Federal law enforcement seized more than $3.6 billion in stolen cryptocurrency directly linked to the 2016 hack of virtual currency exchange Bitfinex, and have arrested a husband and wife from New York allegedly connected to the stolen bitcoins. […]
In the wake of the discovery and remediation efforts surrounding the Log4shell vulnerability in the Apache library that contains Log4j, the Cybersecurity and Infrastructure Security Agency (CISA) called for efforts to push forward a software bill of materials (SBOM). Those calls were reiterated today at a Senate hearing on the vulnerability by industry witnesses involved in remediation efforts. […]
Federal Communications Commission (FCC) Chair Jessica Rosenworcel today announced the formation of a cross-agency task force that will focus on creating rules and policies to combat digital discrimination and to promote equal broadband access nationwide. […]
The National Oceanic and Atmospheric Administration (NOAA) inadequately managed three active directories, increasing the risk of cyberattacks and jeopardizing NOAA’s ability to accomplish its mission. […]
The Department of Homeland Security (DHS) has launched two new online resources for supporting noncitizen service members, veterans, and their families. […]
Leadership of the Senate Homeland Security and Governmental Affairs Committee has introduced a package bill in the Senate that would update both the Federal Information Security Management Act (FISMA), which sets cybersecurity requirements for Federal agencies, and codify the Federal Risk and Authorization Management Program (FedRAMP) that certifies cloud services as secure to use for Federal government agencies. […]
The National Security Agency (NSA) released its “2021 NSA Cybersecurity Year in Review” report that highlights a year filled with increased collaboration with industry experts to mitigate cyber threats. […]
The National Institute of Standards and Technology (NIST) has published five directives identifying practices that enhance security of the software supply chain. […]
The Department of Defense (DoD) has finalized its Software Modernization Strategy to help enable delivery of resilient software capabilities. […]
In their efforts to help shrink the cyber workforce shortage, officials from the Office of the National Cyber Director (OCND) and the Cybersecurity and Infrastructure Security Agency (CISA) are emphasizing the need for collaboration and creation of a more robust culture of cybersecurity – starting with K-12 education on up. […]
Bipartisan legislation introduced in both the House and Senate would direct the Department of Labor to award grants aimed at increasing access to registered apprenticeship programs in cybersecurity. […]
The Cybersecurity and Infrastructure Security Agency (CISA) will sponsor the first-ever U.S. Cyber Team, which will compete in the International Cybersecurity Challenge (ICC) this June in Greece. […]
The Federal Communications Commission (FCC) announced a new partnership with the Institute of Museum and Library Services (IMLS) to expand broadband connectivity to Tribal libraries. […]
In a reorganization of responsibilities, the Department of Defense (DoD) has put the Cybersecurity Maturation Model Certificate (CMMC) program under the oversight of the DoD’s Office of the CIO (OCIO), a shift from being the responsibility of the Under Secretary of Defense for Acquisition and Sustainment (A&S), according to a Feb. 3 release. […]
The Department of Homeland Security (DHS) has officially formed the Cyber Safety Review Board called for in President Biden’s Cybersecurity Executive Order issued last year, and said the board’s first action will be to examine the log4j software library vulnerability that emerged in December 2021 and to generate lessons learned from that for the cybersecurity community. […]
The Senate Homeland Security and Governmental Affairs Committee on Feb. 2 voted to approve the Improving Cybersecurity of Small Organizations Act of 2021 (S. 2483), which would require the Cybersecurity and Infrastructure Security Agency (CISA) to maintain and promote cyber guidance for use by small organizations. […]
The Federal Communications Commission (FCC) announced that FCC Chair Jessica Rosenworcel will lead the relaunched Cybersecurity Forum for Independent and Executive Branch Regulators. […]
The House of Representatives waded into the final stages of debate today in its consideration of the America Creating Opportunities for Manufacturing, Pre-Eminence in Technology and Economic Strength Act of 2022 (COMPETES). […]
An annual report from the Defense Department’s (DoD) Director for Operational Test and Evaluation (DOT&E) has found the Military Health System (MHS) GENESIS – DoD’s new electronic health records management (EHRM) system – was not deemed to be survivable in a cyber-contested environment following reviews in 2020 and 2021. […]
Rep. Jim Langevin, D-R.I., said he is eyeing a universe of about 100 private sector firms that he considers to be “systemically important” critical infrastructure providers as he completes work on legislation that will call for closer collaboration between the Federal government and those companies on cybersecurity and related intelligence sharing. […]
Third-party auditors found several deficiencies in the Department of Labor’s (DoL) information security program and determined it was not effective. […]
The Government Accountability Office (GAO) released a report this week urging the Department of Veterans Affairs (VA) to address data management challenges with its Electronic Health Records Modernization (EHRM) program, which has come under fire in recent months from Congress over a troubled roll-out and inaccurate cost estimates. […]
The House Oversight and Reform Committee today approved by voice vote legislation that would update the Federal Information Security Modernization Act (FISMA). The committee’s vote sends the legislation to the full House of Representatives for consideration. […]
Ransomware and supply chain attacks dominated the news in 2021, and experts expect them to persist and continue to converge in 2022. Government agencies, suppliers, and other target organizations must evolve their own cybersecurity techniques to stay ahead of attackers, says Sam Curry, chief security officer at Cybereason. In the first episode of MeriTV’s new Fix Fed IT series, Curry takes stock of the ransomware-supply chain attack convergence and outlines actions that organizations can take to protect themselves. […]
The Department of Defense (DoD) has announced that its Chief Digital and Artificial Intelligence Office (CDAO) has achieved initial operational capability in accordance with a Dec. 8, 2021 memorandum that required the establishment of CDAO, and for the office to attain initial operating capability by Feb. 1. […]
With Federal employees accessing critical information, systems, and applications from anywhere, the mindset has shifted to never trust and always verify. Federal security experts explained that this shift put a focus on a new critical aspect of a zero trust architecture – identity management. […]
As part of the bipartisan infrastructure bill signed into law last year, Commerce Secretary Gina Raimondo is tasked with overseeing the Federal government’s $65 billion investment in broadband deployment to unserved and underserved areas across the country. […]
While one primary focus of the Biden administration’s President’s Management Agenda is continuing to improve Federal IT to enable better delivery of citizen services, tech leaders from the Department of Health and Human Services (HHS) explained on Feb. 1 that they face emerging challenges in pursuing those goals. […]
The Office of Management and Budget’s (OMB) finalized zero trust directive issued last week sets the stage for the first steps in implementing zero trust security architectures at Federal agencies, but a lot more work remains in the pursuit of that goal, a panel of Federal security experts agreed during an ATARC virtual event on Feb. 1. […]
A new report from the National Academy of Public Administrators (NAPA) is emphasizing the pressing need for a national cyber workforce development strategy and recommends that the Office of the National Cyber Director (ONCD) be in charge of developing the strategy. […]