In this segment, Craig discusses Cybersecurity Audits, Compliance, NIST Standards, CMMC, and what is expected of the Department of Defense Contractors and Sub-contractors.
For more tech tips, news, and updates, visit – CraigPeterson.com
Automated Machine-Generated Transcript:
You might’ve heard about cybersecurity frameworks? Well, the one that’s most in use right now is the NIST cybersecurity framework that helps guide you through the process of securing your business or even securing your home. That’s our topic.
Hi everybody. Craig Peterson here.
It’s a great time to be out on the road and kind of checking in. Of course, you can find me online at craigpeterson.com. We’ve got security threats that have been growing quite literally. Exponentially. They are really making a lot of money by extorting it from us, stealing it from us. It’s nothing but frustration to us.
It’s never been more important to put together an effective cybersecurity risk management policy. That’s true if you’re a home user and you’ve got your yourself and your spouse and a kid or two in the home. Have a policy and put it together.
That’s where NIST comes in handy. NIST is the National Institute of standards and technology they’ve been around for a long time. They’ve been involved in cryptography. These are the guys and gals that give us accurate clocks. In fact, we run two clocks here that we have for our clients, which are hyper-accurate. It’s crazy it down to the millionth of a second. It’s just amazing. That’s who NIST is.
They’ve put all these standards together for a very, very long time, but just before March, this year, It was reported that about 46 percent of businesses had suffered cyber attacks in 2019. That was up 10% from the year before. Of course, we’ve all been worried about the Wuhan virus, people getting COVID-19, it is a problem.
The biggest part of the problem is everybody’s worried about it. Nobody wants to go to work. They don’t want to go out to a restaurant. They don’t want to do any of these things. You as a business owner are worried about how do you keep your business doors open? How do you provide services to the customers you have when your employees won’t come in or cooperate or were paid more to stay at home than they would be to come back to work. I get it right. I know I’m in the same boat.
Well, because of that we just have not been paying attention to some of the things we should be doing. One of the main ways that business people can measure their preparedness and their progress in managing cyber security-related risks, is to use the cybersecurity framework that is developed by NIST. It is a great framework.
It provides you with different levels. The higher-end, the framework that is used by military contractors. Nowadays, we’ve been helping businesses conform to what’s called NIST 800-171 and 800-53 High, which are both important and cybersecurity standards.
So if you really, really, really need to be secure, are those are the ones you’re going to be going with. Right now, no matter how much security you need I really would recommend you checking it out. I can send you information on the NIST framework. I have a little flow chart. I can send you to help to figure out what part of the framework should you be complying with.
It also helps you figure out if you by law need to be complying with parts of the framework. It will really help you. It’s well thought out. It’s going to make you way more efficient as you try and put together and execute your cyber risk management policy. Remember cyber risk, isn’t just for the software that you’re running, or the systems you’re running. It’s the people, it includes some physical security as well.
Now President Trump has been very concerned about it. I’m sure you’ve heard about it in the news. As he’s talked about problems with TicTok and with Huawei and some of these other manufacturers out there. Huawei is a huge problem. Just absolutely huge.
One of these days I can give you the backstory on that, but how they completely destroyed one of the world leaders in telecommunications technology by stealing everything they had. Yeah. It’s a very sad story company you may have heard of, founded over a hundred years ago.
They’re non-regulatory but they do publish guides that are used in regulations. So have a look at them, keep an eye on them. They have to help federal agencies as well. Meet the requirements is something called the federal information security management act called FISMA and that relates to the protection of government information and assets.
So if you are a contractor to the federal government, pretty much any agency, you have physical requirements.
So think about that. Who do you sell things to? When you’re also dealing with the federal government they look at everything that you’re doing and say, are you making something special for us? If you are, there are more and higher standards that you have to meet as well. It just goes on and on, but this framework was created by NIST ratified by Congress in 2014. It’s used by over 30% of businesses in the US and will probably be used by 50% of businesses in the US this year.
So if you’re not using them you might want to have a look at them. It’s big companies like JP Morgan, Chase, Microsoft, Boeing, and Intel who meet a much higher standard than most businesses need to meet.
A lot of businesses all you need to meet is what’s called the CMMC one standard. You’ll find that at NIST as well. And there are much higher levels than that up to level five, which is just, wow. All of the stuff that you have to keep secured looks like military level or better, frankly security.
There are other overseas companies that are using it too, by the way in England, in Japan, Canada, many of them.
I’m looking at the framework right now. The basic framework is to identify, protect, detect, respond, and recover. Those are the main parts of it. That’s you have to do as a business in order to stay in business in this day and age, they get into it in a lot more detail.
They also have different tiers for different tiers that you can get involved in. Then subcategories. I have all of this framework as part of our audit kit that I’ll send out to anybody that asks for it that’s a listener. All you have to do is send an email to me, M E @craigpeterson.com, and then the subject line, just say audit kit and I’ll get back to you. I’ll email that off to it’s a big PDF.
You can also go to NIST in the online world and find what they have for you. Just go to NIST, N I S T.gov, The National Institute of Standards and Technology, and you’ll see right there, cybersecurity framework, it’s got all of the stuff there. You can learn more here if you want. If you’re new to the framework they’ve got online learning. They are really working hard to try and secure businesses and other organizations here in the US and as I said used worldwide. It’s hyper, hyper important. It’s the same framework that we rely on in order to protect our information and protect our customer’s information. So NIST, N I S T.gov, check it out.
If you missed it today, you’re going to want to check out the podcast. Now you can find the podcast on any of your favorite podcasting platforms.
It is such a different world. Isn’t it? We started out today talking about our cars. Our cars now are basically big mechanical devices ever so complex with computers, controlling them. But the cars of tomorrow that are being built by Tesla and other companies, those cars are absolutely amazing as well, but they’re frankly, more computer than they are mechanical car.
So what should we expect from these cars? I’m talking about longevity here. We expect a quarter-million miles from our cars today. Some of these electric vehicles may go a half a million or even a million miles in the future. When they do that, can we expect that? Our computers get operating system updates and upgrades, for what five years give or take?
If you have an Android phone, you’re lucky if you get two years’ worth of updates. Don’t use Android, people. It’s just not secure. How about our cars? How long should we expect updates for the firmware in our cars? So that’s what we talked about first, today.
Ring has a new security camera that is absolutely cool. It’s called the always home cam. I talked about it earlier. It is a drone that flies around inside your house and ties into other Ring equipment. I think it’s absolutely phenomenal and it’s not quite out yet, but I’ll let you know more about that.
If you get ransomware and you pay the ransom, the feds are saying now that you are supporting terrorist organizations. You might want to be careful because they are starting to knock on doors, and there’s jail time behind some of these things. So watch it when it comes to ransomware and a whole lot more as well.
So make sure you visit me online. Go to Craig peterson.com/subscribe. It’s very important that you do that and do that now.
So you’ll get my weekly newsletter. I’ve got some special gifts, including security, reboot stuff that I’ll send to you right away. Craig peterson.com/subscribe.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: