The Government Accountability Office said in a report that in order to fully implement the White House’s National Cyber Strategy a “clarity of leadership” is “urgently needed.” […]
On Sept. 23, the National Institute of Standards and Technology (NIST) released a “historic” update to its flagship security and privacy guidance, Special Publication (SP) 800-53, Security and Privacy Controls for Information Systems and Organizations. […]
As the U.S. faces increased foreign cyber threats, the Department of State said in 2019 that it would stand up a Bureau of Cyberspace Security and Emerging Technologies (CSET) to address these threats, but according to the Government Accountability Office (GAO), State hasn’t informed or involved other partners in the bureau planning, which could increase risks of duplicating efforts. […]
On Friday, Assistant Director for the Cybersecurity and Infrastructure Security Agency (CISA) Bryan Ware announced that the agency was issuing Emergency Directive 20-04, which instructs Federal Civilian Executive Branch agencies to apply a security update for Microsoft’s Windows Servers to all domain controllers. […]
A key Congressman on the House Armed Services Committee spoke in support of three technology bills Friday, expressing optimism with the “bipartisan and bicameral” legislation as the legislative calendar for this session of Congress winds down. […]
The Government Accountability Office (GAO) is recommending that the Treasury Department take steps – in coordination with the Department of Homeland Security and others – to better track and prioritize cyber risk mitigation efforts across the financial services sector. […]
In a coordinated effort across three district courts, the Department of Justice unsealed indictments this week in three separate cases against Iran-based individuals all alleged to have committed cyber intrusions on U.S.-based networks. […]
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have identified an Iran-based cyber actor that is exploiting a virtual private network and targeting several Federal agencies, according to a joint advisory released this week. […]
A Government Accountability Office (GAO) official said on Sept. 16 that the Department of Veterans Affairs (VA) is taking action on several major IT modernization and cybersecurity issues that GAO has flagged in recent years, but that the agency still has a lot of work to do to address many of them. […]
Secretary of Defense Mark Esper said today that new technologies are changing the “character of warfare” – a shift that he said requires adjustments both abroad and at home to funding priorities. […]
One of the Licensed Partner Publishers selected last week to provide training materials for the Cybersecurity Maturity Model Certification Accreditation Body told MeriTalk this week he expects that some of the training materials will be publicly released beginning next month. […]
Threat detection and response services provider Trustwave has launched its Trustwave Fusion platform on Amazon Web Services GovCloud – letting Federal agencies and government contractors take advantage of the cloud-native cybersecurity platform to combat ever-changing security threats. […]
The House passed the Internet of Things (IoT) Cybersecurity Improvement Act of 2020 yesterday and as it moves to the other chamber with support from bipartisan senators, leaders of the IoT cyber legislation are looking ahead to what this legislation could mean for IoT manufacturers and American privacy. […]
The Internet of Things (IoT) Cybersecurity Improvement Act of 2020 passed the House today and is moving to the Senate for consideration. The legislation would set a minimum-security standard for all IoT devices purchased by government agencies. […]
Air Force Maj. Gen. Robert Skinner has been nominated by President Trump to lead the Defense Information System Agency, according to an announcement the Secretary of Defense Mark Esper. His appointment to that post requires Senate confirmation. […]
The Cybersecurity and Infrastructure Security Agency (CISA) revealed today that malicious actors affiliated with the Chinese Ministry of State Security (MSS) are using open-source information plans and readily available exploits to attack networks. […]
In preparation for Federal efforts in outer space, the Trump Administration is calling on leaders across government to prepare space IT systems against cyberattacks before launch. […]
Nearly two years into an ambitious overhaul of the National Oceanic and Atmospheric Administration (NOAA) Cyber Security Center (NCSC), brighter horizons are in sight for the agency in the form of improved cyber analytics capabilities. From the start, NOAA took a holistic approach to the NCSC transformation that encompasses people, process, and technology – in equal parts. […]
Ron Ross has seen a lot during his 30-year career in cybersecurity, so asking him to pinpoint new cyber threats is a little like asking Tom Brady to talk about a blitz he has not faced during his NFL tenure. […]
The vice chair of the board of directors of the CMMC-AB said that 25 assessors have been provisionally trained, and estimated that certified assessors for the open market will be released in the first quarter of calendar year 2021. […]
The Department of Homeland Security’s (DHS) effort to consolidate its network and security operations centers into a Network Operations Security Center (NOSC) model will improve the agency’s continuity of operations efforts, CIO Karen Evans said today. […]
The new cybersecurity standard for contractors in the Department of Defense’s (DoD) supply chain ecosystem is soon to have regulatory backing, according to Katie Arrington, CISO for Acquisition and Sustainment at the DoD. […]
Assessing the current threat landscape six months into the COVID-19 pandemic, Director of the Cybersecurity and Infrastructure Security Agency Christopher Krebs listed nation-state spies, cybercriminals committing fraud, and the spread of disinformation as top cyberattack vectors. […]
Deputy Federal CIO Maria Roat asserted at the Billington Cybersecurity Summit that the Federal government is using a DevSecOps approach to integrate security into every aspect of modernization, but she insisted that the workforce must be cyber ready to be entirely secure. […]
The Federal Communications Commission said on Sept. 4 that the total cost of removing and replacing telecommunications equipment made by China-based Huawei and ZTE from the networks of smaller U.S. carriers could be more than $1.6 billion. […]
With no U.S.-based companies dominating the worldwide market for network equipment that underlies 5G wireless services, and with the U.S. in the midst of a years-long campaign to ban Chinese network equipment makers from U.S. and allies’ markets, perhaps the most important battle for the longer-term future of 5G network infrastructure is gearing up now in and near the halls of power in Washington, D.C. […]
The Information Technology Industry Council this week released its guide for cybersecurity certification, which includes a warning against a “one-size-fits-all solution” in certification. […]
The Cybersecurity Maturity Model Certification Accreditation Body announced the addition of two new members to its Board of Directors on Sept. 2, a move which comes just months after the board’s establishment in January. Sheryl Hanchar and Charlie Williams, Jr. were added to the board to serve terms beginning immediately, a CMMC-AB news release said. […]
While Congress has been slow to act on privacy issues, the National Institute of Standards and Technology (NIST) is getting out ahead of any Federal legislation when it comes to addressing the matter. […]
The Office of Management and Budget (OMB) has finalized vulnerability disclosure policies (VDPs) for the Federal government and issued a memorandum to agencies today establishing the processes for identification, management, and remediation of security vulnerabilities. […]