The Cybersecurity and Infrastructure Security Agency’s (CISA) fiscal year (FY) 2023 budget request came in at $2.5 billion – 18 percent more than requested in FY2022 – but CISA Director Jen Easterly told members of Congress that the agency’s funding needs will continue to increase if CISA hopes to meet the goal of being the nation’s cyber defense agency. […]
Reps. Tom Malinowski, D-N.J., and Andrew Garbarino, R-N.Y., on April 28 introduced companion legislation to a Senate bill offered earlier this year that would task Federal agencies with helping the commercial satellite sector improve the security of their networks. […]
The Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to six Russian hackers responsible for the 2017 NotPetya malware infection. […]
The Defense Information Systems Agency (DISA) Lt. Gen. Robert Skinner pointed private sector IT firms to numerous areas on his technology wish list during his opening keynote address on April 26 at AFCEA International’s TechNet Cyber event in Baltimore and asked the industry to help DISA work through those problems. […]
The Cybersecurity and Infrastructure Security Agency (CISA), along with Federal and international partners, released a list of frequently exploited common vulnerabilities and exposures (CVEs), including the top 15 most exploited CVEs of 2021. […]
The Department of Homeland Security’s (DHS) “Hack DHS” program has successfully completed its first bug bounty program and identified 122 vulnerabilities at the agency. […]
After a lengthy internal review process, the Department of Defense (DoD) released its Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements in November and is now in the early stages of a rulemaking process to implement the revised program. […]
As the one-year anniversary of the Biden administration’s cybersecurity executive order (EO) nears, join Federal government and industry experts on May 19 for MeriTalk’s in-person Cyber Central conference to explore how agencies are building a more resilient government cybersecurity posture. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is bringing on Bob Lord – who has served as the first chief security officer for the Democratic National Committee since 2018 – as a senior technical advisor to the agency, CISA announced April 25. […]
The United States Cyber Command’s (CYBERCOM) Cyber Procurement Office awarded a nearly $60 million contract to Sealing Technologies for the company to continue to produce a successful prototype of a hunt-forward solution for CYBERCOM’s hunt-forward operations, the company announced April 21. […]
New legislation introduced in the House on April 21 aims to increase U.S. expertise in energy infrastructure cybersecurity by authorizing Department of Energy (DoE) grants to expand education and training opportunities that are “the convergence of cybersecurity and energy infrastructure.” […]
National Cyber Director Chris Inglis warned that the U.S. and its allies have to stay on high alert for possible Russian cyberattacks, although no major attacks appear to have been launched thus far since Russia invaded Ukraine in late February. […]
Wider use of software bills of materials (SBOM) requirements represents a key building block in software security and software supply chain risk management that Federal agencies need to increasingly rely on going forward, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said today. […]
The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory April 20, along with Federal law enforcement partners and international allies, that the agency says lays out the “most comprehensive view” of the cyber threat Russia poses to critical infrastructure owners since Russia invaded Ukraine in February. […]
The volume of phishing-based cyberattacks rose by 29 percent in 2021 over prior-year levels and was driven in part by an increase in phishing-as-a-service schemes, according to new research from cloud security services provider Zscaler and its ThreatLabz research operation. […]
The General Services Administration (GSA) is working on a series of playbooks for Federal agencies to use as they proceed with implementing plans to migrate toward zero trust security architectures, and expects to begin releasing those within a couple of months, a senior GSA technology official said today. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is seeking industry feedback on two reference documents, one for Secure Cloud Business Applications (SCuBA) and a framework for organization visibility data, according to an April 19 CISA blog post. […]
The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the U.S. Treasury Department issued a joint cybersecurity advisory (CSA) on April 18 warning of North Korean state-sponsored actors targeting attacks on crypto and blockchain technology providers. […]
The Department of Education was one of three agencies to receive funding from the General Service Administration’s (GSA) Technology Modernization Fund (TMF) for Zero Trust services, and the agency’s chief information officer Steven Hernandez said the agency is prioritizing the control pillar of the zero trust architecture with the funds. […]
The Cybersecurity and Infrastructure Security Agency (CISA) said today it adding to its Joint Cyber Defense Collaborative (JCDC) group several private sector firms with expertise in protecting industrial control systems (ICS) and operational technology (OT). […]
The U.S. Army’s new Risk Management Framework (RMF) 2.0 has proved to be a “big game-changer,” not just in terms of managing risk, but also in building a strong cybersecurity community within the agency, an Army official said today. […]
The modernization of identity, credential, and access management (ICAM) has long been critical to improving Federal agency cybersecurity, and is only becoming more urgent due to President Biden’s cybersecurity executive order (EO) and associated policy directives requiring agencies to move to zero trust security architectures, government officials said on April 19 at a virtual event organized by FedInsider. […]
Reps. Nancy Mace, R-S.C., Ro Khanna, D-Calif., and Gerry Connolly, D-Va., introduced legislation to get ahead of the quantum computing curve protecting Federal agencies from the hacking risks connected to the emerging tech. […]
The National Institute of Standards and Technology (NIST) is working to apply its Cybersecurity Framework to the ground-based segments of space operations, an April 18 NIST report says. […]
As the Russian invasion of Ukraine continues through its second month with no let-up in sight, Federal cybersecurity and law enforcement officials are warning that they still see indications of potential Russian cyberattacks on United States critical infrastructure, and are reiterating their “Shields Up” warning to meet those potential threats. […]
With state and local governments (SLGs) becoming more tempting targets for cyberattacks every day, Federal and SLG experts are increasingly urging the importance of communication between the public and private sector in order to achieve a unified and stronger American cybersecurity posture. […]
Longtime Navy veteran Tracy L. Hines was promoted from captain to Rear Adm. (lower half) and assigned to be the Navy Cyber Security Division Director in Navy’s Washington, D.C., Office of Naval Operations, DoD announced April 6. […]
When implementing zero trust security architectures, an official from the Department of Health and Human Services (HHS) said today that the real change is not a technology change, but instead a “cultural change” within the organization. […]
The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Energy (DoE), and National Security Agency (NSA), is warning that advanced persistent threat (APT) actors are seeking to gain full access to industrial control systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems, CISA warned in a cybersecurity advisory April 13. […]
The long road to implementing zero trust security architectures may be driven by top-down policy directives and prioritizing technology pillars, but the art and science of communication and collaboration are showing up as vital inputs into organizing Federal agency technologists and network users to move toward the government’s zero trust goals. […]