healthcare, finance, and defence contracting.

Companies operating in these fields are seen as critical targets due to the nature of the data they manage, with the US telecommunications industry recently being hit by a huge attack.

CISA’s primary concern is that data from these organizations could fall into the hands of “countries of concern” or “covered persons” – terms used by the U.S. government to refer to foreign adversaries known for engaging in cyber espionage and data breaches.

These new security standards aim to close loopholes that could expose sensitive data to state-sponsored groups and foreign intelligence actors.

Businesses will need to keep an updated inventory of their digital assets, including IP addresses and hardware configurations, to stay prepared for potential security incidents. Companies will also be required to enforce multi-factor authentication (MFA) on all critical systems and require passwords that are at least 16 characters long to prevent unauthorized access.

Vulnerability management is another key focus, and organizations must remediate and address any known exploited vulnerabilities or critical flaws within 14 days, even if exploitation has not been confirmed. High-severity vulnerabilities must be fixed within 30 days.

The new proposal also emphasizes network transparency, and companies are required to maintain accurate network topologies to enhance their ability to identify and respond to security incidents.

Immediate revocation of access for employees following termination or changes in role is mandated to prevent insider threats. Additionally, unauthorized hardware, such as USB devices, will be prohibited from connecting to systems that handle sensitive data, further reducing the risk of data leakage.

In addition to system-level protections, CISA’s proposal introduces robust data-level measures aimed at minimizing the exposure of personal and government information. Organizations will be encouraged to collect only the data that is essential for their operations and, where possible, mask or de-identify it to prevent unauthorized access. Encryption will play a vital role in securing data during any transaction that involves a “restricted entity,” ensuring that even if data is intercepted, it cannot be easily deciphered.

A critical requirement is that encryption keys must not be stored alongside the data they protect, particularly in regions identified as countries of concern. Furthermore, organizations will also be encouraged to adopt advanced privacy-preserving techniques, such as homomorphic encryption or differential privacy, which allow data to be processed without exposing the underlying information.

CISA is seeking public feedback on the proposed requirements to refine the framework before it is finalized. Interested stakeholders, including industry leaders and cybersecurity experts, are invited to submit their comments via regulations.gov by entering CISA-2024-0029 in the search field and following the instructions to provide input.

Via BleepingComputer

You might also like

https://www.techradar.com/pro/The-US-wants-security-requirements-as-standard-to-stop-sensitive-data-from-falling-into-enemy-hands

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

December 2024
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits This Week in Tech (Audio)

Leo Laporte, Harry McCracken, Christina Warren, and Lou Maresca discuss the evolving relationship between the tech industry and the incoming Trump administration, the future of TikTok in the U.S., advances in AI and its impact on everything from weather forecasting to web browsing, and much more. • Elon Musk and other tech billionaires are playing a major role in shaping President-elect Trump's transition team. The panel debated what this could mean for issues like antitrust regulation of Big Tech. • Trump has named entrepreneur and investor David Sacks as the White House AI and Crypto Czar. Sacks is an Elon Musk ally who has been critical of OpenAI. • The Hak Tuah cryptocurrency project suffered a 90% price crash shortly after launch amid controversy, in what may have been a "rug pull" scam. • Trump's pick to lead NASA, private astronaut Jared Isaacman, is expected to push the agency to partner more with SpaceX and the commercial space industry. But his close ties to Elon Musk could face political hurdles. • TikTok's future remains murky as U.S courts uphold a potential ban. The crew discusses the free speech implications and the role of geopolitics. EU also probes TikTok over Russian election interference. • Entrepreneur Frank McCourt's Project Liberty consortium is reportedly advancing a bid to acquire TikTok's U.S. operations, positioning it as a "people's bid." • The U.S. House is set to approve an additional $3 billion to fund the removal of Chinese telecom equipment like Huawei and ZTE from domestic networks. • Intel CEO Pat Gelsinger is departing after a challenging 3-year stint. The chip giant's future strategy is up in the air as it faces intensifying competition, but the chip company did outline breakthroughs at a conference in advanced transistors, packaging, and interconnects that could help it regain a manufacturing edge. • OpenAI is running a "12 Days of OpenAI" promotion highlighting new AI models and services. The TWiT panel debated whether it's mainly a technical showcase or a monetization push. • Google unveiled a weather forecasting AI model that it says outperforms the leading U.S. and European forecast systems, especially for predicting extreme events. • ElevenLabs launched a beta product that allows users to create and edit entire AI-generated podcast episodes, sparking discussions about the impact on human podcast creators. • With the rise of AI, could we see a new generation of AI-infused web browsers that better understand our behavior? A long blog post by tech guru Om Malik explored the possibilities. • In the wake of China's "Salt Typhoon" hacks of telecom networks, the FCC is proposing new cybersecurity rules – but with a twist that would allow law enforcement backdoor access. • In the latest twist in the CSAM scanning saga, Apple is being sued for abandoning the controversial child abuse image detection feature, after previously being pilloried for trying to implement it. • A sleeker, more accurate definition of a "second" based on atomic clocks using Strontium instead of Cesium atoms could be coming by 2030, enabling new scientific breakthroughs. • Just in time for Christmas, a pair of the iconic ruby slippers from The Wizard of Oz sold at auction for a whopping $28 million, a new record for movie memorabilia. Host: Leo Laporte Guests: Harry McCracken, Christina Warren, and Louis Maresca Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit – use code: TWIT expressvpn.com/twit lookout.com veeam.com ZipRecruiter.com/Twit
  1. TWiT 1009: Andy Giveth & Bill Taketh Away – Trump's Tech Titans, Crypto Boom, TikTok's US Ban, Intel CEO Exits
  2. TWiT 1008: Internet Legal – Australia's Social Media Ban for Kids, Smart Home Nightmare, Bluesky's Ascent
  3. TWiT 1007: All the Hotdogs in the World – China's "Salt Typhoon" Hack, Google on the Chopping Block, Recall AI
  4. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny
  5. TWiT 1005: $125,000 in Baguettes – iPod Turns 23, The $1.1M AI Painting, Roblox