The Department of Defense (DoD) has taken steps to fully implement cybersecurity requirements for controlled unclassified information (CUI), however, none of the DoD components were fully compliant on that front as of January 2022, according to a recent Government Accountability Office (GAO) report. […]

Chris DeRusha, who wears the dual hats of Federal Chief Information Security Officer (CISO) and Deputy National Cyber Director for Federal Cybersecurity in the Office of the National Cyber Director, charted some near-term policy goals on the security front during a keynote address on May 19 at MeriTalk’s Cyber Central May 2022 – Mission: Cyber Resilience in-person conference. […]

As the health care and education sectors have become prime targets for cyberattacks, experts from those sectors expressed their needs on May 18 for more funding and Federal collaboration to better protect the cyber posture of schools and hospitals. […]

The House Committee on Financial Services on May 17 voted to approve an amended version of H.R.7022 – the Strengthening Cybersecurity for the Financial Sector Act of 2022 – and send the bill to the full House of Representatives for consideration. […]

The National Aeronautics and Space Administration (NASA) awarded Booz Allen Hamilton a $622.5 million contract to provide Cybersecurity and Privacy Enterprise Solutions and Services (CyPrESS), NASA announced May 17.
The contract will have Booz Allen Hamilton supporting NASA’s Office of the Chief Information Officer, providing CyPrESS and related services for the office. According to the release, the CyPrESS contract is the agency’s first enterprise cybersecurity and privacy services contract.
The award is a hybrid indefinite delivery/indefinite quantity contract. The CyPrESS award will also consolidate the cybersecurity and privacy work done under previous enterprise IT contracts and various centers.
The contract has a base period that will run from May 31, 2022, until Sept. 30, 2023, with four option periods that can extend the contract through Sept. 30, 2030. […]

Rep. Eric Swalwell, D-Calif., introduced legislation on May 16 that aims to strengthen U.S. cybersecurity protections for Industrial Control Systems (ICS) amid increased Russian cyber threats to ICS targets. […]

The House of Representatives passed the State and Local Government Cybersecurity Act on May 17, which would promote increased cybersecurity collaboration between the Department of Homeland Security (DHS) and state, local, tribal, and territorial governments (SLTT). […]

Federal government cybersecurity leaders told House members today that the government has made very significant progress in executing the Biden administration’s cybersecurity executive order (EO) issued a year ago, but also reminded lawmakers that funding is key to continued success in implementing crucial tenets of the order. […]

Rapidity of incident response and personnel training are high on the priority list at the Defense Department’s U.S. Transportation Command (TRANSCOM) as it grapples with implementing cybersecurity strategies, a TRANSCOM official said on May 12. […]

Larry Grossman, Director of Information Security and Privacy Services at the Federal Aviation Administration (FAA), explained this week that his organization’s priorities for improving cybersecurity run the gamut from the latest in zero trust work, to the more traditional but necessary steps to improve cyber hygiene across the board. […]

The House of Representatives approved a pair of bills May 10 to bolster Federal cybersecurity by creating a Federal cybersecurity rotational workforce program and developing a training program for Federal officials with supply chain risk management responsibilities. […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory on May 11 – along with Federal law enforcement partners and international allies – that warns of an increase in malicious cyber activity targeting managed service providers (MSPs). […]

Cybersecurity services provider CrowdStrike said today it has identified a sophisticated post-exploitation framework that was first detected in 2021 and that has been observed in multiple victim environments in geographically distinct locations – with intrusions spanning technology, academic, and government sectors. […]

One year ago, the Colonial Pipeline ransomware attack set off a chain reaction of cyber initiatives that would forever impact the private and public sectors. […]

The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for supply chain risk management to help organizations protect themselves in acquiring and using technology products and services. […]

Rep. Elissa Slotkin, D-Mich., said today that in a world free of constraints she would want companies to need cybersecurity hygiene certifications in order to deal with the Federal government. […]

The National Institute of Standards and Technology (NIST) is seeking feedback on a draft special publication about its 5G technologies cybersecurity guidance. […]

The Library of Congress is planning to create a Cloud Management Office (CMO) within its Office of the Chief Information Officer (OCIO), according to the agency’s justification for its fiscal year (FY) 2023 budget request. […]

Reps. Tom Malinowski, D-N.J., and Andrew Garbarino, R-N.Y., on April 28 introduced companion legislation to a Senate bill offered earlier this year that would task Federal agencies with helping the commercial satellite sector improve the security of their networks. […]

The Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to six Russian hackers responsible for the 2017 NotPetya malware infection. […]

The Cybersecurity and Infrastructure Security Agency (CISA), along with Federal and international partners, released a list of frequently exploited common vulnerabilities and exposures (CVEs), including the top 15 most exploited CVEs of 2021. […]

New legislation introduced in the House on April 21 aims to increase U.S. expertise in energy infrastructure cybersecurity by authorizing Department of Energy (DoE) grants to expand education and training opportunities that are “the convergence of cybersecurity and energy infrastructure.” […]

The Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory April 20, along with Federal law enforcement partners and international allies, that the agency says lays out the “most comprehensive view” of the cyber threat Russia poses to critical infrastructure owners since Russia invaded Ukraine in February. […]

The volume of phishing-based cyberattacks rose by 29 percent in 2021 over prior-year levels and was driven in part by an increase in phishing-as-a-service schemes, according to new research from cloud security services provider Zscaler and its ThreatLabz research operation. […]

The Department of Education was one of three agencies to receive funding from the General Service Administration’s (GSA) Technology Modernization Fund (TMF) for Zero Trust services, and the agency’s chief information officer Steven Hernandez said the agency is prioritizing the control pillar of the zero trust architecture with the funds. […]

The U.S. Army’s new Risk Management Framework (RMF) 2.0 has proved to be a “big game-changer,” not just in terms of managing risk, but also in building a strong cybersecurity community within the agency, an Army official said today. […]

The modernization of identity, credential, and access management (ICAM) has long been critical to improving Federal agency cybersecurity, and is only becoming more urgent due to President Biden’s cybersecurity executive order (EO) and associated policy directives requiring agencies to move to zero trust security architectures, government officials said on April 19 at a virtual event organized by FedInsider. […]

The National Institute of Standards and Technology (NIST) is working to apply its Cybersecurity Framework to the ground-based segments of space operations, an April 18 NIST report says. […]

As the Russian invasion of Ukraine continues through its second month with no let-up in sight, Federal cybersecurity and law enforcement officials are warning that they still see indications of potential Russian cyberattacks on United States critical infrastructure, and are reiterating their “Shields Up” warning to meet those potential threats. […]

With state and local governments (SLGs) becoming more tempting targets for cyberattacks every day, Federal and SLG experts are increasingly urging the importance of communication between the public and private sector in order to achieve a unified and stronger American cybersecurity posture. […]