After a Senate committee hearing yesterday, Colonial Pipeline’s president and CEO was back in front of Congress today, appearing before the House Committee on Homeland Security for a hearing about last month’s ransomware attack. There he expressed a need from private industry for the Federal government to pressure the hosts of these ransomware actors. […]
Tags
Cybersecurity
The White House today released the first fruits of a February executive order that has Federal agencies looking at ways to improve supply chain security in several key critical infrastructure areas. […]
The Department of Treasury’s Internal Revenue Service (IRS) issued a request for information (RFI) seeking software cybersecurity tools that can work with an older version of programming language the agency uses, known as common business-oriented language, or COBOL. […]
House Oversight and Reform Committee Chairwoman Carolyn Maloney, D-N.Y., and several chairs of the panel’s key subcommittees today asked inspectors general (IGs) from ten Federal agencies for assessments of any cybersecurity vulnerabilities that were created or worsened by the use of telework systems during the coronavirus pandemic, and whether any such vulnerabilities have been mitigated. […]
The National Telecommunications and Information Administration (NTIA) is seeking feedback on what to include in its Software Bill of Materials (SBOM), as directed by President Biden’s cybersecurity executive order. […]
Reps. Ro Khanna, D-Calif., and Nancy Mace, R-S.C., introduced legislation on May 28 that would create a cybersecurity personnel rotation program in an effort to strengthen the United States’ Federal cyber workforce and infrastructure. […]
President Biden’s FY2022 budget document released today proposes a 14 percent increase from the estimated cybersecurity funding level for last year, to a total of $9.8 billion in Federal civilian cybersecurity funding. […]
President Biden’s FY2022 budget proposal published today envisions an eye-popping $6.01 trillion of Federal spending – up 36 percent from last year’s approved FY2021 budget – with a budget deficit of about $1.8 trillion. […]
President Biden’s Department of Homeland Security (DHS) nominees pledged their commitment to elevate the United States’ cybersecurity posture, in order to prevent future cyberattacks, during a May 27 Senate Committee on Homeland Security & Governmental Affairs hearing. […]
The recent Colonial Pipeline hack has made more people aware of the threats that lurk in cyberspace, and Sen. Angus King, I-Maine, says it’s time for the government to develop a new relationship with the private sector on cybersecurity and take an all-of-society approach to protecting critical infrastructure. “The private sector has been very reluctant […]
Mark Munsell, deputy director of data and innovation at the National Geospatial-Intelligence Agency (NGA) and the agency’s former CTO, is urging the Federal government to build cyber applications faster in order to out-compete adversaries, and to expand industry partnerships. […]
A new report from NASA’s Office of Inspector General (OIG) shows the agency is exposed to a “higher-than-necessary risk from cyber threats,” but a new contract shows promise for NASA to secure its systems more effectively. […]
President Biden’s National Infrastructure Advisory Council (NIAC) is preparing a report for the White House National Security Council (NSC) focused on “challenges facing the critical infrastructure workforce and the risks to national security posed by a lack of skilled workers,” and paying special attention to the cybersecurity workforce. […]
Following a string of high-profile cyber attacks against private sector and government organizations over the past several months, more than half of Americans surveyed by The Harris Poll believe further cybersecurity investments are essential to combat the threat, and that the Federal government, the military, and the private sector should share cyber threat and attack data to help in the fight. […]
The Government Accountability Office (GAO) has outlined 28 priority open recommendations for the Department of Veterans Affairs (VA) in a new report, which include items involving information technology and timely COVID-19 data collection. […]
Several House members expressed concern today over the Department of Veterans Affairs’ (VA) approach to managing cyber risks and the agency’s cybersecurity strategies, while the agency’s chief information security officer countered that VA cyber programs are on par with those at work in other Federal agencies. “VA prides itself as being the nation’s largest integrated […]
Fifteen members of the House Committee on Homeland Security reintroduced the Pipeline Security Act on May 14 in an effort to secure pipelines from nefarious cybersecurity or terrorist attacks, in the wake of the recent ransomware attack on Colonial Pipeline Company. […]
The Cybersecurity and Infrastructure Security Agency (CISA) announced on May 13 the formation of a new Space Systems Critical Infrastructure Working Group, in an effort to minimize risks to space systems by bringing together space system critical infrastructure stakeholders. […]
Tech-sector reaction to the White House’s sweeping cybersecurity executive order issued May 12 came in largely positive today, with security technology makers particularly applauding the urgency of the administration’s plans, the enterprise-wide view that the order takes for improving security, and its actions to hasten the movement of Federal agencies to cloud services. […]
Expanding and investing in the Cybersecurity and Infrastructure Security Agency’s (CISA) Pipeline Cybersecurity Initiative could address cybersecurity risks and prevent future cyberattacks on United States pipeline infrastructure, such as the recent Colonial Pipeline hack, according to Rep. John Katko, R-N.Y. […]
In the wake of recent high-profile cyberattacks, IT experts gathered at MeriTalk’s CDM Central: The Age of Cyber Defenders virtual event on May 12 agreed that the Federal government needs to accelerate innovation when it comes to cybersecurity, and that includes implementing the Continuous Diagnostics and Mitigation (CDM) program, along with zero trust security concepts. […]
Reps. Andy Kim, D-N.J., and Joe Wilson, R-S.C., introduced bipartisan legislation on May 4 that would strengthen states’ cybersecurity readiness and allow governors to deploy their state’s National Guard to respond to cybersecurity threats. […]
The deputy commander of the Air Force’s information warfare command, known as the Sixteenth Air Force or Air Forces Cyber, is calling for the Air Force to automate its Cybersecurity Service Provider (CSSP) in order to remain one step ahead of adversaries. […]
The Department of State is eyeing its Enterprise Vulnerability Scanning Solution (EVSS) for a “technical refresh” to ensure cybersecurity officials at the agency can keep pace with vulnerabilities on State Department networks. […]
Deterrence of nation-state cyber adversaries comes in many flavors, but the operating model suggested this week by a House Armed Services Committee member lacks neither impact nor directness. […]
Protecting the supply chain from hacks has been top of mind due to recent high-profile attacks, but members of the National Cyberspace Solarium say an area of critical infrastructure they are most concerned about is water security going forward. […]
Reps. Bob Latta, R-Ohio, and Jerry McNerney, D-Calif., reintroduced legislation this week to improve the United States’ electric grid security. The Cyber Sense Act and the Enhancing Grid Security through Public-Private Partnerships Act both direct the Department of Energy (DoE) to work with electric utilities toward the goal of improving security. […]
The Department of Justice (DoJ) is launching a four-month effort to reevaluate its strategies to combat cybersecurity threats in light of increases in ransomware and supply-chain attacks and the tendency of attackers to use U.S.-based infrastructure to launch their exploits, said the United States Deputy Attorney General Lisa Monaco on April 30 at a security conference in Germany. […]
The Cybersecurity and Infrastructure Security Agency (CISA) released a new graphic novel on National Superhero Day, but its superhero might not possess your typical superpowers. The fictional story Bug Bytes intends to educate the public on the dangers of dis- and misinformation campaigns, with cybersecurity and journalism skills saving the day. […]
Senior Federal IT experts – including the current and former Federal CISO and the Pentagon’s top IT official – are expressing broad agreement that the necessary ingredients are at hand to begin implementing zero trust security concepts for government networks, and that the time to act is now. […]