The Air Force chief information security officer offered unusual advice to new security professionals: Don’t worry about every patch and vulnerability. “It’s OK if you can’t get to 800 controls,” said Peter Kim. “It’s OK if you miss a patch.” […]

Following the Cybersecurity Executive Order, security professionals are focusing on risk management frameworks, and some agencies are turning to the Continuous Diagnostics and Mitigation Program. “Security is not something that you buy, it’s something that you do,” said Matt Conner of the National Geospatial-Intelligence Agency. […]

The U.S. Cyber Command will begin to exercise its newly granted acquisition authority by the end of 2017 with its first industry day on Oct. 27. Congress gave CYBERCOM its own ability to purchase technology capabilities in order to keep up with the constantly changing nature of the cybersecurity sphere. CYBERCOM plans to hold its industry day at the Arthur Lundahl Conference Center in Springfield, Va. […]

The designation of the nation’s election systems as critical infrastructure will not infringe upon state and local authority to run elections. In a recent memo to Senate Homeland Security and Governmental Affairs Committee Members, Ranking Member Claire McCaskill, D-Mo., relayed communications from the Department of Homeland Security that reiterated that fact. […]

A Senate bill introduced on Aug. 1 not only would establish security requirements for Internet of Things (IoT) devices purchased by the government, but also let researchers look for critical security flaws through vulnerability disclosure policies. […]

The Department of Defense is following the Federal push to move toward an enterprise structure by using Defense Enterprise Office Solution (DEOS), an effort by the Defense Information Systems Agency to acquire Software-as-a-Service at a DoD enterprise scale. DoD plans to move 4.5 million users to the cloud, using this approach. […]

Christopher Painter made the case for cyber diplomacy after stepping down as cyber coordinator for the State Department in July. Painter wrote a blog post saying that cyber issues continue to grow, which increases the need for global discussions on cybersecurity. Yet Politico reported that the State Department is considering getting rid of its cybersecurity department. […]

The Government Accountability Office evaluated the advantages and disadvantages of the National Security Agency and Cyber Command’s dual-hat leadership system and found that the system causes tension between the two agencies due to competing interests. […]

Through its series of summer camps and competitions, the Air Force Association’s CyberPatriot program is aiming to expand the cybersecurity workforce for both the public and private sector. “What they have learned is if they wait until someone is a college graduate, it’s too late, if they wait until they’re in college, it’s too late,” said CyberPatriot National Commissioner Bernie Skoch. […]

The best way for agencies to begin their transition to the cloud is to talk to agencies that have been through the same experience. “It’s always good to talk to people who have gone through it,” said Craig McCullough, vice president of Commvault Federal. […]

Incorporating automation into the U.S. electric grid can both improve recovery capabilities in the event of an outage and present new cybersecurity dangers, according to a recent National Academies of Sciences, Engineering, and Medicine report. […]

Cyber Security Operations Centers (CSOCs) are at the core of agencies’ response to cyber threats. CSOCs perform critical functions spanning the incident management lifecycle – operating 24 hours a day, 365 days per year. While the efficacy continues to increase, CSOCs are unable to keep pace with the expansion and evolution of sophisticated cyber-attacks. […]

Cybersecurity considerations for both government and industry have to include leadership, supply chains, mobility, and other components in order to be effective, according to experts who spoke at PCM-G’s Mission First event. […]

Federal agencies that amass multitudes of data because of drone use have had to think about how to store and protect that data. Agencies that use drones are caught between following the regulations in place for aircraft and following the regulations for IT systems, since drones contain properties of both categories. […]

The House Homeland Security Committee on July 26 unanimously passed two bills to improve the government’s cybersecurity posture: the Cybersecurity and Infrastructure Security Agency Act of 2017 and the Cyber Vulnerability Disclosure Reporting Act. The Cybersecurity and Infrastructure Security Agency Act creates a new agency within the Department of Homeland Security (DHS) to deal with […]

Despite the relatively new nature of cyber insurance policies, small businesses are finding value in their offerings, according to witnesses who testified before the House Small Business Committee on July 26. “It affords me the knowledge that if we were hacked, protective steps have been taken to address any potential damages to the company and my employees,”said Robert Luft, president of SureFire Innovations. […]

The United States and Japan on July 24 held a joint cyber dialogue, where the countries spoke about information sharing and strengthening international cybersecurity. […]

Treasury Department Chief Information Officer Sonny Bhagowalia has been reassigned as a detailee at the Bureau of Fiscal Services, according to a department spokesperson. In the new role, Bhagowalia will continue working on cybersecurity and technology projects. Deputy CIO Eric Olson will become acting CIO. […]

Federal leaders emphasized the importance of cybersecurity and partnerships with the private sector at the Aspen Security Forum on July 22. Secretary of Homeland Security John Kelly said he agrees with the decision of former DHS Secretary Jeh Johnson that made election systems critical infrastructure and told the states that DHS would offer help if […]

As Federal agencies move more resources to the cloud, the cybersecurity stakes are higher and the potential channels for data loss are more complex. Insiders pose the greatest risk for government data exposure and loss, but defending against insider threats has become even more challenging with cloud adoption, endpoint multiplication, and growth of the remote workforce. […]

Federal agencies are working on ideas to reorganize and streamline, as requested by the Office of Management and Budget and President Donald Trump’s Executive Order on a Comprehensive Plan to Reorganize the Executive Branch.
“Many manual processes remain, especially when it comes to processes that cut across multiple departments. Initiating a cross-cutting, agencywide approach to service delivery is necessary but challenging, especially when we look at holistic service delivery that marshals the data stored in legacy systems,” said Bob Osborn, chief technology officer for ServiceNow Federal. […]

IBM released its new mainframe, IBM z14, which offers encryption for 100 percent of user data and achieves the highest level of government security standards currently on the market. The mainframe will be made available in mid-September and IBM is working with the Federal government to integrate this technology into its IT strategies. […]

The Department of Justice announced on July 20 that it was recently able to take down dark website AlphaBay and its administrator. The action was in conjunction with Europol as well as law enforcement authorities in Thailand, the Netherlands, Lithuania, Canada, the United Kingdom, and France. […]

BlackBerry announced the expansion of its public sector cybersecurity offerings to include SecuSUITE for Government, which provides end-to-end encryption of calls and texts and supports iOS, Android, and BlackBerry 10 smartphones and tablets. […]

Cyber criminals are more and more often using tools and processes already installed in target computers, called “living off the land,” to ease hacking efforts and reduce the chance of detection, according to a recent Symantec study. […]

The White House is celebrating Made in America Week, while many U.S.-based technology companies advocate for H-1B visas to sponsor foreign workers who engineer some of the nation’s most lucrative technology products. […]

The State Department’s cyber coordinator will be stepping down at the end of this month, according to reports from Politico. Chris Painter has been creating a strategic framework for cybersecurity during peacetime and gaining support from other countries. […]

The government is counting on education, financial incentives, and minority outreach to help expand the cybersecurity workforce. The Office of Personnel Management created a Strategic Recruitment for Cybersecurity Model to complement the White House Office of Management and Budget’s Federal Cybersecurity Workforce Strategy, which was released last year, and plans to release the details of the model on July 25. […]

Members of Congress urged Defense Secretary James Mattis in a letter to incorporate cybersecurity into high school Junior Reserve Officers Training Corps (JROTC) programs. […]

The Department of Homeland Security’s (DHS) Cyber Risks Economics (CyRiE) project on July 7 awarded $220,209 to the University of Tulsa to study how to quantify the value of data sharing and to promote increased sharing in the cybersecurity community. […]