The Department of State is eyeing its Enterprise Vulnerability Scanning Solution (EVSS) for a “technical refresh” to ensure cybersecurity officials at the agency can keep pace with vulnerabilities on State Department networks. […]
Ransomware is being prioritized as the first of six “sprints” planned by the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on a range of cyber threats due to the gravity of the problem, and because ransomware represents today’s threat, not tomorrow’s. […]
Deterrence of nation-state cyber adversaries comes in many flavors, but the operating model suggested this week by a House Armed Services Committee member lacks neither impact nor directness. […]
The Department of Defense (DoD) announced it is expanding its “Hack the Pentagon” program to include all publicly accessible DoD information systems. […]
Protecting the supply chain from hacks has been top of mind due to recent high-profile attacks, but members of the National Cyberspace Solarium say an area of critical infrastructure they are most concerned about is water security going forward. […]
Reps. Bob Latta, R-Ohio, and Jerry McNerney, D-Calif., reintroduced legislation this week to improve the United States’ electric grid security. The Cyber Sense Act and the Enhancing Grid Security through Public-Private Partnerships Act both direct the Department of Energy (DoE) to work with electric utilities toward the goal of improving security. […]
A bipartisan group of senators reintroduced the Protecting Resources On The Electric grid with Cybersecurity Technology (PROTECT) Act. The legislation would enhance electric grid security by incentivizing electric utilities to make cybersecurity investments, as well as establishing a Department of Energy (DoE) grant and technical assistance program to deploy advanced cybersecurity technology for utilities that are not regulated by the Federal Energy Regulatory Commission (FERC). […]
The Department of Justice (DoJ) is launching a four-month effort to reevaluate its strategies to combat cybersecurity threats in light of increases in ransomware and supply-chain attacks and the tendency of attackers to use U.S.-based infrastructure to launch their exploits, said the United States Deputy Attorney General Lisa Monaco on April 30 at a security conference in Germany. […]
The National Security Agency (NSA) is recommending that National Security System (NSS), Defense Department (DoD), and Defense Industrial Base (DIB) network owners perform a detailed risk analysis before creating cross-domain connections and currently connected operational technologies (OT). […]
The Nuclear Regulatory Commission (NRC) is reporting progress in addressing at least one of several cybersecurity-related issues reported to it by the Government Accountability Office (GAO) last year. […]
The Cybersecurity and Infrastructure Security Agency (CISA) released a new graphic novel on National Superhero Day, but its superhero might not possess your typical superpowers. The fictional story Bug Bytes intends to educate the public on the dangers of dis- and misinformation campaigns, with cybersecurity and journalism skills saving the day. […]
Numerous tech-related issues were front and center in President Biden’s address to a joint session of Congress on Wednesday night, as he delivered pitches backing up his infrastructure-themed American Jobs Plan issued in late March, the American Families Plan unveiled this week, and a preliminary Fiscal Year 2022 budget wish-list made public on April 9. […]
The Cybersecurity and Infrastructure Security Agency (CISA) announced that .gov top-level domains will be available at no cost for qualifying organizations beginning immediately – a move that should help on the cybersecurity front especially for smaller governmental entities. […]
In light of recent supply chain intrusions, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA) and National Institute for Standards and Technology (NIST) have released new guidance on defending supply chain software, using the NIST framework to identify and mitigate risks. […]
Sens. Maggie Hassan, D-N.H., and Ben Sasse, R-Neb., have introduced the National Risk Management Act, which would ensure that the Department of Homeland Security (DHS) is properly identifying and addressing risks to the nation’s critical infrastructure (CI). […]
Sens. Rob Portman, R-Ohio, and Gary Peters, D-Mich., introduced the Cyber Response and Recovery Act, which would authorize $20 million of spending to support Federal and non-Federal entities impacted by major cyber events, according to an April 23 press release. […]
President Biden appointed Amit Mital, a cybersecurity industry veteran, to the National Security Council (NSC) as the senior director for cybersecurity strategy and policy, Mital’s LinkedIn confirms. Mital will also serve in the White House as a special assistant to the president. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) has been busy assessing and identifying security risks for 5G wireless services, which present newfound risks unique to the technology, an NRMC official said April 22. […]
The combined response of the Federal government and the private sector to the Russia-based cyberattack of government and business networks via SolarWinds Orion software is making for a promising use case for addressing major incidents in the future, said Federal Chief Information Security Officer (CISO) Chris DeRusha on April 22. […]
Reps. Anna G. Eshoo, D-Calif., and Adam Kinzinger, R-Ill., reintroduced the Understanding Cybersecurity of Mobile Networks Act in the House on Tuesday in an effort to ensure the security of existing wireless networks. […]
As government agencies have increased their digital presence through social media, websites, or other online channels, they also have put themselves in position to be attacked outside of their traditional digital perimeters. These outside attacks can include social media impersonations, account takeovers, false or misleading information, or the disclosure of confidential agency information. […]
The Department of Energy (DoE) – with help from industry and the Cybersecurity and Infrastructure Security Agency (CISA – is kicking off a 100-day effort to improve electric infrastructure cybersecurity, the White House and DoE said today. […]
The Federal Communications Commission (FCC) announced Friday it will re-establish the Communications Security, Reliability, and Interoperability Council (CSRIC), with a focus on “improving 5G network security.” […]
As cyberattacks become ever-increasing, one thing is clear: the United States needs to strengthen its cybersecurity efforts. Federal government and private sector cyber experts sat down to discuss the future of the cyber conflict and how to prevent the next big cyberattack. […]
The Federal government is curtailing its “surge” response to the SolarWinds Orion and Microsoft Exchange hacks after seeing improvements in patching that have helped to remediate the impacts of the cyber attacks, the Biden administration said today. […]
A 2019 tweak by the Office of Management and Budget (OMB) to the definition of a data center – and thus how the Federal government proceeds with its Data Center Optimization Initiative (DCOI) aimed at sharply cutting the number of data centers that Federal agencies operate – is having the effect of leaving the government more vulnerable to cyberattacks, a Government Accountability Office (GAO) official concurred today. […]
The Department of Labor (DoL) recently released new guidelines on protecting $9.3 trillion in retirement benefits for over 34 million participants in contribution plans by making sure proper cybersecurity best practices are in place. […]
Running both the National Security Agency (NSA) and U.S. Cyber Command in an era of expanding cyberattacks pushes a lot of pressing issues to the top of a leader’s to-do list, but for Gen. Paul Nakasone – who heads both organizations that are key to U.S. efforts to operate in cyberspace outside of national borders – workforce development tends to rise above the rest. […]
Three Defense Federal Acquisition Regulation Supplements (DFARS) related to the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) are set to become permanent rules shortly, Katie Arrington, the Pentagon’s CISO for acquisition and sustainment, said April 15. […]
A senior Biden administration official dropped significant hints today about the contents of the administration’s expected executive order (EO) on cybersecurity. The coming EO has been much talked about in policy circles in recent weeks, with a consensus view that it will be released soon, but without much firm detail about its expected content. […]