Federal agency chief information security officers (CISOs) talked about several aspects of the Biden administration’s cybersecurity executive order (EO) during a July 15 FedInsider webinar in which they flagged steps agencies should be taking to meet the order’s requirements. […]

The Department of Defense’s (DoD) efforts to defend the cybersecurity of critical infrastructure in the U.S. require a stronger implementation strategy in its collaboration efforts with the Department of Homeland Security (DHS), according to an audit by the Office of the Inspector General (OIG). […]

According to a joint advisory from the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.K.’s National Cyber Security Centre (NCSC), hackers from the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit – widely known as Fancy Bear or APT28 – utilized Kubernetes clusters to infiltrate targets in their global brute force campaign from mid-2019 through early 2021. […]

Sens. Gary Peters, D-Mich., and Ron Johnson, R-Wis., introduced bipartisan legislation on July 1 that would create a cyber training program for Federal employees, aimed to help protect the Federal government against cyberattacks and supply chain security vulnerabilities. […]

The United States remains the global leader in cyber capabilities, retaining its “clear superiority” over other nations, but China may soon leave the “second-tier” of cyber power with its growing digital infrastructure, according to a new report. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is developing a catalog of bad practices in cybersecurity to help critical infrastructure providers prioritize their cybersecurity responsibilities. The agency plans to keep updating the narrow list based on feedback from cybersecurity professionals. […]

Organizations need a cybersecurity strategy to protect both infrastructure and customer data from growing cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA) developed the Cyber Essentials as a guide for small businesses and local government leaders to develop an actionable understanding of where to start implementing organizational cybersecurity practices. […]

Senators Maggie Hassan D-N.H. and John Cornyn R-Texas, have introduced the  Federal Cybersecurity Workforce Expansion Act which aims to help strengthen U.S. cyber defenses and bolster the Federal government’s cyber workforce. […]

The House Appropriations Committee released a draft of the fiscal year (FY) 2022 Financial Services and General Government funding bill, to be considered by a subcommittee on June 25.  […]

The COVID-19 pandemic accelerated the rate at which the entire Department of Defense (DoD) had to learn how to collaborate and operate more effectively regardless of location. The solutions in place to respond to this crisis inadvertently set the bar for how the DoD wanted to operate on a day-to-day basis post-pandemic. […]

Theodore N. Nemeroff has been named director for International Cyber Policy on the White House’s National Security Council (NSC). He will be responsible for expanding the U.S. government’s information and communications technology policy abroad. […]

If 2020 was the year of the pandemic, then 2021 is shaping up as the year of the Big Hack. […]

A secure software supply chain has become essential to fulfilling government missions. Massive cyberattacks like SolarWinds highlight the serious risks to the enterprise that insecure software can create. […]

Cyberthreats are constantly evolving. There are new attackers, new vulnerabilities, and new security risks that are arising every day. Threat hackers have rapidly increased their sophistication and techniques that make them harder to spot and threaten even the savviest targets. Criminal groups are also targeting businesses that have moved their infrastructure to the cloud. This way, they can hide among legitimate services. Attackers have developed new ways to scour the internet for systems vulnerable to ransomware. […]

The Senate voted late on June 8 to approve the much-amended U.S. Innovation and Competition Act of 2021, by a margin of 68-32. […]

The Department of Labor (DoL) recently released new guidelines on protecting $9.3 trillion in retirement benefits for over 34 million participants in contribution plans by making sure proper cybersecurity best practices are in place. […]

President Biden is proposing $2.1 billion of funding for the Cybersecurity and Infrastructure Security Agency (CISA), along with large scoops of cyber funding for other Federal agencies, according to the White House’s FY 2022 request for discretionary funding released today. […]

Ian Wallace has joined the State Department to serve as a senior advisor for the Office of the Coordinator for Cyber Issues (S/CCI). Wallace tweeted that his new role will focus on cyber capacity building. […]

The Department of State had notified Congress in 2019 of its plans to create a bureau within the department to focus on cybersecurity, but a lack of data and evidence to justify the proposal may halt its progress. […]

Office of Personnel Management (OPM) guidance on Federal workforce rotational cybersecurity assignments envisions 120-day rotation assignments to other agencies, and lists  several programs that rotations may run through, according to a Nov. 18 memo to agency heads from Michael Rigas, Acting Director of OPM. […]

The Treasury Department’s Office of Inspector General (OIG) said in a new information memorandum that IT Acquisition, and Project Management and Cyber Threats, remain from the previous year as two of five management and performance challenges for the agency. […]

With a growing cyber workforce gap, Federal agencies need to get creative as they work to shore up their cyber defenses. What skillsets are most valuable for incoming cyber workers? And how can Federal agencies find talent in surprising places and nurture the talent they already have? […]

As the COVID-19 pandemic has continued to affect organizations across the United States, officials from the Federal Bureau of Investigation (FBI) and the Department of Justice (DoJ) warned of common trends and attack vectors that are being used by malicious actors for financial or informational gain. […]

Across the Federal government, said Peter Ranks, deputy CIO for the information enterprise at the Department of Defense (DoD), and Jeanette Manfra, former assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, more holistic IT modernization is necessary both during and following government’s reliance on widespread telework. […]

Jim Sullivan, defense intelligence officer (DIO) for cyber at the Defense Intelligence Agency (DIA), emphasized the value of offensive operations in cyberspace to deter nation-state attackers during a panel discussion this week at the RSA security conference in San Francisco. […]

A group of public sector cybersecurity leaders, speaking on a panel Feb. 24 at the RSA Public Sector Day event, discussed the challenge of reconciling competing priorities when assessing both the business value and mission value of cybersecurity investments. […]

Donna Dodson, Chief Cybersecurity Advisor for the IT Laboratory at the National Institute of Standards and Technology (NIST), reflected today on the success of the agency’s cybersecurity framework and its contributions to cyber interoperability. […]

A National Institute of Standards and Technology (NIST) draft report on a new program to standardized and centralize cybersecurity regulations is now open for public comment. […]

Alongside a Federal employee pay raise and $25 million for the Technology Modernization Fund (TMF), the bipartisan and bicameral Fiscal Year 2020 budget proposal includes IT funding boosts across agencies with an emphasis on cybersecurity. […]