Technically Speaking

DHS recently published version 3.0 of the Trusted Internet Connection (TIC) architecture. A response to changing IT conditions, Executive Orders, and OMB mandates, the new architecture seeks to support IT modernization through cloud adoption while keeping security as a top priority. The comprehensive set of documents includes an overview, a catalog of security capabilities, a reference architecture, guidance for pilot programs, advice for service providers, and a very helpful set of use cases relevant to agency needs.

The Threat Risk is a function of likelihood times impact.  When it comes to zero-day exploits, particularly those that use return-oriented programming (ROP) or one of its many cousins the likelihood is high, and the impact is higher.  How do these attacks work, and what is the industry doing to stop them?  More importantly, what can you do to stop them?  Is it possible to stop a zero-day without patching or updating systems?  Let’s explore these questions. How ROP Works

Digital design data is a big data business. It requires secure management and storage, versions need to be stringently controlled, and teams need to access files readily so they can share that data with stakeholders. For too long, however, designers, engineers, and CAD managers have relied on traditional document management systems, like network drives, to achieve this. While they do a great job with office documents, those same solutions don’t work well with today’s design files and models, for several reasons:

AutoCAD 2021 is here! On March 25, 2020, Autodesk announced the release of AutoCAD 2021 the latest iteration of its flagship software first released in 1982. A key update includes a new integration with Google Drive allowing users to access their designs wherever they are as well as performance enhancements. Let’s break down what’s new.

The Cyberspace Solarium Commission recently released a groundbreaking report detailing 75 recommendations for improving the cybersecurity of the nation, including both the private and public sectors. The Commission, bipartisan in both name and spirit, conducted over 300 meetings with industry, academia, U.S. government, think tanks and foreign governments. I had the privilege of participating in this effort. The result is a comprehensive report that urges immediate and concrete action on its recommendations, organized into six pillars”:

Last week, my associate, Shane Rogers, shared an article on GovCybersecurityHub discussing the Cybersecurity Maturity Model Certification (CMMC) and its potential impact on small- and medium-sized government contractors.