The Department of Homeland Security (DHS) is creating a standing form to allow industry, academia, and other private sector entities to report vulnerabilities on its networks, an upcoming Federal Register post says. […]
The Department of Homeland Security (DHS) is taking a cross-component agency approach in securing DHS’ 17 Security Operations Centers (SOCs), DHS CIO John Zangardi explained in an interview with GovernmentCIO released this week. […]
Chief of Naval Operations Admiral Mike Gilday, in an Aug. 19 message to the fleet, pledged to prioritize both readiness modernization and people during his tenure. […]
The General Services Administration released a draft catalog of identity and credential access management (ICAM) solutions on August 26, as part of the Office of Management and Budget’s (OMB’s) updated ICAM policy for agencies. […]
MeriTalk sat down in June with Kevin Cox, Program Manager for the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Program, to get the latest on program priorities for the coming months and beyond. […]
The Department of Health and Human Services’ (HHS) Office of Inspector General (OIG) identified an uptick in security gaps in the Centers for Medicare & Medicaid Services’ (CMS) Medicare administrative contractors (MACs) information security programs in fiscal year 2018, according to an OIG report released Aug. 23. […]
Sens. Edward Markey, D-Mass., and Richard Blumenthal, D-Conn., are asking the National Highway Traffic Safety Administration (NHTSA) about what the senators called a lack of public disclosure about cyber vulnerabilities in internet-connected vehicles, and suggested that the government may want to consider taking “possible regulatory action” to remedy that lack of public information. […]
An ISACA white paper released this month outlines recommended guidance for organizations to better manage third-party vendor risk across their enterprises. […]
Ahead of the G7 Summit in France set for Aug. 24-26, a collection of tech-sector trade groups penned a letter urging G7 leaders to consider a range of recommendations on global technology issues including digital trade, cross-border data flows, tax policy, data privacy, cybersecurity, encryption, and artificial intelligence (AI) technologies. […]
Christopher Krebs, director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), today unveiled his “strategic intent” for the agency, which include CISA’s guiding principles and goal of building a collaborative cybersecurity environment in America. […]
The Office of the Director of National Intelligence (ODNI) announced Aug. 21 the appointment of Benjamin Huebner as chief of the Office of Civil Liberties, Privacy, and Transparency. […]
Sen. Angus King, I-Maine, and Rep. Mike Gallagher, R-Wis., co-chairs the Cyberspace Solarium Commission, are seeking cyber professional expertise and input to help the commission tackle significant cybersecurity challenges that the United States and its allies face. […]
The Treasury Inspector General for Tax Administration (TIGTA) found that while IT risk management practices are improving for the Internal Revenue Service (IRS), mitigation documentation and oversight practices need to be improved. […]
The U.S. Chamber of Commerce and credit scoring company FICO released its Q2 Assessment of Business Cyber Risk (ABC) report on Aug. 19. […]
Rep. John Ratcliffe, R-Texas, confirmed to MeriTalk that he will reintroduce the Advancing Cybersecurity Continuing Diagnostics and Mitigation (CDM) Act. His office said to expect the bill “within the next month or so.” […]
The Commonwealth of Texas has earned the dubious honor of being the latest state or local government hit by a successful ransomware attack. The Texas Department of Information Resources (DIR) confirmed on Aug. 16 that at least 23 local government entities were hit by a “coordinated” ransomware attack. DIR said it will lead the cybersecurity response to the attack. […]
Researchers from Georgia Institute of Technology and Ohio State University, with National Science Foundation (NSF) funding, developed an automated system to vet cloud servers and software library systems to bolster mobile app security. […]
The Federal government saw a 12 percent reduction in cybersecurity incidents in fiscal year 2018, and no “major” cybersecurity incidents for the year, according to the Office of Management and Budget’s annual report on the Federal Information Security Modernization Act (FISMA). […]
A significant percentage of surveyed working adults do not grasp or implement basic cybersecurity concepts and practices, according to Proofpoint’s recently released 2018 User Risk Report. […]
While “large impactful [cyber] incidents” are on the rise, there are fewer “high-profile public disclosures,” according to a FireEye’s year’s M-Trends 2019 Report, which is based on FireEye Mandiant’s investigations of the most interesting and impactful cyberattacks of 2018. […]
The Department of Energy (DoE) upgraded its Cybersecurity Capability Maturity Model (C2M2) to help measure how organizations effectively protect themselves from cyber threats. […]
The Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the National Cyber Security Alliance (NCSA), announced on Aug. 14 the release of the 2019 National Cybersecurity Awareness Month (NCSAM) Toolkit. […]
A cyber threat landscape report released today found that the shifting cyber landscape has led threat actors to adjust operations strategically, operationally, and technically. […]
Despite a downtick in number of states using paperless voting equipment since 2016, eight states are still expected to use paperless machines in the 2020 election, according to an Aug. 13 Brennan Center for Justice report. […]
TechNet President and CEO Linda Moore wrote the House and Senate Armed Services Committees on Aug. 12 to raise concerns with the current draft of the FY2020 National Defense Authorization Act (NDAA). […]
A Federal hiring freeze ordered in a January 2017 presidential memo resulted in “significant” staffing reductions across the State Department – including the inability to fill two Senior Executive Service cybersecurity positions, which then delayed implementing an enterprise risk management program for IT systems. […]
FireEye announced that it was able to identify a new Chinese hacker group, which they have labeled as Advanced Persistent Threat group 41 – or APT41. […]
The Army Futures Command (AFC) is currently developing new wearable identity authentication and authorization technologies, according to an Aug. 7 press release. […]
While the Continuous Diagnostics and Mitigation (CDM) program is here to stay for Federal agencies, taking proper approaches to data classification, collection, and analysis are key components to optimizing the program’s aims, security experts said last week at MeriTalk’s Cyber Security Brainstorm event. […]
In a letter on Aug. 7, Sen. Ron Wyden, D-Ore., wrote to telecom giants AT&T, T-Mobile, Sprint, and Verizon and urged them to store less sensitive customer data. […]