As the National Institute of Standards and Technology (NIST) is in the process of updating its Cybersecurity Framework (CSF), it plans to hold a series of workshops and release at least one more draft for public comment before releasing CSF 2.0, according to a NIST blog. […]
Sens. Jacky Rosen, D-N.V., and Todd Young, R-Ind., have introduced legislation aimed at strengthening the cybersecurity of medical devices, and requiring the U.S. Food and Drug Administration (FDA) to review and update its medical device cybersecurity guidelines. […]
As Federal agencies are working to make progress on President Biden’s cybersecurity executive order (EO) and implement zero trust security architectures, agencies and their leaders must have a tight handle on their zero trust implementation plans, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said this week. […]
The Department of Health and Human Services (HHS) still needs to address a pair of open cybersecurity priority recommendations related to cybersecurity coordination and implementation of a cybersecurity framework, according to a new report by the Government Accountability Organization (GAO). […]
Ransomware attacks have increased by 80 percent year-over-year, with a “nearly 120 percent” increase in double-extortion ransomware attacks this year, according to a new report put out by Zscaler entitled ThreatLabz 2022 Ransomware Report. […]
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on June 1 warning about the Karakurt Data Extortion Group which has been conducting online financial extortion exploits via cyber attacks. […]
Smaller state and local governments (SLGs) often do not have the resources to build a robust IT department, and IT experts say cybercriminals often target these smaller agencies because of that reason. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has notified election officials of software vulnerabilities found in Dominion Voting Systems equipment deployed in several states, but also that the agency has found no evidence that those vulnerabilities have ever been exploited. […]
The enduring shift toward at least partial work-from-home arrangements for government employees is creating new workforce possibilities for many agencies, but also new challenges on the technology security front for both Federal and state and local governments, experts said this week. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is looking to set an “aggressive” pace to conduct the rulemaking proceeding necessary to implement recently approved cyber incident reporting legislation, but also indicated today that completion of a rulemaking could be a couple of years away. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is holding a series of public listening sessions aimed at using a community-based effort to advance the conversation around the technologies, policies, and processes required to implement Software Bills of Materials (SBOM), according to a Federal register post published today. […]
The Space Development Agency at the Department of Defense (DoD) on May 26 announced the award of a $324.5 million contract to General Dynamics Mission Systems to “establish the ground Operations and Integration segment for Tranche 1 of the National Defense Space Architecture (NDSA)” that eventually will feature a constellation of 166 satellites. […]
The Government Accountability Office (GAO) said in a new report this week that the United States Coast Guard needs to get a better handle on risk evaluations for some of its smaller IT acquisition projects. […]
The Commerce Department’s Bureau of Industry and Security (BIS) has published a final rule in the Federal Register that restricts cybersecurity export controls in an effort to prevent foreign adversaries from accessing hacking tools. […]
The Cybersecurity and Infrastructure Security Agency (CISA) – along with the Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s Office of the Under Secretary of Defense for Research and Engineering – has released a proposed five-step 5G Security Evaluation Process today for Federal agencies to receive authorization to operate (ATO). […]
While many cybersecurity officials strive to achieve “no risk” when it comes to cyber risk management, officials from NASA this week explained that’s just not possible and suggested that agencies instead focus on managing risks that are important to the mission. […]
State government IT officials said this week they are working to deploy their share of $1 billion of Federal cybersecurity grant funding approved last November by Congress as part of the $1.2 trillion bipartisan infrastructure bill. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is taking a multi-faceted approach to supply chain security, and chief among them is putting in place strong public-private partnerships to maintain supply chain resilience and maintaining high awareness about the sources of supply chain threats. […]
The Cybersecurity and Infrastructure Security Agency (CISA) said today it is “encouraged” by quick Federal agency responses to its May 18 emergency directive to patch or unplug several vulnerable VMware products from agency networks, but did not provide any hard figures on whether agencies met CISA’s May 24 deadline to take action. […]
Can technology innovation – coupled with the boldest kind of leadership – work together to start fixing the most intractable problems facing America? On July 21 – we’re going to find out. The countdown to MerITocracy 2022: American Innovation Forum is on. […]
As both Federal chief information security officer and the deputy National Cyber Director, Chris DeRusha has a lot of visibility into Federal efforts to boost cybersecurity. At the AWS Summit in Washington, D.C., today, DeRusha expressed both pride in the Office of Management and Budget’s (OMB) Zero Trust strategy, while also acknowledging that the policy represents only the beginning of zero trust implementation across Federal civilian agencies. […]
Senate Homeland Security and Governmental Affairs Committee Chairman Gary Peters, D-Mich., along with the committee’s Democratic staffers, released a report today taking the Federal government to task for gathering insufficient data on ransomware attacks, and the use of cryptocurrencies as payments in those attacks where a ransom has been paid. […]
Join MeriTalk and Merlin Cyber on June 1 at 10 a.m. for our complimentary Zeroing in on Application and Data webinar, where government and industry IT experts will put the spotlight on the data and application pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model. […]
The Department of Defense (DoD) has taken steps to fully implement cybersecurity requirements for controlled unclassified information (CUI), however, none of the DoD components were fully compliant on that front as of January 2022, according to a recent Government Accountability Office (GAO) report. […]
National Cyber Director Chris Inglis said he views the current cybersecurity threat landscape as an evolution that is increasingly impacting confidence in systems, rather than just focusing on critical functions or data. […]
The in-person forum – at the Marriott Marquis in Washington, D.C., from 8:00 a.m. to 6:00 p.m. – will host bipartisan leaders from Congress, the Biden administration, and America’s tech industry to examine the most pressing problems facing citizens in our democracy, and map out creative solutions from the nexus of policy and technology. Request your invitation today by emailing meritocracy@meritalk.com. […]
MeriTalk research – executed in partnership with RSA Conference, underwritten by Cofense, Keeper Security, Recorded Future, Secureworks, and SentinelOne, and capturing the viewpoints of 100 Federal and 100 private-sector security experts – shows that a whopping 93 percent of respondents believe that public-private partnerships are “vital” to national cyber defense. […]
Federal agencies are balancing evolving security requirements while defending against persistent threats, and the increased use of cyber threat intelligence and information sharing is helping government organizations make faster, more informed decisions to combat malicious activity, according to a National Science Foundation (NSF) technology official. […]
Security information sharing between the Federal government and private sector has been on the rise recently – whether it’s through the Joint Cyber Defense Collaborative, or various Information Sharing and Analysis Centers across the government, to name just a few – and a National Security Agency (NSA) official said this week that increased collaboration is being driven by mission demand and a higher degree of trust between organizations. […]
The Government Accountability Office (GAO) flagged 13 open recommendations for improvement for the State Department as of May 2022 in an annual report on the agency, including recommendations for improving data quality and cybersecurity. […]