The final version of the Office of Management and Budget’s zero trust security directive issued this week drew strong praise from private-sector providers of security technologies to Federal agencies for its hard deadlines and firm direction to agencies on how to begin digging into the task of migrating toward zero trust architectures. […]
With tensions rising over a possible further Russian invasion of Ukraine, the Biden Administration is laying out potential sanctions it could impose against Russia, up to and including export controls on American-made technologies including AI-enabling and other software products, according to a senior administration official. […]
After studying the SolarWinds and Microsoft Exchange attacks for the past year, the Government Accountability Organization (GAO) detailed the lessons agencies learned and ten critical actions still needed to address major cybersecurity challenges in a new report. […]
The Department of Defense (DoD) has launched the DoD University Consortium for Cybersecurity (UC2) to better facilitate communication between the Secretary of Defense and academia, and fulfilling a requirement from the 2020 National Defense Authorization Act, DoD announced Jan. 10. […]
Officials from the Cybersecurity and Infrastructure Security Agency (CISA) and within the cybersecurity industry are warning of the potential for threat actors to have already exploited the Log4j vulnerability, but are waiting to pull the trigger on any planned exploits until focus on the vulnerability abates. […]
A month after its first public warnings about the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) is continuing to work with Federal agencies and the public to mitigate potential exposure, and also renewing calls for a software bill of materials (SBOM) to aid in system visibility and inventory management. […]
The House Oversight and Reform Committee will debut draft legislation next week to adopt major reforms to the 2014 Federal Information Security Management Act (FISMA) that sets cybersecurity requirements for Federal civilian agencies. […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that it is continuing to help Federal agencies remediate the Log4j vulnerability that CISA first warned about in December. […]
Sen. Gary Peters, D-Mich., is renewing calls for mandatory incident reporting legislation, after meeting virtually with Biden administration cybersecurity leaders on Jan. 5 for a briefing about the Log4j critical vulnerability. […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) said today that all large Federal agencies have successfully mitigated the Log4j critical vulnerability that the agency discovered in early December 2021. […]
With the Dec. 24 deadline approaching for Federal agencies to remediate the Log4j vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed to MeriTalk that there have still been no compromises of Federal agencies via the Apache Log4J vulnerability. […]
The Department of Navy has appointed retired Lt. Cmdr. Josh Reiter as the service branch’s Deputy Principal Cyber Advisor. Reiter, a veteran of both the Navy and Naval Cyber communities, has served in the post since September, according to his LinkedIn. […]
This year further brought IT to the forefront of many organizations’ strategies in 2021, but as Federal chief information officers (CIOs) look to 2022, strengthening their agency’s workforce and cybersecurity posture are their big priorities for the year ahead. […]
The Cybersecurity and Infrastructure Security Agency (CISA) said Dec. 14 that there has been no confirmed compromise of any Federal agencies as a result of the Log4j vulnerability. But CISA reiterated it has added the vulnerability to its catalog of known vulnerabilities over the weekend, giving agencies two weeks to remediate and mitigate any potential harm. […]
While a good bit of the focus on the conferenced version of the fiscal year (FY) 2022 National Defense Authorization Act has centered around the lack of incident reporting and other legislative items that were cut from the bill, the defense spending bill that passed the House of Representatives last week continues to retain a variety of important cybersecurity and tech-related provisions. […]
The Cybersecurity and Infrastructure Security Agency (CISA) held its inaugural Cybersecurity Advisory Committee meeting Dec. 10, focusing heavily on how CISA and the committee can increase the Federal and national cybersecurity workforce. […]
Despite the Department of Defense’s (DoD) efforts to add its Cybersecurity Maturity Model Certificate (CMMC) program to its acquisition process beginning in 2021 and up until full implementation in fiscal year (FY) 2026, a new report from the Government Accountability Office (GAO) found that DoD has not met its implementation goals, nor properly communicated key decisions with industry. […]
After a spate of cyberattacks and ransomware attacks on American companies and critical infrastructure providers since the start of the COVID-19 pandemic, lawmakers and members of the cybersecurity industry expressed shock and disappointment that mandatory cyber incident reporting was dropped from the conferenced version of the fiscal year (FY) 2022 National Defense Authorization Act (NDAA). […]
The Government Accountability Office (GAO) is acknowledging strides that the Biden administration has taken this year to broadly improve cybersecurity, but is still encouraging the Federal government to take more steps to strengthen the cybersecurity of the nation’s critical infrastructure in light of several high-profile cyber incidents over the course of the past year. […]
The Department of Justice (DoJ) announced that a Russian cybercriminal, charged with providing hosting services for fellow cybercriminals, will serve 60 months in prison for services he provided for malware distribution and attacks on American financial institutions between 2009 and 2015. […]
The National Institute of Standards and Technology (NIST) has released the final draft of its Internet of Things (IoT)-specific guidance for Federal organizations, intended to support extending their risk management process to the inclusion of IoT devices in Federal systems. […]
The House of Representatives on Dec. 1 approved a pair of cybersecurity bills, along with a bill that would create a task force to study the future of 6G wireless technologies. […]
Identity management is one of the main pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model, but CISA’s program lead for the Trusted Internet Connection (TIC) program office Sean Connelly said that while identity is an important pillar, it should not be the only pillar agencies focus on. […]
As the Senate returns to work on Nov. 29 with the completion of debate on the Fiscal Year (FY) 2022 National Defense Authorization Act (NDAA) at the top of its agenda, lawmakers will be looking to tack on a host of cybersecurity-related amendments to the defense spending bill. […]
As the Federal government continues to focus on boosting the nation’s cybersecurity hygiene, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said Nov. 18 that visibility and modernization are the keys to improving the nation’s cybersecurity posture. […]
After a potential setback late last week, Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, are still looking to attach their legislation to reform the Federal Information Security Modernization Act (FISMA) added to the Senate’s fiscal year (FY) 2022 National Defense Authorization Act (NDAA) making its way through the chamber, a Senate Homeland Security and Governmental Affairs Committee staffer told MeriTalk. […]
The House of Representatives passed the Build Back Better (BBB) Act this morning, sending the more than $1.75 trillion reconciliation package to the Senate. The bill includes billions for supply chain resiliency, as well as additional cybersecurity and IT modernization funding. […]
An FBI official did not deny prior reports that the agency held the decryption key from the Kaseya ransomware attacks for multiple weeks without giving it to parties victimized by the attacks but told the House Oversight and Reform Committee at a Nov. 16 hearing that it chose to do so in the interest of figuring out how to achieve the widest-ranging impact from the key. […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released new Cybersecurity Incident and Vulnerability Response Playbooks today, completing a vital assignment from President Biden’s Cybersecurity executive order (EO). […]
Sponsors of two major pieces of legislation that would make formative changes to the way that private sector companies report cyberattacks to the government – and how Federal government agencies conduct their own cyber defenses – are hitching their hopes for passage to annual defense spending legislation that traditionally gets strong bipartisan support from lawmakers. […]