> NSA Publishes Cybersecurity Year in Review Report > By Ionut Arghire on January 11, 2021 > https://www.securityweek.com/nsa-publishes-cybersecurity-year-review-report > <https://www.securityweek.com/nsa-publishes-cybersecurity-year-review-report> > > The United States National Security Agency (NSA) has released its 2020 > Cybersecurity Year in Review report, which summarizes the NSA Cybersecurity > Directorate's first full year of operation. > > The Cybersecurity Directorate was formally announced in July 2019, with a > focus on protecting national security networks and the defense industrial > base. Led by Ms. Anne Neuberger, Director of Cybersecurity, the Directorate > was also aiming to improve cybersecurity efforts through partnerships. > > NSA Year in Review: 2020The Cybersecurity Directorate remained true to its > goal throughout 2020, the report claims, working to prevent and eradicate > cyber threats through combining threat intelligence and cryptography > knowledge with vulnerability analysis and defense operations. > > “Drawing on lessons learned from the 2016 presidential election and the 2018 > mid-term elections, NSA was fully engaged in whole-of-government efforts to > protect the 2020 election from foreign interference and influence. > Cybersecurity was a foundational component of NSA’s overall election defense > effort,” the report (PDF) reads. > > Last year, the NSA helped the Department of Defense (DoD) eliminate weak > cryptography and approved quantum-resistant cryptographic algorithms, to > ensure that the Department’s cryptography is modern enough to resist quantum > computing attacks. > > In the context of the COVID-19 pandemic, the NSA helped the DoD’s transition > to telework, providing solutions for approximately 100,000 users to work > remotely securely. Furthermore, the Agency was involved in Operation Warp > Speed (OWS), an effort aimed at accelerating the development of a COVID-19 > vaccine. > > Since the Directorate’s creation, the NSA has provided 30 unique, timely and > actionable cybersecurity products to alert the National Security System > (NSS), DoD, and Defense Industrial Base (DIB) network owners of cyber-threats. > > Some of the intelligence shared by the Agency in 2020 includes details on > Windows 10 flaws and on Drovorub malware, IOCs associated with the targeting > of Exim mail servers by the Russia-linked Sandworm Team, details on bugs > threat actors abuse to install web shell malware on web servers, and a list > of 25 vulnerabilities commonly targeted by Chinese threat actors. > > Although the Cybersecurity Advisories (CSAs) were mainly destined for NSS, > DoD, and DIB owners, the private sector in the United States and abroad could > also leverage the intelligence to strengthen security posture, the NSA says. > > Furthermore, the NSA released guidance on properly configuring IPsec VPNs (IP > Security Virtual Private Networks), on how to customize the Unified > Extensible Firmware Interface (UEFI) Secure Boot, and how to security > networks and employees during telework. > > Last year, NSA’s Cybersecurity Collaboration Center worked on advancing > public-private collaboration and on refocusing Enduring Security Framework > (ESF) efforts toward the security of 5G deployments. The Agency also launched > the Center for Cybersecurity Standards (CCSS), meant to engage with standards > bodies. > > “NSA also continues to discover and release cybersecurity vulnerabilities to > private industry through an approved, intra-government process. For the past > three years, vulnerability disclosures by NSA have trended upward, as the > Agency commits to enabling the security of commercial technologies that the > U.S. Government, our military, our businesses, and our citizens rely upon,” > the Agency notes. > > Related: Pentagon Plan on Cyber Split Draws Strong Hill Criticism > > Related: NSA and CISA Alert Highlights Urgency for OT Security >
_______________________________________________ Infowarrior mailing list Infowarrior@attrition.org https://attrition.org/mailman/listinfo/infowarrior
