Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency and a 2024 Wash100 awardee, said CISA has initiated actions to protect U.S. critical infrastructure from cyberthreats posed by China, including its use of JCDC or the Joint Cyber Defense Collaborative to advance collaboration across government and industry to identify Chinese malicious cyber activities and prevent intrusions.

CISA is providing guidance, resources and services for critical infrastructure operators and owners to detect and mitigate risks posed by cyberthreat actors from China. It is also seeking assistance from subject matter experts and advisers to help strengthen the resilience of such infrastructure, Easterly said Wednesday in her testimony before the House Select Committee on Strategic Competition Between the United States and the Chinese Communist Party.

During the hearing, Easterly called on technology companies to develop, test and deliver products that are “secure by design” to prevent Chinese cyber actors from exploiting defects in such products.

“We must drive toward a future where defects in our technology products are a shocking anomaly, a future underpinned by a software liability regime based on a measurable standard of care and safe harbor provisions for software developers who do responsibly innovate by prioritizing security,” she told lawmakers.

The CISA director called on critical infrastructure entities to work with their local CISA team and enroll in the agency’s Vulnerability Scanning program and other services to address vulnerabilities, exercise the continuity of critical systems and use the joint advisories with the FBI and the National Security Agency to drive investments in cyber hygiene.

Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 and hear cyber experts, government and industry leaders discuss the latest trends and the dynamic role of cyber in the public sector. Register here.

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence has released a new draft practice guide to help organizations monitor incoming internet data for evidence of malware and insider threats while using the latest version of the TLS protocol.

NIST said Tuesday the document aims to help companies in finance, healthcare and other industries implement the TLS 1.3 encryption protocol update while maintaining compliance with network monitoring and auditing regulations.

“TLS 1.3 is an important encryption tool that brings increased security and will be able to support post-quantum cryptography,” explained Cherilyn Pascoe, director of the NCCoE.

The document was developed over the past several years at the NCCoE in collaboration with the Internet Engineering Task Force to provide technical methods for auditing incoming internet traffic while using TLS 1.3.

“This collaborative project focuses on ensuring that organizations can use TLS 1.3 to protect their data while meeting requirements for auditing and cybersecurity,” Pascoe said.

Comments on the draft practice guide are due April 1.

The Office of the National Cyber Director published its annual findings about the projects, challenges and ecosystem of open-source software.

The 2023 year-end report evaluates the Biden administration’s Open-Source Software Security Initiative, which is part of the National Cybersecurity Strategy, the White House announced Tuesday.

The document enumerates efforts to engage the open-source software community in the past year, including issuing a request for information on securing the technology’s foundations, sustaining governance and communities within the sector, fostering innovation and strengthening international collaborations.

In a statement, ONCD pledged to work together with software developers and the private sector to “invest in the development of secure software, including memory-safe languages and software development techniques, frameworks, and testing tools.”

The Cybersecurity and Infrastructure Security Agency has released new mitigations to address vulnerabilities in Ivanti’s Connect Secure and Policy Secure platforms and warned that threat actors have developed workarounds to current detection methods.

CISA said Tuesday cyberthreat actors continue to exploit vulnerabilities in Ivanti’s remote access virtual private network devices to capture credentials or drop webshells to enable remote access to compromised enterprise networks.

The agency is urging federal civilian agencies running Ivanti Connect Secure and Policy Secure gateways to perform continuous threat hunting on any systems connected to the devices and monitor authentication, account usage and identity management services.

Agencies must also isolate potentially exposed systems from any enterprise resources as much as possible.

CISA recently released an emergency directive warning against weaknesses in two Ivanti devices that enable malicious threat actors to exfiltrate data and establish persistent system access.