Malicious actors are targeting K-12 schools with a strong increase in ransomware attacks and other cyber threats, according to a Joint Cybersecurity Advisory released December 10 by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC). […]
Senior House Republicans pointed today to the still-unfolding situation on Russian-backed hacking of government networks via SolarWinds software to call for passage of the Fiscal Year 2021 National Defense Authorization Act (NDAA) and the cybersecurity elements that the legislation features. […]
The Department of Defense’s (DoD) Defense Innovation Unit (DIU) and the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) component have signed a Memorandum of Understanding to collaborate on cybersecurity measures, according to a Dec. 17 announcement. […]
The Alliance for Digital Innovation (ADI), a Washington-based trade group known for its advocacy for Federal government IT modernization, released a new set of recommendations Dec. 17 for the Biden administration and incoming Congress to improve Federal tech capabilities by learning from some of the lessons of the government’s rapid turn to telework during the coronavirus pandemic. […]
The Cybersecurity and Infrastructure Security Agency (CISA) warned today that threats to government networks caused by previously reported breaches of SolarWinds Orion products pose a “grave risk” to Federal government, state, tribal and territorial governments, critical infrastructure entities, and other private-sector organizations. […]
The shift to remote work forced by the coronavirus pandemic has helped the Army’s Combat Capabilities Development Command (CCDC) – a component of Army Futures Command – identify security gaps, and work to improve IT security for offsite personnel, said Col. Gregory Smith, Military Deputy to the Director of the CCDC, at an AFFIRM webinar Dec. 16. […]
The Department of Defense (DoD) will pilot the enforcement of its Cybersecurity Maturity Model Certification (CMMC) program on seven upcoming contracts that DoD expects to award in late 2021, setting the stage for the first CMMC audits, the department announced in a Dec. 15 news release. […]
A new report from the Government Accountability Office (GAO) finds that most large agencies had not implemented any supply chain risk management practices from the National Institute of Standards and Technology (NIST) – publicly acknowledging weaknesses on the heels of the attack on SolarWinds’ software that led to breaches at multiple Federal agencies. […]
Within the State Department, Information Systems Security Officers (ISSOs) in overseas posts have an unclear reporting system, a lack of management oversight, and not enough dedicated staff time, leading to deficiencies in ISSO performance, according to a report released Dec. 15 by the State Department’s Office of the Inspector General (OIG). […]
With the first batch of COVID-19 vaccines making their way across the country, the Cybersecurity and Infrastructure Security Agency (CISA) has issued guidelines for keeping cold storage facilities safe from cyberthreat actors. […]
President Trump’s National Infrastructure Advisory Council (NIAC) released recommendations and an implementation plan in a Dec. 10 report to the President for the creation of a Critical Infrastructure Command Center (CICC) that would be pair government and private sector experts to improve cybersecurity for critical infrastructure sectors. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is requiring all Federal civilian agencies to disconnect or turn off any SolarWinds Orion products by noon today, as a nation-state hack of the tools pose a significant cybersecurity threat and is linked to a hack at the Treasury and Commerce Departments. […]
State-sponsored hackers targeted cybersecurity firm FireEye in a recent cyberattack, company CEO Kevin Mandia disclosed in a Dec. 8 statement. The company said it is coordinating with the Federal Bureau of Investigation (FBI) in its investigation of the attack. […]
The United States and Australia signed a first-of-its-kind agreement in November to develop a virtual cyber training range to practice real-world defensive missions across boundaries and networks. […]
Trusted Internet Connections (TIC) Program Office chief Sean Connelly said Dec. 8 that his office remains on track to issue several additional use cases over the coming months for the TIC 3.0 security initiative that Federal agencies can employ to advance their security postures. […]
The National Security Agency (NSA) released a cybersecurity alert on Dec. 7 warning that state-sponsored hackers based in Russia have been attacking remote workspaces and exploiting a vulnerability in a suite of VMware products. […]
President Trump signed the Internet of Things (IoT) Cybersecurity Improvement Act into law Dec. 7. […]
The Defense Information Systems Agency (DISA) is looking to implement an enterprise “grey network” to enable Department of Defense (DoD) components to securely support classified remote programs, a DISA official explained. […]
Continuous Diagnostics and Mitigation (CDM) Program Manager Kevin Cox today discussed the possibility of a higher funding baseline for the CDM program in Fiscal Year 2022 that would allow the program through its DEFEND contract to tackle more security work for Federal agencies at a faster pace. […]
The Continuous Diagnostics and Mitigation (CDM) program is making progress but has run into issues with the data that commercial capabilities report to its dashboards, making it difficult for the program to quickly pull insights from that data, said Judy Baltensperger, project manager for CDM program dashboard operations, today at MeriTalk’s CDM Central event. […]
The first steps of the Department of Defense’s (DoD’s) stronger approach to securing the defense industrial base take effect today, setting the stage for full implementation of the Cybersecurity Maturity Model Certification (CMMC) program, said Katie Arrington, the Defense Department’s (DoD) CISO for Acquisition and Sustainment. […]
Defense Information Systems Agency (DISA) Director Vice Adm. Nancy Norton said today she expects to release reference architecture documents “very shortly” for DISA’s planned implementation of zero trust security concepts. […]
Christopher Krebs, the Cybersecurity and Infrastructure Security Agency (CISA) Director fired
by President Trump earlier this month for disputing broad White House assertions of fraud in the 2020 general election, said on a Nov. 29 broadcast of “60 Minutes” that multiple recounts of votes in Georgia offer a measure of proof that the election’s outcome was not impacted by widespread fraud.
[…]
Before the COVID-19 pandemic forced hundreds of thousands of Federal employees to remote work environments, zero trust was mainly a concept in the minds of cybersecurity experts that had not been fully actualized. But as telework has become the new normal, enabling zero trust capabilities is a key goal for various agencies. […]
In a report by the Office of Inspector General (OIG) for the Department of State that identifies the most significant management and performance challenges, the OIG found information security and management as one of those seven challenges. […]
The dark web has long provided a safe haven for cybercriminals to plot illicit activities, often with huge implications for the government. To stay ahead of cybercriminals, Federal agencies have to investigate threats and emerging adversaries on their networks – but that is easier said than done. […]
Sen. Gary Peters, D-Mich., urged the White House to strengthen cybersecurity defenses for the U.S. healthcare system amid concerns of cyberattacks intended to steal COVID-19 treatment and vaccine research. […]
Office of Personnel Management (OPM) guidance on Federal workforce rotational cybersecurity assignments envisions 120-day rotation assignments to other agencies, and lists several programs that rotations may run through, according to a Nov. 18 memo to agency heads from Michael Rigas, Acting Director of OPM. […]
The Defense Department’s (DoD) U.S. Cyber Command is introducing the Joint Cyber Warfighting Architecture (JCWA) – a concept to integrate cyber warfighting systems—but needs to define JCWA interoperability goals for the systems, the Federal government’s watchdog agency said. […]
The State Department released a fact sheet highlighting the United States’ support for digital transformation and cybersecurity in Latin America and the Caribbean. […]