The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), along with international partners, published guidance last week for cyber defenders that advises them to not remove PowerShell – Microsoft’s built-in command-line tool with Windows – but to properly configure it. […]

Cybersecurity leaders from the Defense Department (DoD) are providing some more clarity on the timeline for implementation of the Cybersecurity Maturity Model Certification (CMMC) program, and said they expect CMMC requirements could begin appearing in solicitations for government contracts as early as May 2023. […]

The House Armed Services Committee voted on June 22 to approve the portion of the fiscal year 2023 National Defense Authorization Act (NDAA) authored by the committee’s Subcommittee on Cyber, Innovative Technologies, and Information Systems. […]

A recent keynote address from Lt. Gen. Robert Skinner, director of the Defense Information Systems Agency (DISA), stands out as a perfect example of this digital transformation-inspired dynamic. Skinner spoke at AFCEA International’s TechNet Cyber event and presented a “wish list” of advancements that would help DISA significantly improve operations and solve its problems. “Every great innovation started when somebody said, ‘Wouldn’t it be cool if…’” Skinner told his audience of private sector IT firms. […]

The House Appropriations Homeland Security Subcommittee today approved a homeland security budget print for fiscal year (FY) 2023 that includes $2.93 billion for the Cybersecurity and Infrastructure Security Agency (CISA), representing a $334 million increase from FY2022 and a $417 million increase over the requested amount. […]

As the digital assets market continues to grow, the White House has placed “urgency” on researching a potential U.S. Central Bank Digital Currency (CBDC) and the cybersecurity risks and benefits that come with it, according to a White House official. […]

Some of the Department of Defense’s (DoD) major IT acquisition business programs lack approved cybersecurity strategies and have failed to develop plans to address ICT supply chain risks, as well as report operational performance data to the Federal IT Dashboard, according to a new Government Accountability Office (GAO) report. […]

The Government Accountability Office (GAO) said in a new report that the Social Security Administration (SSA) still needs to improve its cybersecurity by addressing how it coordinates with states and other Federal agencies. […]

While the Cybersecurity and Infrastructure Security Agency (CISA) is working to make progress on numerous discrete security policy directives and projects that it has been handed in recent years, a top agency official explained today that the higher-level goals uniting most of those tasks boil down to the government and the private sector achieving much greater visibility into cyber threats and how to defend against them, and not leaving organizations to defend against threats on their own. […]

The Department of Energy (DOE) needs to develop a comprehensive approach to electric grid resiliency that coordinates disaster response and grid recovery, as well as utilizes lessons learned from prior natural disasters, according to a June 9 report from the Government Accountability Office (GAO). […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with the National Security Agency (NSA) and the FBI, this week issued a joint advisory warning telecommunications companies and network service providers of People’s Republic of China (PRC) state-sponsored cyber actors that continue to pose a threat to their networks. […]

The Tennessee Valley Authority (TVA) – a federally-owned electric utility serving seven states with power generated from dams on the Tennessee River – is employing vulnerable versions of operating systems in its non-dam control system, according to an audit from TVA’s Office of Inspector General (OIG) which examines cybersecurity controls that system. […]

As the Federal government works through the rulemaking process for the recently signed Incident Reporting legislation that originated in the Senate Homeland Security and Governmental Affairs Committee, witnesses for that same committee today stressed the need for unity among both reporting avenues and standardization of data to help operationalize the data. […]

The Department of Veterans Affairs (VA) Office of Inspector General (OIG) is calling on the agency to address its slow progress in improving its cybersecurity posture, but the VA said a lack of funding causes the agency to lose high-quality IT personnel. […]

The Department of Health and Human Services (HHS) still needs to address a pair of open cybersecurity priority recommendations related to cybersecurity coordination and implementation of a cybersecurity framework, according to a new report by the Government Accountability Organization (GAO). […]

A new report issued Thursday by the successor of the congressionally chartered Cyberspace Solarium Commission (CSC), called CSC 2.0, is calling on the Office of the National Cyber Director and Congress to bolster the nation’s cybersecurity workforce. […]

The Defense Department (DoD) Inspector General (IG) released a list of the top management and performance challenges facing the DoD in fiscal year (FY) 2022, including strengthening DoD cyberspace operations. […]

Smaller state and local governments (SLGs) often do not have the resources to build a robust IT department, and IT experts say cybercriminals often target these smaller agencies because of that reason. […]

The sweeping cyber EO that followed included 11 sections of guidance and mandates designed to push Federal agencies to improve their cybersecurity posture and modernize their infrastructure. Many of the mandates involve building a zero trust architecture, which requires users and devices to be authenticated and authorized before accessing the agency network, applications, and data. […]

While many cybersecurity officials strive to achieve “no risk” when it comes to cyber risk management, officials from NASA this week explained that’s just not possible and suggested that agencies instead focus on managing risks that are important to the mission. […]

State government IT officials said this week they are working to deploy their share of $1 billion of Federal cybersecurity grant funding approved last November by Congress as part of the $1.2 trillion bipartisan infrastructure bill. […]

Can technology innovation – coupled with the boldest kind of leadership – work together to start fixing the most intractable problems facing America? On July 21 – we’re going to find out. The countdown to MerITocracy 2022: American Innovation Forum is on. […]

As both Federal chief information security officer and the deputy National Cyber Director, Chris DeRusha has a lot of visibility into Federal efforts to boost cybersecurity. At the AWS Summit in Washington, D.C., today, DeRusha expressed both pride in the Office of Management and Budget’s (OMB) Zero Trust strategy, while also acknowledging that the policy represents only the beginning of zero trust implementation across Federal civilian agencies. […]

The Department of Defense (DoD) has taken steps to fully implement cybersecurity requirements for controlled unclassified information (CUI), however, none of the DoD components were fully compliant on that front as of January 2022, according to a recent Government Accountability Office (GAO) report. […]

Chris DeRusha, who wears the dual hats of Federal Chief Information Security Officer (CISO) and Deputy National Cyber Director for Federal Cybersecurity in the Office of the National Cyber Director, charted some near-term policy goals on the security front during a keynote address on May 19 at MeriTalk’s Cyber Central May 2022 – Mission: Cyber Resilience in-person conference. […]

As the health care and education sectors have become prime targets for cyberattacks, experts from those sectors expressed their needs on May 18 for more funding and Federal collaboration to better protect the cyber posture of schools and hospitals. […]

The House Committee on Financial Services on May 17 voted to approve an amended version of H.R.7022 – the Strengthening Cybersecurity for the Financial Sector Act of 2022 – and send the bill to the full House of Representatives for consideration. […]

The National Aeronautics and Space Administration (NASA) awarded Booz Allen Hamilton a $622.5 million contract to provide Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS), NASA announced May 17.
The contract will have Booz Allen Hamilton supporting NASA’s Office of the Chief Information Officer, providing CyPrESS and related services for the office. According to the release, the CyPrESS contract is the agency’s first enterprise cybersecurity and privacy services contract.
The award is a hybrid indefinite delivery/indefinite quantity contract. The CyPrESS award will also consolidate the cybersecurity and privacy work done under previous enterprise IT contracts and various centers.
The contract has a base period that will run from May 31, 2022, until Sept. 30, 2023, with four option periods that can extend the contract through Sept. 30, 2030. […]

Rep. Eric Swalwell, D-Calif., introduced legislation on May 16 that aims to strengthen U.S. cybersecurity protections for Industrial Control Systems (ICS) amid increased Russian cyber threats to ICS targets. […]