The Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning United States-based organizations of two destructive malware programs used by Russia against Ukrainian organizations in the leadup to Russia’s invasion of Ukraine, and the threat vectors seen in those attacks. […]
A group of nonprofits focusing on cybersecurity and implementation have formed a coalition to develop, share, deploy, and increase awareness of best cybersecurity practices, tools, standards, and services across the public and private sectors. […]
The National Security Telecommunications Advisory Committee (NSTAC) – a group of private sector experts that advises the White House on telecommunications issues that affect national security and emergency preparedness – is advising the Cybersecurity and Infrastructure Security Agency (CISA) to establish a dedicated Zero Trust Program Office. […]
A new Defense Department (DoD) Office of Inspector General (OIG) audit finds that some of the Pentagon’s academic and research partners have not consistently implement cybersecurity controls to protect controlled unclassified information (CUI) stored on their networks from insider and external threats. […]
Iranian government-sponsored hackers are conducting active cyber operations against global commercial and government networks, according to a warning issued earlier this week by United States and United Kingdom intelligence agencies. […]
In response to President Biden’s Executive Order 14017, America’s Supply Chains, the Department of Energy (DOE) today released a comprehensive plan to ensure security and increase energy independence in the United States. […]
New guidance from the Federal CIO Council’s Federal Mobility Group provides best practices for mobile phone security for Federal employees when they travel outside of the continental United States and its territories. […]
The CIO Council is currently leading an effort, along with a multi-agency working group, to develop a new Zero Trust Playbook for agencies, according to Thomas Santucci, the director of the General Services Administration Data Center and Cloud Optimization Initiative Program Management Office (DCCOI PMO). […]
The National Institute of Standards and Technology (NIST) is seeking information on evaluating and improving its cybersecurity resources, including a possible update to its Cybersecurity Framework first issued in 2014 and later updated in 2018. […]
Former White House Director for Cybersecurity Robert Knake is joining the Office of National Cyber Director (ONCD) as deputy national cyber director for strategy and budget, an ONCD spokesperson confirmed to MeriTalk today. […]
With tensions mounting between Russia and Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) is warning critical infrastructure (CI) owners and operators – as well as any other United States-based organizations – to keep their guard up. To help organizations do that, the cybersecurity agency released insights for the CI sector, as well as a new webpage Feb. 18 to help organizations better steel themselves against a potential Russian cyber threat. […]
The U.S. Space Force’s Space Systems Command, along with the U.S. Air Force, is looking for feedback on its plans to conduct live, virtual, and on-orbit space cyber test and training events to boost training efforts for cyber professionals. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new webpage featuring a catalog of free cybersecurity tools and resources that the agency hopes will serve as a “one-stop resource where organizations of all sizes can find free public and private sector resources to reduce their cybersecurity risk.” […]
The White House’s top cybersecurity advisor today blamed Russia for cyberattacks earlier this week against the Ukrainian government and banking sectors and said that the U.S. is actively helping Ukraine to fend off cyber assaults in the run-up to a possible Russian military invasion of that country. […]
Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly made a strong pitch on Feb. 17 for the agency’s push to create an underlying culture of organizational success that she said is critical to creating optimal performance at the nation’s cyber defense agency. […]
Just over a week after announcing the agency’s largest-ever financial seizure – $3.6 billion in Bitcoin – Deputy Attorney General Lisa Monaco said today that Eun Young Choi will serve as the first director of the Department of Justice’s National Cryptocurrency Enforcement Team (NCET). […]
A new cybersecurity advisory from the Federal government’s top cybersecurity watchdogs says that Russian state-sponsored hackers have compromised numerous defense industrial base (DIB) contractors both large and small over the past two years, and warns about the extensive bag of tricks that those hackers use when they target defense contractors. […]
The Senate Small Business and Entrepreneurship Committee on Feb. 15 voted to approve the Small Business Administration (SBA) Cyber Awareness Act (H.R. 3462), which requires SBA to issue an annual report on its cybersecurity capabilities, and notify Congress in the event of a cybersecurity breach potentially compromising sensitive information. […]
The Department of Defense (DoD) expects around 80,000 Defense Industrial Base (DIB) contractors will need a third-party assessment to reach Level 2 compliance for the Cybersecurity Maturity Model Certificate (CMMC) 2.0 program – double the previously estimated number of companies. […]
Efforts by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) to invest in real-time information sharing capabilities are keying the Biden administration’s campaign to improve industrial control systems (ICS) cybersecurity, CISA and NSA officials said this week. […]
A new memo from the Department of Defense (DoD) is encouraging the use of a continuous Authorization To Operate (cATO) under the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) – instead of a point-in-time ATO – to serve as the “gold standard” for systems’ cybersecurity risk management. […]
A bipartisan group of senators is urging the Securities and Exchange Commission (SEC) to increase transparency in cybersecurity incident reporting requirements for public companies overseen by the SEC. […]
The General Services Administration is going on the hunt for a permanent director to lead its Login.gov effort and oversee deployment of the $187 million Technology Modernization Fund (TMF) award GSA got for the project last year. […]
The Department of Defense’s (DoD) F-35 Lightning II Joint Program Office (JPO) Cyber Team seeks to advance its cyber capabilities to better protect against cyber threats and increase mission assurance. […]
While the Office of the National Cyber Director (ONCD) is still the new kid on the block in Federal cybersecurity policy circles, National Cyber Director Chris Inglis said this week that his office’s success ultimately will hinge on whether it can unite policy, people, and doctrine to act as a viable collaborator with the Federal government and private industry. […]
After reviewing the cyberattack trends from 2021, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory with the FBI and other international security partners warning of the rising global threat of ransomware and gave mitigation and remediation advice. […]
Internal Revenue Service (IRS) Commissioner Charles Rettig told Sen. Maggie Hassan, D-N.H., in late December that the IRS needs more money and changes to the tax code to better prevent and prosecute criminal uses of cryptocurrency, which has emerged in recent years as a favored medium of exchange involving ransomware and other cyber attacks. […]
Federal law enforcement seized more than $3.6 billion in stolen cryptocurrency directly linked to the 2016 hack of virtual currency exchange Bitfinex, and have arrested a husband and wife from New York allegedly connected to the stolen bitcoins. […]
In the wake of the discovery and remediation efforts surrounding the Log4shell vulnerability in the Apache library that contains Log4j, the Cybersecurity and Infrastructure Security Agency (CISA) called for efforts to push forward a software bill of materials (SBOM). Those calls were reiterated today at a Senate hearing on the vulnerability by industry witnesses involved in remediation efforts. […]
The National Oceanic and Atmospheric Administration (NOAA) inadequately managed three active directories, increasing the risk of cyberattacks and jeopardizing NOAA’s ability to accomplish its mission. […]