#CIRCIA
Explore tagged Tumblr posts
Text
Mandatory Cybersecurity Incident Reporting: The Dawn of a New Era for Businesses
A significant shift in cybersecurity compliance is on the horizon, and businesses need to prepare. Starting in 2024, organizations will face new requirements to report cybersecurity incidents and ransomware payments to the federal government. This change stems from the U.S. Department of Homeland Securityâs (DHS) Cybersecurity Infrastructure and Security Agency (CISA) issuing a Notice of ProposedâŠ
View On WordPress
#CIRCIA#CISA#Cyber Incident Reporting for Critical Infrastructure Act of 2022#Cybersecurity#Cybersecurity Infrastructure and Security Agency#Department Of Homeland Security#DHS#Information Protection#notice of proposed rulemaking#NPRM#reporting
0 notes
Text
Little Otherkin Update
It's been a little while, so might as well push out an update.
I finally figured out one thing; I'm Hobgobbler-hearted! I see a lot of myself in them, but I don't really feel like one myself.
I'm also still considering if I'm conceptkin or not. I'm on and off with feeling connected or integral to my written world, Circias, so it might take a while to unravel this.
I've been slowly getting into quadrobics (slower than I want, stupid toe infections-). What little I can do, I'm still really happy with it! I can only walk right now, hopefully I can try trotting soon.
#roar.suv#update#otherkin#otherkind#otherhearted#conceptkin#hobgobbler#Circias#quadrobics#tw infection
4 notes
·
View notes
Text
To protect Americaâs vital infrastructure from hackers without relying on a moribund Congress, the Biden administration bet big on creative uses of existing laws. But the Supreme Court probably blew up that approach.
President Joe Bidenâs strategy relied on agencies interpreting the laws that give them regulatory powers to include cybersecurity, with the expectation that courts would defer to their interpretations of those laws under a decades-old legal doctrine known as Chevron deference.
But in a landmark case decided in late June, Loper Bright Enterprises v. Raimondo, the United States Supreme Courtâs conservative supermajority eliminated Chevron deference and ordered courts to determine for themselves what ambiguous laws sayâwithout assigning nearly as much weight to agenciesâ interpretations.
Now, that controversial ruling could completely upend multiple agenciesâ plans to require better cybersecurity from critical infrastructure entities like hospitals, water systems, and power plants. It could even help corporate America overturn existing rules aimed at keeping hackers off cloud platforms, securing pipelines and airports, and improving disclosures of major breaches.
âThereâs the possibility of lawsuits to test the waters in a lot of regulations,â says Harley Geiger, counsel with the Center for Cybersecurity Policy and Law. âIt definitely becomes much more difficult to regulate on critical infrastructure cybersecurity in areas where there is not sound or clear statutory backing.â
Landmark Cyber Program Under Threat
Bidenâs marquee cyber regulation may also be his most endangered: a pending requirement for critical infrastructure organizations to report cyberattacks within 72 hours and ransomware payments within 24 hours.
The regulation, authorized by the 2022 Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), is meant to close massive gaps in the governmentâs awareness of the cyberattacks plaguing US companies every day. But when the Department of Homeland Securityâs Cybersecurity and Infrastructure Security Agency (CISA) released the proposed rule in April, the business community slammed it for going further than lawmakers intended. By the time the public comment period closed earlier this month, many companies and trade groups had urged CISA to pare back the ruleâwith some of them even citing the Loper Bright ruling.
The criticism mostly focused on three aspects of the rule that could represent its biggest vulnerabilities in a future lawsuit: the definition of a âcovered entityâ subject to the reporting requirements, the definition of a âcovered incidentâ that needs to be disclosed, and the list of information that needs to be reported. Businesses say CISA used much broader language for these three provisions than Congress intended.
âThey have gone well beyond the text,â says one cybersecurity-focused attorney, who requested anonymity because they represent clients in disputes with federal agencies. âThere's a lot of vulnerable aspects to it.â
Senate Homeland Security Committee chair Gary Peters, whose panel led the drafting of CIRCIA, added to the regulationâs legal peril when he filed a public comment saying that âthe proposed rule is overbroad and needs additional clarity,â including on the definitions of covered incidents and covered entities. Petersâ objections are significant, because courts analyzing unclear laws will likely lean heavily on congressional intent.
Itâs unclear if CISA will back down in the face of these headwinds. A spokesperson says the agency is âstill assessingâ the Loper Bright ruling âand any potential impacts that this may have on the agencyâs rulemaking actions.â The spokesperson says the final regulation will be âconsistent with authorities given to us by Congress.â
CISA officials âseem quite committed to the scope that they're aiming for, because they really seem to view it as important to their mission,â says Stephen Lilley, a partner at the law firm Mayer Brown who focuses on cyber matters. Even so, he added, âCISA now has to be thinking, have we pushed too far in light of these recent decisions, and do we need to be a bit more modest in our ambitions?â
The consequences of a government retreat are hard to predict but potentially serious. Scaled-back CIRCIA requirements could exempt more companies from reporting or reduce the amount of information they have to report, easing the burden on those organizations but weakening the governmentâs understanding of digital threats.
Most experts predict only modest changes. âI would expect them to try to make as limited a reaction as their lawyers say they need to make,â Lilley says.
Still, itâs clear that the officials behind the governmentâs biggest-ever cyber regulationâdue to be finalized by October 2025âare on notice.
âThere's no way that CISA takes the next [14] months to develop this rule without considering the effect of Loper Bright and the loss of Chevron deference,â Geiger says.
Planes, Trains, and Cloud Services
While CISAâs incident reporting mandate has attracted the lionâs share of postâLoper Bright attention, the ruling threatens a host of other existing and pending cyber regulations.
The Department of Health and Human Services is working on a rule that would condition hospitalsâ receipt of federal Medicare and Medicaid funding on their compliance with cyber requirements. The closely watched HHS rule represents the Biden administrationâs attempt to stem a massive tide of ransomware attacks on hospitals and the rest of the health care sector. But the powerful hospital industry has objected to new mandates, saying they will overly burden already struggling facilities. Few details are known about the ruleâincluding its exact legal basisâso itâs unclear whether HHS has been rewriting it to address Loper Bright.
Corporate Americaâs most-loathed cyber regulation is the Securities and Exchange Commissionâs 2023 rule requiring publicly traded companies to announce cyber incidents with a âmaterialâ impact within four business days. That rule may be safe from new lawsuits, given the SECâs clear legal authority to require the disclosure of information that materially affects stock prices. But Geiger says companies might instead challenge the SECâs authority to penalize companies for hacks, since the underlying law and regulation donât mention cybersecurity. (The SEC declined to comment for this story.)
Lawsuits could also hit the Transportation Security Administration over its cyber requirements for pipeline, rail, and aviation operators. The TSA significantly modified its emergency directives to address industry criticism, but as the agency codifies those directives in more formal rules, disgruntled companies could seize the chance to sue. âThereâs not a history of that agency doing cyber, and thereâs not a great statutory hook to point to,â says the cyber attorney, who cited âa lot of frustrationâ with the TSAâs âperpetual invocation of an ongoing but undescribed emergencyâ to justify the requirements. (The TSA declined to comment.)
The Commerce Department could hit a legal snag with its proposal to require cloud companies to verify their customersâ identities and report on their activities. The pending rule, part of an effort to clamp down on hackersâ misuse of cloud services, has drawn industry criticism for alleged overreach. A major tech trade group warned Commerce that its âproposed regulations risk exceeding the rulemaking authority granted by Congress.â (Commerce declined to comment.)
Lawsuits could also target other regulationsâincluding data breach reporting requirements from the Federal Trade Commission, the Federal Communications Commission, and financial regulatorsâthat rely on laws written long before policymakers were thinking about cybersecurity.
âA lot of the challenges where the agencies are going to be most nervous [are] when theyâve been interpreting something for 20 years or they newly have interpreted something thatâs 30 years old,â says the cyber attorney.
The White House has already faced one major setback. Last October, the Environmental Protection Agency withdrew cyber requirements for water systems that industry groups and Republican-led states had challenged in court. Opponents said the EPA had exceeded its authority in interpreting a 1974 law to require states to add cybersecurity to their water-facility inspections, a strategy that a top White House cyber official had previously praised as âa creative approach.â
All Eyes on Congress
The governmentâs cyber regulation push is likely to run headlong into a judicial morass.
Federal judges could reach different conclusions about the same regulations, setting up appeals to regional circuit courts that have very different track records. âThe judiciary itself is not a monolith,â says Geiger, of the Center for Cybersecurity Policy and Law. In addition, agencies understand cutting-edge tech issues much better than judges, who may struggle to parse the intricacies of cyber regulations.
There is only one real solution to this problem, according to experts: If Congress wants agencies to be able to mandate cyber improvements, it will have to pass new laws empowering them to do so.
âThere is greater onus now on Congress to act decisively to help ensure protection of the critical services on which society relies,â Geiger says.
Clarity will be key, says Jamil Jaffer, the executive director of George Mason Universityâs National Security Institute and a former clerk to Supreme Court Justice Neil Gorsuch. âThe more specific Congress gets, the more likely I think a court is to see it the same way an agency does.â
Congress rarely passes major legislation, especially with new regulatory powers, but cybersecurity has consistently been an exception.
âCongress moves very, very slowly, but itâs not completely passive [on] this front,â Lilley says. âThere's a possibility that you will see meaningful cyber legislation in particular sectors if regulators are not able to move forward.â
One major question is whether this progress will continue if Republicans seize unified control of the government in Novemberâs elections. Lilley is optimistic, pointing to the GOP platformâs invocation of securing critical infrastructure with heightened standards as âa national priority.â
âThere's a sense across both sides of the aisle at this point that, certainly in some of the sectors, there has been some measure of market failure,â Lilley says, âand that some measure of government action will be appropriate.â
Regardless of who controls Capitol Hill next January, the Supreme Court just handed lawmakers a massive amount of responsibility in the fight against hackers.
âIt's not going to be easy,â Geiger says, âbut it's time for Congress to act.â
27 notes
·
View notes
Text
I Think I Broke Something
Thanks @flashfictionfridayofficial for the prompt! I decided to do some TCIO for this one, and one of my favorite superhero genre tropes, hiding an injury with Nickelle because she's my little idiot that things she has to do everything on her own XD.
Wordcount: 867
Warnings: descriptions of bone fractures, mild medical stuff
The City is Ours, Draft 0, circia Book 2 or 3 - Character, Plot, and Dynamic Exploration, Nickelle's POV
As the fight slowed to a stop and goons were knocked out or tied up, Nickelle tugged the sleeve of her jacket over her arm. Her ice receded or started to melt as pain spiked in her arm. She desperately tried to hide how much her arm and a leg was shaking from the hit and fall sheâd taken- given the crunching sound sheâd heard, she assumed that sheâd broken something.
She was fine, she could handle it, and the rest of the team and a bunch of civilians needed more urgent attention from Bryson anyways, she didnât want to take up too much of that. She didnât really need Bryson to look at her anyways, she could just be careful and wait for her injuries to heal on their own.
On the way back to the base (what they were calling their base anyway), Asher noticed her hand shaking and asked if she was ok.
Nickelle shrugged it off, giving him an icy glare to let him know to back off the subject, âIâm fine, ok? Just a little tiredâŠâ
When they got back to base and the otherâs injuries had been treated, Bryson noticed Nickelleâs shaking hand. He said a little sternly with that team medic âdonât lie to meâ tone, âNickelleâŠâ
She huffed, attempting to subtly hide her arm behind her back, âIâm fine, Bryson. Just tired.â
Bryson studied her carefully, then said, âYou better not be lying to me. You might be the team leader, but Iâm the medic.â
Nickelle tried her best to appear fine, âIâm fine, Bryson. Go get some rest, thatâs an order.â
Bryson reluctantly nodded, and Nickelle quickly disappeared into the half constructed base to find a way to wrap up her arm and leg. The pain shot through her lower leg and up her forearm, and it certainly felt like what Nickelle guessed a broken bone was, since sheâd never actually experienced it.
She found a room no one was using, swiping some bandages from Brysonâs medical kit, and painstakingly peeled off the sleeve of her suit for her arm first. Her forearm was definitely swollen, and when she gently prodded the area with one arm the pain got worse. She looked up what minor bone fractures looked like on her phone, and the results did say there would be a lot of swelling.
So she had broken something.
Gritting her teeth and biting back a scream, Nickelle straightened out her arm as best she could, then started wrapping the bandages around her arm.
Once that was done, she torturously peeled off the next part of her suit for her leg. Then she repeated the process, gritting her teeth and biting back a yell of pain as she straightened her calf and carefully wrapped it in the bandages.
When finished, she gingerly pulled her suit back on over the injuries to hide them, tugging her jacket sleeve over her wrist to hopefully hide how much the injures screamed in pain with each movement.
After a minute, she got used enough to the pain she could move around without wincing or biting back screams of pain.
The team gathered in what theyâd deemed the âliving roomâ or âmeeting roomâ of the base, wolfing down the pizza that Asher had gotten from down the street. It was a good thing heâd gotten several boxes, because each of them were starving after that fight and ate at least four or five slices each.
Jason had already skipped out because he apparently thought he was above pizza and other âpeasantryâ things, and went home to (in Chaseâs words) âbe pampered like a baby in his castle and eat rich people thingsâ.
The rest of the team relaxed on the cots that were serving as temporary furniture for the âliving roomâ laughing and chatting as they ate the pizza.
Nickelle and Kylee reached for the next slices at the same time, and Kyleeâs arm accidentally bumped Nickelleâs.
A cry of pain escaped Nickelle as she couldnât stop herself from jerking her arm back, instinctively shielding it to her chest and hissing in pain.
The othersâ heads snapped to her as she tried to pretend she was fine.
Bryson narrowed his eyes. âNickelleâŠâ
âIâm fine,â She insisted.
âDid you lie to your team medic?â
Nickelle shot him an icy glare that didnât deter him. âI said Iâm fine, itâs nothing-â
âYou canât hide injuries from me,â Bryson said sternly, âWhat if itâs serious?â
âItâs not!â
âI donât buy it,â He said, getting up and walking over to where she was sitting, âChase, get my kit please.â
Chase wolfed down their last few bites of pizza, and got up to go fetch the team medicâs kit. Nickelle tried to pull away, but the movement of her arm made her wince as Bryson sat down next to her, holding out his hand.
Asher said, âHe treated all of us, Nickelle. Your turn.â
Nickelle huffed, and let Bryson take her arm and start examining it, carefully peeling back the sleeve of her supersuit. Bryson said, âSo, you stole my bandages, huh? Must not be nothing.â
Nickelle avoided his scolding look as Chase returned with Brysonâs med kit.
TCIO Taglist: @friendlyneighborhood-writer @jessica-writes22 @rose-bookblood @yejidoesthingsÂ
@space-writes @cljordan-imperium (send me a message to be +/- from the taglist <3)
General Taglist: @enchanted-lightning-aes @thatprolificauthor @wip-nook @writeblrsupportÂ
@outpost51 @dustylovelyrun @thelaughingstag @jacqueswriteblrlibrary (send me a message to be +/- from the taglist <3)
#writeblr#writing#creative writing#writing community#writers of tumblr#wip: the city is ours#oc: nickelle#oc: bryson#writblr#writerblr#flash fiction friday#flashfictionfriday#writing snippets#amwriting#writerscommunity#writers on tumblr
8 notes
·
View notes
Note
hc + âïž for a hair-themed headcanon / for hox !
Meme / Accepting!
When he was a kid he had no control over what hairstyle he had and absolutely hated the preppy cuts he was given.
As such after moving out he immediately started growing it out, eventually into his iconic short ponytail cut. Which he likes a lot and does take good care of.
Unfortunately prison cut his hair short again. Which was one of the smaller traumas that they put him through.
After getting out he grew it out again and is fiercely protective of his hair. Don't come at him with scissors unless you want him to beat the everliving shit out of you.
Also he absolutely did not give himself an undercut, nope, I refuse to acknowledge that. He has his ponytail circia 2023 and it is going nowhere.
2 notes
·
View notes
Note
You circia idk a year ago lol
đ
1 note
·
View note
Text
What CIRCIA Means for Critical Infrastructure Providers and How Breach and Attack Simulation Can Help
http://i.securitythinkingcap.com/TDszSQ
0 notes
Text
NIS2, DORA und CIRCIA zwingen zu Transparenz
800 verschobene Operationen, geschlossene RathĂ€user, ausgefallene Video-Dienste â all dies sind direkte Folgen der jĂŒngsten Ransomware-Attacken in nur 2 Wochen. Transparenz ist notwendig. Die Ransomware-Pandemie wĂŒtet ungebremst und die Politik diskutiert strengere Regeln. In UK wird diskutiert, ob Firmen gezwungen werden sollten, Attacken und Ransom-Zahlungen zu melden. Die EU hat mit NIS2 und Dora bereits strenge Meldepflichten definiert. Der Fall von Synnovis legt offen, wie selbst kritische Infrastrukturen anfĂ€llig bleiben und wie komplex Firmen heute miteinander verwoben sind. Dadurch entstehen ungewisse Ausfallrisiken. Synnovis ist als Pathologielabor mit seinen Dienstleistungen wie Bluttests eng mit einigen KrankenhĂ€usern verzahnt. Der Ransomware-Angriff gegen das Labor zwang die KrankenhĂ€user, insgesamt rund 800 Operationen zu verschieben. Mark Dollar, CEO von Synnovis, eines am 4. Juni gehackten Gesundheitsdienstleisters aus UK, sagte: âAngriffe dieser Art können jederzeit jedem passieren und die dahinter stehenden Personen haben beunruhigenderweise keinerlei Skrupel, wen ihre Aktionen treffen könnten.â Ransomware-Attacke zwingt zur Operationsverschiebung Die Zeitungen meldeten weitere Angriffe gegen kommunale Einrichtungen wie Michiganâs Traverse City und New Yorkâs Newburgh in den USA, der Videodienstleister Niconico ist ebenfalls offline. Dies sind vier Beispiele fĂŒr erfolgreiche Angriffe innerhalb 2 Wochen, die Dunkelziffer ist wahrscheinlich x-fach höher. Und hier wollen Politiker aus GroĂbritannien ansetzen und Firmen zu mehr Transparenz zwingen. Diskutiert werden erste Ideen, ob man alle Opfer verpflichten soll, VorfĂ€lle der Regierung zu melden. Opfer sollen sich auch vor Erpressungszahlungen eine Lizenz besorgen mĂŒssen. Ebenfalls vorgeschlagen werden soll ein vollstĂ€ndiges Verbot von Lösegeldzahlungen fĂŒr Organisationen, die an kritischer nationaler Infrastruktur beteiligt sind. Das Verbot soll Hackern den Anreiz nehmen, diese kritischen Dienste zu stören, indem es sie daran hindert, Angriffe zu monetarisieren. In den USA hat die Biden-Administration bereits im Mïżœïżœrz 2022 mit ihrem Gesetz âCyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)â klar geregelt, dass Betreiber kritischer Infrastruktur einen Cybervorfall innerhalb von 72 Stunden melden mĂŒssen. Ransomware-Zahlungen mĂŒssen sogar 24 Stunden nach der Zahlung kommuniziert werden. Globale Standards fĂŒr Transparenz Die Vorschriften und Gesetze, mit denen Regierungen mehr Licht in Cybergefahren und -risiken bringen wollen, orientieren sich zusehens an strengen zeitlichen Vorgaben bei der Meldepflicht. 72 Stunden sind hier der globale Standard, der sich nun zu etablieren scheint. Auch bei dem Digital Operational Resilience Act (DORA), auf die Finanzindustrie fokussiert, und der NIS-2 Direktive sind 72 Stunden das MaĂ der Dinge. Mit beiden Regelwerken will die EU Firmen in Europa zu mehr operativer Cyberresilienz drĂ€ngen. Die obligatorischen Meldepflichten bei Datenschutzverletzungen haben es in sich und stellen klare Anforderungen: - Innerhalb von 24 Stunden muss die Organisation eine FrĂŒhwarnung geben, wenn der Verdacht besteht, dass ein schwerwiegender Vorfall durch rechtswidrige oder böswillige Handlungen verursacht wurde oder grenzĂŒberschreitende Auswirkungen haben könnte. - Innerhalb von 72 Stunden nach Bekanntwerden eines schwerwiegenden Vorfalls muss die FrĂŒhwarnung mit einer ersten Bewertung, einschlieĂlich seiner Schwere und Auswirkungen, aktualisiert werden. Die Organisation sollte dem nationalen CERT auch alle Indikatoren fĂŒr eine GefĂ€hrdung im Zusammenhang mit dem Angriff mitteilen. - Auf Anfrage eines nationalen CERT oder einer Aufsichtsbehörde muss die Organisation Zwischenstatusaktualisierungen bereitstellen. - Innerhalb eines Monats nach Einreichung der Vorfallmeldung muss die Organisation einen Abschlussbericht vorlegen. Mehr Transparenz schaffen Das Risiko erfolgreicher Cyberattacken auf das Wohl und Leben der BĂŒrger wird die Politik weiter antreiben, neue Regeln und Vorschriften zu erlassen mit dem Ziel, das Sicherheitsniveau und die Cyberresilienz zu stĂ€rken. Da wird also wahrscheinlich noch mehr kommen. Firmen sollten entsprechend reagieren und intern mehr Transparenz und Kontrolle ĂŒber ihre Daten und Dienste schaffen. Dazu sind folgende Schritte elementar. - Daten genau verstehen â Firmen mĂŒssen genau wissen, welche Daten sie besitzen und welchen Wert sie haben. Nur dann können sie in den Behörden berichten, welche Daten bei einer erfolgreichen Attacke korrumpiert wurden. Auf diesem Gebiet können KI-Lösungen wie Cohesity Gaia massiv helfen und eine der komplexesten Probleme entschĂ€rfen, indem sie die Daten von Firmen automatisiert klassifizieren. Business Owner können beispielsweise direkte Fragen zu bestimmten Daten stellen und bekommen automatisch von Gaia eine entsprechende Antwort mit einer Liste aller betroffenen Dokumente. - Zugriffe reglementieren: Wer seine Daten richtig eingestuft und klassifiziert hat, kann automatisch Regeln und Rechte durchsetzen, die den Zugriff darauf regeln. Daten-Management-Plattformen wie von Cohesity wickeln das automatisiert ab und reduzieren die Risiken fĂŒr menschliche Fehler. Eine Firma kann durchsetzen, dass bestimmte Daten niemals an externe Speicherorte oder KI-Module weitergegeben werden dĂŒrfen. - Angriffe ĂŒberstehen â Damit eine Firma die Berichte fĂŒr die Behörden ĂŒberhaupt erstellen kann, muss sie handlungsfĂ€hig bleiben. Bei Ransomware oder einem Wiper-Angriff aber funktioniert im Worst Case nichts mehr. Die IT-Teams der CIOs und CISOs werden auf diese Attacke nicht einmal reagieren können, da alle Sicherheitstools offline, Beweise in Logs und auf den Systemen verschlĂŒsselt sind. Firmen sollten daher unbedingt Clean-Room-Konzepte implementieren, wo ein Notfallset an Tools und System- und Produktionsdaten liegt, um einmal einen Notbetrieb der Gesamt-IT zu schaffen. Darin liegen alle essenziellen Tools fĂŒr die Security-Teams, damit diese mit dem essenziellen Incident-Response-Prozess beginnen können. Dieser Prozess ist essenziell, um richtige und aussagekrĂ€ftige Berichte fĂŒr NIS-2, DORA und DSGVO-VerstöĂe zu generieren.   Passende Artikel zum Thema Lesen Sie den ganzen Artikel
0 notes
Text
Healthcare Sector Advocates for Streamlined Cyber Reporting
The healthcare industry is raising significant concerns about the Cybersecurity and Infrastructure Security Agencyâs (CISA) proposed cyber incident reporting rule, part of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). The rule mandates detailed and rapid reporting of cyber incidents, targeting hospitals, medical manufacturers, and IT entities within the sector. Healthcare groups, including the American Hospital Association (AHA) and College of Healthcare Information Management Executives (CHIME), argue the rule is burdensome and redundant, overlapping with existing regulations like HIPAA and HITECH. They also highlight issues with the 72-hour reporting timeline, data preservation requirements, and security risks associated with reporting sensitive information. The industry suggests harmonizing the rule with existing regulations, simplifying reporting requirements, and ensuring data security. For more insights, visit DistilInfo HealthPlan.
Read more: https://distilinfo.com/healthplan/cignas-express-scripts-tricare-care/
Discover the latest payersâ news updates with a single click. Follow DistilINFO HealthPlan and stay ahead with updates. Join our community today!
0 notes
Text
Cryptic Fog - October Ghost
youtube
Cryptic Fog said;
"This song is about alcoholism."
The drunken crowd roared with approval.
Cryptic Fog said;
"No, not that kind."
And we all listened.
-Backyard Barbecue circia roughly 2008ish?
1 note
·
View note
Text
Dell Portal Breach Exposes Customer Data Cybersecurity Concerns Rise
Dell, the renowned IT giant, has confirmed a significant customer data breach from one of its portals. Although the exact number of affected individuals remains undisclosed, the thief behind the cyber intrusion claims to have acquired a staggering 49 million records. These compromised records, now available for sale on the dark web, contain personal information such as names, addresses, and details regarding Dell equipment purchases. Notably, Dell reassures customers that sensitive data like payment information has not been compromised. However, the Dell portal breach underscores concerns about cybersecurity vulnerabilities within the companyâs infrastructure.
According to a spokesperson from Dell, the breach was identified recently, prompting immediate action from the company. While the breach primarily involved customer information such as names, physical addresses, and details of Dell hardware and orders, Dellâs spokesperson emphasized that highly sensitive data like financial information and contact details were not included in the stolen records. Despite these assurances, the breach raises questions about the security measures implemented by Dell to safeguard its customersâ data.
Response and Investigation
Following the discovery of the breach, Dell initiated a thorough investigation into the incident. Immediate steps were taken to contain the damage, including notifying law enforcement agencies and enlisting the expertise of a third-party forensic firm. Despite these efforts, concerns persist regarding the extent of the breach and the potential ramifications for affected customers. Dell asserts its commitment to monitoring the situation closely and implementing proactive measures to protect customer information.
In an email communication to customers, Dell sought to downplay the severity of the breach while acknowledging the incident involving the compromised Dell Portal. The company emphasized its dedication to safeguarding the privacy and confidentiality of customer data. Additionally, Dell warned customers to remain vigilant against potential scams or fraudulent activities leveraging the stolen information. This proactive approach aims to mitigate any further harm to customers and restore trust in Dellâs security measures.
Lockbit Update, Dell Portal Breach, British Columbia Cyberattack | Friday News
youtube
Regulatory Implications and Future Measures
The Dell portal breach comes amid increasing regulatory scrutiny over data protection and cybersecurity practices. Recent regulatory developments, such as the expansion of data loss reporting requirements by the US Federal Communications Commission (FCC) and the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), underscore the importance of prompt and transparent reporting of data intrusions. Dellâs breach highlights the urgent need for organizations to bolster their cybersecurity defenses and adhere to regulatory guidelines to prevent similar incidents in the future.
Notably, this is not the first instance of a cybersecurity breach at Dell, with a previous incident occurring in 2018. The recurrence of such breaches underscores the evolving nature of cyber threats and the persistent challenges faced by organizations in safeguarding sensitive data. As cybercriminals continue to target businesses across various sectors, organizations must prioritize cybersecurity measures to mitigate risks and protect customer information effectively. The aftermath of the Dell portal breach serves as a stark reminder of the ongoing battle against cyber threats and the critical importance of robust cybersecurity practices in todayâs digital landscape.
Also Read:Â Mastering Risk Management: Strategies for Safeguarding Business Success
0 notes
Text
A generation has missed out on the sexual prowess of Dregen circia late 90s early 00s
Worra hunk
0 notes
Text
Homesick for a new source?
Not sure what else to title this, but yeah. Fictionkin things. Expect to read a really long ramble post.
Okay, so for context, I made a universe with OCs, heavily inspired by a hyper-realistic dream I had (this was about 6-7 years ago). I named this universe Circias, and it was essentially an ethereal world separate from Earth where certain special souls would go after death.
It's been a long time since I have worked on Circias and its characters. When I decided to come back to it, I suddenly felt... homesick. It certainly wasn't nostalgia, since I know exactly what my nostalgia feels like.
Now that I'm thinking about it, ever since I had that initial dream that inspired Circias, I always felt a little weird thinking about it. It just feels like I belong there. I don't know what as, but the thought of Circias feels like... home, you know?
The only thing I can think of as a reason would be that Circias was meant to feel homey and welcoming. I just find it strange that I was hit with homesickness when I never really felt that before, even with my other sources.
I suppose, if this passes and doesn't return, it could've just been something like a cameo shift. And yet, I kinda don't want it to be that. I really do feel torn away from home, and having it be just a cameo shift feels... wrong? Almost like a tease to get me worked up.
Idk, not sure how to feel about this. If this really is a cameo shift, then I guess, so be it? I almost hope it isn't, though. I miss that dream. I just want to go back, even once.
2 notes
·
View notes
Text
CISA publishes 447 page draft of cyber incident reporting rule
https://therecord.media/cisa-publishes-circia-rule-cyber-incident-reporting
0 notes
Text
A quiet cybersecurity revolution is touching every corner of the economy as U.S., allies âpull all the leversâ to face new threats | Fortune
On Dec. 15, the Securities and Exchange Commissionâs (SECâs) expanded cybersecurity rules came into effect, requiring public companies to disclose incidents within four business days. That means headline-grabbing breachesâsuch as the one that affected all Okta customer support system users or the 23andMe hack that included the information of nearly 7 million customersâwill have even greater consequences than whatever data was compromised. And the SEC rules are only the tip of the iceberg of changes to regulatory compliance.
With little fanfare and largely unnoticed by the press, institutional investors, or anyone else, the federal government is quietly directing a seismic shift in the economy by mandating stringent cybersecurity compliance across all 16 critical infrastructure sectors.
These sectors include well-known and highly relegated markets such as the defense industrial base, financial services, and energyâregulated by the Department of Defense (DoD), SEC, and Department of Energy (DoE), respectively. However, often overlooked are the subsectors beneath those 16 sectors, which essentially combine to comprise nearly every company and component of our economy, making nearly every business in scope for the emerging cybersecurity compliance regulations flowing down across the federal government at an increasingly rapid pace. The commercial facilities sector, for instance, consists of eight subsectors, including real estate, retail, sports leagues, and entertainment venues. There is no place to hide from cybersecurity regulation and mandatory minimum cybersecurity requirements.
A boon for the industry
While some argue government overreach, itâs clear why these regulations are coming fast and furious. Russia poses a tremendous cyber threatâit even breached the DoEâand intelligence officials have warned of potential threats from China.
This heightened cybersecurity revolution began last year with the White Houseâs executive order and unfolds as a movement that transcends borders. A dozen nations have aligned with the U.S. cybersecurity efforts, reflecting a collective endeavor toward a fortified global digital economy.
Weâre heading toward a burgeoning market for cybersecurity compliance, with the ripple effects resonating through legal corridors as fraudulent cybersecurity claims come under the judicial scanner. Proper security controls will no longer be a choice, but a legal and economic imperative, marking a new epoch of digital resilience and a reinforced economic structure.
This is already required for DoD contractors through the Defense Federal Acquisition Regulation Supplement (DFARS), and soon the Cybersecurity Maturity Model Certification (CMMC) 2.0 program. Within a few years, itâs likely government contractors outside of defense efforts will also be required to meet mandatory minimum cybersecurity requirements as a condition of being awarded any federal contract.
The executive order calls for mandatory baseline standards for all federal contractors to replace the patchwork of inconsistent and unenforced agency-specific policies that exist today. Individual departments and agencies are not waiting for that day to come and are furiously issuing their own regulatory requirements.
Weâve already seen the Transportation Security Administration (TSA) issue new requirements for airport and aircraft operators, the Department of Homeland Security (DHS) act to protect controlled unclassified information (CUI), the Environmental Protection Agency (EPA) aim to safeguard the water sector, and the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA)
Pulling all the levers
The government is pulling every regulatory lever available to quietly define and enforce mandatory cybersecurity minimums on the entire economy in the same way it mandates seatbelts, airbags, and other safety features in automobiles.
This addressable market expansion doesnât stop at the border: Canada recently adopted CMMC for its defense industrial base, and Japan will also require government contractors to meet U.S. cybersecurity rules.
The pressure to meet mandatory cybersecurity minimums isnât just about winning federal contracts. The Department of Justice is actively looking for fraud by using the False Claims Act to pursue cybersecurity-related fraud by government contractors and grant recipients. Cases have begun piling up as whistleblower employees come forward to collect large rewards.
Last October, Pennsylvania State University was sued by a former chief information officer (CIO) for allegedly failing to safeguard CUI and falsifying security compliance reports. The case is ongoing, but thereâs already precedent. Last July, Aerojet Rocketdyne agreed to pay $9 million to resolve a similar case. More than $2.2 billion was paid out in settlements and judgments in False Claims Act cases last yearâand over $1.7 billion was related to the healthcare industry.
To further cement the governmentâs resolve to put teeth to these regulations, it has begun suing individual companies and employees for defrauding investors by misleading them about cyber vulnerabilities as it did SolarWinds and its former vice president of security, Tim Brown.
Every sector of the economy is under a transformative directive to fortify its digital defenses. Security posture has evolved from a superlative to a crucial factor that affects the bottom line. This isnât just a policy changeâitâs a paradigm shift, making cybersecurity compliance a legal imperative because its implications are more far-reaching than ever before.
#A quiet cybersecurity revolution is touching every corner of the economy as U.S.#allies âpull all the leversâ to face new threats | Fortune#THE CYBER SECURITY INDUSTRY IS ABOUT TO GO BOOM!
0 notes