The Department of Justice (DoJ) has launched a coordinated international law enforcement action to disrupt the NetWalker ransomware-as-a-service crimeware product. […]

A new survey released by MeriTalk and Splunk finds that public sector IT decision makers are increasingly planning around zero trust security concepts, with that thinking driven by current and future requirements for telework capabilities, among other security management needs. However, agencies face challenges in migrating to zero trust, including the need to invest in foundational technologies, according to findings from the survey of 150 Federal IT decision makers and 150 state, local, and higher education (SLED) IT decisionmakers on their agencies’ efforts around zero trust. […]

The Cybersecurity and Infrastructure Security Agency (CISA) warned today that threats to government networks caused by previously reported breaches of SolarWinds Orion products pose a “grave risk” to Federal government, state, tribal and territorial governments, critical infrastructure entities, and other private-sector organizations. […]

The Continuous Diagnostics and Mitigation (CDM) program won praise from tech-sector officials at MeriTalk’s CDM Central virtual conference on Dec. 3. for its mostly unheralded work in helping Federal agencies make quick fixes to security during this year’s coronavirus pandemic. CDM Program Manager Kevin Cox offered insights as part of MeriTalk’s CIO Crossroads program in June into how his office jumped in to help agencies in need. […]

A catalyst for change, the transition to “maximized telework” forced agencies to rapidly modernize their approach to IT. But how is the need for modernization affecting cyber strategies, like the adoption of zero trust? […]

The Continuous Diagnostics and Mitigation (CDM) program – the Federal government’s primary program to improve civilian agency cyber security – is running short on money and putting its four prime contractors on half rations until the funding situation improves. […]

The U.S. Department of Energy (DoE) has launched the Operational Technology (OT) Defender Fellowship, which is intended to help strengthen critical infrastructure cybersecurity. […]

The U.S. Army has launched Hack the Army 3.0, a bug bounty program that is intended to help safeguard the Department of Defense (DoD) and Army networks, systems and data. […]

The General Services Administration’s (GSA) mismanagement of Federal contract employees Personal Identity Verification (PIV) cards has put GSA personnel, Federal property, and data at risk, according to a report from the Office of Inspector General’s (OIG). […]

Confirmation of the appointment of Camilo Sandoval as the new Federal CISO has emerged in the form of his listing on the Office of Management and Budget’s (OMB) CIO.gov website as holding the Federal CISO title. […]

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), announced Oct. 30 that it has awarded $2 million to an initiative that will build a national network of cybersecurity technical institutes. […]

Simple, easy to guess passwords are the scourge of cybersecurity staff. On the flip side, many users struggle to remember lengthy and complicated passwords that pass muster with cybersecurity standards. To help bridge the gap between security and useability, Carnegie Mellon’s CyLab Security and Privacy Institute has developed a policy for creating passwords. […]

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) are warning hospitals and the public health sector at large that they face an “imminent” threat of malware attacks. […]

John Sherman, Principal Deputy CIO at the Department of Defense (DoD), said Oct. 28 that the Pentagon is making progress with IT modernization activities for the parts of the agency known as “the Fourth Estate” – offices that are not military services or intelligence community agencies. […]

The Defense Department’s (DoD) current interim rule for the Cybersecurity Maturity Model Certification (CMMC) will take full effect on December 1, said Katie Arrington, CISO for DoD’s acquisition office, at an October 28 virtual event organized by C4ISRNET. […]

The Department of Defense (DoD) Office of Inspector General (OIG) is canceling its audit of corrective actions taken by DoD in response to cybersecurity vulnerabilities identified during operational testing and evaluation of acquisition programs, citing the COVID-19 pandemic. […]

A bipartisan Senate bill introduced Oct. 21 would make clear the authority of state governments to deploy their National Guard resources to help state and local governments improve their cybersecurity infrastructure and services. […]

As the seriousness of the coronavirus pandemic became apparent early this year, the first matter of business for the Federal government was simply getting employees online and ensuring they could carry on with their critical work and missions. This is a unique challenge in the government space due to the sheer size of the Federal workforce and the amount of sensitive data those workers require – everything from personally identifiable information to sensitive national security information. And yet, the Department of Defense, for one, was able to spin up secure collaboration capabilities quite quickly thanks to the cloud, while the National Security Agency recently expanded telework for unclassified work. […]

The Department of Justice announced today that it indicted six computer hackers – all of them Russian nationals and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU) – for their alleged roles in a wide range of government-sponsored cyber attacks. […]

Reps. Jim Langevin, D-R.I., and Doris Matsui, D-Calif., introduced a bill Oct. 16 to improve cybersecurity at K-12 schools. The Enhancing K-12 Cybersecurity Act would work to promote more access to security information, better track attack trends, and increase the number of cybersecurity experts in schools. […]

Communication, collaboration, and coordination are being touted as the keys to success for teleworking during the coronavirus pandemic, but the best frameworks for cyber defense in these modern times may end up coming from old teachings. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) Trusted Internet Connections (TIC) 3.0 guidance has taken center stage this year not only as a long-planned policy evolution, but also as a potential life-saver for Federal agencies to employ new use cases applicable to their need to implement wide-ranging and long-lasting telework. […]

MeriTalk recently spoke with Bobby McLernon, Vice President of Federal Sales, Axonius, on the importance of cybersecurity asset management, current asset visibility challenges, and lessons learned from public-private sector collaboration. […]

Threat detection and response services provider Trustwave has launched its Trustwave Fusion platform on Amazon Web Services GovCloud – letting Federal agencies and government contractors take advantage of the cloud-native cybersecurity platform to combat ever-changing security threats. […]

Nearly two years into an ambitious overhaul of the National Oceanic and Atmospheric Administration (NOAA) Cyber Security Center (NCSC), brighter horizons are in sight for the agency in the form of improved cyber analytics capabilities. From the start, NOAA took a holistic approach to the NCSC transformation that encompasses people, process, and technology – in equal parts. […]

The Cybersecurity and Infrastructure Security Agency (CISA) announced July 28 the second annual President’s Cup Cybersecurity Competition. Registration is open to any Federal Executive branch employee, including Department of Defense (DoD) and uniformed service members, with a knack for cybersecurity. Individuals can either register solo or as part of a team. […]

Congress is looking to hammer out its next COVID-19 relief bill in the coming weeks and it looks like it will be a contentious negotiation. As part of its opening salvo, Senate GOP leadership released their policy proposal on July 27. […]

Securing the software supply chain is a “major source” of national security risk for both public and private-sector organizations, a new report from the Atlantic Council argues. […]

The Cybersecurity and Infrastructure Security Agency (CISA) announced today that it has added two cybersecurity experts to support the agency’s COVID-19 response efforts.  […]

As cyber and financial crimes become increasingly intertwined, the Secret Service announced that it is merging its Electronic Crimes Task Force and Financial Crimes Task Force into a single task force, which will be known as the Cyber Fraud Task Force. […]