The National Security Agency (NSA) has issued a cybersecurity advisory aimed at defense and intelligence community contractors warning of Chinese state-sponsored cyber actors exploiting publicly- known network vulnerabilities. […]

Republican leadership on the House Oversight and Reform Committee has requested a briefing from Department of Veterans Affairs (VA) officials on the data breach that the agency disclosed last month. […]

A new survey finds that 82 percent of Federal IT decisionmakers expect the majority of the work week to consist of telework even after the COVID-19 pandemic subsides. The survey also finds decisionmakers still face challenges in managing systems and cybersecurity. […]

The Cyberspace Solarium Commission, a congressionally-chartered group charged with delivering recommendations to improve U.S. cybersecurity, today issued its latest in a series of white papers on the subject – this time urging the U.S. to take steps to protect critical information and technology (ICT) supply chains from Chinese and other adversarial nations. […]

The Department of Justice announced today that it indicted six computer hackers – all of them Russian nationals and officers in Unit 74455 of the Russian Main Intelligence Directorate (GRU) – for their alleged roles in a wide range of government-sponsored cyber attacks. […]

The Department of Defense (DoD) and the National Security Agency (NSA) have launched a new initiative aimed at increasing diversity in their cybersecurity workforce. […]

Reps. Jim Langevin, D-R.I., and Doris Matsui, D-Calif., introduced a bill Oct. 16 to improve cybersecurity at K-12 schools. The Enhancing K-12 Cybersecurity Act would work to promote more access to security information, better track attack trends, and increase the number of cybersecurity experts in schools. […]

Amid a bevy of Defense Department (DoD) modernization efforts, Secretary of Defense Mark Esper is praising the Army Futures Command (AFC) for advancing the military’s efforts in cyberspace. […]

Industry professionals weighed in this week with their views on how the Cybersecurity and Infrastructure Security Agency’s (CISA) Trusted Internet Connections (TIC) 3.0 guidance also works to help enable adoption of zero trust security concepts. […]

Cyber incidents at K-12 schools over the last few years have put the personally identifiable information (PII) of students at risk, with breaches primarily resulting from intentional actions by students and unintentional actions by staff, according to a recent Government Accountability Office (GAO) report. […]

With the benefit of increased flexibility and quick updates, Federal officials praised their ability to respond to the COVID-19 pandemic under the Trusted Internet Connections (TIC) 3.0 policy during a panel session at MeriTalk’s TIC Talks event today. […]

The head of the Cybersecurity and Infrastructure Security Agency’s (CISA’s) TIC Program Office emphasized that the Trusted Internet Connections (TIC) 3.0 initiative aims to create more flexible and efficient ways for Federal agencies to improve security, and said his office is considering a wide range of additional use cases to help agencies implement the framework. […]

Department of Homeland Security (DHS) Deputy Chief Technology Officer Brian Campo said that DHS has finalized the final draft of a two-year roadmap for adoption of the zero trust security model. […]

Communication, collaboration, and coordination are being touted as the keys to success for teleworking during the coronavirus pandemic, but the best frameworks for cyber defense in these modern times may end up coming from old teachings. […]

Continuous Diagnostics and Mitigation (CDM) Program Manager Kevin Cox said on Oct. 13 that the program office is making progress on one of its key goals for Fiscal Year 2021 – connecting Federal agencies to its second-generation Elasticsearch dashboard. […]

Even before its official launch, the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program is generating additional interest in its applicability for non-defense sectors, panelists said at the CISQ Cyber Resilience Summit. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) Trusted Internet Connections (TIC) 3.0 guidance has taken center stage this year not only as a long-planned policy evolution, but also as a potential life-saver for Federal agencies to employ new use cases applicable to their need to implement wide-ranging and long-lasting telework. […]

U.S. policy-makers and several close foreign allies issued a statement this weekend calling for technology providers to provide access for governments and law enforcement to encrypted data and protected systems. […]

The Federal Aviation Administration (FAA) needs to take further action to spur improvements in aircraft avionics systems in order to meet evolving cybersecurity threats and the trend toward increased connectivity between aircraft and systems, the Government Accountability Office said. […]

Across several agencies with the Department of Defense (DoD), building a zero-trust architecture to secure IT systems is becoming the strategy of choice for agency leaders as several confirmed efforts to transition over from a traditional perimeter approach today. […]

The Department of Homeland Security (DHS) has issued a new rule that will expand its insider threat program to cover “the categories of individuals to all individuals who have or had access to the Department’s facilities, information, equipment, networks, or systems.” […]

The Treasury Department is asking organizations not to pay off malicious actors to terminate ransomware attacks without carefully considering possible national security threats – and said it may implement penalties for organizations that choose to pay ransom to their attackers. […]

The increased shift to telework seems like it is here to stay as employers work to slow the spread of COVID-19 several months into the pandemic, and the Cybersecurity and Infrastructure Security Agency (CISA) released new telework tips for leaders, IT professionals, and teleworkers to keep the remote environment secure. […]

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) today issued a new draft paper to help organizations address ransomware and other data integrity events. […]

The U.S. House of Representatives recently passed the American Competitiveness on More Productive Emerging Tech Economy (COMPETE Act) and the Consumer Safety Technology Act (H.R. 8128), both now move to the Senate for consideration. […]

The House of Representative this week voted to approve a collection of bills that aim to improve cybersecurity in the energy sector, inform the use of emerging technologies, and establish R&D plans. […]

Federal legislation to help strengthen the cybersecurity of state and local governments through a Department of Homeland Security grant program passed the House of Representatives on Sept. 30 – with impetus for the legislation coming from across the U.S. in the form of numerous ransomware and other attacks in recent years. […]

In a discussion about creating more diversity in the field of cybersecurity, Department of Agriculture CISO Venice Goodwine encouraged cyber professionals not to let anyone put them in a box, to invest in themselves, and to be deliberate in their career decisions. […]

A two-part ransomware guide released yesterday by the Cybersecurity and Infrastructure Security Agency (CISA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) directs cyber professionals on how to protect against and respond to attack. […]

The interim rule for the Cybersecurity Maturity Model Certification was posted in the Federal Register on Sept. 29, opening a public comment period for the amended regulation, which is scheduled to become effective November 30. […]