The Department of Justice (DoJ) announced it has charged two Iranian nationals for their role in a cyber-enabled disinformation and threat campaign “to intimidate and influence American voters, and otherwise undermine voter confidence and sow discord” in the 2020 U.S. presidential election. […]

The House of Representatives passed the Build Back Better (BBB) Act this morning, sending the more than $1.75 trillion reconciliation package to the Senate. The bill includes billions for supply chain resiliency, as well as additional cybersecurity and IT modernization funding. […]

The Senate Commerce, Science, and Transportation Committee voted Nov. 17 to approve President Biden’s nomination of Laurie Locascio to become Undersecretary of Commerce for Standards and Technology, and director of the National Institute for Standards and Technology (NIST). […]

U.S., U.K., and Australian cybersecurity agencies are warning that hackers associated with Iran have exploited vulnerabilities in Fortinet and Microsoft products to carry out attacks. Officials urged in a recent advisory that critical infrastructure organizations patch these vulnerabilities to mitigate against possible attacks. […]

An FBI official did not deny prior reports that the agency held the decryption key from the Kaseya ransomware attacks for multiple weeks without giving it to parties victimized by the attacks but told the House Oversight and Reform Committee at a Nov. 16 hearing that it chose to do so in the interest of figuring out how to achieve the widest-ranging impact from the key. […]

The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released new Cybersecurity Incident and Vulnerability Response Playbooks today, completing a vital assignment from President Biden’s Cybersecurity executive order (EO). […]

The Biden administration issued its cybersecurity executive order (EO) in May 2021, giving marching orders to Federal agencies to move to zero trust security architectures, among other directives. During a SCGov panel discussion today, Federal chief information security officers (CISOs) shared how they’re leveraging their agency’s previous programs around zero trust to fulfill the obligations of the EO. […]

The FBI’s email system was hacked, sending emails to thousands of recipients about a fake cyberattack, the agency confirmed over the weekend. The law enforcement agency said the cause of the hack has since been remediated. […]

The White House said today it has created a task force made up mostly of top Federal agency officials to “coordinate effective implementation” of the many new programs and mandates created by the $1.2 trillion Infrastructure Investment and Jobs Act signed into law by President Biden on November 15.  The task force is being created through a new executive order. […]

The Department of Homeland Security (DHS) finally launched the Cyber Talent Management System (CTMS) to enable more effective recruitment, development, and retention of cybersecurity talent. […]

In the wake of a Government Accountability Office (GAO) report encouraging the Departments of Education and Homeland Security (DHS) to update K-12 cybersecurity guidance, several Democrat senators have written to both agencies urging them to heed GAO’s recommendations, and establish critical infrastructure council structures to advance the issue. […]

President Biden on Nov. 11 signed the Secure Equipment Act, which will prevent equipment manufactured by Chinese state-backed firms such as Huawei, ZTE, Hytera, Hikvision, and Dahua from being further utilized and marketed in the United States. […]

Sponsors of two major pieces of legislation that would make formative changes to the way that private sector companies report cyberattacks to the government – and how Federal government agencies conduct their own cyber defenses – are hitching their hopes for passage to annual defense spending legislation that traditionally gets strong bipartisan support from lawmakers. […]

With K-12 educational institutions increasingly targeted by ransomware and other cyber attacks during the coronavirus pandemic, the Government Accountability Office (GAO) is pushing the Department of Education to update its plans – which currently date from 2010 – for addressing cyber risks faced by schools. […]

With cybercriminals becoming more sophisticated at disguising themselves as legitimate network users, a top Defense Department (DoD) IT official said this week that the Pentagon’s move to zero trust security architectures gives the agency a “fighting chance” to detect and eject hackers before they can do much damage. […]

 Following a November 10 meeting with French President Emmanuel Macron, Vice President Kamala Harris announced that the U.S. will sign onto a three-year old framework offered by the French government as an international framework for cooperation on cyber and supply chain security. […]

After its passage by the House of Representatives Nov. 5, President Biden plans to sign the Infrastructure Investment and Jobs Act on Monday, Nov. 15, authorizing billions of new funding for broadband and cybersecurity, in addition to traditional infrastructure, the administration announced Nov. 10. […]

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said November 10 that the agency’s Binding Operational Directive (BOD) issued earlier this month to Federal agencies to remediate against a list of 300 known exploited cyber vulnerabilities appears to be getting a good reception from government and industry as an effective roadmap on how to prioritize action against prevalent cyber threats. […]

According to a recently released Tripwire survey, most security professionals in the private and public sector described their zero trust security adoption as either progressing, or even well-developed, but also in need of more work. […]

The Department of Veterans Affairs (VA) has released a new cybersecurity strategy intended to protect against exposure of Veterans’ personal information or the corruption of critical data. […]

After more than two months of angling and dealmaking, the House of Representatives voted to approve the $1 trillion Infrastructure Investment and Jobs Act – also known as the Bipartisan Infrastructure Framework – on November 5, sending the bill along with its $2 billion in cyber funding and $65 billion in broadband appropriations to President Biden’s desk for final approval. […]

Richard Grabowski, acting program manager for the Cybersecurity and Infrastructure Security Agency’s (CISA) Continuous Diagnostics and Mitigation (CDM) program, explained at a November 4 event organized by FCW that new memoranda of understanding (MOA) that the program has been signing with Federal agencies are a key component to enabling better cyber threat hunting by CISA across agency networks. […]

With an estimated 85 percent of the nation’s critical infrastructure controlled by private entities – and with many of those failing to practice basic cyber hygiene – witnesses told House lawmakers at a November 4 hearing that the time may be ripe for mandatory cyber incident reporting requirements for critical infrastructure operators. […]

Federal agencies as a group are “close” to completing work to put in place the first two of the Continuous Diagnostics and Mitigation (CDM) program’s four key capabilities, said Betsy Kulik, senior advisor for the Cybersecurity and Infrastructure Security Agency’s (CISA) CDM program, at a November 4 online event organized by FCW. […]

The cybersecurity threats that have prompted wide-scale action to improve security across the Federal government are posing equal dangers to state and local governments, and officials said at FCW’s CDM Summit virtual event on November 4 that the same solutions being put into place by the Feds also are scalable and adaptable by state and local governments. […]

After a lengthy review process, the Department of Defense today issued an update to its Cybersecurity Maturity Model Certification (CMMC) program – dubbed CMMC 2.0 – that will simplify some of the cybersecurity requirements for contractors in the Defense Industrial Base (DIB) looking to do business with the government. […]

As high-profile ransomware and other cyberattacks have spiked over the past year, the Small Business Administration (SBA) is working to prevent and mitigate against them by leveraging capabilities from the Continuous Diagnostic and Mitigation (CDM) program, and working with organizations including the Cybersecurity and Infrastructure Security Agency (CISA) – which runs the CDM program – and the Federal Bureau of Investigation (FBI). […]

While President Biden’s executive order (EO) on improving the nation’s cybersecurity and the follow-on guidance from the White House Office of Management and Budget (OMB) represent critical steps forward in protecting the U.S. against the increasing volume and dangers of cyber-attacks, Federal agency officials said during an ATARC webinar on November 2 that the directives also present challenges that may require flexibility in their execution. […]

Despite a general cyber workforce shortage, National Cyber Director Chris Inglis today said his office has a “robust pipeline of talent” and expects to have 25 employees staffed in his office by the end of December, once Fiscal Year (FY) 2022 appropriations are released. […]

The Cybersecurity and Infrastructure Security Agency (CISA) today issued a Binding Operational Directive (BOD) to significantly boost the nation’s cyber hygiene by creating a catalog of known exploited vulnerabilities and forcing Federal agencies to remediate them. […]