Bipartisan legislation introduced in the Senate July 21 would require Federal agencies, government contractors, and critical infrastructure owners and operators to report cyber intrusions within 24 hours of discovery. […]
The House of Representatives on July 20 voted to approve the State and Local Cybersecurity Improvement Act July as part of a slate of cyber bills that passed under suspension of normal rules. The bill would create a $500 million-per-year grant program run by the Department of Homeland Security to help state and local governments improve their cybersecurity. […]
The House Committee on Energy and Commerce unanimously approved six cybersecurity and supply chain-related bills during a markup session on July 21. The committee’s vote sends these bills to the House floor for further consideration. […]
The House of Representatives approved a bill July 19 that aims to improve electric power grid infrastructure cybersecurity by using public-private partnerships. The bill was passed by voice vote under suspension of the rules. […]
The Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) today issued a second Security Directive aimed at securing critical pipelines that transport hazardous liquids and natural gas from cyber intrusions, in response to recent cybersecurity threats against U.S. pipeline systems. […]
A senior Biden administration official said on July 18 that an important mandate under the administration’s Cybersecurity Executive Order – deployment of multifactor authentication and encryption technologies across Federal civilian networks – could be “fully deployed within six months.” […]
The Biden administration took formal steps today to pin the Microsoft Exchange software supply chain hack disclosed earlier this year on people connected with the Chinese government’s Ministry of State Security (MSS). […]
Major General Ryan Heritage was named commander of the United States Marine Corps (USMC) Cyberspace Command July 7, the unit announced. He will report directly to Gen. Paul Nakasone, who heads up the U.S. Cyber Command. […]
Rep. John Katko, R-N.Y., ranking member of the House Committee on Homeland Security, called for increased funding for the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), saying CISA “needs to be a $5 billion agency in the next five years.” […]
The U.S. State Department said on July 15 it is offering up to $10 million in reward money for information that leads Federal authorities to anyone who is conducting cyberattacks against U.S. critical infrastructure at the behest of foreign governments. […]
The Senate Homeland Security and Governmental Affairs Committee on July 14 voted to approve the Civilian Cyber Security Reserve Act which would establish a pilot program to create a civilian reserve of cybersecurity experts that could be deployed to the Federal government as “surge capacity” in the event of significant security incidents. […]
The Department of Justice (DoJ) and Department of Homeland Security (DHS) have launched a one-stop shop at StopRansomware.gov for individuals, businesses, and organizations to help combat the increasing trend of ransomware attacks, the DoJ announced today. […]
With many more people teleworking in 2020 due to the COVID-19 pandemic, cyberattack surfaces changed and expanded, and as many worked from home with Internet of Things (IoT) devices abandoned at the office, threat actors took advantage. Part of the fallout from those realities, according to two Zscaler studies, was that malware attacks on IoT devices connected to corporate networks increased by 700 percent year-over-year in 2020, compared to the firm’s 2019 study. […]
The Department of Defense’s (DoD) efforts to defend the cybersecurity of critical infrastructure in the U.S. require a stronger implementation strategy in its collaboration efforts with the Department of Homeland Security (DHS), according to an audit by the Office of the Inspector General (OIG). […]
The Senate Homeland Security and Governmental Affairs Committee today approved two bills that aim to improve the cybersecurity of K-12 education institutions and to train Federal employees to better protect supply chains. […]
The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on July 13 ordering Federal agencies to disable the Microsoft Windows Print Spooler service, after discovering a vulnerability that allows attackers to remotely take over systems and enable adversaries to compromise the entire identity infrastructure of an agency. […]
The House Appropriations Committee spent July 13 marking up the fiscal year 2022 (FY2022) budgets for the Department of Homeland Security (DHS) and the Department of Defense (DoD). […]
Websites on the dark web associated with ransomware gang REvil disappeared on July 13, according to analysts. It is not immediately clear who is responsible for the takedowns. […]
NASA is looking for a contractor who can provide cybersecurity and privacy support for all of its centers and facilities, according to a recent request for proposals (RFP) on SAM.gov. […]
Department of Defense cybersecurity veteran Maj. Gen. Neil Hersey has been named the new deputy commanding general for Operations at Army Cyber Command. He transitioned to the role in June, after two years as commanding general at the Army Cyber Center of Excellence in Fort Gordon, Ga., according to his bio. […]
President Biden said today he was “optimistic” after speaking with Russian President Vladimir Putin about the United States government’s expectations for cooperation from Russia in the event of ransomware attacks that emanate from Russian territory. […]
A Department of Defense (DoD) Office of Inspector General (OIG) report found that 3D printers pose a cybersecurity risk to the agency, after discovering DoD employees were not properly securing the IT systems used to develop 3D products, and were unaware the 3D printers even had IT systems that could be hacked. […]
White House national security staff took the Biden administration’s strategic thinking on ransomware prevention to the local government mayors this week, as administration advisors continued to work through a long list of policy items aimed at curbing the attacks and making them less profitable. […]
After conducting its first bug bounty program last year, the Defense Advanced Research Projects Agency (DARPA) announced that it is open sourcing the Finding Exploits to Thwart Tampering (FETT) Bug Bounty evaluation platform. […]
According to a joint advisory from the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.K.’s National Cyber Security Centre (NCSC), hackers from the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit – widely known as Fancy Bear or APT28 – utilized Kubernetes clusters to infiltrate targets in their global brute force campaign from mid-2019 through early 2021. […]
The White House and key Federal agencies have been working since July 2 to assist in the response to the Kaseya ransomware attack, as President Biden gets set to meet this week with an interagency group taking a longer look at the ransomware problem. […]
The Department of Homeland Security (DHS) onboarded over 300 new cybersecurity employees, and made an additional 500 tentative job offers, during its 60-day Cybersecurity Workforce Sprint, exceeding the sprint’s original goal by 50 percent. […]
The SolarWinds software supply chain hack represented a seismic shift in cybersecurity awareness for public and private sector organizations. The attack, which compromised thousands of organizations, including at least nine Federal agencies – laid bare the reality that organizations may be compromised even if they don’t know it yet, and even if they are diligent about cybersecurity. […]
The recent Executive Order on Improving the Nation’s Cybersecurity directs agencies to move to zero trust security architectures, in which no person or device is automatically trusted. However, many agencies were already well on their way to zero trust, said Drew Epperson, senior director of Federal engineering and chief architect for Palo Alto Networks Federal. In a new MeriTV interview, Epperson addresses the current state of zero trust in the Federal government and offers practical steps agencies can take to accelerate zero trust adoption. […]
In light of recent cyberattacks against Federal agencies, the Department of Defense (DoD) is increasing its requirements for private sector contractors to ensure they are adequately securing and protecting contractor and DoD data. […]