Last fall, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced a binding operational directive (BOD) requiring the Federal government to develop and publish vulnerability disclosure policies (VDP). CISA announced today it has chosen vendors for its VDP platform. […]
Nothing looms larger in the policy gunsights of the Biden administration than cybersecurity – both in the Federal and private sectors – and how to improve it. […]
The Biden administration is pushing hard to help fight the rise of ransomware attacks on private industry, and the White House is taking steps on multiple fronts to work with the private sector to combat the issue. […]
A newly issued Office of Inspector General (OIG) report shows that the Department of Homeland Security (DHS) was making only limited progress in implementing the Continuous Diagnostics and Mitigation (CDM) program in several years leading up to an audit completed in 2020, but has since taken action on several recommendations from the OIG that puts the agency in better position to benefit from CDM. […]
Rep. Carolyn Maloney, D-N.Y., chairwoman of the House Committee on Oversight and Reform, sent letters to ransomware victims Colonial Pipeline Company and CNA Financial Corporation to get more information on their respective decisions to pay ransoms, the committee announced today. […]
The Department of Treasury’s Internal Revenue Service (IRS) issued a request for information (RFI) seeking software cybersecurity tools that can work with an older version of programming language the agency uses, known as common business-oriented language, or COBOL. […]
The continued flurry of high-profile ransomware attacks on critical infrastructure targets in the United States is climbing the ladder of presidential priorities – with President Biden saying it’s on the agenda for his summit with Russian President Vladimir Putin later this month, and White House officials confirming that cryptocurrency will be part of a new examination of global corruption. […]
House Oversight and Reform Committee Chairwoman Carolyn Maloney, D-N.Y., and several chairs of the panel’s key subcommittees today asked inspectors general (IGs) from ten Federal agencies for assessments of any cybersecurity vulnerabilities that were created or worsened by the use of telework systems during the coronavirus pandemic, and whether any such vulnerabilities have been mitigated. […]
A senior official with the Cybersecurity and Infrastructure Security Agency (CISA) said today the Federal government’s process of modernizing its IT systems to achieve better cybersecurity may be a decades-long process. […]
The National Telecommunications and Information Administration (NTIA) is seeking feedback on what to include in its Software Bill of Materials (SBOM), as directed by President Biden’s cybersecurity executive order. […]
Rep. Ted Lieu, D-Ca., introduced a bill on June 1 that looks to improve the cybersecurity infrastructure of government contractors, his office announced. The Improving Contractor Cybersecurity Act would require any vendor looking to do business with the Federal government to have vulnerability disclosure policies (VDP) in place. […]
The Biden administration is publicly demonstrating its willingness to lend Federal help to respond to a variety of ransomware assaults against critical infrastructure sectors – the latest involving a cyberattack against JBS USA, the world’s largest meatpacker, that forced the company reportedly to shut down nine of its plants. […]
Reps. Ro Khanna, D-Calif., and Nancy Mace, R-S.C., introduced legislation on May 28 that would create a cybersecurity personnel rotation program in an effort to strengthen the United States’ Federal cyber workforce and infrastructure. […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are looking into last week’s spear-phishing campaign targeting the United States Agency for International Development (USAID), and have not found any “significant impact” to Federal agencies, according to a May 28 joint statement. […]
Sens. Gary Peters, D-Mich., and Rick Scott, R-Fla., reintroduced the K-12 Cybersecurity Act May 27 in an effort to strengthen the cybersecurity of school systems. This is the second time the two introduced the Act, having previously introduced similar legislation in 2019 in the last Congress. […]
President Biden’s FY2022 budget document released today proposes a 14 percent increase from the estimated cybersecurity funding level for last year, to a total of $9.8 billion in Federal civilian cybersecurity funding. […]
The United States Agency for International Development (USAID) was the victim of a May 25 spear-phishing campaign that carried all the hallmarks of a state-sponsored attack, Microsoft said yesterday. […]
President Biden’s Department of Homeland Security (DHS) nominees pledged their commitment to elevate the United States’ cybersecurity posture, in order to prevent future cyberattacks, during a May 27 Senate Committee on Homeland Security & Governmental Affairs hearing. […]
Anne Neuberger, the White House deputy national security advisor for cyber and emerging technologies who is a driving force behind the Biden administration’s cybersecurity executive order issued earlier this month, today noted an initial “disappointment” with Federal network hygiene in a follow-up discussion about the broader aims of the order. […]
The recent Colonial Pipeline hack has made more people aware of the threats that lurk in cyberspace, and Sen. Angus King, I-Maine, says it’s time for the government to develop a new relationship with the private sector on cybersecurity and take an all-of-society approach to protecting critical infrastructure. “The private sector has been very reluctant […]
In light of the recent Colonial Pipeline ransomware attack, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) released a new directive requiring all critical pipeline owners and operators to report cyberattacks, DHS announced today. […]
Mark Munsell, deputy director of data and innovation at the National Geospatial-Intelligence Agency (NGA) and the agency’s former CTO, is urging the Federal government to build cyber applications faster in order to out-compete adversaries, and to expand industry partnerships. […]
In a Senate Appropriations Committee review of the Department of Homeland Security’s (DHS) fiscal year (FY) 2022 budget request today, DHS Secretary Alejandro Mayorkas emphasized the importance of building resilience among the nation’s cybersecurity and the cyber workforce. […]
Reps. Ted Lieu, D-Calif., and Nancy Mace, R-S.C., led a bipartisan group of legislators in reintroducing the Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act. […]
The Professional Services Council (PSC), which represents government contractors, urged Congress in a May 21 letter to include funding for cybersecurity and IT modernization in an upcoming infrastructure funding package that aligns with President Biden’s American Jobs Plan. […]
A new report from NASA’s Office of Inspector General (OIG) shows the agency is exposed to a “higher-than-necessary risk from cyber threats,” but a new contract shows promise for NASA to secure its systems more effectively. […]
President Biden’s National Infrastructure Advisory Council (NIAC) is preparing a report for the White House National Security Council (NSC) focused on “challenges facing the critical infrastructure workforce and the risks to national security posed by a lack of skilled workers,” and paying special attention to the cybersecurity workforce. […]
Following a string of high-profile cyber attacks against private sector and government organizations over the past several months, more than half of Americans surveyed by The Harris Poll believe further cybersecurity investments are essential to combat the threat, and that the Federal government, the military, and the private sector should share cyber threat and attack data to help in the fight. […]
The Government Accountability Office (GAO) has outlined 28 priority open recommendations for the Department of Veterans Affairs (VA) in a new report, which include items involving information technology and timely COVID-19 data collection. […]
Several House members expressed concern today over the Department of Veterans Affairs’ (VA) approach to managing cyber risks and the agency’s cybersecurity strategies, while the agency’s chief information security officer countered that VA cyber programs are on par with those at work in other Federal agencies. “VA prides itself as being the nation’s largest integrated […]