The House Homeland Security Committee voted May 18 to advance five bills that would look to improve the nation’s cybersecurity in several areas, including protecting pipeline infrastructure, testing cybersecurity readiness, and improving state and local cybersecurity, among others. […]

The Endless Frontier bill championed by Senate Majority Leader Chuck Schumer, D-N.Y., and set for Senate floor debate over the next several days has grown by leaps and bounds this week with the addition of semiconductor manufacturing and cybersecurity components and has even gotten a new name – the U.S. Innovation and Competition Act of 2021. […]

In a new report of nearly 30,000 cyber incidents, roughly 70 percent of public sector breaches were found to be the product of social engineering campaigns—relying mostly on phishing attacks. […]

Federal CIO Clare Martorana today laid out her vision for civilian government-wide Federal IT improvements that match up broadly with many of the larger goals outlined in projects and spending priorities announced earlier this month for the recent $1 billion cash infusion into the Technology Modernization Fund (TMF). In her first extended public policy address […]

Senators expressed concern that the Department of Defense (DoD) is not doing enough to support small businesses in the defense industrial base (DIB) to implement or subsidize cybersecurity protocols, including the DoD’s Cybersecurity Maturity Model Certificate (CMMC) at a May 18 Senate Subcommittee on Cybersecurity hearing. […]

An internal review of the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program has been completed, according to Sen. Joe Manchin, D-W.Va., who said he understands that the DoD review will produce “significant” changes to the program. […]

Following the recent ransomware attack on Colonial Pipeline Company, Rep. Elissa Slotkin, D-Mich., proposed a bill last week that would require the Cybersecurity and Infrastructure Security Agency (CISA) to establish a National Cyber Exercise Program to test the United States’ cyber readiness. […]

Fifteen members of the House Committee on Homeland Security reintroduced the Pipeline Security Act on May 14 in an effort to secure pipelines from nefarious cybersecurity or terrorist attacks, in the wake of the recent ransomware attack on Colonial Pipeline Company. […]

With the Colonial Pipeline ransomware attack adding to the count of high-profile cyberattacks to make news in the past six months, members of Congress focused in on how the United States can deter such attacks, as well as how to attract talent to the cyber workforce, at a May 14 House Armed Services subcommittee hearing. […]

Tech-sector reaction to the White House’s sweeping cybersecurity executive order issued May 12 came in largely positive today, with security technology makers particularly applauding the urgency of the administration’s plans, the enterprise-wide view that the order takes for improving security, and its actions to hasten the movement of Federal agencies to cloud services. […]

Acting Cybersecurity and Infrastructure Security Agency (CISA) Director Brandon Wales said today the government is concerned that the nation is witnessing the prelude to broader-based cyber attacks, and he called on Congress to take action on legislation that would require reporting of cyber incidents to the Federal government. […]

Expanding and investing in the Cybersecurity and Infrastructure Security Agency’s (CISA) Pipeline Cybersecurity Initiative could address cybersecurity risks and prevent future cyberattacks on United States pipeline infrastructure, such as the recent Colonial Pipeline hack, according to Rep. John Katko, R-N.Y. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is working on a “hardened” cloud environment that it can evaluate through pilots with Federal agencies, CISA Acting Director Brandon Wales told senators on May 11. […]

The chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee said today they are interested in changing the Federal Information Security Management Act (FISMA) to make sure that Congress gets timely notifications about major cyberattacks that have a national impact. […]

The United States and the United Kingdom have issued a joint cyber advisory on Russian Foreign Intelligence Service (SVR) tactics, techniques, and procedures. […]

Reps. Andy Kim, D-N.J., and Joe Wilson, R-S.C., introduced bipartisan legislation on May 4 that would strengthen states’ cybersecurity readiness and allow governors to deploy their state’s National Guard to respond to cybersecurity threats. […]

Numerous Federal agencies are springing into action in response to the ransomware attack on Colonial Pipeline Company, a major supplier of fuel to the northeastern U.S. that temporarily shut down pipeline operations after disclosing the attack on May 7. […]

The deputy commander of the Air Force’s information warfare command, known as the Sixteenth Air Force or Air Forces Cyber, is calling for the Air Force to automate its Cybersecurity Service Provider (CSSP) in order to remain one step ahead of adversaries. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is keeping a close eye on the progress of the Defense Department’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program to improve the security of the defense industrial base (DIB) as CISA considers possible moves in the same direction on the civilian side of the Federal government. […]

Members of a key House cybersecurity subcommittee and a panel of expert witnesses agreed at a May 5 hearing on the pressing need to disrupt ransomware-driven cyber attacks, and aired a variety of strategies to more toward that goal. […]

The Department of State is eyeing its Enterprise Vulnerability Scanning Solution (EVSS) for a “technical refresh” to ensure cybersecurity officials at the agency can keep pace with vulnerabilities on State Department networks. […]

Ransomware is being prioritized as the first of six “sprints” planned by the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) on a range of cyber threats due to the gravity of the problem, and because ransomware represents today’s threat, not tomorrow’s. […]

Deterrence of nation-state cyber adversaries comes in many flavors, but the operating model suggested this week by a House Armed Services Committee member lacks neither impact nor directness. […]

The Department of Defense (DoD) announced it is expanding its “Hack the Pentagon” program to include all publicly accessible DoD information systems. […]

Protecting the supply chain from hacks has been top of mind due to recent high-profile attacks, but members of the National Cyberspace Solarium say an area of critical infrastructure they are most concerned about is water security going forward. […]

Reps. Bob Latta, R-Ohio, and Jerry McNerney, D-Calif., reintroduced legislation this week to improve the United States’ electric grid security. The Cyber Sense Act and the Enhancing Grid Security through Public-Private Partnerships Act both direct the Department of Energy (DoE) to work with electric utilities toward the goal of improving security. […]

A bipartisan group of senators reintroduced the Protecting Resources On The Electric grid with Cybersecurity Technology (PROTECT) Act. The legislation would enhance electric grid security by incentivizing electric utilities to make cybersecurity investments, as well as establishing a Department of Energy (DoE) grant and technical assistance program to deploy advanced cybersecurity technology for utilities that are not regulated by the Federal Energy Regulatory Commission (FERC). […]

The Department of Justice (DoJ) is launching a four-month effort to reevaluate its strategies to combat cybersecurity threats in light of increases in ransomware and supply-chain attacks and the tendency of attackers to use U.S.-based infrastructure to launch their exploits, said the United States Deputy Attorney General Lisa Monaco on April 30 at a security conference in Germany. […]

The National Security Agency (NSA) is recommending that National Security System (NSS), Defense Department (DoD), and Defense Industrial Base (DIB) network owners perform a detailed risk analysis before creating cross-domain connections and currently connected operational technologies (OT). […]

The Nuclear Regulatory Commission (NRC) is reporting progress in addressing  at least one of several cybersecurity-related issues reported to it by the Government Accountability Office (GAO) last year. […]