Search for:

Quantum-resistant cryptography

Quantum-resistant cryptography refers to the study and development of cryptographic methods that can resist attacks by quantum computers. These computers use the principles of quantum mechanics to perform certain types of calculations much faster than classical computers, which poses a significant threat to current encryption methods.

.

Most of the widely used encryption algorithms, such as RSA and Elliptic Curve Cryptography, rely on the difficulty of factoring large numbers or computing discrete logarithms. These problems are known to be solvable in polynomial time on a quantum computer, which means that these algorithms could be easily broken by a sufficiently powerful quantum computer. Quantum-resistant cryptography, on the other hand, relies on mathematical problems that are believed to be hard even for quantum computers.

.

It is important to note that quantum-resistant cryptography is not quantum-proof, and it is still an active area of research. The security of these algorithms may change as the development of quantum computers progresses, and new types of attacks may emerge. Therefore, it is crucial for the cryptographic community to continually evaluate and improve existing quantum-resistant algorithms and to develop new ones as necessary.

.

To download the full whitepaper please fill in the below form at the end of which the white paper will be available for download.

.

Quantum Computing and its Impact on Cybersecurity

Quantum computing’s ability to solve complex problems that are beyond the capabilities of the traditional computer renders it exceptional. While the quantum research community applauds the accelerated rate at which quantum computers are being developed; it is also a threat considering it can unravel the algorithms behind the encryption keys that protect the assets we hold most dear (like our data and the internet’s infrastructure).  It is estimated that within the next 3-5 years quantum computers will be able to break a 2048-bit number.  This remarkable breakthrough continues to erode the timeline, demonstrating the hastening approach of a new paradigm in security.

.

To download the full whitepaper please fill in the below form at the end of which the white paper will be available for download.

.

Digital Dominance – Using Data as a Tactical Advantage

.

Digital dominance is all about using data as a tactical advantage in this new world of cyber actions and defense. Data, its management, analysis and reporting are the key towards maintaining the tactical edge in any organizational posture. Irrespective if the application is civilian or military in nature, digital dominance is at the core of a successful enterprise, homeland security and military force projection. In the case of homeland security and military the digital dominance can serve as a significant force multiplier in both defense and offensive measures.

.

Data is being generated at an incredible pace from within and outside our firewalls and is building up in our large and sometimes unwieldy data lakes. Data is being generated in vast amounts through the proliferation of computing devices across our networks, “edge sensors” like unmanned aerial vehicles, IOT sensors, mobile device and other smart devices. As our edge sensors propagate more on the field, the data collected should not only be used for tactical decisions but also harvested for long term comparison and intelligence analysis. Another source of data is the internet where actors use this global network for everything from communication to staging nefarious cyber actions. This source of cyber data not only needs to be captured but also sorted and analyzed with advanced automation to ensure we can take near real time actions to detect and mitigate any vulnerabilities. Despite the large advances we have made in Artificial Intelligence (AI) and Machine Learning (ML), a large amount of our data continues to be unleveraged because they are not identified, tagged or prioritized.

.

To download the full whitepaper please fill in the below form at the end of which the white paper will be available for download.

.

Supply Chain Cybersecurity White Paper

Supply Chain Cybersecurity includes a complex of everyday operating issues affected by a network of known and unknown connections, services and components. This paper provides a strategic overview of the supply chain cyber     issues from the perspective of vendor operational security.

.

We examine the accelerating escalation of supply chain risks, leading to 2021 executive orders and vendor cyber certification requirements. Concise recommendations and links to frameworks and self-assessment resources provide a starting point for the journey to healthier supply chain

.

Co Authored By Maria Horton and Shivaji Sengupta who both serve on the AFCEA International Homeland Security Committee. This white paper is an output of the Innovation Technology Sub Committee under the Homeland Security Committee.

.

Download the Whitepaper

Information that could compromise your cyber security posture

The open government data movement began fully maturing in early 2009, at a time when government(s) and society began to truly realize the beneficial value of government data; and open standards were taking root as drivers of innovation. The thrust of this movement was to identify all valuable Government data sets, and to require agencies to make them available to the public, at no cost, and in open-standard formats that ordinary citizens and enterprises could easily access and leverage.  

These key principles were enshrined in the Data.gov initiative, established in May 2009, by, then-Federal Chief Information Officer (CIO) of the United States.  Ten years later, Data.gov still serves to provide public access to high value, machine readable datasets generated by the Executive Branch of the Federal Government, creating the first publicly available repository for federal, state, local, and tribal government information.  

In our attempt to be transparent and share information with all stakeholders; we sometimes inadvertently share sensitive information that could compromise the cyber security posture of the organization.

.

Download and Share this Whitepaper

Why is CMMI Level 3 Relevant for Cybersecurity?

Maturity models have been around for more than three decades, as early as the 1980s.  The original intent of the Capability Maturity Model (CMM) was to assess the United States Department of Defense (D.O.D.) contractors’ processes.  The success of the software projects was measured using the CMM measurements.  Higher maturity scores were equivalent to better processes.  Higher scores also meant that the contractors used established and reputable processes and best practices for software design, development and quality assurance.

The context in which the term ‘maturity’ was used had special significance.  It was used in reference to specific aspects of the assessment, where the level of organization and optimization of each operation could range from ad hoc to formal.  Because CMM’s initial focus was particularly aimed at improving the software development process, its scope and application was very limited. For this reason, the Software Engineering Institute (SEI) at Carnegie Mellon University revised it.  It then became known as the Capability Maturity Model Integration (CMMI).  This new framework superseded the original CMM in scope.

The extended scope of CMMI now allows it to have a footprint in multiple disciplines.  These include Information and Communication Technology (ICT), business process management, service management, civil engineering, manufacturing and cybersecurity.

.

Download and Share Whitepaper

Anatomy of the SolarWinds Breach

There are many entities throughout the world that use third-party software as part of their business. When they do this, the service they receive form part of the supply chain of the company. SolarWinds is a key vendor with 33,000+ of the world’s companies and government entities use their software. The 22-year-old US-Based company, supply system management tools that are used by the IT professions within these organizations. The tools are responsible for a number of important services including software management, application monitoring, network configuration, etc. The Orion suite in particular, is SolarWinds most widely deployed network management system. It is used to manage and monitor the network infrastructure of the host company. To do its job effectively, the Orion suit needs absolute visibility of the company’s diverse set of network technologies. For this reason, it is common practice for network administrators to configure SolarWinds Orion with extensive privileges consequently, making it the perfect target for threat actors. On December 13th, 2020, it was discovered that the Orion software suit was infected with the malicious software called Sunburst.

.

Download and Share this Whitepaper