Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

5/16/2022
10:45 AM
Becky Bracken, Editor
Becky Bracken, Editor
News

US National Cyber Director: Toward a New Cybersecurity Social Contract

In a Black Hat Asia keynote Fireside Chat, US National Cyber Director Chris Inglis outlined his vision of an effective cybersecurity public-private partnership strategy.

The future of cybersecurity public-private partnerships (PPP) will be about sharing efforts and pooling resources to provide a common defense, explained US national cyber director Chris Inglis during a fireside chat at Black Hat Asia. 

Inglis called it a "new social contract" and defined the joint work that lies ahead for both government and business to protect their interests. It should be a "collaborative, not a division of effort," he told moderator and Black Hat founder Jeff Moss. He added that it's up to businesses to build secure systems from the start rather than being "the poor soul at the end of the supply chain." 

Building a Defensible System
In return for adding the cost of security into the design and build phase, these companies won't be left alone when it's time to respond to threats. 

"We have to build a defensible system," Inglis said. "And in a collaborative fashion, we are going to defend it."

Market forces are pushing companies toward that model, but not fast enough, Inglis said, with the assurance that any regulation will be with the "lightest touch" by government. 

Business as a Government Cybersecurity Collaborator 
He added that since the Russian invasion of Ukraine, the US government has shared intelligence with the private sector to help defend their systems against cyberattacks. Inglis also lauded the action by Microsoft to roll out a patch against the Russian wiper virus used in attacks against Ukraine, but warned that it's imperative that we not "conflate geography with risk." 

For instance, blocking Putin from platforms is different than blocking the wider Russian population, which has happened on TikTok, Netflix, Facebook, and many others. 

Inglis also expressed that the private sector should demonstrate that is has an interest in protecting privacy and providing more transparency into their businesses. 

Ultimately, the relationship between business and government is evolving. 

"Today, there are instances where the private sector is the supported organization and the government is the supporting organization," Inglis said. "This is a new social contract, but we've done this before. It's about allocation of responsibility across the entire ecosystem." 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31108
PUBLISHED: 2022-06-28
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generat...
CVE-2022-31229
PUBLISHED: 2022-06-28
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.
CVE-2022-31230
PUBLISHED: 2022-06-28
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.
CVE-2022-2145
PUBLISHED: 2022-06-28
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
CVE-2022-28621
PUBLISHED: 2022-06-28
A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM.