As we approach the home stretch for the two trillion-dollar-plus infrastructure bills that have consumed an extraordinary amount of legislative energy over the past few months, it’s easy to become confused. […]
With attacks on critical infrastructure increasing, Rep. Jim Langevin, D-R.I., chairman of the House Armed Services Subcommittee on Cyber, Innovative Technologies, and Information Systems, is calling for improved security of critical systems and increased cybersecurity collaboration among the private and public sector. […]
With fiscal year (FY) 2021 ending September 30, the House Rules Committee will be meeting on September 20 to decide which of the over 800 amendments filed for the FY2022 National Defense Authorization Act (NDAA) will get a floor vote. […]
Richard Bird is an Army veteran and an internationally recognized identity-centric security expert who has been a CIO and CISO and the global head of identity for JP Morgan Chase. Now, he is chief customer information officer for Ping Identity. […]
Proposed funding for a host of new tech-related spending projects are springing forth from new House committee legislative prints contributing to the $3.5 trillion reconciliation bill, and now it’s wait-and-see on which – if any – of them survive what is likely to be a free-wheeling House-Senate negotiation on the giant spending bill. […]
StateRAMP, the nonprofit formed earlier this year by leaders from state and local governments and the private sector to help state and local governments manage their third party supplier cybersecurity risks, has released the initial roster of its Authorized Vendor List (AVL). […]
Closer working partnerships between Federal cybersecurity authorities and the private sector hold the key to improving the U.S.’s ability to fend off and recover from the increasing wave of cyberattacks against U.S. targets including those from nation-states like Russia and China. […]
The Federal Communications Commission (FCC) announced today the 50 members of the reestablished Communications Security, Reliability, and Interoperability Council (CSRIC), which will be co-chaired by the Cybersecurity and Infrastructure Security Agency (CISA). […]
A recent report by the Aspen Institute found that despite existing efforts to improve diversity, equity, and inclusion (DEI), the cybersecurity field remains mostly homogenous among technical practitioners and policy thinkers. […]
The House Homeland Security Committee will mark up its portion of the legislative language for the $3.5 trillion reconciliation bill tomorrow, but the released text of the chairman’s amendment to the bill shows that Rep. Bennie Thompson, D-Miss., proposes to give the Cybersecurity and Infrastructure Security Agency (CISA) $856 million to fund various programs and operations expenses. […]
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) announced today that cybersecurity veteran Kiersten Todt will be the agency’s next chief of staff. […]
The House Committee on Science, Space, and Technology completed the markup of its legislative language for the $3.5 trillion reconciliation package Sept. 9 and included in that measure nearly $1.2 billion of funding to the National Institute of Standards and Technology (NIST) for cybersecurity and other emerging tech research. […]
Industry groups are pressing Deputy Secretary of Defense Kathleen Hicks and the Department of Defense (DoD) to publicly reaffirm the Pentagon’s commitment to is Cybersecurity Maturity Model Certification (CMMC) program. […]
Adversaries have moved beyond malware to conduct more sophisticated cyberattacks, according to CrowdStrike’s 2021 Threat Hunting Report released this week. […]
As the military moves towards utilizing a Joint All Domain Command and Control (JADC2) data fabric across operations, the Army and other military departments are increasingly engaging in operations across multiple domains. In order to maintain staunch cybersecurity practices in these environments, the military must move to zero trust, Army CIO Raj Iyer said Sept. 8. […]
Now that the Office and Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) have released their new directives for Federal civilian agencies to move to zero trust security principles and expanded cloud adoption, what are some near-term steps that Federal IT and cybersecurity officials should think about as they get ready to put those directives into action? […]
The hybrid work environment has created a previously unheard-of number of new endpoints that agencies need to protect. Federal officials examined the unique challenges that now exist as everything from computers to printers, mobile devices, and even sensors reside in and outside an agency’s walls during a September 1 GovLoop webinar. […]
The Office of Inspector General (OIG) at the Department of Homeland Security (DHS) determined that DHS achieved three out of five cybersecurity functions in the Top Secret/Sensitive Compartmented Information intelligence systems for DHS. But the evaluation found deficiencies in the programs protect and recover operations. Due to the Top Secret nature of the intelligence systems, the OIG only released a brief unclassified summary of its report. […]
The House Armed Services Committee passed the fiscal year 2022 (FY2022) National Defense Authorization Act (NDAA) on Sept. 1 by a bipartisan vote of 57-2. The bill will now move to the full chamber for consideration. […]
A draft bill that would establish a mandatory cyber incident reporting framework at the Cybersecurity and Infrastructure Security Agency (CISA) received praise from stakeholders and industry leaders during a hearing on Sept. 1 from the House Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation. […]
In order to launch a robust DevSecOps (Development, Security, and Operations) effort, Department of Defense (DoD) leaders agree that organizations need to undergo a culture shift and learn to be comfortable with the uncomfortable to achieve the best results. […]
Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a cybersecurity advisory, warning public and private sector organizations to stay vigilant for ransomware attacks ahead of the Labor Day holiday weekend. […]
The only way to successfully build software now and in the future at scale while moving at a pace of relevance is with development, security, and operations (DevSecOps), the chief software officer (CSO) at the U.S. Air Force (USAF) said during a virtual summit held by ATARC on August 31. […]
Deputy Attorney General Lisa Monaco announced the creation of the Department of Justice’s (DoJ) new Cyber Fellowship program. The fellowship is designed to develop a new generation of prosecutors and attorneys equipped to handle emerging national security threats. […]
Registration for the third annual President’s Cup Cybersecurity Competition opened today, the Cybersecurity and Infrastructure Security Agency (CISA) announced today in a press release. […]
The White House Office of Management and Budget (OMB) issued a memorandum for agencies to improve investigative and remediation capabilities related to cybersecurity incidents, as directed by Executive Order (EO) 14028, Improving the Nation’s Cybersecurity. […]
The United States Air Force (USAF) announced that Mansfield-Lahm Air National Guard Base in Ohio is its preferred location for a new cyber warfare wing at the department. […]
A group of 17 tech-sector and other trade groups urged House and Senate leaders in an August 27 letter to consider a 72-hour reporting requirement for cyber incident breach reporting in any legislation that they may consider on the issue. […]
The Federal Acquisition Security Council (FASC) published a final rule in the Federal Register this week to assess Federal government supply chain risk information, as well as remove and exclude IT products, systems, or services that pose a national security risk. […]
The Federal Bureau of Investigation (FBI) has identified a cyber-criminal group that calls itself the “OnePercent Group,” and has carried out ransomware attacks against U.S. companies since November 2020 utilizing double-extortion tactics, according to an FBI flash report released on August 23. […]