The Cybersecurity and Infrastructure Security Agency (CISA) has issued its strategic plan for 2023 to 2025, setting forth four main goals of cyber defense, risk reduction and resilience, operational collaboration, and agency unification. […]

Having a strong “collective defense” – whether that’s a public-private partnership or an international alliance – is critical to defending against cyber adversaries and keeping all entities safe, according to Ann Dunkin, chief information officer (CIO) at the Department of Energy. […]

William J. Burns, Director, Central Intelligence Agency (CIA) detailed some of the most important actions that they are undertaking to deter foreign adversaries in the realm of cybersecurity at the Billington Cybersecurity Summit on September 8. […]

The Cyberspace Solarium Commission (CSC) has made a “real impact” on the nation’s cybersecurity posture, Sen. Angus King, I-Maine, said today, and its work is not over yet. […]

The Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA), Eric Goldstein, preached the importance of offensive and defensive cybersecurity teams working together to mitigate attacks in America from adversaries. […]

The National Institute of Standards Technology (NIST) announced a project that will eventually result in a Cybersecurity Practice Guide to help smart home device users safely access their healthcare information digitally. NIST’s National Cybersecurity Center of Excellence finished the final project description late last month. […]

The Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly today previewed the agency’s new strategic plan, as well as a request for information (RFI) on cybersecurity incident reporting that will both be released “in a couple days.” […]

The top Federal intelligence community and cybersecurity agencies this week issued a new software supply chain developers guide, and said they “strongly encourage” government agencies and software providers alike to follow the guidelines in order to improve security of the software supply chain. […]

The Treasury Department has appointed Christopher Adams as the agency’s chief information security officer (CISO), according to Adams’ LinkedIn page. […]

The U.S. Department of State (DoS) on August 29 imposed administrative debarment under the International Traffic and Arms Regulations (ITAR) upon three former U.S. private sector cybersecurity employees, according to a Federal Register notice. […]

The Department of Homeland Security (DHS) is looking use self-assessments to evaluate the cybersecurity posture of agency contractors, rather than conduct third-party assessments like the Department of Defense (DoD) is doing with its Cybersecurity Maturity Model Certification (CMMC) program. […]

Kurt DelBene, chief information officer (CIO) at the Department of Veterans Affairs (VA), said today that his agency is not spending enough on cybersecurity, and would benefit from being able to pay higher salaries in order to recruit and retain cyber experts. […]

The Government Accountability Office (GAO) said in new report issued today that it has delivered another 18 recommendations to the Defense Department (DoD) to improve operations across a range of agency functions, and also provided an update showing some DoD progress on outstanding cybersecurity-related recommendations. […]

The Department of Energy (DoE) announced $45 million of investments that aim to create, accelerate, and test next-generation technology to protect the electric grid from cyberattacks and ensure the seamless offering of clean and cheap energy to Americans. […]

Federal agencies need to adjust their cyber threat scanning protocols to ensure they are getting a full-scope analysis of possible risk factors within their networks, and are not just scratching the surface on risks, officials from the State Department said on August 11 at an event organized by Federal News Network. […]

Leading technology and security companies are banding together to share tools and products to better guard against cyberattacks, saying their security teams are spending more time correlating a blitz of unintegrated data than detecting and responding to threats. […]

House Energy and Commerce Committee Chairman Frank Pallone, D-N.J., Ranking Member Cathy McMorris Rodgers, R-Wash., and subcommittee leaders sent letters on August 10 to five agencies inquiring about their progress in addressing the Apache Log4j vulnerability. […]

A new report from the Department of Veterans Affairs (VA) Office of Inspector General (OIG) found that the agency is not effectively managing or coordinating its identity, credential, and access management (ICAM) program, and because of that is leaving information vulnerable to cyber intrusions. […]

The Army National Guard has awarded a $267 million contract to General Dynamics Information Technology (GDIT) to support the guard’s cybersecurity and IT infrastructure, GDIT announced on August 4. […]

Gerald Caron, chief information officer (CIO) and assistant inspector general (IG) for information technology at the Department of Health and Human Services (HHS), said this week that sustainability and continuous authentication are two of the keys to creating a robust identity and access management (IAM) strategy as part of how Federal agencies move to comply with President Biden’s 2021 cybersecurity executive order that requires migration to zero trust security architectures. […]

In a recent MeriTV “IT In Depth” episode, Robert Costello, Chief Information Officer at the Cybersecurity and Infrastructure Security Agency (CISA), and Bill Wright, Splunk’s Director of Public Sector Affairs, said new event logging requirements pose a series of complicated tests for Federal IT managers. The mandates stem from the August 2021 Office of Management and Budget (OMB) memo M-21-31, which outlines a four-tier system for logging events and describes logs on Federal information systems as “invaluable” in fighting cyber threats. […]

The Environmental Protection Agency will be issuing a rule to extend its sanitary reviews of critical water systems to include cybersecurity, according to Anne Neuberger, the White House’s deputy national security advisor for cybersecurity and emerging technology. […]

Two Federal experts explained a range of cybersecurity risks faced by commercial satellite systems – and customers who rely on them – at a July 28 hearing of the House Science, Space, and Technology Committee’s subcommittee on Space and Aeronautics. […]

The Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) has issued a new Security Directive, developed with input from industry, for pipeline owners and operators to implement cybersecurity measures. […]

The Department of Justice (DoJ) has released the final report for its Comprehensive Cyber Review conducted over the last year, highlighting DoJ’s need for stronger collaboration with its partners and allies, as well as the need to prioritize prevention efforts. […]

New legislation introduced on July 15 by Rep. Eric Swalwell, D-Calif., aims to mandate penetration testing and other proactive cyber defense measures for some Federal agency networks, and to give the National Cyber Director (NCD) the authority to weed out risk conflicts between agencies that have overlapping cybersecurity missions. […]

The value of data for the Federal government is only continuing to grow as agencies implement numerous data initiatives to drive smarter decisions and deliver better outcomes – including moving to the cloud. […]

Advances in security technology have forced cyber attackers to turn to the weakest link in the security chain – the human element. With 88 percent of security breaches caused by human error, technology teams across the Federal government are searching for ways to address the human side of cybersecurity to keep networks and systems safe […]

From the earliest days of the internet, bad actors have found ways to breach security protocols to disrupt operations, steal sensitive information, and even extort money through ransomware attacks. Cyber attackers have always looked for the path of least resistance when launching an attack. Before there were strong network protocols, they would attack the network […]