Federal government financial regulators are seeking comment on a proposed rule looking to increase accountability for banks that experience cybersecurity incidents by implementing requirements that they report incidents to their primary regulators within 36 hours of discovery. […]

During the nine months of the coronavirus pandemic, we’ve asked a hundred variations of that question to people whose professional lives near the tip of the technology spear put them in good positions to predict the future and get as many good answers back. At the dawn of a more hopeful 2021, here’s a look at how the Federal work-scape may play out in the longer term, courtesy of three veteran technologists.  […]

The Cybersecurity and Infrastructure Security Agency (CISA) late Friday issued a new alert – stemming from the Russian hack of SolarWinds Orion products – in which CISA warns it has uncovered evidence of post-hack advanced persistent threat (APT) activity in the cloud environment. […]

The Biden-Harris transition team announced 21 more appointees to the incoming administration’s National Security Council (NSC) Jan. 8, including two that are sure to play significant roles in cybersecurity policy. The transition team has tapped Tarun Chhabra as Senior Director for Technology and National Security, and Caitlin Durkovich as Senior Director of Resilience and Response. […]

In the midst of dealing with the fallout from the Russian cyberattack that used SolarWinds software to breach the networks of thousands of the firm’s customers, SolarWinds has hired former Cybersecurity and Infrastructure Security Agency Director Chris Krebs and his new cybersecurity consulting firm as an independent consultant. […]

Secretary of State Mike Pompeo approved the establishment of the Bureau of Cyberspace Security and Emerging Technologies (CSET) within the Department of State on Thursday to lead diplomatic efforts to deflect cyberattacks from foreign countries.  […]

The Department of Commerce Office of the Inspector General (OIG) announced last month that it will be conducting a review of the department’s cyber threat data sharing capabilities, pursuant to the Cybersecurity Information Sharing Act of 2015 which set up structures for sharing threat data with government and private sector entities.  […]

President-elect Joe Biden has chosen cybersecurity veteran Lisa Monaco as his nominee for Deputy Attorney General at the Justice Department (DoJ), and according to a Politico report, is getting ready to name Anne Neuberger deputy national security adviser for cybersecurity on the President’s National Security Council (NSC). […]

The National Security Agency (NSA) issued an “emphatic” call for Federal stakeholders to update older Transport Layer Security (TLS) protocols, with the message particularly aimed at system administrators in the Department of Defense (DoD), the intelligence community (IC), and the Defense Industrial Base (DIB). […]

The Cybersecurity and Infrastructure Security Agency (CISA) released a new round of supplemental guidance on Jan. 6 to the emergency directive that the agency issued on Dec. 13, 2020, providing remediation guidance in response to the Russia-backed hack of more than 18,000 government and private sector systems via SolarWinds Orion products. […]

Federal law enforcement and intelligence agencies said today they believe that “fewer than ten” Federal agencies have been targeted by “follow-on” activity after initial breaches in the Russia-directed hacking of government networks via SolarWinds Orion products. […]

The White House issued the National Maritime Cybersecurity Plan – a plan for the Department of Homeland Security (DHS) to develop and deploy a maritime cybersecurity workforce in order to monitor, protect and mitigate cyber threats to the maritime sector. […]

A Treasury Department official told House Ways and Means Committee members in a Dec. 23 letter that the agency has found no evidence that the suspected Russia-backed breach of Federal government systems via SolarWinds Orion products exposed U.S. taxpayer data. […]

With one of the most abnormal years of our lifetimes coming to an end, we look back at the top Fed IT moments of 2020. In a year with both a pandemic and an election, the government had to change the way it worked, ensure trust in election outcomes, and modernize on the fly. […]

A bill introduced on Dec. 11 by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, would require Federal agencies to report to Congress within seven days about any cyber attacks they have faced that would cause significant harm to national security or agency operations. […]

The National Institute of Standards and Technology (NIST) released a draft version of Special Publication (SP) 800-213 and several supporting documents aimed at manufacturers, with the goal of establishing a baseline for securely integrating Internet of Things (IoT) devices into Federal networks. […]

The Cybersecurity and Infrastructure Security Administration’s (CISA) Continuous Diagnostics and Mitigation (CDM) program is due to receive a much-needed funding increase for Fiscal Year 2021, helping to address a shortfall for the program that aims to improve network security at Federal government civilian agencies. […]

The Cybersecurity and Infrastructure Security Agency (CISA) released a draft version of a Trusted Internet Connections (TIC) Use Case focusing on access for remote users and user-owned mobile devices, setting the stage for more direct network access to agency and cloud-based resources. […]

A new survey released by MeriTalk and Splunk finds that public sector IT decision makers are increasingly planning around zero trust security concepts, with that thinking driven by current and future requirements for telework capabilities, among other security management needs. However, agencies face challenges in migrating to zero trust, including the need to invest in foundational technologies, according to findings from the survey of 150 Federal IT decision makers and 150 state, local, and higher education (SLED) IT decisionmakers on their agencies’ efforts around zero trust. […]

Malicious actors are targeting K-12 schools with a strong increase in ransomware attacks and other cyber threats, according to a Joint Cybersecurity Advisory released December 10 by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). […]

Senior House Republicans pointed today to the still-unfolding situation on Russian-backed hacking of government networks via SolarWinds software to call for passage of the Fiscal Year 2021 National Defense Authorization Act (NDAA) and the cybersecurity elements that the legislation features. […]

The Department of Defense’s (DoD) Defense Innovation Unit (DIU) and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) component have signed a Memorandum of Understanding to collaborate on cybersecurity measures, according to a Dec. 17 announcement. […]

The Alliance for Digital Innovation (ADI), a Washington-based trade group known for its advocacy for Federal government IT modernization, released a new set of recommendations Dec. 17 for the Biden administration and incoming Congress to improve Federal tech capabilities by learning from some of the lessons of the government’s rapid turn to telework during the coronavirus pandemic. […]

The Cybersecurity and Infrastructure Security Agency (CISA) warned today that threats to government networks caused by previously reported breaches of SolarWinds Orion products pose a “grave risk” to Federal government, state, tribal and territorial governments, critical infrastructure entities, and other private-sector organizations. […]

The shift to remote work forced by the coronavirus pandemic has helped the Army’s Combat Capabilities Development Command (CCDC) – a component of Army Futures Command – identify security gaps, and work to improve IT security for offsite personnel, said Col. Gregory Smith, Military Deputy to the Director of the CCDC, at an AFFIRM webinar Dec. 16. […]

The Department of Defense (DoD) will pilot the enforcement of its Cybersecurity Maturity Model Certification (CMMC) program on seven upcoming contracts that DoD expects to award in late 2021, setting the stage for the first CMMC audits, the department announced in a Dec. 15 news release. […]

A new report from the Government Accountability Office (GAO) finds that most large agencies had not implemented any supply chain risk management practices from the National Institute of Standards and Technology (NIST) – publicly acknowledging weaknesses on the heels of the attack on SolarWinds’ software that led to breaches at multiple Federal agencies. […]

Within the State Department, Information Systems Security Officers (ISSOs) in overseas posts have an unclear reporting system, a lack of management oversight, and not enough dedicated staff time, leading to deficiencies in ISSO performance, according to a report released Dec. 15 by the State Department’s Office of the Inspector General (OIG). […]

With the first batch of COVID-19 vaccines making their way across the country, the Cybersecurity and Infrastructure Security Agency (CISA) has issued guidelines for keeping cold storage facilities safe from cyberthreat actors. […]

President Trump’s National Infrastructure Advisory Council (NIAC) released recommendations and an implementation plan in a Dec. 10 report to the President for the creation of a Critical Infrastructure Command Center (CICC) that would be pair government and private sector experts to improve cybersecurity for critical infrastructure sectors. […]