For decades, Federal chief information security officers (CISOs) focused on protecting a traditional perimeter and the users within. Today, however, they recognize that there are a seemingly endless number of third-party partners, vendors, and customer accounts, as well as service accounts – accounts which are either not directly tied to employees, or non-human accounts– which could result in compromises. […]
While the Federal government certifies cloud vendors as secure through the General Services Administration’s (GSA) Federal Risk and Authorization Management Program (FedRAMP), an official at the Government Accountability Organization (GAO) shared striking statistics about agencies going outside of the program for cloud vendors, which can lead to vulnerabilities. […]
A secure software supply chain has become essential to fulfilling government missions. Massive cyberattacks like SolarWinds highlight the serious risks to the enterprise that insecure software can create. […]
The Treasury Department has issued another update in its search for a vendor for the department’s TCloud enterprise cloud contract. […]
The 14 percent year-over-year budget increase requested by the Biden administration for the Office of Management and Budget (OMB) for Fiscal Year 2022 would be devoted to hiring new career personnel across the agency, including increasing staffing that is critical for IT and cybersecurity oversight across the government. […]
Ransomware was a main focus of concern during a committee nomination hearing today for Chris Inglis to be the nation’s first-ever national cyber director. Amidst a rising number of recent attacks, Inglis detailed how he would deal with the threat of ransomware while also explaining how he would approach building the nation’s cyber policy and approach collaboration if confirmed. […]
The Department of State’s Foreign Service Institute (FSI) is looking for a cloud-based platform to deliver foreign service training. […]
The Senate voted late on June 8 to approve the much-amended U.S. Innovation and Competition Act of 2021, by a margin of 68-32. […]
The White House today released the first fruits of a February executive order that has Federal agencies looking at ways to improve supply chain security in several key critical infrastructure areas. […]
Secretary of Defense Lloyd Austin signed and approved the Department of Defense’s (DoD) Joint All Domain Command and Control (JADC2) strategy document last month, marking an official start to the marathon to implement the data-sharing strategy across the military, the Pentagon said at a June 4 press conference. […]
The Biden administration is pushing hard to help fight the rise of ransomware attacks on private industry, and the White House is taking steps on multiple fronts to work with the private sector to combat the issue. […]
A senior official with the Cybersecurity and Infrastructure Security Agency (CISA) said today the Federal government’s process of modernizing its IT systems to achieve better cybersecurity may be a decades-long process. […]
The Department of Justice (DoJ) and Microsoft are arguing for a shorter duration of any further legal proceedings before the U.S. Court of Federal Claims over the Defense Department’s (DoD) Joint Enterprise Defense Infrastructure (JEDI) cloud services contract it re-awarded to Microsoft last year. […]
President Joe Biden and Vice President Kamala Harris submitted the President’s Fiscal Year (FY) 2022 budget request to congress which includes $715 billion of which is allocated for the Department of Defense (DoD) to bolster the Pentagon’s technological capabilities, among other objectives. […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are looking into last week’s spear-phishing campaign targeting the United States Agency for International Development (USAID), and have not found any “significant impact” to Federal agencies, according to a May 28 joint statement. […]
The United States Agency for International Development (USAID) was the victim of a May 25 spear-phishing campaign that carried all the hallmarks of a state-sponsored attack, Microsoft said yesterday. […]
The recent Colonial Pipeline hack has made more people aware of the threats that lurk in cyberspace, and Sen. Angus King, I-Maine, says it’s time for the government to develop a new relationship with the private sector on cybersecurity and take an all-of-society approach to protecting critical infrastructure. “The private sector has been very reluctant […]
In light of the recent Colonial Pipeline ransomware attack, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) released a new directive requiring all critical pipeline owners and operators to report cyberattacks, DHS announced today. […]
Reps. Ted Lieu, D-Calif., and Nancy Mace, R-S.C., led a bipartisan group of legislators in reintroducing the Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act. […]
Federal CIO Clare Martorana today laid out her vision for civilian government-wide Federal IT improvements that match up broadly with many of the larger goals outlined in projects and spending priorities announced earlier this month for the recent $1 billion cash infusion into the Technology Modernization Fund (TMF). In her first extended public policy address […]
With the Colonial Pipeline ransomware attack adding to the count of high-profile cyberattacks to make news in the past six months, members of Congress focused in on how the United States can deter such attacks, as well as how to attract talent to the cyber workforce, at a May 14 House Armed Services subcommittee hearing. […]
Federal agency progress in implementing the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program would benefit from a kick-start from Congress in the form of more funding for the program, along with money for agencies that have to pay for the additional security capabilities on an ongoing basis. […]
The General Services Administration (GSA) is seeking industry feedback through a request for information (RFI) on a governmentwide cloud acquisition strategy and blanket purchase agreement (BPA). […]
Tech-sector reaction to the White House’s sweeping cybersecurity executive order issued May 12 came in largely positive today, with security technology makers particularly applauding the urgency of the administration’s plans, the enterprise-wide view that the order takes for improving security, and its actions to hasten the movement of Federal agencies to cloud services. […]
Acting Cybersecurity and Infrastructure Security Agency (CISA) Director Brandon Wales said today the government is concerned that the nation is witnessing the prelude to broader-based cyber attacks, and he called on Congress to take action on legislation that would require reporting of cyber incidents to the Federal government. […]
Increased cloud service adoption during the COVID-19 pandemic has enabled the Cybersecurity and Infrastructure Security Agency (CISA) to speed agency migration to new Continuous Diagnostic and Mitigation (CDM) Program dashboards. […]
The White House’s much-anticipated cybersecurity executive order (EO) made public late Wednesday takes an ambitious swing at forcing general improvements to cybersecurity nationwide, but issues its most authoritative directions to the Federal government to modernize IT infrastructure and security concepts and practices. […]
The Department of Agriculture (USDA) is looking to purchase another cloud-based fully integrated phenotyping field rover. […]
The United States and the United Kingdom have issued a joint cyber advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. […]
The Department of Defense’s (DoD) Cybersecurity Maturation Model Certification (CMMC) program is in the process of being rolled out to every contract in the Defense Industrial Base (DIB) over the next five years, and the program is expected to help organizations implement Zero Trust practices, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said May 5. […]