The Cybersecurity and Infrastructure Security Agency (CISA) published a new request for information (RFI) today looking for feedback on how to best implement cyber incident reporting requirements for critical infrastructure owners and operators. […]

Kiersten E. Todt, chief of staff (COS) at the Cybersecurity and Infrastructure Security Agency (CISA), detailed some of the ways the agency is recruiting people and what they are looking for in possible candidates and ways they can expand in the future. […]

The Billington CyberSecurity Summit closed out day two with a discussion with the Cybersecurity and Infrastructure Security Agency’s (CISA) Senior Election Security Advisor, Kim Wyman, on the necessity of voting infrastructure protection in the upcoming national elections. […]

Having a strong “collective defense” – whether that’s a public-private partnership or an international alliance – is critical to defending against cyber adversaries and keeping all entities safe, according to Ann Dunkin, chief information officer (CIO) at the Department of Energy. […]

Collaborating with private entities is a sure way to improve the security of open source software, said Allan Friedman, the senior advisor and strategist for the Cybersecurity and Infrastructure Strategy Agency (CISA), during day two of the Billington CyberSecurity Summit. […]

The Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA), Eric Goldstein, preached the importance of offensive and defensive cybersecurity teams working together to mitigate attacks in America from adversaries. […]

Chief Technology Officer (CTO) of the Cybersecurity & Infrastructure Security Agency (CISA), Brian Gattoni, discussed the future of applying artificial intelligence (AI) to Federal cybersecurity operations during the Billington Cybersecurity Summit on September 7. […]

The Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly today previewed the agency’s new strategic plan, as well as a request for information (RFI) on cybersecurity incident reporting that will both be released “in a couple days.” […]

The top Federal intelligence community and cybersecurity agencies this week issued a new software supply chain developers guide, and said they “strongly encourage” government agencies and software providers alike to follow the guidelines in order to improve security of the software supply chain. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has released a new guideline aimed at preparing critical infrastructure operators in the United States for the cybersecurity dangers of post-quantum cryptography. […]

The National Security Telecommunications Advisory Committee (NSTAC) voted on August 23 to approve a report recommending that the Cybersecurity and Infrastructure Security Agency (CISA) issue an order requiring all Federal civilian agencies to catalog all of their operational technology (OT) devices and systems as one of many steps to improve OT cybersecurity in government and the private sector. […]

Implementing zero trust security architectures remains a team-based exercise in which technology and security leaders need to lean on each other for knowledge and advice – even those who help run IT operations at tech-savvy agencies like the Cybersecurity and Infrastructure Security Agency (CISA). […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on August 11 issued a Cybersecurity Advisory (CSA) on the Zeppelin ransomware threat as part of CISA’s #StopRansomware initiative. […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with the U.S. Election Assistance Commission, National Association of Secretaries of State (NASS), and the National Association of State Election Directors (NASED), held an annual election security exercise last week to test Election Day plans. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has made only limited progress in improving the overall quality of cyber threat data information it shares with third parties, and needs to do more to provide context for that shared information, the Department of Homeland Security (DHS) Office of Inspector General (IG) said in an oversight report. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a cybersecurity advisory on August 18 that warns about Common Vulnerabilities and Exposures (CVEs) that they say are “currently being exploited” against the Zimbra Collaboration Suite (ZCS). […]

A senior Cybersecurity and Infrastructure Security Agency (CISA) official provided an update this week on agency-level activity in their migration toward zero trust security architectures mandated by President Biden’s 2021 cybersecurity executive order and subsequent guidance documents issued by CISA and the Office of Management and Budget (OMB). […]

Chris Krebs, who led the Cybersecurity and Information Security Agency (CISA) from 2018 to 2020, said today that his vision for the Federal government’s next leap forward on the technology front involves creating a new “U.S. Digital Agency” that would combine elements of CISA and several other existing agencies to create an organization “focused on empowering better digital risk management services.” […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) released a joint Cybersecurity Advisory (CSA) on the top malware strains of 2021. […]

In a recent MeriTV “IT In Depth” episode, Robert Costello, Chief Information Officer at the Cybersecurity and Infrastructure Security Agency (CISA), and Bill Wright, Splunk’s Director of Public Sector Affairs, said new event logging requirements pose a series of complicated tests for Federal IT managers. The mandates stem from the August 2021 Office of Management and Budget (OMB) memo M-21-31, which outlines a four-tier system for logging events and describes logs on Federal information systems as “invaluable” in fighting cyber threats. […]

The Federal government – galvanized by the Biden Administration’s Cybersecurity Executive Order – has spent a lot of time and money on cybersecurity solutions, but as the digital landscape continues to evolve so does the risk. […]

Witnesses at a House Homeland Security Committee hearing on July 20 provided lawmakers with feedback about how local election officials are viewing security information being supplied to them by the Federal government, along with the need to train local officials on ways to defeat misinformation. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) “Shields Up” cybersecurity campaign launched in February to warn critical infrastructure operators and other U.S.-based organizations of cybersecurity threats spilling over from Russia’s invasion of Ukraine is proving its worth over the first four months of operation. […]

The Cyber Safety Review Board (CSRB) – in its inaugural report released today – praised the Cybersecurity and Infrastructure Security Agency (CISA) for its response to the ongoing Log4j software vulnerability, and found that to date there have not been any significant Log4J-based attacks on U.S. critical infrastructure. […]

The Department of Homeland Security (DHS) along with the Cybersecurity and Infrastructure Security Agency (CISA) launched a contract opportunity looking to develop an automated software for billing that looks to give more visibility into supply chains. […]

Rep. Ritchie Torres, D-N.Y., introduced legislation on July 1 that would require the Cybersecurity and Infrastructure Security Agency (CISA) to investigate and report on the impact of the 2020 SolarWinds cyberattack on Federal agency networks and U.S. critical infrastructure. […]

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and Department of the Treasury (DoT) released an advisory on July 6 that attributes ransomware attacks launched against healthcare and public health (HPH) organizations to North Korean state-sponsored organizations. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has set a deadline of July 22 for Federal civilian agencies to apply Microsoft’s June 2022 Patch Tuesday update. […]

The Cybersecurity and Infrastructure Security Agency (CISA), FBI, Treasury Department, and the Financial Crimes Enforcement Network (FinCEN) have released a joint cybersecurity advisory warning of MedusaLocker targeting vulnerabilities in Remote Desktop Protocol (RDP) to conduct ransomware attacks. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance for users of Microsoft Exchange Online to switch from Basic Authentication, or “Basic Auth,” to Modern Authentication, or “Modern Auth” – which supports multi-factor authentication (MFA) – by the beginning of October. […]