President Biden said today that he spent “a great deal of time” discussing cybersecurity issues with Russian President Vladimir Putin at their three-hour summit meeting held June 16, and central to that discussion was President Biden’s assertion that critical infrastructure should be off limits to any attacks. […]

The Transportation Security Agency (TSA) is in the process of developing another cybersecurity directive for critical infrastructure pipeline owners and operators, following the initial directive it issued to them following the Colonial Pipeline ransomware attack. […]

Rep. Yvette Clarke, D-N.Y., chair of the House Homeland Security Committee’s Cybersecurity Subcommittee, said today she hopes Congress will provide further funding for IT modernization and cybersecurity improvements to build on the recent $1 billion infusion into the Technology Modernization Fund (TMF), and the extra $650 million provided to the Cybersecurity and Infrastructure Security Agency (CISA) in the American Rescue Plan Act. […]

Cybersecurity in general, and ransomware in specific, climbed high onto the ladder of major policy issues at both the weekend meeting of G-7 nations this weekend, and the NATO Summit that concluded on June 14. […]

The Social Security Administration (SSA) has implemented four of the seven open priority recommendations that the Government Accountability Office (GAO) identified in April 2020, including updating systems and establishing a risk management framework. […]

Carlos Del Toro, President Biden’s nominee to become Secretary of the Navy, is set to bring to the service branch an extensive technology profile from 17 years as CEO of SBG Technology Solutions, which provides IT modernization, governance, cybersecurity, and AI tech to the Federal government. […]

Cyberthreats are constantly evolving. There are new attackers, new vulnerabilities, and new security risks that are arising every day. Threat hackers have rapidly increased their sophistication and techniques that make them harder to spot and threaten even the savviest targets. Criminal groups are also targeting businesses that have moved their infrastructure to the cloud. This way, they can hide among legitimate services. Attackers have developed new ways to scour the internet for systems vulnerable to ransomware. […]

A week after seeking information on ransom pay from two other ransomware victims, Rep. Carolyn Maloney, D-N.Y., chairwoman of the House Committee on Oversight and Reform, sent a June 10 letter to JBS Foods USA asking for information about its reported decision to pay an $11 million ransom, the committee announced. […]

The 14 percent year-over-year budget increase requested by the Biden administration for the Office of Management and Budget (OMB) for Fiscal Year 2022 would be devoted to hiring new career personnel across the agency, including increasing staffing that is critical for IT and cybersecurity oversight across the government. […]

Jen Easterly, President Biden’s nominee to become the next director of the Cybersecurity and Infrastructure Security Agency (CISA), delivered a sobering assessment of the rising threats faced by Federal and private sectors networks and pledged at her June 10 confirmation hearing to strengthen the agency’s capabilities to defend and secure networks. […]

Ransomware was a main focus of concern during a committee nomination hearing today for Chris Inglis to be the nation’s first-ever national cyber director. Amidst a rising number of recent attacks, Inglis detailed how he would deal with the threat of ransomware while also explaining how he would approach building the nation’s cyber policy and approach collaboration if confirmed. […]

Sen. Mark Warner, D-Va., chairman of the Senate Intelligence Committee, said today he expects legislation will be soon filed in Congress to mandate cyber incident reporting to Federal authorities. […]

After a Senate committee hearing yesterday, Colonial Pipeline’s president and CEO was back in front of Congress today, appearing before the House Committee on Homeland Security for a hearing about last month’s ransomware attack. There he expressed a need from private industry for the Federal government to pressure the hosts of these ransomware actors. […]

The Senate voted late on June 8 to approve the much-amended U.S. Innovation and Competition Act of 2021, by a margin of 68-32. […]

The Accreditation Board (CMMC-AB) for the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) has approved the first Certified Third-Party Assessment Organization (C3PAO) in the Defense Industrial Base (DIB), the CMMC-AB announced today. […]

The White House today released the first fruits of a February executive order that has Federal agencies looking at ways to improve supply chain security in several key critical infrastructure areas. […]

Colonial Pipeline Company’s president and CEO announced the company is in the midst of an ongoing review of last month’s ransomware attack and relayed the timeline of events that led to the company paying a ransom and its communication with law enforcement in a Congressional hearing today. […]

Last fall, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced a binding operational directive (BOD) requiring the Federal government to develop and publish vulnerability disclosure policies (VDP). CISA announced today it has chosen vendors for its VDP platform. […]

Nothing looms larger in the policy gunsights of the Biden administration than cybersecurity – both in the Federal and private sectors – and how to improve it. […]

The Biden administration is pushing hard to help fight the rise of ransomware attacks on private industry, and the White House is taking steps on multiple fronts to work with the private sector to combat the issue. […]

A newly issued Office of Inspector General (OIG) report shows that the Department of Homeland Security (DHS) was making only limited progress in implementing the Continuous Diagnostics and Mitigation (CDM) program in several years leading up to an audit completed in 2020, but has since taken action on several recommendations from the OIG that puts the agency in better position to benefit from CDM. […]

Rep. Carolyn Maloney, D-N.Y., chairwoman of the House Committee on Oversight and Reform, sent letters to ransomware victims Colonial Pipeline Company and CNA Financial Corporation to get more information on their respective decisions to pay ransoms, the committee announced today. […]

The Department of Treasury’s Internal Revenue Service (IRS) issued a request for information (RFI) seeking software cybersecurity tools that can work with an older version of programming language the agency uses, known as common business-oriented language, or COBOL.  […]

The continued flurry of high-profile ransomware attacks on critical infrastructure targets in the United States is climbing the ladder of presidential priorities – with President Biden saying it’s on the agenda for his summit with Russian President Vladimir Putin later this month, and White House officials confirming that cryptocurrency will be part of a new examination of global corruption. […]

House Oversight and Reform Committee Chairwoman Carolyn Maloney, D-N.Y., and several chairs of the panel’s key subcommittees today asked inspectors general (IGs) from ten Federal agencies for assessments of any cybersecurity vulnerabilities that were created or worsened by the use of telework systems during the coronavirus pandemic, and whether any such vulnerabilities have been mitigated. […]

A senior official with the Cybersecurity and Infrastructure Security Agency (CISA) said today the Federal government’s process of modernizing its IT systems to achieve better cybersecurity may be a decades-long process. […]

The National Telecommunications and Information Administration (NTIA) is seeking feedback on what to include in its Software Bill of Materials (SBOM), as directed by President Biden’s cybersecurity executive order. […]

Rep. Ted Lieu, D-Ca., introduced a bill on June 1 that looks to improve the cybersecurity infrastructure of government contractors, his office announced. The Improving Contractor Cybersecurity Act would require any vendor looking to do business with the Federal government to have vulnerability disclosure policies (VDP) in place. […]

The Biden administration is publicly demonstrating its willingness to lend Federal help to respond to a variety of ransomware assaults against critical infrastructure sectors – the latest involving a cyberattack against JBS USA, the world’s largest meatpacker, that forced the company reportedly to shut down nine of its plants. […]

Reps. Ro Khanna, D-Calif., and Nancy Mace, R-S.C., introduced legislation on May 28 that would create a cybersecurity personnel rotation program in an effort to strengthen the United States’ Federal cyber workforce and infrastructure. […]