While the Cybersecurity and Infrastructure Security Agency (CISA) is working to make progress on numerous discrete security policy directives and projects that it has been handed in recent years, a top agency official explained today that the higher-level goals uniting most of those tasks boil down to the government and the private sector achieving much greater visibility into cyber threats and how to defend against them, and not leaving organizations to defend against threats on their own. […]

After a releasing an op-ed with Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly last week that called CISA’s “Shields Up” campaign a new baseline for cyber defenses, National Cyber Director Chris Inglis said today that the cost of entry for cyber attackers is still too low to create stout deterrence. […]

The House on June 8 voted to approve a bill that would require the Food and Drug Administration (FDA), among other tasks, to ensure cybersecurity throughout the lifecycle of medical devices and make sure that device makers meet minimum cybersecurity requirements set by the agency. […]

The Department of Energy (DOE) needs to develop a comprehensive approach to electric grid resiliency that coordinates disaster response and grid recovery, as well as utilizes lessons learned from prior natural disasters, according to a June 9 report from the Government Accountability Office (GAO). […]

As the Cybersecurity and Infrastructure Security Agency (CISA) continues to grapple with the early stages of a rulemaking process for recently enacted cyber incident reporting legislation, CISA Director Jen Easterly said it will be crucial to develop trust with the private sector so that the law is seen as “value-added” and not a burden. […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA) and the FBI, this week issued a joint advisory warning telecommunications companies and network service providers of People’s Republic of China (PRC) state-sponsored cyber actors that continue to pose a threat to their networks. […]

The fiscal year (FY) 2023 National Defense Authorization Act (NDAA) continued to take shape today as the House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems voted to approve its markup of language related to cybersecurity and other tech matters that likely will be featured in the NDAA. […]

The National Institutes of Standards and Technology (NIST) has finalized new guidance to provide engineers across government and private enterprises with essential design principles for engineering trustworthy secure systems. […]

The Tennessee Valley Authority (TVA) – a federally-owned electric utility serving seven states with power generated from dams on the Tennessee River – is employing vulnerable versions of operating systems in its non-dam control system, according to an audit from TVA’s Office of Inspector General (OIG) which examines cybersecurity controls that system. […]

As the Federal government works through the rulemaking process for the recently signed Incident Reporting legislation that originated in the Senate Homeland Security and Governmental Affairs Committee, witnesses for that same committee today stressed the need for unity among both reporting avenues and standardization of data to help operationalize the data. […]

The Department of Veterans Affairs (VA) Office of Inspector General (OIG) is calling on the agency to address its slow progress in improving its cybersecurity posture, but the VA said a lack of funding causes the agency to lose high-quality IT personnel. […]

As the National Institute of Standards and Technology (NIST) is in the process of updating its Cybersecurity Framework (CSF), it plans to hold a series of workshops and release at least one more draft for public comment before releasing CSF 2.0, according to a NIST blog. […]

Sens. Jacky Rosen, D-N.V., and Todd Young, R-Ind., have introduced legislation aimed at strengthening the cybersecurity of medical devices, and requiring the U.S. Food and Drug Administration (FDA) to review and update its medical device cybersecurity guidelines. […]

As Federal agencies are working to make progress on President Biden’s cybersecurity executive order (EO) and implement zero trust security architectures, agencies and their leaders must have a tight handle on their zero trust implementation plans, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said this week. […]

The Department of Health and Human Services (HHS) still needs to address a pair of open cybersecurity priority recommendations related to cybersecurity coordination and implementation of a cybersecurity framework, according to a new report by the Government Accountability Organization (GAO). […]

Ransomware attacks have increased by 80 percent year-over-year, with a “nearly 120 percent” increase in double-extortion ransomware attacks this year, according to a new report put out by Zscaler entitled ThreatLabz 2022 Ransomware Report. […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on June 1 warning about the Karakurt Data Extortion Group which has been conducting online financial extortion exploits via cyber attacks. […]

Smaller state and local governments (SLGs) often do not have the resources to build a robust IT department, and IT experts say cybercriminals often target these smaller agencies because of that reason. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has notified election officials of software vulnerabilities found in Dominion Voting Systems equipment deployed in several states, but also that the agency has found no evidence that those vulnerabilities have ever been exploited. […]

The enduring shift toward at least partial work-from-home arrangements for government employees is creating new workforce possibilities for many agencies, but also new challenges on the technology security front for both Federal and state and local governments, experts said this week. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is looking to set an “aggressive” pace to conduct the rulemaking proceeding necessary to implement recently approved cyber incident reporting legislation, but also indicated today that completion of a rulemaking could be a couple of years away. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is holding a series of public listening sessions aimed at using a community-based effort to advance the conversation around the technologies, policies, and processes required to implement Software Bills of Materials (SBOM), according to a Federal register post published today. […]

The Space Development Agency at the Department of Defense (DoD) on May 26 announced the award of a $324.5 million contract to General Dynamics Mission Systems to “establish the ground Operations and Integration segment for Tranche 1 of the National Defense Space Architecture (NDSA)” that eventually will feature a constellation of 166 satellites. […]

The Government Accountability Office (GAO) said in a new report this week that the United States Coast Guard needs to get a better handle on risk evaluations for some of its smaller IT acquisition projects. […]

The Commerce Department’s Bureau of Industry and Security (BIS) has published a final rule in the Federal Register that restricts cybersecurity export controls in an effort to prevent foreign adversaries from accessing hacking tools. […]

The Cybersecurity and Infrastructure Security Agency (CISA) – along with the Department of Homeland Security’s Science and Technology Directorate and the Department of Defense’s Office of the Under Secretary of Defense for Research and Engineering – has released a proposed five-step 5G Security Evaluation Process today for Federal agencies to receive authorization to operate (ATO). […]

While many cybersecurity officials strive to achieve “no risk” when it comes to cyber risk management, officials from NASA this week explained that’s just not possible and suggested that agencies instead focus on managing risks that are important to the mission. […]

State government IT officials said this week they are working to deploy their share of $1 billion of Federal cybersecurity grant funding approved last November by Congress as part of the $1.2 trillion bipartisan infrastructure bill. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is taking a multi-faceted approach to supply chain security, and chief among them is putting in place strong public-private partnerships to maintain supply chain resilience and maintaining high awareness about the sources of supply chain threats. […]

The Cybersecurity and Infrastructure Security Agency (CISA) said today it is “encouraged” by quick Federal agency responses to its May 18 emergency directive to patch or unplug several vulnerable VMware products from agency networks, but did not provide any hard figures on whether agencies met CISA’s May 24 deadline to take action. […]