While a total ban on ransom payments to hackers remains “the ultimate goal” for cybersecurity experts, critical infrastructure organizations need stronger cybersecurity resilience before that happens, former acting National Cyber Director Kemba Walden told lawmakers on April 16. […]

The head of the Cybersecurity and Infrastructure Security Agency (CISA) said today that the Federal government has a “powerful” ability to mandate security standards for software vendors through its procurement process. […]

A group of industry experts called on Congress this week to enforce minimum cybersecurity standards among healthcare organizations in light of the February ransomware attack on UnitedHealth subsidiary Change Healthcare. […]

As artificial intelligence technologies continue to rapidly evolve, Federal agencies are looking to upskill their AI workforce to keep pace with emerging cybersecurity threats. […]

The former policy lead for the Department of Defense (DoD) under President Barack Obama said Tuesday that while the Biden administration’s National Cybersecurity Strategy (NCS) calls for secure-by-design technology principles, the White House doesn’t actually have the authority to regulate that. […]

Federal Chief Information Security Officer (CISO) Chris DeRusha gave broad credit today to Federal agencies for making marked improvements in cybersecurity over the past few years, and cited the ability of one larger agency – which he did not name – with being able to take particularly quick action in the face of the Ivanti vulnerabilities that the government began warning about in January. […]

The Department of Homeland Security’s (DHS) Cyber Safety Review Board (CSRB) released findings late Tuesday following its independent review of the summer 2023 Microsoft Exchange Online intrusion that attributed the success of the China-based hack to “a cascade of security failures at Microsoft” and an “inadequate” security culture at the company. […]

The Defense Department, General Services Administration, and NASA have issued a final rule amending the Federal Acquisition Regulation (FAR) to add the framework for a new FAR part 40 covering information security and supply chain security. […]

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) published its long-awaited cyber incident reporting rule today for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), requesting public input on the forthcoming regulations. […]

Sen. Gary Peters, D-Mich., chairman of the Senate Homeland Security and Governmental Affairs Committee, is calling on the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) to prioritize cybersecurity efforts in the healthcare sector. […]

The Department of Justice (DoJ) announced today that it has charged seven hackers associated with the People’s Republic of China (PRC) for “malicious” cyberattacks that targeted U.S. government officials, politicians, and companies. […]

Sen. Mark Warner, D-Va. – co-chair of the Senate Cybersecurity Caucus – introduced legislation that would provide financial incentives for healthcare providers to boost their cyber defense by requiring them to meet minimum cybersecurity standards in order to receive accelerated payment in the event of a cyberattack. […]

Following the discovery of a Chinese-based hacking group compromising U.S. critical infrastructure, the White House – in collaboration with the Environmental Protection Agency (EPA) – announced plans this week to form a Water Sector Cybersecurity Task Force. […]

The National Security Agency’s (NSA) Cybersecurity Collaboration Center (CCC) has been “game-changing” for the NSA in terms of gaining unique insights from partners on specific adversaries, according to Morgan Adamski, the chief of the CCC. […]

In response to the evolving threat environment, the Cybersecurity and Infrastructure Security Agency (CISA) is looking to better coordinate cybersecurity operations across the Federal government through a newly released Federal Operational Cyber Alignment Plan, or FOCAL. […]

The Federal Communications Commission (FCC) voted on March 14 to create a voluntary cybersecurity labeling program for wireless internet of things (IoT) devices including home security cameras, internet-connected appliances, fitness trackers, garage door openers, and baby monitors. […]

The Department of Defense (DoD) has issued a final rule with revisions to the eligibility criteria for the voluntary Defense Industrial Base (DIB) Cybersecurity (CS) Program, greatly expanding the number of DIB companies that can participate in the program. […]

The Biden-Harris administration approved a secure software development attestation form on Monday, taking a crucial step towards ensuring Federal contractors provide secure products to the Federal government. […]

The Federal government should provide economic incentives such as tax deductions or Federal grants to critical infrastructure providers and other organizations that adopt cybersecurity best practices, the National Security Telecommunications Advisory Committee (NSTAC) said in a March 7 report. […]

When FITARA was first launched in November 2015, the Department of Education received a big fat “F” on its scorecard – denoting that the agency was failing across its IT and cyber categories. […]

Following a nine-month pilot effort, the Pentagon today officially launched a new model for measuring the cyber readiness of its main network defense command — marking a shift from compliance to operational readiness. […]

Tech policy experts on Capitol Hill said Thursday that the recent AT&T outage across the nation showed the importance of the resiliency of America’s critical infrastructure. […]

The Department of Energy’s (DoE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) announced this week the allocation of $45 million for 16 projects aimed at developing new technologies to prevent cyberattacks and reduce energy disruptions from cyber incidents. […]

The White House Office of the National Cyber Director (ONCD) released a report today calling on the technical community to proactively reduce the attack surface in cyberspace by adopting memory safe programming languages and developing better cyber diagnostics. […]

The Cybersecurity and Infrastructure Security Agency (CISA), Environmental Protection Agency (EPA), and FBI published a joint fact sheet on Feb. 21 outlining the top cybersecurity actions water and wastewater systems sector (WWS) entities can take to improve their cyber resiliency. […]

Cybersecurity services provider CrowdStrike is taking a look into 2024 and seeing plenty of work to be done defending against sophisticated attacks driven by artificial intelligence technologies, along with defending the integrity of elections.  […]

President Biden signed a new executive order (EO) today that looks to strengthen the cybersecurity of our nation’s ports, as well as bolster maritime cybersecurity and supply chains more generally. […]

The Department of Justice (DoJ) and FBI, along with the U.K. National Crime Agency’s (NCA) Cyber Division and other international law enforcement partners, announced today that they have disrupted the LockBit ransomware group – one of the most active ransomware groups in the world. […]

Department of Defense (DoD) Chief Information Officer (CIO) John Sherman has released new cybersecurity guidance on information sharing, best practices, and training for international partners looking to develop their cybersecurity standards and procedures. […]

Who are your favorite Cyber Defenders – the security leaders both in the Federal government and tech industry who are going above and beyond in advancing the mission, leading cybersecurity modernization, and defending against threats? […]