A vertical community of Federal cyber security leaders, project managers, industry, and government IT community stakeholders focused on public-private collaboration and best-practice exchange.
Pentagon Launches DIB Vulnerability Disclosure Program
The Pentagon has launched a new fully operational program that allows independent “ethical hackers” to find and analyze vulnerabilities in military contractor networks with the aim of improving the cybersecurity posture of the defense industrial base (DIB). […]
GAO Prods CISA, OMB to Finish Final Cyber EO Tasks
The Government Accountability Office (GAO) is calling on two Federal agencies in charge of overseeing the implementation of President Biden’s 2021 cybersecurity executive order (EO) to fully complete the remaining five requirements tasked to them in the order. […]
Ban on Ransom Payments Needs More Work, Walden Tells Hill
While a total ban on ransom payments to hackers remains “the ultimate goal” for cybersecurity experts, critical infrastructure organizations need stronger cybersecurity resilience before that happens, former acting National Cyber Director Kemba Walden told lawmakers on April 16. […]
Easterly Pitches Procurement Power to Enforce Cybersecurity
The head of the Cybersecurity and Infrastructure Security Agency (CISA) said today that the Federal government has a “powerful” ability to mandate security standards for software vendors through its procurement process. […]
Congress Urged to Enforce Minimum Healthcare Cyber Standards
A group of industry experts called on Congress this week to enforce minimum cybersecurity standards among healthcare organizations in light of the February ransomware attack on UnitedHealth subsidiary Change Healthcare. […]
Axonius Adapt: Feds Looking to Upskill AI Workforce
As artificial intelligence technologies continue to rapidly evolve, Federal agencies are looking to upskill their AI workforce to keep pace with emerging cybersecurity threats. […]
Flournoy: NCS Lacks Teeth to Regulate Secure-by-Design
The former policy lead for the Department of Defense (DoD) under President Barack Obama said Tuesday that while the Biden administration’s National Cybersecurity Strategy (NCS) calls for secure-by-design technology principles, the White House doesn’t actually have the authority to regulate that. […]
DeRusha Credits Quick SASE ‘Flip’ to Meet Ivanti Vulnerability
Federal Chief Information Security Officer (CISO) Chris DeRusha gave broad credit today to Federal agencies for making marked improvements in cybersecurity over the past few years, and cited the ability of one larger agency – which he did not name – with being able to take particularly quick action in the face of the Ivanti vulnerabilities that the government began warning about in January. […]
CSRB Slams Microsoft for ‘Inadequate’ Security Culture, Calls for Overhaul
The Department of Homeland Security’s (DHS) Cyber Safety Review Board (CSRB) released findings late Tuesday following its independent review of the summer 2023 Microsoft Exchange Online intrusion that attributed the success of the China-based hack to “a cascade of security failures at Microsoft” and an “inadequate” security culture at the company. […]
FAR Updated With Cyber, Supply Chain Security
The Defense Department, General Services Administration, and NASA have issued a final rule amending the Federal Acquisition Regulation (FAR) to add the framework for a new FAR part 40 covering information security and supply chain security. […]