In a recent letter to the Department of Justice (DoJ), the Department of the Treasury (Treasury), the Department of State (State Department), and the Department of Homeland Security (DHS) lawmakers urge the agencies to pursue all options available to protect American communities and infrastructure from the growing threat of ransomware. They emphasized the need for stronger coordination between departments, primarily to address the role of cryptocurrency in ransomware attacks. […]

Sens. Shelley Moore Capito, R-W.Va., and John Hickenlooper, D-Colo., introduced legislation that would revamp the National Telecommunications and Information Administration’s (NTIA) Office for Policy Analysis and Development to have a stronger focus on cybersecurity efforts. […]

The Office of Management and Budget (OMB) is giving Federal agencies a three-month deadline to make initial strides at identifying the current state of endpoint detection and response (EDR) capabilities on their networks and to start undertaking additional work with the Cybersecurity and Infrastructure Security Agency (CISA) to quicken the pace of deploying those capabilities. […]

Microsoft’s new Digital Defense Report finds that Federal agencies and organizations have been the most targeted sector by cyber threat actors since the middle of last year, and that attacks emanating from Russia have been the most frequent. […]

With Federal agencies needing to move the bulk of their workforce to remote or hybrid environments since the start of the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program has worked with agencies to account for the increase in attack vectors and take a more proactive risk management stance, CDM Program Lead Richard Grabowski said. […]

Sen. Elizabeth Warren, D-Mass., and Rep. Deborah Ross, D-N.C., introduced a bicameral bill this week that would require ransomware victims to report to the government when they have paid a ransom, with an aim of bolstering the flow of critical cybersecurity data. […]

The White House will host an international ransomware gathering next week aimed at improving international cooperation among governments in the fight against ransomware-driven cyberattacks, said Jeff Greene, chief of cyber response and policy for the White House’s National Security Council. […]

Paul Cunningham, chief information security officer (CISO) at the Department of Veterans (VA), explained this week how the agency is addressing cybersecurity vulnerabilities to protect its users and their health care and financial data as the agency has turned increasingly to providing telehealth services for veterans. […]

In light of this year’s cyberattack on Colonial Pipeline and other critical infrastructure targets in the United States, the Department of Homeland Security’s Transportation Security Administration (TSA) component is prepping a new cybersecurity directive covering “high-risk” railroad operations, according to DHS Secretary Alejandro Mayorkas.  […]

With an increased focus on cybersecurity after a spate of high-profile cyberattacks on U.S. government and business organizations since late last year, members of Congress are continuing to call for a clearly defined national cyber deterrent policy. Three prime movers on cybersecurity legislation Congress – Sen. Angus King, I-Maine, and Reps. John Katko, R-N.Y., and Yvette Clarke, D-N.Y. – explained the need to codify a cyber deterrence policy at the Aspen Cyber Summit Oct. 6. […]

Reps. John Katko, R-N.Y., and Abigail Spanberger, D-Va., introduced a bipartisan bill in the House this week that aims to protect systemically important critical infrastructure (SICI) from cyberattacks. […]

The Senate Homeland Security and Government Affairs Committee voted today to approve the Cyber Incident Reporting Act, which would require critical infrastructure operators to report cyberattacks to the Federal government, and require most government and business entities to report to the government if they make a ransomware payment. […]

The Senate Homeland Security and Governmental Affairs Committee voted unanimously today to advance for full Senate consideration of a bill that would extensively overhaul the 2014 version of the Federal Information Security Management Act (FISMA) that sets cybersecurity requirements for Federal civilian agencies. […]

In September, the Department of the Treasury took a series of actions to combat ransomware, including sanctioning a virtual currency exchange for facilitating financial transactions for ransomware actors. Treasury’s actions follow a Transportation Security Administration (TSA) security directive requiring owners and operators of TSA-designated critical pipelines to protect against ransomware attacks, and discussions between President Biden and Russian President Vladimir Putin about ransomware attacks from Russian soil. […]

Deputy Attorney General Lisa Monaco said today the Department of Justice (DoJ) is launching two new initiatives to combat cyber threats, including the creation of a National Cryptocurrency Enforcement Team, and a civil cyber fraud initiative that will fine Federal contractors who don’t follow required cybersecurity standards. […]

The House on September 29 passed the K-12 Cybersecurity Act – a piece of bipartisan legislation from Sens. Gary Peters, D-Mich., and Rick Scott, R-Fla., with a companion bill in the House led by Rep. Jim Langevin, D-R.I. The bill has already been approved by the Senate, and has been sent to the White House for President Biden’s signature. […]

Federal CIO Clare Martorana emphasized today that the road to Federal agency IT improvements runs not only through agency CIO offices, but also needs to benefit from support from the entire organization’s executive suite.   […]

The Democratic and Republican leaders of the Senate Homeland Security and Governmental Affairs Committee have unveiled their long-awaited legislation to update the 2014 Federal Information Security Modernization Act that provides cybersecurity marching orders to Federal civilian agencies. […]

As the cyber threats we face become more diverse across the nation and globe, security, and IT operations teams must encompass diverse perspectives. For MeriTalking’s first installment of the “Human Side of Cyber” series, MeriTalk’s Nicole Burdette sits down with Teddra Burgess, Senior Vice President, Public Sector at Tanium to dive into the importance of having diverse perspectives and experiences on an organization’s cyber response team. […]

The Democratic leaders of the House and Senate made official over the weekend what had become obvious by late last week: the hoped-for late September votes on two big Federal infrastructure funding bills were sliding into October. […]

A sampling of Federal agencies’ efforts to provide remote access for telework during the COVID-19 pandemic shows that each of the agencies was able to put the right technologies in place to accomplish that goal, but that several had not fully addressed relevant guidance for securing remote access systems, the Government Accountability Office (GAO) found. […]

The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Information Sheet that helps detail factors for choosing a virtual private network (VPN) and secure deployment. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has partnered with Girls Who Code (GWC) to develop pathways for young women to pursue careers in cybersecurity and technology, the agency announced Sept. 30. […]

The Technology Modernization Fund (TMF) Board on September 30 announced seven new awards totaling $311 million to fund Federal agency investments into zero trust networking and digital identity, standardizing secure data and information sharing, and improving interagency collaboration. […]

The House Oversight and Reform Committee is seeking a briefing on how the FBI handled the ransomware attack on Kaseya that affected up to 1,500 businesses worldwide, according to a letter today from the committee leadership to FBI Director Christopher Wray. […]

Sen. Gary Peters, D-Mich., chairman of the Senate Committee on Homeland Security and Governmental Affairs, and Sen. Rob Portman, R-Ohio, the committee’s ranking member, have introduced legislation to require critical infrastructure entities to report cyberattacks to the Federal government, and to require most other entities to report to the government if they make a ransomware payment. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has released a new Insider Risk Mitigation Self-Assessment Tool which the agency says will help public and private sector organizations assess their vulnerability to insider threats.  […]

With President Biden’s legislative agenda currently up in the air, Reps. Doris Matsui, D-Ca., and Jim Langevin, D-R.I., are looking to get $20 million in K-12 cybersecurity funding added into the $3.5 trillion reconciliation bill to help combat the rise of cyberattacks on schools. […]

The American Rescue Plan (ARP), passed in March, included an additional $1 billion for the Technology Modernization Fund (TMF). Last week, Federal Chief Information Security Officer Chris DeRusha said the first round of awards was coming soon. Today, Federal CIO Clare Martorana said the TMF board sent the first seven project awards to Congress for final approval. […]

The National Institute for Standards and Technology (NIST) is in the process of doing research and working on an update to its special publication (SP) 800-82, a guide to Industrial Control Systems (ICS), by early 2022, NIST officials said today. […]