Wave Systems Corp. (fka WAVXQ)

[Genz2]

CISA Will Use New Authority Over Internet Service Providers to Fight Ransomware, Official Says

https://www.nextgov.com/cybersecurity/2021/03/cisa-will-use-new-authority-over-internet-service-providers-fight-ransomware-official-says/172833/

Acting CISA Director Brandon Wales praised the government’s coordination absent a national cyber director.

In just about two more months the Cybersecurity and Infrastructure Security Agency plans to activate its newly minted power to force internet service providers to supply the identity of their customers, so officials can warn them about vulnerabilities in their systems.

“It's an important new authority, one that the agency has been pushing for for a couple of years, and we're actually getting ready to bring it live, as we've finished up some of our procedures and training, in the next 60 days or so,” said Brandon Wales, CISA’s acting director.

Wales spoke with Auburn University’s Frank Cillufo during an event on the ransomware threat Monday. Cillufo, who is a member of the congressionally mandated Cyberspace Solarium Commission as well as the Homeland Security Department’s Advisory Council, asked how the operational technology of industrial control systems, in particular, is faring under rolling waves of ransomware attacks targeting state and local critical infrastructure.

The risk ransomware presents to the industrial control systems is increasing, Wales said, noting that another water facility was recently targeted. In this case, the facility was used for monitoring not treatment, so the impacts were minimal, he said, but he used the example to describe the vulnerability of the sector.

“We've now seen ransomware targeting OT systems, targeting control networks, which, a few years ago we had never seen that, really, you know before,” he said. “Now it is, it is more common. We had an incident in the past week, where we had a water facility that had its OT network compromised.”

In the last National Defense Authorization Act, Congress gave CISA the authority to subpoena ISPs to hand over the contact information of entities where the agency observes an opening for exploitation.

“We're not gonna be regulating that company,” Wales said. “But we want to be able to talk directly to the owner and say you know you've got a vulnerable system, it's out on the internet, and we found it today but tomorrow, a malicious actor could have found that, exploited it, and your system could have been down, or worse.”

The new ability fits with plans Anne Neuberger, deputy national security adviser for cyber and emerging technology, recently announced that center on the need for greater visibility across public and private networks to protect industrial control systems.

Asked about how the lack of a national cyber director—another component of the NDAA—has affected his work, Wales praised Neuberger’s coordination of federal efforts.

"I think we've been, we've been very lucky to have a supporter of this agency and an extremely capable, knowledgeable, cyber professional with Anne Neuberger at the White House,” he said.
=================================================================
Ideally after being notified by the CISA if they haven't already, the customers should get Wave solutions to identify those zero day APT threats (on unpatched software), and also only allow known and approved devices on your network. That could help protect these customers from ransomware threats, and being pro active by getting Wave solutions in advance is a better idea.

Better security at less than half the cost!!!
=================================================================
http://www.wavesys.com/products/wave-endpoint-monitor

Key Features:

Easy security compliance
• Comports with NIST guidelines for BIOS integrity

Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows

Simplicity
• Uses standards-based security that’s in every PC you own
• Measurement notifications and reports can be customized for your processes and work flows
• Centralized, remote activation and management of your TPMs
• E-discover which PCs in your organization are enabled for endpoint monitoring

No compromises
• Ensure host integrity—without expensive hardware or excessive administrative overhead
=================================================================

http://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Excerpt:

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
=================================================================
http://www.wavesys.com/


http://www.wavesys.com/contact-information

Contact Wave

Wave Systems
401 Congress Avenue
Suite 2650
Austin, TX 78701
sales@wavesys.com

Gold Customer Support:

goldsupport@wavesys.com

1-800-928-3638

Support:

support@wavesys.com

1-844-250-7077

Sales:

1-877-228-WAVE