The Department of Health and Human Services is distilling cyber threat intelligence for a health care audience, according to HHS CISO Chris Wlaschin, who spoke at an Institute for Critical Infrastructure Technology Briefing on Sept. 26. He said the Healthcare Cybersecurity Communications and Integration Center is not meant “to replace current capabilities or functionality or services provided by” the Department of Homeland Security’s National Cybersecurity Communications and Integration Center. […]

The working capital fund created by the Modernizing Government Technology Act is the acquisition tool that agencies need to meet Data Center Optimization Initiative goals. […]

The Deloitte data breach that compromised the confidential emails and plans of some of its clients affected Federal agencies. Deloitte serves clients in finance, media, and government, which all had data in the breached email system. The affected organizations include major companies and U.S. government departments. […]

Reps. Greg Walden, R-Ore., and Tim Murphy, R-Pa., sent a letter requesting that the Department of Health and Human Services (HHS) attend a briefing with the Energy and Commerce committee on pharmaceutical companies affected by malware, such as the recent NotPetya malware’s impact on pharmaceutical company Merck. […]

President Donald Trump will sign a memorandum today to strengthen computer science education in schools, Press Secretary Sarah Huckabee Sanders announced during a press briefing on Sept. 25. The memorandum will mandate that Secretary of Education Betsy DeVos provide $200 million per year in grants for science and technology education to strengthen STEM programs in schools, and to add computer science to the curriculum in K-12 schools. […]

Department of Homeland Security officials told 21 states on Sept. 22 that their election systems were breached by Russian hackers. This is the first instance that the Federal government told states whether they were targeted. […]

A memorandum issued by Deputy Secretary of Defense Patrick Shanahan establishes an initiative to move many DoD IT systems to the cloud, a move that members of industry are applauding for its potential to open the department to faster innovation. […]

The Federal Aviation Administration issued a total of 132 airspace authorizations to drone users as of Sept. 15 to assist in Hurricane Irma recovery efforts, and 137 authorizations to assist in Hurricane Harvey recovery efforts. The Air National Guard used drones to assess disaster-stricken areas quickly and decide where to send resources. […]

Rep. Jim Langevin, D-R.I., reintroduced legislation this week that would require companies that experience a breach to notify affected individuals within 30 days of the breach’s discovery and that they coordinate with the Federal Trade Commission to do so. […]

The Securities and Exchange Commission (SEC) released a statement on Sept. 20, which said that it learned in August 2017 of a cyberattack previously detected in 2016 might have allowed illicit gain through trading. In May 2017, SEC Chairman Jay Clayton initiated an assessment of the agency’s internal cybersecurity risk profile and approach to cybersecurity. […]

The Internet of Things has spawned many changes within the Federal government, including new methods of data collection at the Department of Agriculture (USDA), new policy considerations at the National Institute of Standards and Technology (NIST), and a realignment of the Office of the CIO (OCIO) at the Department of Commerce. […]

Information sharing about cybersecurity threats has to go beyond fulfilling requirements and instead include informal relationships and discussions between agencies, according to government experts who spoke at the MeriTalk Cyber Security Brainstorm on Sept. 20. […]

One of the most important aspects of the Continuous Diagnostics and Mitigation Program is making sure that the dashboard is flexible and able to display metrics that the specific agencies want to track. […]

A report with information from all of the agencies’ risk management reports will be sent to President Donald Trump to review by Oct. 8, even though the government still lacks a Federal CIO. Barry West, senior adviser and senior accountable official for risk management at the Department of Homeland Security, said that the goals of the Cyber Executive Order in May could still be met without a Federal CIO. […]

Comodo Threat Intelligence Labs investigated the Equifax data breach and found Equifax executives’ passwords available for sale on the Dark Web. Comodo found that more than 388 instances of Equifax user and employee endpoint data available for sale. This information includes usernames, titles, passwords, and login URLs, and the dates on which they were stolen. […]

The Army’s cyber soldiers in the 17C military occupational specialty are highly likely to stay on for their entire first term of service, but they are far less likely to re-enlist after the first term, according to a recent RAND Corp. study. […]

The CIO Council is hosting a governmentwide cybersecurity hiring event Nov. 6-7. The Federal government is seeking information technology and cybersecurity professionals to fill hundreds of positions needed to modernize legacy IT and strengthen the cybersecurity of Federal networks and critical infrastructure. […]

Though officials working on the Continuous Diagnostics and Mitigation program have been aware of the importance of cloud from the beginning, Phase 3 of the program will shift to include cloud concerns, according to Kevin Cox, CDM program manager at the Department of Homeland Security. […]

About half of government IT professionals think that regulations make it more difficult to achieve an optimal cybersecurity posture, according to a study released Sept. 18 by SolarWinds. […]

The Treasury Department announced sanctions against 11 entities and individuals involved in cyberattacks by Iranian actors. The sanctions include two Iran-based networks that are responsible for cyberattacks against U.S. financial systems. […]

Sens. Ed Markey, D-Mass, Richard Blumenthal D-Conn., Sheldon Whitehouse D-R.I., and Al Franken D-Minn., introduced a bill on Sept. 14 to require accountability and transparency for credit report companies that are collecting and selling personal information about consumers. The legislation follows the Equifax breach, which affected 143 million Americans. […]

The Federal Trade Commission issued a warning on Sept. 14 to consumers to be on the alert for phishing scams related to the Equifax breach. The FTC said people might call asking to verify consumers’ account information due to the Equifax hack. “Stop. Don’t tell them anything,” the FTC said in a statement. […]

Rep. Will Hurd, R-Texas, said that he expects his Modernizing Government Technology Act to pass the Senate within the next week as an add-on to the Senate’s 2018 National Defense Authorization Act deliberations. “Buying IT goods and services in the Federal government is pretty silly,” said Hurd, criticizing the fact that agencies must use all of their IT funding for the year or risk losing it. “That is an insane way to purchase things to defend our digital infrastructure,” […]

The problem with IT modernization is often a people problem. “There’s a cultural challenge within the IT community,” said Department of Homeland Security Acting CIO Stephen Rice, at the AFCEA Homeland Security Conference on Sept. 13. “Changes aren’t just within the technology but also within the culture of those managing the technology.” […]

Acting Secretary of Homeland Security Elaine Duke released a binding operational directive on Sept. 13 requiring agencies to identify and plan to remove all Kaspersky Lab products within the next 90 days. “The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” DHS noted. […]

Creating one cloud architecture for the civilian agencies will make it easier for hackers, according to Beth Dunphy, program director of cybersecurity technologies at IBM. The White House’s recent IT Modernization Report calls for the Federal government to invest in two to three cloud models to support the different agencies. “At the end of the day it’s just going to make it easier to repeat the attacks from the attackers,” Dunphy said at the AFCEA Homeland Security Conference on Sept. 12. […]

The Federal government is working on improving its inter-agency information sharing process during cyber threats, but Greg Touhill, former Federal CISO, said that information sharing is useless if recipients of the information don’t act on it. “You can share all day long but if people aren’t listening and they aren’t acting on it, bad things are going to happen,” Touhill, president of Cyxtera Federal Group, said at the AFCEA Homeland Security Conference on Sept. 12. […]

Cybersecurity threats have risen to the top of the nation’s national security concerns, according to U.S. Director of National Intelligence Daniel Coats, who spoke at the Billington CyberSecurity Summit on Sept. 13. “What keeps me up at night now is the wide diversity of threats that we have from all across the world, including the […]

The Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program is entering its fourth year and introducing a third phase. Now, the Trump administration’s increasing focus on cybersecurity adds growing pressure to the program and its scope. […]

The government needs to get tougher on financial institutions that endanger consumer data, as occurred in the recent Equifax breach, according to testimony at a Senate Banking, Housing, and Urban Affairs Committee hearing. […]