Collaboration on software security. RedRAMP notes. CISA works on healthcare cybersecurity. TikTok banned in New Jersey and Ohio.

At a glance.

• Japan and US to collaborate on government software security.
• FedRAMP could be the gateway to US government’s cloud-first mission.
• CISA cracks down on cybercrime targeting the healthcare sector.
• Two more US states join the TikTok ban. 

Japan and US to collaborate on government software security. 

Japan's Economy, Trade and Industry Minister Yasutoshi Nishimura is scheduled to meet with US Homeland Security Secretary Alejandro Mayorkas in Washington this week to finalize a memorandum of understanding between the two countries regarding the security of government-procured software. As Nikkei Asia explains, the two governments are seeking an agreement to adhere to the same level of security standards for government-procured software with the goal of reducing risks to critical infrastructure. US lawmakers are currently working on requiring software providers to supply a list of all components, licenses and dependencies in a particular software product called an SBOM, and Japan has plans to launch a similar system as early as next year. 

Tom Kellermann, CISM, Senior VP of cyber strategy at Contrast Security, wrote, “Attacks on applications and APIs are surging and foreign adversaries are thus polluting software supply chains to island hop into government agencies and critical infrastructures. This agreement is paramount to defend Japanese and US cyberspace from ongoing Chinese attack campaigns. This is a seminal moment. As an extension to Japan being added to the membership of 5-Eyes marks a historic moment wherein the US and Japan can dramatically enhance the security of their software supply chains."

FedRAMP could be the gateway to US government’s cloud-first mission. 

The US’s recently signed National Defense Authorization Act (NDAA) includes a measure called the Federal Risk and Authorization Management Program (FedRAMP) Authorization Act, which underlines the federal government’s cloud-first mission. FedRAMP is based on a system of reciprocity which allows federal agencies to more easily certify vendors and access cyber-secure services. This reciprocity will allow commercial cloud and software providers (CSPs) easier access to multiple agencies across the federal marketplace, giving smaller and mid-sized CSPs more opportunities to engage with the federal market. The measure also calls for the establishment of a Secure Cloud Advisory Committee, which will collaborate with the existing FedRAMP Joint Authorization Board to simplify selection and assessment processes and expedite the Authority to Operate (ATO) process. Coalfire.com asserts that the success of FedRAMP will require agencies to take accountability for using FedRAMP-authorized solutions; the establishment of systems and protocols to reduce the technical effort, cost, and time for CSPs to meet FedRAMP requirements; standardization and automation of the ATO process; and appropriate funding to support the authorization mechanisms. 

CISA cracks down on cybercrime targeting the healthcare sector. 

By their very nature, hospitals and other healthcare organizations have access to a large amount of sensitive and valuable data, but they rarely have the resources to secure the data properly. In recent years, this paradox has made these entities increasingly attractive targets for cybercriminals looking for easy, lucrative prey, and the US’s cyber defenders are focused on better protecting these organizations from attack. "We call these entities target rich, cyber poor," Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told Fox News. “What we want to do is to make sure that these entities, which don't have a lot of resources, have the tools, the resources, the capabilities and the information to be able to protect themselves." Easterly says the US is taking a cue from Ukraine, which has been grappling with cyberattacks from Russia for years. CISA recently signed a memorandum of cooperation with Ukraine to help secure its industrial control systems and other critical infrastructure. Easterly stated, “I think there's a ton we can learn from the Ukrainians because they have done a tremendous job and showed incredible resilience in their infrastructure."

Two more US states join the TikTok ban. 

Reuters reports that the US states of New Jersey and Ohio yesterday announced they are banning the use of TikTok, the popular video-streaming app owned by Chinese tech company ByteDance, on government devices. As the Washington Post notes, the two states are joining the growing list of nearly two dozen states that have imposed restrictions on the use of TikTok due to concerns that user data could end up in the hands of the Chinese government. While the majority of these states are headed by Republican leaders, some Democrat governments, like New Jersey, have also joined the fray. Ohio’s Republican Governor Mike DeWine stated, "These surreptitious data privacy and cybersecurity practices pose national and local security and cybersecurity threats to users of these applications and platforms and the devices storing the applications and platforms." New Jersey’s Democrat Governor Phil Murphy said that in addition to banning the app from state devices, he is also banning software vendors, products, and services from over a dozen vendors including Huawei, Hikvision, Tencent Holdings, ZTE Corporation, and Kaspersky Lab. On Friday, Wisconsin Governor Tony Evers announced his state was also banning use of TikTok on state-owned or managed devices, and last month US lawmakers banned the app from federal employee devices. 

Comments are closed.