The White House announced on Oct. 26 that it will expand the Industrial Control Systems (ICS) Cybersecurity Initiative to the chemical sector, as part of a larger effort to set cybersecurity baselines for critical infrastructure and protect infrastructure from cyber threats. […]

Reps. Elise Stefanik, R-N.Y., and Mike Gallagher, R-Wis., have introduced new legislation that aims to counter the influence of foreign adversaries on the United States telecommunications infrastructure – and beyond the current sanctions on China-based equipment makers including Huawei and ZTE. […]

Earlier this month, U.S. Cyber Command (CYBERCOM) conducted a wide-ranging defensive cyberspace operation focused on sweeping for known malware, and intended to “highlight and enhance CYBERCOM’s interoperability with partners.” […]

The Surface Transportation Security Advisory Committee (STSAC) – which acts as an advisor to the Transportation Security Administration (TSA) – has opened registrations for the public to attend its annual public meeting on Nov. 17 where the agenda features a variety of cybersecurity-related issues. […]

New research from (ISC)² sheds light on what it would take to close the longstanding cyber workforce shortage, and the answer is a big number. According to new research from the nonprofit, the cybersecurity profession needs to grow by 3.4 million people to close the global workforce gap. […]

The Department of Education and the Cybersecurity and Infrastructure Security Agency (CISA) need to do better in coordinating efforts to aid K-12 schools in cybersecurity, according to a recent report by the Government Accountability Office (GAO). […]

Will Hurd, the Texas Republican who served in the House from 2015 to 2021 and became a leading voice in Congress on IT and security issues, said this week that he sees ongoing foreign-influence operations as a lasting concern for next month’s midterm elections in the United States. […]

The Biden administration is targeting the spring of 2023 to roll out a proposed new national cybersecurity labeling program for internet-of-things (IoT) devices, a National Security Council spokesperson confirmed today. […]

Improving the cybersecurity of the water critical infrastructure sector, K-12 schools, and healthcare sector are among the top priorities for the Cybersecurity and Infrastructure Security Agency (CISA), agency Director Jen Easterly said today during Mandiant’s mWISE conference in Washington. […]

After more than eight years of trying, Russia has yet to realize its strategic cyber war-fighting goals in Ukraine, a top Ukrainian government technology official said on Oct. 19 at Mandiant’s Worldwide Information Security Exchange event in Washington. […]

National Cyber Director (NCD) Chris Inglis today previewed some themes from the national cybersecurity strategy that he’s working on – and said the long-awaited strategy should be publishing within the next couple of months. […]

Rep. Ritchie Torres, D-N.Y., asked Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly in an Oct. 14 letter for a rundown on how CISA is carrying out its outsized role as risk manager for about half of the U.S. critical infrastructure sectors designated by the Department of Homeland Security (DHS). […]

Reps. James Comer, R-Ky., who is ranking member of the House Oversight and Reform Committee, and committee member Glenn Grothman, R-Wis., are raising concerns over reported failures to remove equipment made by China-based Huawei from United States-based cellular communications networks despite the threat that Huawei gear poses to U.S. national security. […]

The Federal government needs to move away from deterrence as its guiding strategy in cyberspace, and adopt a persistent security mindset instead, a U.S. Cyber Command official said today. […]

The White House is targeting the communications, water, and healthcare sectors for further regulatory attention aimed at improving cybersecurity in those critical infrastructure sectors, according to Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology.  […]

The Federal Cyber Workforce Management and Coordinating Working Group has released a new report that lays out a multi-year strategy and implementation plan to address the shortfall of cybersecurity employees in the Federal government. […]

The Cybersecurity and Infrastructure Security Agency (CISA) is chalking up two significant milestone victories in its ongoing campaign to help Federal agencies put into action recent cybersecurity improvement mandates. […]

The Treasury Department’s Federal Insurance Office (FIO) is looking for feedback through a request for information (RFI) on whether or not the Federal government should offer insurance for “catastrophic” cyber incidents. […]

The Department of Homeland Security’s (DHS) Customs and Border Protection (CBP) component is focusing its IT modernization efforts on improving cybersecurity and customer experience, the agency’s top tech official said this week. […]

The continuing development of digital identity concepts has the potential to help organizations improve cybersecurity and mitigate a host of security risks, officials from the Federal government and Capitol Hill said during an October 3 event hosted by the Congressional Internet Caucus Academy. […]

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) released an advisory this week detailing how multiple nation-state hacking groups potentially targeted a Defense Industrial Base (DIB) sector organization’s enterprise network as part of a cyber espionage campaign. […]

The United States ranks number one as a world “cyber power” leader, according to a new report from Harvard University’s Belfer Center for Science and International Affairs. […]

Federal officials urged state and local government and education leaders this week to focus on some of the Federal government’s top existing resources in the fight against ransomware attacks – including one principle that’s easy to say but harder to do – don’t meet ransom demands. […]

A new report from the Government Accountability Office (GAO) found that Federal agencies are successfully helping state, local, tribal, and territorial (SLTT) governments prevent and respond to ransomware attacks; however, there is still room to improve collaboration. The GAO offered three recommendations for Federal agencies to improve collaboration. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD) that sets baseline requirements for Federal civilian agencies to identify assets and vulnerabilities on their networks, and to provide data to CISA on those assets and on vulnerability detection. […]

President Biden has declared October 2022 as Cybersecurity Awareness Month – making it the 19th consecutive year of that designation. […]

The Cybersecurity and Infrastructure Security Agency (CISA) announced this week that its Protective Domain Name System (DNS) – the agency’s latest shared service offering – is available to all Federal civilian agencies to enhance their cyber defenses. […]

The Senate Homeland Security and Governmental Affairs Committee on September 28 approved by voice vote the Securing Open Source Software Act, which aims to put more Federal government muscle behind protecting open source software following the emergence of the Log4J vulnerability late last year. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) released a new cybersecurity advisory on September 22 to help owners and operators of critical infrastructure better protect operational technology (OT) and industrial control systems (ICS) assets from the increasing probability of cyberattacks. […]

Sen. Gary Peters, D-Mich., chairman of the Homeland Security and Governmental Affairs Committee, and Ranking Member Rob Portman, R-Ohio, introduced bipartisan legislation on Sept. 22 that aims to protect open-source software in response to issues raised by the Log4j vulnerability that emerged in December 2021. […]