Across several agencies with the Department of Defense (DoD), building a zero-trust architecture to secure IT systems is becoming the strategy of choice for agency leaders as several confirmed efforts to transition over from a traditional perimeter approach today. […]
The Department of Homeland Security (DHS) has issued a new rule that will expand its insider threat program to cover “the categories of individuals to all individuals who have or had access to the Department’s facilities, information, equipment, networks, or systems.” […]
The Treasury Department is asking organizations not to pay off malicious actors to terminate ransomware attacks without carefully considering possible national security threats – and said it may implement penalties for organizations that choose to pay ransom to their attackers. […]
The increased shift to telework seems like it is here to stay as employers work to slow the spread of COVID-19 several months into the pandemic, and the Cybersecurity and Infrastructure Security Agency (CISA) released new telework tips for leaders, IT professionals, and teleworkers to keep the remote environment secure. […]
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) today issued a new draft paper to help organizations address ransomware and other data integrity events. […]
The U.S. House of Representatives recently passed the American Competitiveness on More Productive Emerging Tech Economy (COMPETE Act) and the Consumer Safety Technology Act (H.R. 8128), both now move to the Senate for consideration. […]
The House of Representative this week voted to approve a collection of bills that aim to improve cybersecurity in the energy sector, inform the use of emerging technologies, and establish R&D plans. […]
Federal legislation to help strengthen the cybersecurity of state and local governments through a Department of Homeland Security grant program passed the House of Representatives on Sept. 30 – with impetus for the legislation coming from across the U.S. in the form of numerous ransomware and other attacks in recent years. […]
In a discussion about creating more diversity in the field of cybersecurity, Department of Agriculture CISO Venice Goodwine encouraged cyber professionals not to let anyone put them in a box, to invest in themselves, and to be deliberate in their career decisions. […]
A two-part ransomware guide released yesterday by the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) directs cyber professionals on how to protect against and respond to attack. […]
The interim rule for the Cybersecurity Maturity Model Certification was posted in the Federal Register on Sept. 29, opening a public comment period for the amended regulation, which is scheduled to become effective November 30. […]
The Department of Defense (DoD) has had an ongoing problem – the cybersecurity of its defense industrial base contractors. An interim rule scheduled to be published in the Federal Register tomorrow is the department’s next step in addressing that problem. […]
A recent review by the Department of Homeland Security (DHS) Office of Inspector General (OIG) found that Customs and Border Patrol (CBP) did not adequately protect sensitive data on an unencrypted device used during its Vehicle Face System pilot—a facial recognition technology pilot. […]
Rep. Lauren Underwood, D-Ill., became the chair today of the House Committee on Homeland Security’s Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation, one of the chamber’s primary panels with jurisdiction over cybersecurity issues. […]
Data from a Federal agency has been stolen in a cyber theft, according to an analysis report released Sept. 24 by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The specific agency, timeframe of the intrusion, and thief are not identified in the report. […]
To combat phishing attacks that could crumble an entire agency’s cybersecurity safeguards at one employee’s incorrect click, the National Institute of Standards and Technology (NIST) has launched a new method to understand why individuals fall for the malicious links. […]
Former government officials from the United States and around the world joined with technology companies and non-profit organizations in a call to prioritize digital trust and security addressed to the President of the United Nations General Assembly. […]
The Government Accountability Office said in a report that in order to fully implement the White House’s National Cyber Strategy a “clarity of leadership” is “urgently needed.” […]
On Sept. 23, the National Institute of Standards and Technology (NIST) released a “historic” update to its flagship security and privacy guidance, Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. […]
As the U.S. faces increased foreign cyber threats, the Department of State said in 2019 that it would stand up a Bureau of Cyberspace Security and Emerging Technologies (CSET) to address these threats, but according to the Government Accountability Office (GAO), State hasn’t informed or involved other partners in the bureau planning, which could increase risks of duplicating efforts. […]
On Friday, Assistant Director for the Cybersecurity and Infrastructure Security Agency (CISA) Bryan Ware announced that the agency was issuing Emergency Directive 20-04, which instructs Federal Civilian Executive Branch agencies to apply a security update for Microsoft’s Windows Servers to all domain controllers. […]
A key Congressman on the House Armed Services Committee spoke in support of three technology bills Friday, expressing optimism with the “bipartisan and bicameral” legislation as the legislative calendar for this session of Congress winds down. […]
The Government Accountability Office (GAO) is recommending that the Treasury Department take steps – in coordination with the Department of Homeland Security and others – to better track and prioritize cyber risk mitigation efforts across the financial services sector. […]
In a coordinated effort across three district courts, the Department of Justice unsealed indictments this week in three separate cases against Iran-based individuals all alleged to have committed cyber intrusions on U.S.-based networks. […]
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified an Iran-based cyber actor that is exploiting a virtual private network and targeting several Federal agencies, according to a joint advisory released this week. […]
A Government Accountability Office (GAO) official said on Sept. 16 that the Department of Veterans Affairs (VA) is taking action on several major IT modernization and cybersecurity issues that GAO has flagged in recent years, but that the agency still has a lot of work to do to address many of them. […]
Secretary of Defense Mark Esper said today that new technologies are changing the “character of warfare” – a shift that he said requires adjustments both abroad and at home to funding priorities. […]
One of the Licensed Partner Publishers selected last week to provide training materials for the Cybersecurity Maturity Model Certification Accreditation Body told MeriTalk this week he expects that some of the training materials will be publicly released beginning next month. […]
Threat detection and response services provider Trustwave has launched its Trustwave Fusion platform on Amazon Web Services GovCloud – letting Federal agencies and government contractors take advantage of the cloud-native cybersecurity platform to combat ever-changing security threats. […]
The House passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 yesterday and as it moves to the other chamber with support from bipartisan senators, leaders of the IoT cyber legislation are looking ahead to what this legislation could mean for IoT manufacturers and American privacy. […]