supply chain risk management process automation

By Jeff Stewart, Vice President, Product, SolarWinds The exponential growth of digital government has led to unprecedented security breaches across the supply chain. To address these threats, in 2021 the Biden administration enacted Executive Order 14028 intensifying scrutiny over vendors’ software supply chain. Subsequently, in 2023 the National Cybersecurity Strategy was introduced, urging software vendors […]

funding

By Chip Daniels, Vice President, Government Affairs, SolarWinds When the Biden administration asked Congress to approve $300 million of additional money for the Technology Modernization Fund (TMF) in fiscal year 2023 (FY2023), hopes were high that agencies would finally have the financial backing necessary to truly accelerate digital transformation. Yet, when Congress passed its $1.7 […]

Washington DC capitol federal government-min
workforce

Nearly 18 months after the Office of Management and Budget (OMB) issued its memorandum on network incident log management and retention for Federal agencies as part of Biden administration’s cybersecurity executive order, a top cyber official at the National Nuclear Security Administration (NNSA) discussed how his agency is dealing with staffing and standards in order to implement the mandate. […]

capitol washington dc senate house congress-min

Rep. Ritchie Torres, D-N.Y., introduced legislation on July 1 that would require the Cybersecurity and Infrastructure Security Agency (CISA) to investigate and report on the impact of the 2020 SolarWinds cyberattack on Federal agency networks and U.S. critical infrastructure. […]

No Category Set!

After studying the SolarWinds and Microsoft Exchange attacks for the past year, the Government Accountability Organization (GAO) detailed the lessons agencies learned and ten critical actions still needed to address major cybersecurity challenges in a new report. […]

Cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) said Dec. 14 that there has been no confirmed compromise of any Federal agencies as a result of the Log4j vulnerability. But CISA reiterated it has added the vulnerability to its catalog of known vulnerabilities over the weekend, giving agencies two weeks to remediate and mitigate any potential harm. […]

cybersecurity

Microsoft is warning that it has seen Nobelium – the Russian nation-state threat group responsible for the SolarWinds software supply chain hack – trying to recreate the same approach that allowed it to gain access to Federal government systems, according to an Oct. 24 blog post from the company. […]

funding

Amid a rising tide of ransomware attacks against governments and schools nationwide accelerated by the COVID-19 pandemic, tech pros are prioritizing investments in core technologies to manage risk, including security and compliance, network infrastructure, and cloud computing. […]

The SolarWinds software supply chain hack represented a seismic shift in cybersecurity awareness for public and private sector organizations. The attack, which compromised thousands of organizations, including at least nine Federal agencies – laid bare the reality that organizations may be compromised even if they don’t know it yet, and even if they are diligent about cybersecurity. […]

cybersecurity

The SolarWinds software supply chain hack – disclosed in December 2020 – represented a new scale of nation-state cyber aggression, with thousands of organizations compromised, including at least nine Federal agencies. And just last month, the Colonial Pipeline ransomware attack further highlighted the national security risks created by cyber aggression. […]

Cybersecurity

President Biden’s Department of Homeland Security (DHS) nominees pledged their commitment to elevate the United States’ cybersecurity posture, in order to prevent future cyberattacks, during a May 27 Senate Committee on Homeland Security & Governmental Affairs hearing. […]

The chairman and ranking member of the Senate Homeland Security and Governmental Affairs Committee said today they are interested in changing the Federal Information Security Management Act (FISMA) to make sure that Congress gets timely notifications about major cyberattacks that have a national impact. […]

cybersecurity

The combined response of the Federal government and the private sector to the Russia-based cyberattack of government and business networks via SolarWinds Orion software is making for a promising use case for addressing major incidents in the future, said Federal Chief Information Security Officer (CISO) Chris DeRusha on April 22. […]

Russia hack

As promised in President Biden’s executive order today that sanctions the Russian government for the SolarWinds Orion cyberattack and other transgressions, U.S. intelligence and law enforcement agencies published a list of five active Russian Foreign Intelligence Service cyberattack vectors that they say need network operators to defend against urgently. […]

White House
Pentagon Military Defense DoD

Digital identities are becoming increasingly important elements of today’s connected infrastructure across the public sector. Boosted by the growth in remote working over the past year, protecting their integrity is key to securing critical IT systems and confidential government information. […]

cybersecurity
cybersecurity

Brandon Wales, acting director of the Cybersecurity and Information Security Agency (CISA) today defended the value of CISA’s EINSTEIN cyber defense program against criticism leveled by the ranking member of the Senate Homeland Security and Governmental Affairs Committee and suggested that the program be improved rather than scrapped. […]

Cybersecurity

The nine Federal agencies whose networks were compromised in the Russia-backed hack via SolarWinds Orion products are close to finishing their remediation reviews, and the government is planning new deployments of unspecified security and IT modernization technologies to avoid a repeat of the intrusions, a senior Biden administration official said during a background briefing on March 12. […]

Cybersecurity
cybersecurity

The House Homeland Security and Oversight and Reform committees held a joint public hearing today to discuss the Russia-based hack of government and private sector networks via SolarWinds Orion products. During the hearing, both the private sector witnesses and members of Congress called for better cybersecurity practices, legislation, and increased information sharing. […]

cyber threat

Speaking today during an open hearing on the hacking of U.S. networks by foreign adversaries, Senate Intelligence Committee Chairman Mark Warner, D-Va., questioned why the U.S. shouldn’t have mandatory cyberattack reporting systems in light of the recent Russia-backed hack of government and private sector networks via SolarWinds software products. […]

cybersecurity
cybersecurity

Officials from the Defense Department (DoD) and the Cybersecurity and Infrastructure Security Agency (CISA) said today that creating more effective defenses against sophisticated cyberattacks of the type used in the SolarWinds Orion hack may require further adoption of zero trust security concepts. […]

American hack

The leader of the Federal government’s investigation of the Russia-backed hack of government and private sector networks via SolarWinds Orion products said Feb. 17 that the attack “compromised” nine Federal government networks – matching with earlier estimates from Federal law enforcement and intelligence agencies that “follow-on” activity by the hackers after initial breaches via software downloads were seen in “fewer than 10” Federal agencies. […]

Cybersecurity flag

After Sens. Mark Warner, D-Va., chairman of the Senate Intelligence Committee, and Marco Rubio, R-Fla., the committee’s ranking member, called for the designation of a single official to lead the U.S. response to the Russia-backed hack of thousands of government and private-sector networks via SolarWinds Orion products, the White House confirmed to the senators that Deputy National Security Advisor Anne Neuberger is leading the effort. […]

Categories