The Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program is under internal review at the Pentagon with an eye toward “potential improvements” to implementation of the program, a DoD spokesperson confirmed to MeriTalk. […]
The ongoing “Sunburst” cyber-espionage campaign that resulted in the SolarWinds Orion and Microsoft Exchange breaches represents a strategic failure by the U.S., rather than simple IT inadequacy, according to a report by the Atlantic Council. […]
The National Institute of Standards and Technology (NIST) is seeking information on a contractor that can provide cybersecurity research, development, and implementation support services and subject matter expertise on task areas of various priority levels. […]
The Federal government needs to both understand and work with the private sector when it comes to cybersecurity and innovation, Director of National Intelligence Avril Haines said today. […]
The National Institute of Standards and Technology (NIST) has released draft guidance to help local election officials reduce the risk of cyberattacks on election systems, and is seeking public comment on the draft. […]
A group of bipartisan senators wrote a letter to Jennifer Granholm, Department of Energy (DOE) secretary, to voice their support for keeping the Office of Cybersecurity, Energy, Security, and Emergency Response (CESER). […]
As adversaries from overseas continue to threaten the cybersecurity of U.S. companies and organizations, National Security Agency (NSA) director and U.S. Cyber Command (CYBERCOM) chief Gen. Paul Nakasone told senators today that Defense Department (DoD) agencies need to be able to operate more freely within the U.S. to deal with those threats swiftly. […]
Federal officials should focus on crafting policies that support the use of AI in cybersecurity, and continue to develop the AI workforce, the Information Technology Industry Council (ITI) recommends in a March 24 report. […]
Sen. Ed Markey, D-Mass., and Rep. Ted Lieu, D-Calif., reintroduced the Cyber Shield Act, which would create a voluntary system to certify cybersecurity protections for internet of things (IoT) devices. […]
Preventing cyberattacks is more important than ever and the National Security Agency’s (NSA) Cybersecurity Collaboration Center is working with government and industry partners to share information and tackle cybersecurity as a “team sport.” […]
The Department of Homeland Security (DHS) is seeking comments on an Information Collection Request (ICR) to the Office of Management and Budget (OMB) to allow DHS to assist executive branch agencies in collecting cybersecurity vulnerability information and post the information on their own agency websites. […]
The Department of Energy’s (DoE) Office of Cybersecurity, Energy Security, and Emergency Response (CESER) said it is rolling out three new research programs aimed at energy supply chain security, protecting infrastructure from electromagnetic (EMP) interference, and cybersecurity education. […]
The Department of Energy (DoE) needs to fully address potential cyber vulnerabilities to the United States electrical grid system in its national cybersecurity strategy, a Government Accountability Office (GAO) report recommends. […]
It’s hard enough sometimes just keeping up with the challenges of cybersecurity in the big headline-news cases – think SolarWinds in recent months or the Office of Personnel Management (OPM) intrusion several years back. But the more you talk with experts in cybersecurity, the more it becomes clear that exploitable gaps in the network armor are nearly limitless, and that plugging those gaps requires innovative security in the spaces that remain off the radar for many. […]
The acting director of the Cybersecurity and Infrastructure Security Agency (CISA) told senators on March 18 that CISA is making efforts to complete deployment at Federal civilian agencies of the first two phases of the Continuous Diagnostics and Mitigation (CDM) program by the end of this year as part of a push to shore up Federal cybersecurity after the SolarWinds Orion hack. […]
Federal CISO Christopher DeRusha said today that new IT modernization and security funding streams stemming from the American Rescue Plan Act represent a “down payment” on extensive work that needs to be done to improve Federal agency network security. […]
The House Homeland Security Committee approved the DHS Industrial Control Systems Capabilities Enhancement Act of 2021 today. […]
Brandon Wales, acting director of the Cybersecurity and Information Security Agency (CISA) today defended the value of CISA’s EINSTEIN cyber defense program against criticism leveled by the ranking member of the Senate Homeland Security and Governmental Affairs Committee and suggested that the program be improved rather than scrapped. […]
With many Federal agencies moving to a mostly or entirely remote work environment in 2020, keeping workplaces and data secure and safe from breaches was harder than ever before. New research from the Ponemon Institute – which focuses on Federal information and privacy management – revealed just how widespread data breaches have been in the last two years. […]
Department of Homeland Security (DHS) Secretary Alejandro Mayorkas addressed a range of questions about the nation’s cybersecurity and spoke on how to better secure Federal networks in a March 17 House Homeland Security Committee hearing. […]
The Biden administration is still hashing through its consideration of who to appoint as National Cyber Director, but is due to conclude a review of how it should proceed on the position in the next several weeks. […]
The Department of Labor (DOL) must clarify whether plan administrators are responsible for mitigating cybersecurity risks and set minimum expectations for protecting personally identifiable information (PII), a report by the Government Accountability Office (GAO) said. […]
The nine Federal agencies whose networks were compromised in the Russia-backed hack via SolarWinds Orion products are close to finishing their remediation reviews, and the government is planning new deployments of unspecified security and IT modernization technologies to avoid a repeat of the intrusions, a senior Biden administration official said during a background briefing on March 12. […]
A bipartisan group of legislators introduced has the Department of Homeland Security (DHS) Industrial Control Systems Enhancement Act of 2021. The legislation will solidify the Cybersecurity & Infrastructure Security Agency’s (CISA) lead role in protecting critical infrastructure – particularly industrial control systems (ICS) – from cyber threats. […]
The Cybersecurity and Infrastructure Security Agency (CISA) needs to update its milestones and fully implement its plans related to CISA Act of 2018 in order to provide more effective cybersecurity for the United States, the Federal government’s chief watchdog agency said. […]
A newly introduced bill in the House of Representatives would give Americans the ability to make claims in Federal or state courts against foreign states that engage in cyberattacks against U.S. citizens. […]
The Cybersecurity and Infrastructure Security Agency (CISA) announced that it will begin overseeing the .gov top-level domain (TLD) in April 2021, with a mandate to enhance security for the domain which is considered critical infrastructure. […]
The Department of Justice (DoJ) is warning of fake unemployment websites after receiving reports that scammers created the websites to obtain consumer’s personal information and other sensitive data. […]
The Cybersecurity and Infrastructure Security Agency (CISA) announced that it has awarded the Center for Infrastructure Assurance and Security (CIAS) at The University of Texas at San Antonio a $1.2 million grant to launch a pilot program to help state, local, tribal, and territorial governments identify high value assets (HVA) in order to prioritize resources and planning. […]
The Department of Homeland Security (DHS) issued a draft request for proposal (RFP) searching for a Cybersecurity Compensation System Support Services. […]