Efforts by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) to invest in real-time information sharing capabilities are keying the Biden administration’s campaign to improve industrial control systems (ICS) cybersecurity, CISA and NSA officials said this week. […]
A new memo from the Department of Defense (DoD) is encouraging the use of a continuous Authorization To Operate (cATO) under the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) – instead of a point-in-time ATO – to serve as the “gold standard” for systems’ cybersecurity risk management. […]
A bipartisan group of senators is urging the Securities and Exchange Commission (SEC) to increase transparency in cybersecurity incident reporting requirements for public companies overseen by the SEC. […]
The General Services Administration is going on the hunt for a permanent director to lead its Login.gov effort and oversee deployment of the $187 million Technology Modernization Fund (TMF) award GSA got for the project last year. […]
The Department of Defense’s (DoD) F-35 Lightning II Joint Program Office (JPO) Cyber Team seeks to advance its cyber capabilities to better protect against cyber threats and increase mission assurance. […]
While the Office of the National Cyber Director (ONCD) is still the new kid on the block in Federal cybersecurity policy circles, National Cyber Director Chris Inglis said this week that his office’s success ultimately will hinge on whether it can unite policy, people, and doctrine to act as a viable collaborator with the Federal government and private industry. […]
After reviewing the cyberattack trends from 2021, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory with the FBI and other international security partners warning of the rising global threat of ransomware and gave mitigation and remediation advice. […]
Internal Revenue Service (IRS) Commissioner Charles Rettig told Sen. Maggie Hassan, D-N.H., in late December that the IRS needs more money and changes to the tax code to better prevent and prosecute criminal uses of cryptocurrency, which has emerged in recent years as a favored medium of exchange involving ransomware and other cyber attacks. […]
Federal law enforcement seized more than $3.6 billion in stolen cryptocurrency directly linked to the 2016 hack of virtual currency exchange Bitfinex, and have arrested a husband and wife from New York allegedly connected to the stolen bitcoins. […]
In the wake of the discovery and remediation efforts surrounding the Log4shell vulnerability in the Apache library that contains Log4j, the Cybersecurity and Infrastructure Security Agency (CISA) called for efforts to push forward a software bill of materials (SBOM). Those calls were reiterated today at a Senate hearing on the vulnerability by industry witnesses involved in remediation efforts. […]
The National Oceanic and Atmospheric Administration (NOAA) inadequately managed three active directories, increasing the risk of cyberattacks and jeopardizing NOAA’s ability to accomplish its mission. […]
Leadership of the Senate Homeland Security and Governmental Affairs Committee has introduced a package bill in the Senate that would update both the Federal Information Security Management Act (FISMA), which sets cybersecurity requirements for Federal agencies, and codify the Federal Risk and Authorization Management Program (FedRAMP) that certifies cloud services as secure to use for Federal government agencies. […]
The National Security Agency (NSA) released its “2021 NSA Cybersecurity Year in Review” report that highlights a year filled with increased collaboration with industry experts to mitigate cyber threats. […]
The National Institute of Standards and Technology (NIST) has published five directives identifying practices that enhance security of the software supply chain. […]
In their efforts to help shrink the cyber workforce shortage, officials from the Office of the National Cyber Director (OCND) and the Cybersecurity and Infrastructure Security Agency (CISA) are emphasizing the need for collaboration and creation of a more robust culture of cybersecurity – starting with K-12 education on up. […]
Bipartisan legislation introduced in both the House and Senate would direct the Department of Labor to award grants aimed at increasing access to registered apprenticeship programs in cybersecurity. […]
The Cybersecurity and Infrastructure Security Agency (CISA) will sponsor the first-ever U.S. Cyber Team, which will compete in the International Cybersecurity Challenge (ICC) this June in Greece. […]
In a reorganization of responsibilities, the Department of Defense (DoD) has put the Cybersecurity Maturation Model Certificate (CMMC) program under the oversight of the DoD’s Office of the CIO (OCIO), a shift from being the responsibility of the Under Secretary of Defense for Acquisition and Sustainment (A&S), according to a Feb. 3 release. […]
The Department of Homeland Security (DHS) has officially formed the Cyber Safety Review Board called for in President Biden’s Cybersecurity Executive Order issued last year, and said the board’s first action will be to examine the log4j software library vulnerability that emerged in December 2021 and to generate lessons learned from that for the cybersecurity community. […]
The Senate Homeland Security and Governmental Affairs Committee on Feb. 2 voted to approve the Improving Cybersecurity of Small Organizations Act of 2021 (S. 2483), which would require the Cybersecurity and Infrastructure Security Agency (CISA) to maintain and promote cyber guidance for use by small organizations. […]
The Federal Communications Commission (FCC) announced that FCC Chair Jessica Rosenworcel will lead the relaunched Cybersecurity Forum for Independent and Executive Branch Regulators. […]
The House of Representatives waded into the final stages of debate today in its consideration of the America Creating Opportunities for Manufacturing, Pre-Eminence in Technology and Economic Strength Act of 2022 (COMPETES). […]
An annual report from the Defense Department’s (DoD) Director for Operational Test and Evaluation (DOT&E) has found the Military Health System (MHS) GENESIS – DoD’s new electronic health records management (EHRM) system – was not deemed to be survivable in a cyber-contested environment following reviews in 2020 and 2021. […]
Rep. Jim Langevin, D-R.I., said he is eyeing a universe of about 100 private sector firms that he considers to be “systemically important” critical infrastructure providers as he completes work on legislation that will call for closer collaboration between the Federal government and those companies on cybersecurity and related intelligence sharing. […]
Third-party auditors found several deficiencies in the Department of Labor’s (DoL) information security program and determined it was not effective. […]
The House Oversight and Reform Committee today approved by voice vote legislation that would update the Federal Information Security Modernization Act (FISMA). The committee’s vote sends the legislation to the full House of Representatives for consideration. […]
Ransomware and supply chain attacks dominated the news in 2021, and experts expect them to persist and continue to converge in 2022. Government agencies, suppliers, and other target organizations must evolve their own cybersecurity techniques to stay ahead of attackers, says Sam Curry, chief security officer at Cybereason. In the first episode of MeriTV’s new Fix Fed IT series, Curry takes stock of the ransomware-supply chain attack convergence and outlines actions that organizations can take to protect themselves. […]
With Federal employees accessing critical information, systems, and applications from anywhere, the mindset has shifted to never trust and always verify. Federal security experts explained that this shift put a focus on a new critical aspect of a zero trust architecture – identity management. […]
The Office of Management and Budget’s (OMB) finalized zero trust directive issued last week sets the stage for the first steps in implementing zero trust security architectures at Federal agencies, but a lot more work remains in the pursuit of that goal, a panel of Federal security experts agreed during an ATARC virtual event on Feb. 1. […]
A new report from the National Academy of Public Administrators (NAPA) is emphasizing the pressing need for a national cyber workforce development strategy and recommends that the Office of the National Cyber Director (ONCD) be in charge of developing the strategy. […]