The Federal Maritime Commission (FMC) inspector general flagged several IT security policy issues at the agency in a recent FISMA compliance audit, which FMC pledged to address over the next few months. […]
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) are warning hospitals and the public health sector at large that they face an “imminent” threat of malware attacks. […]
Rep. Jim Langevin, D-R.I., long a leading voice on cybersecurity policy and a member of the Cyberspace Solarium Commission, argued this week that the establishment of internationally accepted norms of behavior in cyberspace is one of the keys to improving the United States’ cybersecurity posture. […]
John Sherman, Principal Deputy CIO at the Department of Defense (DoD), said Oct. 28 that the Pentagon is making progress with IT modernization activities for the parts of the agency known as “the Fourth Estate” – offices that are not military services or intelligence community agencies. […]
The Defense Department’s (DoD) current interim rule for the Cybersecurity Maturity Model Certification (CMMC) will take full effect on December 1, said Katie Arrington, CISO for DoD’s acquisition office, at an October 28 virtual event organized by C4ISRNET. […]
Federal officials this week discussed how they can support new approaches like zero trust and SD-WAN in an efficient and secure way by leveraging the Enterprise Infrastructure Solutions (EIS) contract along with security requirements of the Trusted Internet Connections (TIC) 3.0 policy. […]
The Department of Defense (DoD) Office of Inspector General (OIG) is canceling its audit of corrective actions taken by DoD in response to cybersecurity vulnerabilities identified during operational testing and evaluation of acquisition programs, citing the COVID-19 pandemic. […]
The Cybersecurity and Infrastructure Security Agency (CISA) and FBI issued a joint cybersecurity advisory on Oct. 22 to warn operators of state, local, territorial, and tribal (SLTT) government networks that they may be targeted by Russian state-sponsored advanced persistent threat (APT) actors. […]
The National Cybersecurity Center of Excellence (NCCoE) is looking for industry partners to support its efforts to build exemplar zero-trust architectures that meet the standards set out by NCCoE’s parent organization, the National Institute of Standards and Technology (NIST). […]
Officials from the Pentagon’s Defense Logistics Agency (DLA) said this week that two of their top concerns for further improving supply chain security are getting better end-to-end visibility of supply chains and integrating more threat intelligence into the picture. […]
A bipartisan Senate bill introduced Oct. 21 would make clear the authority of state governments to deploy their National Guard resources to help state and local governments improve their cybersecurity infrastructure and services. […]
The National Security Agency (NSA) has issued a cybersecurity advisory aimed at defense and intelligence community contractors warning of Chinese state-sponsored cyber actors exploiting publicly- known network vulnerabilities. […]
Republican leadership on the House Oversight and Reform Committee has requested a briefing from Department of Veterans Affairs (VA) officials on the data breach that the agency disclosed last month. […]
A new survey finds that 82 percent of Federal IT decisionmakers expect the majority of the work week to consist of telework even after the COVID-19 pandemic subsides. The survey also finds decisionmakers still face challenges in managing systems and cybersecurity. […]
The Cyberspace Solarium Commission, a congressionally-chartered group charged with delivering recommendations to improve U.S. cybersecurity, today issued its latest in a series of white papers on the subject – this time urging the U.S. to take steps to protect critical information and technology (ICT) supply chains from Chinese and other adversarial nations. […]
The Department of Justice announced today that it indicted six computer hackers – all of them Russian nationals and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU) – for their alleged roles in a wide range of government-sponsored cyber attacks. […]
The Department of Defense (DoD) and the National Security Agency (NSA) have launched a new initiative aimed at increasing diversity in their cybersecurity workforce. […]
Reps. Jim Langevin, D-R.I., and Doris Matsui, D-Calif., introduced a bill Oct. 16 to improve cybersecurity at K-12 schools. The Enhancing K-12 Cybersecurity Act would work to promote more access to security information, better track attack trends, and increase the number of cybersecurity experts in schools. […]
Amid a bevy of Defense Department (DoD) modernization efforts, Secretary of Defense Mark Esper is praising the Army Futures Command (AFC) for advancing the military’s efforts in cyberspace. […]
Industry professionals weighed in this week with their views on how the Cybersecurity and Infrastructure Security Agency’s (CISA) Trusted Internet Connections (TIC) 3.0 guidance also works to help enable adoption of zero trust security concepts. […]
Cyber incidents at K-12 schools over the last few years have put the personally identifiable information (PII) of students at risk, with breaches primarily resulting from intentional actions by students and unintentional actions by staff, according to a recent Government Accountability Office (GAO) report. […]
With the benefit of increased flexibility and quick updates, Federal officials praised their ability to respond to the COVID-19 pandemic under the Trusted Internet Connections (TIC) 3.0 policy during a panel session at MeriTalk’s TIC Talks event today. […]
The head of the Cybersecurity and Infrastructure Security Agency’s (CISA’s) TIC Program Office emphasized that the Trusted Internet Connections (TIC) 3.0 initiative aims to create more flexible and efficient ways for Federal agencies to improve security, and said his office is considering a wide range of additional use cases to help agencies implement the framework. […]
Department of Homeland Security (DHS) Deputy Chief Technology Officer Brian Campo said that DHS has finalized the final draft of a two-year roadmap for adoption of the zero trust security model. […]
Communication, collaboration, and coordination are being touted as the keys to success for teleworking during the coronavirus pandemic, but the best frameworks for cyber defense in these modern times may end up coming from old teachings. […]
Continuous Diagnostics and Mitigation (CDM) Program Manager Kevin Cox said on Oct. 13 that the program office is making progress on one of its key goals for Fiscal Year 2021 – connecting Federal agencies to its second-generation Elasticsearch dashboard. […]
Even before its official launch, the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program is generating additional interest in its applicability for non-defense sectors, panelists said at the CISQ Cyber Resilience Summit. […]
The Cybersecurity and Infrastructure Security Agency’s (CISA) Trusted Internet Connections (TIC) 3.0 guidance has taken center stage this year not only as a long-planned policy evolution, but also as a potential life-saver for Federal agencies to employ new use cases applicable to their need to implement wide-ranging and long-lasting telework. […]
U.S. policy-makers and several close foreign allies issued a statement this weekend calling for technology providers to provide access for governments and law enforcement to encrypted data and protected systems. […]
The Federal Aviation Administration (FAA) needs to take further action to spur improvements in aircraft avionics systems in order to meet evolving cybersecurity threats and the trend toward increased connectivity between aircraft and systems, the Government Accountability Office said. […]