The White House’s much-anticipated cybersecurity executive order (EO) made public late Wednesday takes an ambitious swing at forcing general improvements to cybersecurity nationwide, but issues its most authoritative directions to the Federal government to modernize IT infrastructure and security concepts and practices. […]
The United States and the United Kingdom have issued a joint cyber advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. […]
The Department of Defense’s (DoD) Cybersecurity Maturation Model Certification (CMMC) program is in the process of being rolled out to every contract in the Defense Industrial Base (DIB) over the next five years, and the program is expected to help organizations implement Zero Trust practices, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said May 5. […]
The Department of Justice (DoJ) is launching a four-month effort to reevaluate its strategies to combat cybersecurity threats in light of increases in ransomware and supply-chain attacks and the tendency of attackers to use U.S.-based infrastructure to launch their exploits, said the United States Deputy Attorney General Lisa Monaco on April 30 at a security conference in Germany. […]
The National Security Agency (NSA) is recommending that National Security System (NSS), Defense Department (DoD), and Defense Industrial Base (DIB) network owners perform a detailed risk analysis before creating cross-domain connections and currently connected operational technologies (OT). […]
MeriTalk’s latest installment of the Continuous Diagnostics and Mitigation (CDM) research series, “CDM: More Critical Than Ever,” explores how the CDM program can help agencies build resilience after a series of high-profile cyberattacks involving SolarWinds Orion and Microsoft. […]
The Department of Energy (DoE) – with help from industry and the Cybersecurity and Infrastructure Security Agency (CISA – is kicking off a 100-day effort to improve electric infrastructure cybersecurity, the White House and DoE said today. […]
The Federal government is curtailing its “surge” response to the SolarWinds Orion and Microsoft Exchange hacks after seeing improvements in patching that have helped to remediate the impacts of the cyber attacks, the Biden administration said today. […]
President Biden today issued executive orders (EO) that blame, shame, and sanction the Russian government for perpetrating the SolarWinds Orion supply chain cyber attacks, and interfering with U.S. elections, among other transgressions. […]
According to Civilian Deputy for the Defense Information Systems Agency (DISA) Services Directorate (SE) Jeff VanBemmel, securing connections is one of the bigger challenges Defense Department Information Networks (DODIN) are facing today after years of a “castle-defense mentality.” […]
In a letter to top Federal cybersecurity experts, Homeland Security and Governmental Affairs Chairman Sen. Gary Peters, D-Mich., and Sen. Rob Portman, R-Ohio, ranking member on the committee, are requesting information on how U.S. cyber defenses were unprepared for the recent SolarWinds Orion and Microsoft Exchange compromises and on the limitations of the EINSTEIN system. […]
Department of Homeland Security (DHS) Secretary Alejandro Mayorkas on March 31 previewed six “sprints” planned by DHS and its Cybersecurity and Infrastructure Security Agency (CISA) component throughout 2021 to bolster Federal cybersecurity across a range of areas including ransomware, industrial control system (ICS) security, and workforce development. […]
Cybersecurity experts stressed this week that Federal agencies must keep stay focused on future threats and on moving toward adoption of zero trust security concepts, although they acknowledged that the latter tasks is “easier said than done.” […]
The Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program is under internal review at the Pentagon with an eye toward “potential improvements” to implementation of the program, a DoD spokesperson confirmed to MeriTalk. […]
When it comes to modernization and innovation for Federal agencies, the U.S. Air Force (USAF) is emphasizing that software and cybersecurity are foundational to its digital modernization strategy. […]
The National Institute of Standards and Technology (NIST) has released draft guidance to help local election officials reduce the risk of cyberattacks on election systems, and is seeking public comment on the draft. […]
A group of bipartisan senators wrote a letter to Jennifer Granholm, Department of Energy (DOE) secretary, to voice their support for keeping the Office of Cybersecurity, Energy, Security, and Emergency Response (CESER). […]
As adversaries from overseas continue to threaten the cybersecurity of U.S. companies and organizations, National Security Agency (NSA) director and U.S. Cyber Command (CYBERCOM) chief Gen. Paul Nakasone told senators today that Defense Department (DoD) agencies need to be able to operate more freely within the U.S. to deal with those threats swiftly. […]
Sen. Ed Markey, D-Mass., and Rep. Ted Lieu, D-Calif., reintroduced the Cyber Shield Act, which would create a voluntary system to certify cybersecurity protections for internet of things (IoT) devices. […]
The Department of Homeland Security (DHS) is seeking comments on an Information Collection Request (ICR) to the Office of Management and Budget (OMB) to allow DHS to assist executive branch agencies in collecting cybersecurity vulnerability information and post the information on their own agency websites. […]
The Department of Labor (DOL) must clarify whether plan administrators are responsible for mitigating cybersecurity risks and set minimum expectations for protecting personally identifiable information (PII), a report by the Government Accountability Office (GAO) said. […]
The nine Federal agencies whose networks were compromised in the Russia-backed hack via SolarWinds Orion products are close to finishing their remediation reviews, and the government is planning new deployments of unspecified security and IT modernization technologies to avoid a repeat of the intrusions, a senior Biden administration official said during a background briefing on March 12. […]
A bipartisan group of legislators introduced has the Department of Homeland Security (DHS) Industrial Control Systems Enhancement Act of 2021. The legislation will solidify the Cybersecurity & Infrastructure Security Agency’s (CISA) lead role in protecting critical infrastructure – particularly industrial control systems (ICS) – from cyber threats. […]
The Cybersecurity and Infrastructure Security Agency (CISA) announced that it will begin overseeing the .gov top-level domain (TLD) in April 2021, with a mandate to enhance security for the domain which is considered critical infrastructure. […]
The Department of Homeland Security (DHS) issued a draft request for proposal (RFP) searching for a Cybersecurity Compensation System Support Services. […]
Sec. of Defense Lloyd Austin announced that President Joe Biden has made a slew of appointments at the Pentagon, including two in the cyber realm. […]
Government agencies and the private sector will spend $100 billion or more to recover from the SolarWinds hack, which went undetected for at least nine months and may have compromised 18,000 government and private sector organizations using SolarWinds Orion software. Even if breached organizations successfully mitigate the damage from SolarWinds, they know adversaries aren’t going to stop trying to get in. If they plug one vector of attack, the adversary will find another to exploit. […]
Department of Homeland Security (DHS) Secretary Alejandro Mayorkas on Feb. 22 announced several steps to help meet President Biden’s goal to advance cybersecurity in the Federal government, including increasing spending to improve cybersecurity in some areas. […]
The Department of Justice (DoJ) announced it has indicted three North Korean military hackers as part of a series of cyberattacks intended to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and companies. […]
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and the Treasury Department have issued a joint cybersecurity advisory about North Korean malicious activity known as “AppleJeus.” […]