How can the U.S. deter adversaries and impose costs on enemies launching cyberattacks against the country? With new strategies and policies opening up room for more aggressive responses, the best defense just might be a good offense, Federal cybersecurity leaders discussed Thursday. […]
The Professional Services Council told Federal CIO Suzette Kent in an Oct. 24 letter in response to the Office of Management and Budget’s request for comments on the 2018 Federal Cloud Computing Strategy that it “supports efforts to build on the 2011 Federal Cloud Computing Strategy, the ‘Cloud First’ policy, to help Federal agencies leverage commercial solutions to provide the best services at best value to the American people.” […]
The Department of Homeland Security (DHS) is focusing intently on a range of activities to help ensure the security of next week’s mid-term congressional elections, DHS officials said today at an event organized by Fifth Domain. […]
While the National Cyber Strategy released by the Trump administration in September may not include many differences in policy compared to the prior version from 2015, the real change comes in the shift from policy to action, including an implementation plan for the National Cyber Strategy, said Grant Schneider, the Federal government’s chief information security officer, on Thursday. […]
The Department of Justice (DoJ) on Tuesday announced charges against Chinese government intelligence officers Zha Rong and Chai Meng, among others, for conspiring to steal intellectual property, confidential business information, and technological data from companies in the U.S. and European commercial aviation industry. […]
The Department of Homeland Security on Oct. 30 announced launch of the Information and Communications Technology (ICT) Supply Chain Risk Management Task Force, which the agency said is charged with developing “consensus recommendations” to identify and manage risk to the global ICT supply chain. […]
The U.S. Air Force announced Monday that it selected Northrop Grumman for a $54.6 million contract to provide U.S. Cyber Command with a unified platform that manages cybersecurity processes–both offensive and defensive operations. […]
The incidence of ransomware attacks in the U.S. has leveled off since 2017 for a variety of reasons, including improved defenses by targeted organizations that have made such attacks less profitable for perpetrators, experts said Tuesday at the 2018 Symantec Government Symposium. […]
The Defense Department is lending assistance to the Department of Homeland Security as DHS works to protect election infrastructure in the run-up to next week’s mid-term congressional elections, said Ed Wilson, Deputy Assistant Secretary of Defense for Cyber Policy, on Tuesday at the Symantec 2018 Government Symposium. […]
Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at the Department of Homeland Security, said today that the new update to Federal Information Security Modernization Act (FISMA) guidance will place even more accountability on department leaders and reflects an evolution in discussions between agencies and DHS. […]
Thomas Hicks, commissioner of the U.S. Election Assistance Commission, said today that EAC has developed a set of voluntary voting system guidelines to aid local election authorities, but the commission currently lacks a quorum to vote on the standards and distribute the guidance to localities. […]
The Congressional Budget Office (CBO) reported Friday that S. 3437, the Federal Rotational Cyber Workforce Program Act of 2018, would cost less than $500,000 a year to implement. […]
Paras Jha, one of three people responsible for the Mirai Botnet, was ordered on Friday to pay $8.6 million in damages and serve six months of house arrest after pleading guilty to violating the Computer Fraud & Abuse Act (CFAA) in Federal district court in New Jersey. […]
In a letter released Thursday, Sen. Mark Warner, D-Va., called on the Federal Trade Commission (FTC) to investigate the “prevalence of digital advertising fraud and inaction by Google to curb these efforts.” […]
Cybersecurity experts are gearing up to cut an illuminating path through the tangled cybersecurity threats and solutions landscape at Symantec’s Government Symposium on Oct. 30 at the Marriott Marquis in Washington, D.C. […]
The Department of Energy Office of Inspector General released a report on Oct. 19 that found several weaknesses in the cybersecurity program at DoE in fiscal year 2018, including recurring issues in vulnerability management, patching, and formal cybersecurity training policies. […]
The answer to that question is “yes,” according to a white paper released today by New America, a non-partisan think tank. The white paper argues that while the United States has been engaged in cybersecurity for more than a generation, there are still “organizational and human gaps” that leave the country insecure. […]
After some fits and starts, Federal agencies are gaining ground in efforts to better secure their websites and email systems by employing HTTPS encryption, and installing the Domain-based Message Authentication, Reporting and Conformance (DMARC) anti-phishing protocol, among other measures […]
The General Services Administration aims to use data analytics to detect if requests for information and proposals for IT products meet section 508 compliance requirements, according to Marina Fox, .gov domain services program manager at GSA. […]
The Department of Homeland Security (DHS) shared details on its Cyber Risk Economics Capability Gaps Research Strategy, which is part of its Cyber Risk Economics (CYRIE) program, in a blog post on Tuesday. […]
Former Department of Defense officials today offered mostly positive reviews of the current administration’s approach to cybersecurity–including the National Cybersecurity Strategy and the DoD Cyber Strategy–while taking note of the risks posed by more offensive-minded leanings featured in those policies. […]
In an effort to halt the spread of election disinformation online, United States Cyber Command (USCYBERCOM) is telling Russian operatives that American operatives have identified who they are and are tracking their efforts. The campaign is the first known overseas cyber operation to protect American elections, according to the New York Times which first reported the story. […]
Yahoo, which is now owned by Verizon, has agreed to pay $50 million in damages, plus about $35 million in legal fees, under a proposed civil settlement covering data breaches in 2013 and 2014 that impacted three billion Yahoo accounts, according to numerous press reports. […]
Leaders at defense and intelligence agencies have a unique challenge–how to build a cloud environment that is secure, reliable, and delivers a wide variety of services. […]
Department of Homeland Security Under Secretary Christopher Krebs said today that the biggest change in election security between the 2016 elections and today is the elimination of communication barriers between state and local authorities and the Federal government. […]
Federal cyber pros at Palo Alto Networks’ Federal Ignite conference weighed in today on the cost of cybersecurity and its return on investment, suggesting that government spend may not be properly configured to the risks, threats, and real assets that need to be protected. […]
The National Association of State Chief Information Officers (NASCIO), in partnership with Deloitte, today released its new cybersecurity study which argues CISOs need to launch three “bold initiatives” to ward off advanced cyber threats. […]
Super Micro Computer told customers in an Oct. 18 letter that the gist of a recent Bloomberg Businessweek article–reporting the alleged secret implantation of malicious computer chips in motherboards made by the company and used by numerous U.S. companies and government agencies–is “wrong,” and that “from everything we know and have seen, no malicious hardware chip has been implanted during the manufacturing of our motherboards.” […]
The General Services Administration’s Office of Inspector General said in a report issued Oct. 19 that it wants GSA’s IT Office (GSA IT) to provide a revised corrective action plan to improve the agency’s policies for responding to breaches of personally identifiable information (PII). […]
The Department of Health and Human Service’s Center for Medicare and Medicaid Services (CMS) reported a data breach of its HealthCare.gov site, with the attacker accessing the files of about 75,000 people, the agency said in a statement released Friday. […]