The Continuous Diagnostics and Mitigation (CDM) program is making progress but has run into issues with the data that commercial capabilities report to its dashboards, making it difficult for the program to quickly pull insights from that data, said Judy Baltensperger, project manager for CDM program dashboard operations, today at MeriTalk’s CDM Central event. […]
The first steps of the Department of Defense’s (DoD’s) stronger approach to securing the defense industrial base take effect today, setting the stage for full implementation of the Cybersecurity Maturity Model Certification (CMMC) program, said Katie Arrington, the Defense Department’s (DoD) CISO for Acquisition and Sustainment. […]
Defense Information Systems Agency (DISA) Director Vice Adm. Nancy Norton said today she expects to release reference architecture documents “very shortly” for DISA’s planned implementation of zero trust security concepts. […]
Christopher Krebs, the Cybersecurity and Infrastructure Security Agency (CISA) Director fired
by President Trump earlier this month for disputing broad White House assertions of fraud in the 2020 general election, said on a Nov. 29 broadcast of “60 Minutes” that multiple recounts of votes in Georgia offer a measure of proof that the election’s outcome was not impacted by widespread fraud.
[…]
Before the COVID-19 pandemic forced hundreds of thousands of Federal employees to remote work environments, zero trust was mainly a concept in the minds of cybersecurity experts that had not been fully actualized. But as telework has become the new normal, enabling zero trust capabilities is a key goal for various agencies. […]
In a report by the Office of Inspector General (OIG) for the Department of State that identifies the most significant management and performance challenges, the OIG found information security and management as one of those seven challenges. […]
The dark web has long provided a safe haven for cybercriminals to plot illicit activities, often with huge implications for the government. To stay ahead of cybercriminals, Federal agencies have to investigate threats and emerging adversaries on their networks – but that is easier said than done. […]
Sen. Gary Peters, D-Mich., urged the White House to strengthen cybersecurity defenses for the U.S. healthcare system amid concerns of cyberattacks intended to steal COVID-19 treatment and vaccine research. […]
Office of Personnel Management (OPM) guidance on Federal workforce rotational cybersecurity assignments envisions 120-day rotation assignments to other agencies, and lists several programs that rotations may run through, according to a Nov. 18 memo to agency heads from Michael Rigas, Acting Director of OPM. […]
The Defense Department’s (DoD) U.S. Cyber Command is introducing the Joint Cyber Warfighting Architecture (JCWA) – a concept to integrate cyber warfighting systems—but needs to define JCWA interoperability goals for the systems, the Federal government’s watchdog agency said. […]
The State Department released a fact sheet highlighting the United States’ support for digital transformation and cybersecurity in Latin America and the Caribbean. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program is employing a multi-year view on helping Federal agencies to better protect their high-value assets (HVA), CDM Program Manager Kevin Cox indicated today. […]
A new bill introduced in the House and Senate by two recognized congressional cybersecurity leaders would push Federal agencies to further adopt cybersecurity best practices by making it more difficult to obtain waivers under the Federal Cybersecurity Enhancement Act of 2015. […]
The Senate on Nov. 17 approved the Internet of Things Cybersecurity Improvement Act (H.R. 1668) by unanimous consent, sending the bill to the White House for President Trump’s signature. The House approved the bill in September. […]
The National Security Agency (NSA) announced it has designated the U.S. Naval Academy’s cyber operations program as a Center of Academic Excellence in Cyber Operations (CAE-CO). […]
As the Federal Election Commission (FEC) dealt with oversight of a massive increase in campaign donations during a presidential election cycle, the agency at the same time struggled with its cybersecurity and the absence of a full-time CIO, the FEC’s Office of the Inspector General found in a report released November 13. […]
The Department of Justice (DoJ) announced earlier this month that a Federal judge sentenced Aleksandr Brovko, a Russian national, to eight years in prison for his role in a botnet scheme that resulted in an estimated loss of over $100 million. […]
The U.S. Department of Energy (DoE) has launched the Operational Technology (OT) Defender Fellowship, which is intended to help strengthen critical infrastructure cybersecurity. […]
The U.S. Navy and its revitalized CIO office is looking to modernize its systems and capabilities, with artificial intelligence (AI) as a tool to tackle a complicated environment, said Christopher Cleary, Navy CISO, in a November 12 speech. […]
Cyberattacks that use encrypted channels to bypass legacy security controls rose by 260 percent from the beginning of 2020 through September, with the healthcare sector seeing the biggest industry-specific jump in targeted attacks, according to research released this week by cloud security provider Zscaler based on insights sourced from 6.6 billion encrypted threats across the Zscaler cloud. […]
Election security leaders including Bob Kolasky, Director of the National Risk Management Center at the Cybersecurity and Infrastructure Security Agency (CISA), late Thursday pronounced the November 3 election as “the most secure in American history,” and said they found no evidence of voting system compromises, or changed votes. […]
The U.S. Army has launched Hack the Army 3.0, a bug bounty program that is intended to help safeguard the Department of Defense (DoD) and Army networks, systems and data. […]
The General Services Administration’s (GSA) mismanagement of Federal contract employees Personal Identity Verification (PIV) cards has put GSA personnel, Federal property, and data at risk, according to a report from the Office of Inspector General’s (OIG). […]
The Treasury Department is proposing a new rule that would make definitional changes to incorporate cyber coverage guidance in Terrorism Risk Insurance Program (TRIP) regulations. […]
The Treasury Department’s Office of Inspector General (OIG) said in a new information memorandum that IT Acquisition, and Project Management and Cyber Threats, remain from the previous year as two of five management and performance challenges for the agency. […]
The Office of Personnel Management’s (OPM’s) cybersecurity fell under scrutiny in two audits by the agency’s inspector general, with both identifying issues in OPM’s controls and security practices. […]
Confirmation of the appointment of Camilo Sandoval as the new Federal CISO has emerged in the form of his listing on the Office of Management and Budget’s (OMB) CIO.gov website as holding the Federal CISO title. […]
The Department of Homeland Security (DHS) Science and Technology Directorate (S&T), in partnership with the Cybersecurity and Infrastructure Security Agency (CISA), announced Oct. 30 that it has awarded $2 million to an initiative that will build a national network of cybersecurity technical institutes. […]
Simple, easy to guess passwords are the scourge of cybersecurity staff. On the flip side, many users struggle to remember lengthy and complicated passwords that pass muster with cybersecurity standards. To help bridge the gap between security and useability, Carnegie Mellon’s CyLab Security and Privacy Institute has developed a policy for creating passwords. […]
The Federal Labor Relations Authority (FLRA) scored well on its fiscal year 2020 Federal Information Security Modernization Act (FISMA) audit, with only four areas noted as weaknesses and no carry-over weaknesses from prior year audits. […]