The Office of Management and Budget (OMB) and the Office of the National Cyber Director (ONCD) have issued marching orders to Federal civilian agencies to plan their cybersecurity investments for fiscal year 2024 around several priority goals. […]
The Office of the National Cyber Director (ONCD) has appointed Camille Stewart Gloster as the new deputy national cyber director (NCD) for Technology and Ecosystem Security. […]
Rep. Stephanie Bice, R-Okla., called for members of Congress as a whole to boost their own technology-related credentials so that the Federal government can achieve greater success in tech-related innovation and efficiency. […]
The Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) has issued a new Security Directive, developed with input from industry, for pipeline owners and operators to implement cybersecurity measures. […]
The House Committee on Oversight and Reform has voted to advance the Improving Digital Identity Act, which aims to modernize the United States’ digital identity infrastructure and protect Americans from having their personal information stolen. […]
The Office of Personnel Management (OPM), during a government operations subcommittee of the House Oversight and Reform Committee hearing, said that it wants to work with Congress on developing a cyber workforce plan to compete for cyber talent. […]
To help healthcare organizations protect patients’ personal health information, the National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for the healthcare industry. […]
The Department of Justice (DoJ) has released the final report for its Comprehensive Cyber Review conducted over the last year, highlighting DoJ’s need for stronger collaboration with its partners and allies, as well as the need to prioritize prevention efforts. […]
The White House, along with the Departments of Labor and Commerce, are kicking off a 120-day “sprint” aimed at promoting registered apprenticeships in cybersecurity as a way to begin tackling the persistent cyber workforce shortage in the U.S. […]
New legislation introduced on July 15 by Rep. Eric Swalwell, D-Calif., aims to mandate penetration testing and other proactive cyber defense measures for some Federal agency networks, and to give the National Cyber Director (NCD) the authority to weed out risk conflicts between agencies that have overlapping cybersecurity missions. […]
The Cyber Safety Review Board (CSRB) – in its inaugural report released today – praised the Cybersecurity and Infrastructure Security Agency (CISA) for its response to the ongoing Log4j software vulnerability, and found that to date there have not been any significant Log4J-based attacks on U.S. critical infrastructure. […]
Federal agencies with central roles in executing on President Biden’s May 2021 cybersecurity executive order are taking steps to standardize DevSecOps software development disciplines across government, agency officials said on July 12. […]
Rep. Jim Langevin, D-R.I., one of the leading voices on cybersecurity in Congress, is pushing for an amendment to the FY2023 National Defense Authorization Act (NDAA) to include two items he has long advocated – the creation of a class of a “systemically important” critical infrastructure providers, and the formation of a government Bureau of Cyber Statistics. […]
The Office of Management and Budget (OMB) is working to develop a system that generates trust scores before allowing access to its network or applications, according to the chief information security officer (CISO) of the agency’s Management and Operations Division. […]
To better manage and protect against cybersecurity risks the Environmental Protection Agency (EPA) must establish an enterprise-wide cybersecurity risk assessment framework, the Government Accountability Office (GAO) said in its latest annual priority recommendations report to the agency. […]
The Department of Energy (DoE) said on July 6 that it will prioritize awards under a $2.3 billion power grid modernization grant funding program to include systems at risk of disruptive events including cyber attacks. […]
Developing a cybersecurity risk management strategy would improve the Department of Energy’s (DOE) efforts to manage cybersecurity risks and protect the nation’s electric grid, the Government Accountability Office (GAO) said in its latest annual priority recommendations report to the agency. […]
The Government Accountability Office (GAO) is recommending in a new report that the Defense Department (DoD) adopt a more centralized and “robust” strategy to mitigate a variety of risks faced by Defense Industrial Base (DIB) companies that supply the Pentagon and do a better job keeping track of the results of those mitigation efforts. […]
Rep. Ritchie Torres, D-N.Y., introduced legislation on July 1 that would require the Cybersecurity and Infrastructure Security Agency (CISA) to investigate and report on the impact of the 2020 SolarWinds cyberattack on Federal agency networks and U.S. critical infrastructure. […]
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and Department of the Treasury (DoT) released an advisory on July 6 that attributes ransomware attacks launched against healthcare and public health (HPH) organizations to North Korean state-sponsored organizations. […]
The Department of Justice (DoJ) is targeting increased efforts to fight ransomware-driven cyber attacks – amid a host of other improved cybersecurity approaches – as one of a number of new agency priority goals in DoJ’s 2022-2026 Strategic Plan published on July 1. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has set a deadline of July 22 for Federal civilian agencies to apply Microsoft’s June 2022 Patch Tuesday update. […]
The Cybersecurity and Infrastructure Security Agency (CISA), FBI, Treasury Department, and the Financial Crimes Enforcement Network (FinCEN) have released a joint cybersecurity advisory warning of MedusaLocker targeting vulnerabilities in Remote Desktop Protocol (RDP) to conduct ransomware attacks. […]
A cyberattack on IT services provider Geographic Solutions, Inc. (GSI) has disrupted the provision of unemployment and workforce benefits for thousands of people in several states and Washington, D.C. […]
Laura Galante took over last month as director of the Cyber Threat Intelligence Integration Center (CTIIC), according to her LinkedIn account. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance for users of Microsoft Exchange Online to switch from Basic Authentication, or “Basic Auth,” to Modern Authentication, or “Modern Auth” – which supports multi-factor authentication (MFA) – by the beginning of October. […]
The North Atlantic Treaty Organization (NATO) declared on June 29 its adoption of a new “strategic concept” that names Russia as the “most significant and direct threat” to NATO allies’ security and stability, wraps cybersecurity initiatives more tightly into the alliance’s strategy, and establishes a Defense Innovation Accelerator “to bolster our technological edge.” […]
Federal cybersecurity leaders argued against the effectiveness of cyber insurance as a way to alleviate financial burdens associated with ransomware attacks during a hearing of the House Homeland Security Committee’s panel on intelligence and counterterrorism on June 28. […]
U.S. Cyber Command (USCC) wants more technology organizations on the front lines of the global cybersecurity effort to improve defensive capabilities and share threat data with the government, a senior official from the command said on June 27. […]
The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), along with international partners, published guidance last week for cyber defenders that advises them to not remove PowerShell – Microsoft’s built-in command-line tool with Windows – but to properly configure it. […]