The National Institute of Standards and Technology (NIST) released a bulletin note from the Information Technology Laboratory (ITL) on cybersecurity risks increasing with remotely accessible telework networks. […]
As Federal agencies increasingly move to telework due to the COVID-19 pandemic, Federal IT leaders across the government agreed that communication is a key building block for successful teleworking. The panelists specifically zeroed in on the importance of maintaining a strong cybersecurity posture even as employees begin to conduct work on their own network and potentially expose the agency to more cyberattacks. […]
A follow-up audit by the Department of Defense (DoD) Office of Inspector General (OIG) on corrective actions taken by DoD regarding its Cyber Red Team found that it did not consistently mitigate or include unmitigated vulnerabilities identified in the prior audit or during this audit. […]
In September 2019, the National Institute of Standards and Technology (NIST) released its Zero Trust Architecture draft, setting the tone for the future of Federal cybersecurity and a move toward enterprise-wide zero trust implementation. […]
With COVID-19 dominating the national conversation, there has been growing discussion about how to reduce crowds and lines at polling places during the 2020 election cycle. One possibility is to enable voting via smartphones. However, cybersecurity experts remain incredibly cautious given security concerns. […]
Despite high salaries and growth potential, the tech industry is struggling to hire enough cybersecurity experts. […]
The Cybersecurity and Infrastructure Security Agency (CISA) late last week issued a practical checklist to help executives “think through” infrastructure protection, supply chain, and cybersecurity issues in light of the COVID-19 coronavirus, and potential effects to workforce and operations. […]
Federal agencies are significantly better than private sector organizations at enforcing domain-based message authentication, reporting, and conformance (DMARC) standards to combat email domain spoofing, according to a new report from anti-phishing company Valimail. […]
The Department of Transportation’s Office of the Inspector General (OIG) announced in a March 4 memo that it will conduct an audit of the Federal Aviation Administration’s (FAA) security controls to protect 50 information systems where a breach would have a “catastrophically adverse effect.” […]
Today’s House Homeland Security Committee hearing on DHS’s Fiscal Year 2021 budget request covered a wide array of topics. However, Chad Wolf, acting secretary of the Department of Homeland Security (DHS), spent much of his time defending a budget cut to Cybersecurity and Infrastructure Security Agency (CISA). […]
The New Democrat Coalition (NDC) released its 2020 policy priorities on Feb. 28. The priorities cover a wide breadth of issues, but there were a handful focused on the technology sector. […]
On Feb. 27, the Senate passed the Secure and Trusted Communications Networks Act of 2019 sending the bill to President Trump’s desk. […]
General Motors CEO Mary Barra emphasized at the RSA security conference this week that development of robust cybersecurity technologies for the automotive sector is a crucial factor in the industry-wide push toward autonomous driving technologies and eventually fully self-driving vehicles. […]
The Carnegie Endowment for International Peace released a report Feb. 26 discussing the disjointed nature of international cybersecurity norms. […]
In a Feb. 26 letter to Dana Deasy, CIO of the Department of Defense (DoD), Sen. Mark Warner, D-Va., stressed the importance of vulnerability disclosure programs. […]
Jim Sullivan, defense intelligence officer (DIO) for cyber at the Defense Intelligence Agency (DIA), emphasized the value of offensive operations in cyberspace to deter nation-state attackers during a panel discussion this week at the RSA security conference in San Francisco. […]
In a report released Feb. 25, the Government Accountability Office (GAO) said that “most” of nine agencies tasked with protecting the 16 critical infrastructure sectors “have not developed methods to determine the level and type of adoption of the National Institute of Standards and Technology’s (NIST) Framework for Improving Critical Infrastructure Cybersecurity.” […]
A senior official speaking Feb. 26 at the RSA Conference clarified recent steps by the State Department to publicly attribute and condemn acts of cyber aggression on the part of Russia, calling the actions of the Department part of a deliberate attempt to establish a framework for appropriate nation-state behavior in cyberspace. […]
Federal officials from the Defense Department (DoD), Justice Department (DoJ), and the Director of National Intelligence (DNI) on Feb. 25 totaled up the sobering costs of intellectual property theft from U.S. interests in recent years, and pointed to strategies their agencies are pursuing to put a dent into that total going forward. […]
State and local election officials said at the RSA security conference in San Francisco on Feb. 24 that Federal election assistance funding has been vital to their efforts to shore up election infrastructure security over the past few years. […]
The National Governors Association (NGA) urged Congress to take action on key pieces of legislation that will help harden state and local government’s (SLGs) cybersecurity defenses. […]
The Congressional Budget Office (CBO) found that the Cybersecurity Vulnerability Identification and Notification Act of 2020 (H.R. 5680) could slightly lower the deficit, but not by a significant amount. The bill, introduced by Rep. Jim Langevin, D-R.I. on Jan. 27, would authorize the Cybersecurity and Infrastructure Security Agency (CISA) to issue administrative subpoenas in rare […]
There is a concerning lack of cyber confidence and organizational maturity across all levels of government, according to a survey released today by SolarWinds. The report, which surveyed IT operations and security decisionmakers from Federal, state, and local governments, found that the biggest IT pain points for the public sector are IT complexity, insider threats, and controlling user network access. […]
Sean Plankey, Principal Deputy Assistant Secretary for Cybersecurity, Energy, Security, and Emergency Response (CESER) at the Department of Energy (DoE), today outlined solutions to cybersecurity skills gaps in the industrial controls sector as security for that sector continues to change from older “manual-mode” methods to more modern technologies. […]
In a letter to ShiftState Security Chief Security Officer Andre McGregor, Sen. Ron Wyden, D-Ore., challenged the results of an audit ShiftState was supposed to have conducted of the Voatz voting app. […]
In a recent report about 2020 Democratic presidential candidates’ cybersecurity posture, each of the campaigns scored a “B” letter grade or better, and showed increased focus and investment in good cyber hygiene. […]
A Federal judge ruled Feb. 18 that Congress has the authority to ban Federal agencies and contractors from doing business with Chinese communications equipment maker Huawei. […]
Most of us have a standard list of go-to passwords for various logins and websites – each fluctuating slightly with upper or lowercase letters, extra numbers, symbols and punctuation. Some of us keep them scribbled on a notepad, while others click “remember me” when logging onto sites, to speed up the process and relieve the stress of remembering them time and time again. […]
The voting app Voatz has come under increased scrutiny following a Feb. 13 report from Massachusetts Institute of Technology (MIT) researchers. […]
A U.S. Department of Commerce Office of the Inspector General (OIG) report found that Commerce exposed sensitive data to unvetted foreign nationals through poor security program controls. […]