The chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee said today they are interested in changing the Federal Information Security Management Act (FISMA) to make sure that Congress gets timely notifications about major cyberattacks that have a national impact. […]
The United States and the United Kingdom have issued a joint cyber advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. […]
Reps. Andy Kim, D-N.J., and Joe Wilson, R-S.C., introduced bipartisan legislation on May 4 that would strengthen states’ cybersecurity readiness and allow governors to deploy their state’s National Guard to respond to cybersecurity threats. […]
Numerous Federal agencies are springing into action in response to the ransomware attack on Colonial Pipeline Company, a major supplier of fuel to the northeastern U.S. that temporarily shut down pipeline operations after disclosing the attack on May 7. […]
The deputy commander of the Air Force’s information warfare command, known as the Sixteenth Air Force or Air Forces Cyber, is calling for the Air Force to automate its Cybersecurity Service Provider (CSSP) in order to remain one step ahead of adversaries. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is keeping a close eye on the progress of the Defense Department’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program to improve the security of the defense industrial base (DIB) as CISA considers possible moves in the same direction on the civilian side of the Federal government. […]
Members of a key House cybersecurity subcommittee and a panel of expert witnesses agreed at a May 5 hearing on the pressing need to disrupt ransomware-driven cyber attacks, and aired a variety of strategies to more toward that goal. […]
The Department of State is eyeing its Enterprise Vulnerability Scanning Solution (EVSS) for a “technical refresh” to ensure cybersecurity officials at the agency can keep pace with vulnerabilities on State Department networks. […]
Ransomware is being prioritized as the first of six “sprints” planned by the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on a range of cyber threats due to the gravity of the problem, and because ransomware represents today’s threat, not tomorrow’s. […]
Deterrence of nation-state cyber adversaries comes in many flavors, but the operating model suggested this week by a House Armed Services Committee member lacks neither impact nor directness. […]
The Department of Defense (DoD) announced it is expanding its “Hack the Pentagon” program to include all publicly accessible DoD information systems. […]
Protecting the supply chain from hacks has been top of mind due to recent high-profile attacks, but members of the National Cyberspace Solarium say an area of critical infrastructure they are most concerned about is water security going forward. […]
Reps. Bob Latta, R-Ohio, and Jerry McNerney, D-Calif., reintroduced legislation this week to improve the United States’ electric grid security. The Cyber Sense Act and the Enhancing Grid Security through Public-Private Partnerships Act both direct the Department of Energy (DoE) to work with electric utilities toward the goal of improving security. […]
A bipartisan group of senators reintroduced the Protecting Resources On The Electric grid with Cybersecurity Technology (PROTECT) Act. The legislation would enhance electric grid security by incentivizing electric utilities to make cybersecurity investments, as well as establishing a Department of Energy (DoE) grant and technical assistance program to deploy advanced cybersecurity technology for utilities that are not regulated by the Federal Energy Regulatory Commission (FERC). […]
The Department of Justice (DoJ) is launching a four-month effort to reevaluate its strategies to combat cybersecurity threats in light of increases in ransomware and supply-chain attacks and the tendency of attackers to use U.S.-based infrastructure to launch their exploits, said the United States Deputy Attorney General Lisa Monaco on April 30 at a security conference in Germany. […]
The National Security Agency (NSA) is recommending that National Security System (NSS), Defense Department (DoD), and Defense Industrial Base (DIB) network owners perform a detailed risk analysis before creating cross-domain connections and currently connected operational technologies (OT). […]
The Nuclear Regulatory Commission (NRC) is reporting progress in addressing at least one of several cybersecurity-related issues reported to it by the Government Accountability Office (GAO) last year. […]
The Cybersecurity and Infrastructure Security Agency (CISA) released a new graphic novel on National Superhero Day, but its superhero might not possess your typical superpowers. The fictional story Bug Bytes intends to educate the public on the dangers of dis- and misinformation campaigns, with cybersecurity and journalism skills saving the day. […]
Numerous tech-related issues were front and center in President Biden’s address to a joint session of Congress on Wednesday night, as he delivered pitches backing up his infrastructure-themed American Jobs Plan issued in late March, the American Families Plan unveiled this week, and a preliminary Fiscal Year 2022 budget wish-list made public on April 9. […]
The Cybersecurity and Infrastructure Security Agency (CISA) announced that .gov top-level domains will be available at no cost for qualifying organizations beginning immediately – a move that should help on the cybersecurity front especially for smaller governmental entities. […]
In light of recent supply chain intrusions, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Agency (CISA) and National Institute for Standards and Technology (NIST) have released new guidance on defending supply chain software, using the NIST framework to identify and mitigate risks. […]
Sens. Maggie Hassan, D-N.H., and Ben Sasse, R-Neb., have introduced the National Risk Management Act, which would ensure that the Department of Homeland Security (DHS) is properly identifying and addressing risks to the nation’s critical infrastructure (CI). […]
Sens. Rob Portman, R-Ohio, and Gary Peters, D-Mich., introduced the Cyber Response and Recovery Act, which would authorize $20 million of spending to support Federal and non-Federal entities impacted by major cyber events, according to an April 23 press release. […]
President Biden appointed Amit Mital, a cybersecurity industry veteran, to the National Security Council (NSC) as the senior director for cybersecurity strategy and policy, Mital’s LinkedIn confirms. Mital will also serve in the White House as a special assistant to the president. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) has been busy assessing and identifying security risks for 5G wireless services, which present newfound risks unique to the technology, an NRMC official said April 22. […]
The combined response of the Federal government and the private sector to the Russia-based cyberattack of government and business networks via SolarWinds Orion software is making for a promising use case for addressing major incidents in the future, said Federal Chief Information Security Officer (CISO) Chris DeRusha on April 22. […]
Reps. Anna G. Eshoo, D-Calif., and Adam Kinzinger, R-Ill., reintroduced the Understanding Cybersecurity of Mobile Networks Act in the House on Tuesday in an effort to ensure the security of existing wireless networks. […]
As government agencies have increased their digital presence through social media, websites, or other online channels, they also have put themselves in position to be attacked outside of their traditional digital perimeters. These outside attacks can include social media impersonations, account takeovers, false or misleading information, or the disclosure of confidential agency information. […]
The Department of Energy (DoE) – with help from industry and the Cybersecurity and Infrastructure Security Agency (CISA – is kicking off a 100-day effort to improve electric infrastructure cybersecurity, the White House and DoE said today. […]
The Federal Communications Commission (FCC) announced Friday it will re-establish the Communications Security, Reliability, and Interoperability Council (CSRIC), with a focus on “improving 5G network security.” […]