The 14 percent year-over-year budget increase requested by the Biden administration for the Office of Management and Budget (OMB) for Fiscal Year 2022 would be devoted to hiring new career personnel across the agency, including increasing staffing that is critical for IT and cybersecurity oversight across the government. […]
Jen Easterly, President Biden’s nominee to become the next director of the Cybersecurity and Infrastructure Security Agency (CISA), delivered a sobering assessment of the rising threats faced by Federal and private sectors networks and pledged at her June 10 confirmation hearing to strengthen the agency’s capabilities to defend and secure networks. […]
Ransomware was a main focus of concern during a committee nomination hearing today for Chris Inglis to be the nation’s first-ever national cyber director. Amidst a rising number of recent attacks, Inglis detailed how he would deal with the threat of ransomware while also explaining how he would approach building the nation’s cyber policy and approach collaboration if confirmed. […]
Sen. Mark Warner, D-Va., chairman of the Senate Intelligence Committee, said today he expects legislation will be soon filed in Congress to mandate cyber incident reporting to Federal authorities. […]
After a Senate committee hearing yesterday, Colonial Pipeline’s president and CEO was back in front of Congress today, appearing before the House Committee on Homeland Security for a hearing about last month’s ransomware attack. There he expressed a need from private industry for the Federal government to pressure the hosts of these ransomware actors. […]
The Senate voted late on June 8 to approve the much-amended U.S. Innovation and Competition Act of 2021, by a margin of 68-32. […]
The Accreditation Board (CMMC-AB) for the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) has approved the first Certified Third-Party Assessment Organization (C3PAO) in the Defense Industrial Base (DIB), the CMMC-AB announced today. […]
The White House today released the first fruits of a February executive order that has Federal agencies looking at ways to improve supply chain security in several key critical infrastructure areas. […]
Colonial Pipeline Company’s president and CEO announced the company is in the midst of an ongoing review of last month’s ransomware attack and relayed the timeline of events that led to the company paying a ransom and its communication with law enforcement in a Congressional hearing today. […]
Last fall, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced a binding operational directive (BOD) requiring the Federal government to develop and publish vulnerability disclosure policies (VDP). CISA announced today it has chosen vendors for its VDP platform. […]
Nothing looms larger in the policy gunsights of the Biden administration than cybersecurity – both in the Federal and private sectors – and how to improve it. […]
The Biden administration is pushing hard to help fight the rise of ransomware attacks on private industry, and the White House is taking steps on multiple fronts to work with the private sector to combat the issue. […]
A newly issued Office of Inspector General (OIG) report shows that the Department of Homeland Security (DHS) was making only limited progress in implementing the Continuous Diagnostics and Mitigation (CDM) program in several years leading up to an audit completed in 2020, but has since taken action on several recommendations from the OIG that puts the agency in better position to benefit from CDM. […]
Rep. Carolyn Maloney, D-N.Y., chairwoman of the House Committee on Oversight and Reform, sent letters to ransomware victims Colonial Pipeline Company and CNA Financial Corporation to get more information on their respective decisions to pay ransoms, the committee announced today. […]
The Department of Treasury’s Internal Revenue Service (IRS) issued a request for information (RFI) seeking software cybersecurity tools that can work with an older version of programming language the agency uses, known as common business-oriented language, or COBOL. […]
The continued flurry of high-profile ransomware attacks on critical infrastructure targets in the United States is climbing the ladder of presidential priorities – with President Biden saying it’s on the agenda for his summit with Russian President Vladimir Putin later this month, and White House officials confirming that cryptocurrency will be part of a new examination of global corruption. […]
House Oversight and Reform Committee Chairwoman Carolyn Maloney, D-N.Y., and several chairs of the panel’s key subcommittees today asked inspectors general (IGs) from ten Federal agencies for assessments of any cybersecurity vulnerabilities that were created or worsened by the use of telework systems during the coronavirus pandemic, and whether any such vulnerabilities have been mitigated. […]
A senior official with the Cybersecurity and Infrastructure Security Agency (CISA) said today the Federal government’s process of modernizing its IT systems to achieve better cybersecurity may be a decades-long process. […]
The National Telecommunications and Information Administration (NTIA) is seeking feedback on what to include in its Software Bill of Materials (SBOM), as directed by President Biden’s cybersecurity executive order. […]
Rep. Ted Lieu, D-Ca., introduced a bill on June 1 that looks to improve the cybersecurity infrastructure of government contractors, his office announced. The Improving Contractor Cybersecurity Act would require any vendor looking to do business with the Federal government to have vulnerability disclosure policies (VDP) in place. […]
The Biden administration is publicly demonstrating its willingness to lend Federal help to respond to a variety of ransomware assaults against critical infrastructure sectors – the latest involving a cyberattack against JBS USA, the world’s largest meatpacker, that forced the company reportedly to shut down nine of its plants. […]
Reps. Ro Khanna, D-Calif., and Nancy Mace, R-S.C., introduced legislation on May 28 that would create a cybersecurity personnel rotation program in an effort to strengthen the United States’ Federal cyber workforce and infrastructure. […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are looking into last week’s spear-phishing campaign targeting the United States Agency for International Development (USAID), and have not found any “significant impact” to Federal agencies, according to a May 28 joint statement. […]
Sens. Gary Peters, D-Mich., and Rick Scott, R-Fla., reintroduced the K-12 Cybersecurity Act May 27 in an effort to strengthen the cybersecurity of school systems. This is the second time the two introduced the Act, having previously introduced similar legislation in 2019 in the last Congress. […]
President Biden’s FY2022 budget document released today proposes a 14 percent increase from the estimated cybersecurity funding level for last year, to a total of $9.8 billion in Federal civilian cybersecurity funding. […]
The United States Agency for International Development (USAID) was the victim of a May 25 spear-phishing campaign that carried all the hallmarks of a state-sponsored attack, Microsoft said yesterday. […]
President Biden’s Department of Homeland Security (DHS) nominees pledged their commitment to elevate the United States’ cybersecurity posture, in order to prevent future cyberattacks, during a May 27 Senate Committee on Homeland Security & Governmental Affairs hearing. […]
Anne Neuberger, the White House deputy national security advisor for cyber and emerging technologies who is a driving force behind the Biden administration’s cybersecurity executive order issued earlier this month, today noted an initial “disappointment” with Federal network hygiene in a follow-up discussion about the broader aims of the order. […]
The recent Colonial Pipeline hack has made more people aware of the threats that lurk in cyberspace, and Sen. Angus King, I-Maine, says it’s time for the government to develop a new relationship with the private sector on cybersecurity and take an all-of-society approach to protecting critical infrastructure. “The private sector has been very reluctant […]
In light of the recent Colonial Pipeline ransomware attack, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) released a new directive requiring all critical pipeline owners and operators to report cyberattacks, DHS announced today. […]