The Department of Defense (DoD) has taken steps to fully implement cybersecurity requirements for controlled unclassified information (CUI), however, none of the DoD components were fully compliant on that front as of January 2022, according to a recent Government Accountability Office (GAO) report. […]

National Cyber Director Chris Inglis said he views the current cybersecurity threat landscape as an evolution that is increasingly impacting confidence in systems, rather than just focusing on critical functions or data. […]

The in-person forum – at the Marriott Marquis in Washington, D.C., from 8:00 a.m. to 6:00 p.m. – will host bipartisan leaders from Congress, the Biden administration, and America’s tech industry to examine the most pressing problems facing citizens in our democracy, and map out creative solutions from the nexus of policy and technology. Request your invitation today by emailing meritocracy@meritalk.com. […]

MeriTalk research – executed in partnership with RSA Conference, underwritten by Cofense, Keeper Security, Recorded Future, Secureworks, and SentinelOne, and capturing the viewpoints of 100 Federal and 100 private-sector security experts – shows that a whopping 93 percent of respondents believe that public-private partnerships are “vital” to national cyber defense. […]

Federal agencies are balancing evolving security requirements while defending against persistent threats, and the increased use of cyber threat intelligence and information sharing is helping government organizations make faster, more informed decisions to combat malicious activity, according to a National Science Foundation (NSF) technology official. […]

Security information sharing between the Federal government and private sector has been on the rise recently – whether it’s through the Joint Cyber Defense Collaborative, or various Information Sharing and Analysis Centers across the government, to name just a few – and a National Security Agency (NSA) official said this week that increased collaboration is being driven by mission demand and a higher degree of trust between organizations. […]

The Government Accountability Office (GAO) flagged 13 open recommendations for improvement for the State Department as of May 2022 in an annual report on the agency, including recommendations for improving data quality and cybersecurity. […]

Chris DeRusha, who wears the dual hats of Federal Chief Information Security Officer (CISO) and Deputy National Cyber Director for Federal Cybersecurity in the Office of the National Cyber Director, charted some near-term policy goals on the security front during a keynote address on May 19 at MeriTalk’s Cyber Central May 2022 – Mission: Cyber Resilience in-person conference. […]

As President Biden’s cybersecurity executive order (EO) stretches past its first year, Federal agencies are at varied points in their progress on the EO’s orders. Federal leaders say it is important for agencies to approach the EO’s zero trust components strategically and understand their networks as they make the move to a zero trust architecture. […]

As the health care and education sectors have become prime targets for cyberattacks, experts from those sectors expressed their needs on May 18 for more funding and Federal collaboration to better protect the cyber posture of schools and hospitals. […]

The House Committee on Financial Services on May 17 voted to approve an amended version of H.R.7022 – the Strengthening Cybersecurity for the Financial Sector Act of 2022 – and send the bill to the full House of Representatives for consideration. […]

The Cybersecurity and Infrastructure Security Agency (CISA) on May 17 issued a new advisory highlighting how cyber threat-actors are exploiting poor security configurations. […]

The National Aeronautics and Space Administration (NASA) awarded Booz Allen Hamilton a $622.5 million contract to provide Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS), NASA announced May 17.
The contract will have Booz Allen Hamilton supporting NASA’s Office of the Chief Information Officer, providing CyPrESS and related services for the office. According to the release, the CyPrESS contract is the agency’s first enterprise cybersecurity and privacy services contract.
The award is a hybrid indefinite delivery/indefinite quantity contract. The CyPrESS award will also consolidate the cybersecurity and privacy work done under previous enterprise IT contracts and various centers.
The contract has a base period that will run from May 31, 2022, until Sept. 30, 2023, with four option periods that can extend the contract through Sept. 30, 2030. […]

The Cybersecurity and Infrastructure Security Agency (CISA) today issued an emergency directive to Federal government civilian branch agencies running several VMware products to apply updates to those, or remove them from agency networks until updates can be made. […]

Rep. Eric Swalwell, D-Calif., introduced legislation on May 16 that aims to strengthen U.S. cybersecurity protections for Industrial Control Systems (ICS) amid increased Russian cyber threats to ICS targets. […]

The House of Representatives passed the State and Local Government Cybersecurity Act on May 17, which would promote increased cybersecurity collaboration between the Department of Homeland Security (DHS) and state, local, tribal, and territorial governments (SLTT). […]

As the National Institute of Standards and Technology (NIST) works to update its influential Cybersecurity Framework – first issued in 2014 and later updated in 2018 – a NIST official said on May 17 that the agency is leaning on industry feedback as it embarks on the new update. […]

Federal government cybersecurity leaders told House members today that the government has made very significant progress in executing the Biden administration’s cybersecurity executive order (EO) issued a year ago, but also reminded lawmakers that funding is key to continued success in implementing crucial tenets of the order. […]

With $1.3 trillion of investments to infrastructure projects on tap in the Infrastructure Investment and Jobs Act, National Cyber Director Chris Inglis today emphasized the importance of making sure each of those projects are made secure from a cyber perspective. […]

Rapidity of incident response and personnel training are high on the priority list at the Defense Department’s U.S. Transportation Command (TRANSCOM) as it grapples with implementing cybersecurity strategies, a TRANSCOM official said on May 12. […]

Several major technology organizations have pledged more than $30 million to bolster the security of open-source software. […]

Achieving effective cybersecurity relies on experts from all corners of an enterprise – network systems administrators, cloud experts, data stewards, cybersecurity officers, and more. Making all of those parts work right together makes cybersecurity the ultimate team sport, and it requires all levels of an organization to understand and avoid risks to a network, said Steven Hernandez the chief information security officer (CISO) for the Department of Education (DoE). […]

The 107 conferees assigned to hash out the differences between the House and Senate-passed semiconductor manufacturing, innovation, and competition bills met for the first time May 12 to officially kick off the conferencing process and begin to stake out their priorities for the final bill. […]

The United States on May 12 signed onto an expanded version of the Budapest Convention that governs international cooperation against cyber crime, and that in its expanded form will allow for easier collection of cross-border electronic evidence. […]

Larry Grossman, Director of Information Security and Privacy Services at the Federal Aviation Administration (FAA), explained this week that his organization’s priorities for improving cybersecurity run the gamut from the latest in zero trust work, to the more traditional but necessary steps to improve cyber hygiene across the board. […]

The House of Representatives approved a pair of bills May 10 to bolster Federal cybersecurity by creating a Federal cybersecurity rotational workforce program and developing a training program for Federal officials with supply chain risk management responsibilities. […]

The Biden Administration is continuing to build out its still-nascent Office of the National Cyber Director (ONCD) with three new senior additions to the team including a prominent executive from Microsoft and a former official from the Central Intelligence Agency (CIA). […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory on May 11 – along with Federal law enforcement partners and international allies – that warns of an increase in malicious cyber activity targeting managed service providers (MSPs). […]

Cybersecurity services provider CrowdStrike said today it has identified a sophisticated post-exploitation framework that was first detected in 2021 and that has been observed in multiple victim environments in geographically distinct locations – with intrusions spanning technology, academic, and government sectors. […]

The Department of Transportation’s (DoT) Pipeline and Hazardous Materials Safety Administration (PHMSA) has proposed nearly $1 million in fines against Colonial Pipeline Company for multiple alleged “probable violations” of Federal pipeline safety regulations, PHMSA announced May 5. […]