The White House’s Office of the National Cyber Director (NCD) has made a few new recent hires to staff up the office and support the office’s mission. […]
The White House’s Office of Management and Budget’s (OMB) zero trust memo issued earlier this year, M-22-09, directed Federal agencies to migrate to zero trust security architectures, but a White House official this week said agencies’ success in that effort will look different for the policy’s various directives. […]
The House Appropriations Homeland Security Subcommittee today approved a homeland security budget print for fiscal year (FY) 2023 that includes $2.93 billion for the Cybersecurity and Infrastructure Security Agency (CISA), representing a $334 million increase from FY2022 and a $417 million increase over the requested amount. […]
Preparing for a potential cyberattack enables agencies to regain the use of critical systems and infrastructures as soon as possible after a crisis. However, according to Federal leaders, the human element of any cyber preparedness plan remains a top challenge. […]
The United States Cyber Command (CYBERCOM) is responsible for the nation’s joint cyber warfighting architecture, and its executive director said this week that additional budget authorities extended to the command under the fiscal year (FY) 2022 National Defense Authorization Act (NDAA) will allow for more aligned joint training and advanced training of cyber operators, according to the CYBERCOM Executive Director. […]
The House Committee on Energy and Commerce today voted to approve the Spectrum Innovation Act of 2022 (H.R. 7624) which will provide clarity on the auctioning of low gigahertz spectrum mandated by the Infrastructure Investment and Jobs Act, while also directing up to $3.4 billion of proceeds from the auction to help pay for communications service providers to “rip and replace” untrusted IT equipment from their networks. […]
The House Appropriations Subcommittee on Defense voted to approve today by voice vote a full-committee draft released earlier this week for proposed fiscal year 2023 defense funding, including includes $11.2 billion for cybersecurity, cyberspace operations, and cyber research and development. […]
As the exclusive assessor partner for the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program, the Cybersecurity Maturity Model Certification Accreditation Body has worked to make itself an accessible partner for the Defense Industrial Base. […]
As Federal and state government agencies face growing cyber threats, the Department of Justice (DoJ) must improve its coordination with other Federal agencies on cybersecurity requirements and assessments of state agencies to better manage fragmentation of that process, the Government Accountability Office (GAO) said in its latest annual open priority recommendations report to the agency. […]
The Government Accountability Office (GAO) said in a new report that the Social Security Administration (SSA) still needs to improve its cybersecurity by addressing how it coordinates with states and other Federal agencies. […]
While the Cybersecurity and Infrastructure Security Agency (CISA) is working to make progress on numerous discrete security policy directives and projects that it has been handed in recent years, a top agency official explained today that the higher-level goals uniting most of those tasks boil down to the government and the private sector achieving much greater visibility into cyber threats and how to defend against them, and not leaving organizations to defend against threats on their own. […]
After a releasing an op-ed with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly last week that called CISA’s “Shields Up” campaign a new baseline for cyber defenses, National Cyber Director Chris Inglis said today that the cost of entry for cyber attackers is still too low to create stout deterrence. […]
The House on June 8 voted to approve a bill that would require the Food and Drug Administration (FDA), among other tasks, to ensure cybersecurity throughout the lifecycle of medical devices and make sure that device makers meet minimum cybersecurity requirements set by the agency. […]
The Department of Energy (DOE) needs to develop a comprehensive approach to electric grid resiliency that coordinates disaster response and grid recovery, as well as utilizes lessons learned from prior natural disasters, according to a June 9 report from the Government Accountability Office (GAO). […]
As the Cybersecurity and Infrastructure Security Agency (CISA) continues to grapple with the early stages of a rulemaking process for recently enacted cyber incident reporting legislation, CISA Director Jen Easterly said it will be crucial to develop trust with the private sector so that the law is seen as “value-added” and not a burden. […]
The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA) and the FBI, this week issued a joint advisory warning telecommunications companies and network service providers of People’s Republic of China (PRC) state-sponsored cyber actors that continue to pose a threat to their networks. […]
The fiscal year (FY) 2023 National Defense Authorization Act (NDAA) continued to take shape today as the House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems voted to approve its markup of language related to cybersecurity and other tech matters that likely will be featured in the NDAA. […]
The National Institutes of Standards and Technology (NIST) has finalized new guidance to provide engineers across government and private enterprises with essential design principles for engineering trustworthy secure systems. […]
The Tennessee Valley Authority (TVA) – a federally-owned electric utility serving seven states with power generated from dams on the Tennessee River – is employing vulnerable versions of operating systems in its non-dam control system, according to an audit from TVA’s Office of Inspector General (OIG) which examines cybersecurity controls that system. […]
As the Federal government works through the rulemaking process for the recently signed Incident Reporting legislation that originated in the Senate Homeland Security and Governmental Affairs Committee, witnesses for that same committee today stressed the need for unity among both reporting avenues and standardization of data to help operationalize the data. […]
The Department of Veterans Affairs (VA) Office of Inspector General (OIG) is calling on the agency to address its slow progress in improving its cybersecurity posture, but the VA said a lack of funding causes the agency to lose high-quality IT personnel. […]
As the National Institute of Standards and Technology (NIST) is in the process of updating its Cybersecurity Framework (CSF), it plans to hold a series of workshops and release at least one more draft for public comment before releasing CSF 2.0, according to a NIST blog. […]
Sens. Jacky Rosen, D-N.V., and Todd Young, R-Ind., have introduced legislation aimed at strengthening the cybersecurity of medical devices, and requiring the U.S. Food and Drug Administration (FDA) to review and update its medical device cybersecurity guidelines. […]
As Federal agencies are working to make progress on President Biden’s cybersecurity executive order (EO) and implement zero trust security architectures, agencies and their leaders must have a tight handle on their zero trust implementation plans, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said this week. […]
The Department of Health and Human Services (HHS) still needs to address a pair of open cybersecurity priority recommendations related to cybersecurity coordination and implementation of a cybersecurity framework, according to a new report by the Government Accountability Organization (GAO). […]
Ransomware attacks have increased by 80 percent year-over-year, with a “nearly 120 percent” increase in double-extortion ransomware attacks this year, according to a new report put out by Zscaler entitled ThreatLabz 2022 Ransomware Report. […]
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on June 1 warning about the Karakurt Data Extortion Group which has been conducting online financial extortion exploits via cyber attacks. […]
Smaller state and local governments (SLGs) often do not have the resources to build a robust IT department, and IT experts say cybercriminals often target these smaller agencies because of that reason. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has notified election officials of software vulnerabilities found in Dominion Voting Systems equipment deployed in several states, but also that the agency has found no evidence that those vulnerabilities have ever been exploited. […]
The enduring shift toward at least partial work-from-home arrangements for government employees is creating new workforce possibilities for many agencies, but also new challenges on the technology security front for both Federal and state and local governments, experts said this week. […]