White House national security staff took the Biden administration’s strategic thinking on ransomware prevention to the local government mayors this week, as administration advisors continued to work through a long list of policy items aimed at curbing the attacks and making them less profitable. […]
After conducting its first bug bounty program last year, the Defense Advanced Research Projects Agency (DARPA) announced that it is open sourcing the Finding Exploits to Thwart Tampering (FETT) Bug Bounty evaluation platform. […]
The Department of Treasury’s Internal Revenue Service (IRS) plans on using its Pilot IRS program to release a multiple solution challenge to help digitize paper files. The agency will award multiple $7.5 million contracts based on which contractors offer the best solutions, according to a draft request for information (RFI) posted to SAM.gov. […]
Law enforcement agencies that use forensic algorithms to aid in criminal investigations face numerous challenges, according to the Government Accountability Office (GAO), including difficulty interpreting and communicating results, as well as addressing potential bias or misuse. […]
While most Federal agencies are at least dipping toes into the artificial intelligence (AI) pool, new MeriTalk research finds some are struggling to incorporate the technology more broadly into operations. […]
According to a joint advisory from the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.K.’s National Cyber Security Centre (NCSC), hackers from the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit – widely known as Fancy Bear or APT28 – utilized Kubernetes clusters to infiltrate targets in their global brute force campaign from mid-2019 through early 2021. […]
The White House and key Federal agencies have been working since July 2 to assist in the response to the Kaseya ransomware attack, as President Biden gets set to meet this week with an interagency group taking a longer look at the ransomware problem. […]
The Government Accountability Office (GAO) has issued its artificial intelligence (AI) accountability framework for Federal agencies and other entities to ensure responsible, equitable, traceable, reliable, and governable AI. […]
The Defense Department (DoD) said today it was taking steps to cancel its existing Joint Enterprise Defense Infrastructure (JEDI) cloud services contract after three years of work that left the contract tied up in court, and the Pentagon without benefit from the $10 billion deal awarded to Microsoft. […]
The Department of Homeland Security (DHS) onboarded over 300 new cybersecurity employees, and made an additional 500 tentative job offers, during its 60-day Cybersecurity Workforce Sprint, exceeding the sprint’s original goal by 50 percent. […]
The Federal Bureau of Investigation (FBI) is seeking vendors to provide engineering and technical capabilities to help manage the bureau’s critical data centers across five U.S. locations. At the same time, the FBI’s Data Center Hardware and Operating Systems Section (DCHOSS) is developing a Government-Wide Acquisition Contract (GWAC) for IT Professional Engineering Services to support this effort. […]
The SolarWinds software supply chain hack represented a seismic shift in cybersecurity awareness for public and private sector organizations. The attack, which compromised thousands of organizations, including at least nine Federal agencies – laid bare the reality that organizations may be compromised even if they don’t know it yet, and even if they are diligent about cybersecurity. […]
The recent Executive Order on Improving the Nation’s Cybersecurity directs agencies to move to zero trust security architectures, in which no person or device is automatically trusted. However, many agencies were already well on their way to zero trust, said Drew Epperson, senior director of Federal engineering and chief architect for Palo Alto Networks Federal. In a new MeriTV interview, Epperson addresses the current state of zero trust in the Federal government and offers practical steps agencies can take to accelerate zero trust adoption. […]
In light of recent cyberattacks against Federal agencies, the Department of Defense (DoD) is increasing its requirements for private sector contractors to ensure they are adequately securing and protecting contractor and DoD data. […]
The Federal Communications Commission (FCC), the U.S. Department of Agriculture (USDA), and the National Telecommunications and Information Administration (NTIA) announced an interagency agreement to coordinate the distribution of Federal broadband deployment funds. […]
Jen Easterly will be confirmed as the next director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) when the Senate reconvenes on July 12, according to Sen. Angus King, I-Maine. […]
The Cybersecurity and Infrastructure Security Agency (CISA) released a request for information (RFI) to identify potential vendors to support the secure and reliable operation of the dot-gov top-level domain (TLD). […]
Sens. Gary Peters, D-Mich., and Ron Johnson, R-Wis., introduced bipartisan legislation on July 1 that would create a cyber training program for Federal employees, aimed to help protect the Federal government against cyberattacks and supply chain security vulnerabilities. […]
The Pentagon’s Defense Innovation Unit (DIU) said July 1 that cloud security provider Zscaler, Google Cloud, and McAfee Public Sector have successfully completed Secure Cloud Management (SCM) prototypes as part of a year-long process under which DIU has been evaluating service offerings that “deliver fast, secure, and controlled access by DIU users to software-as-a-service (SaaS) apps directly over the internet.” […]
The United States remains the global leader in cyber capabilities, retaining its “clear superiority” over other nations, but China may soon leave the “second-tier” of cyber power with its growing digital infrastructure, according to a new report. […]
As more Federal employees are going back to the office, there are efforts to understand the impact telework had. According to a recent survey, one effect was a substantial boost in productivity, as 79 percent of Federal employees found their productivity increased while teleworking during the pandemic, the American Federation of Government Employees (AFGE) found. […]
The Government Accountability Office (GAO), in summarized testimony prepared for a House Veterans Affairs Committee on July 1, said the Department of Veterans Affairs (VA) has made much progress in recent years to address GAO recommendations on improving cybersecurity, but still has a significant to-do list to tackle on the security front. […]
While cybersecurity has been a hot topic stateside for years, a survey from the International Telecommunication Union (ITU) finds that many national governments around the world also are increasingly engaged, with about half of them having adopted national cyber incident response plans – a figure that has risen 11 percent since 2018. […]
The American Association for Laboratory Accreditation (A2LA) has released an updated version of the R311 policy document, which outlines the requirements for all FedRAMP recognized third-party assessment organizations (3PAOs) and organizations seeking A2LA accreditation to be recognized by FedRAMP. […]
Sens. Sheldon Whitehouse, D-R.I., and Steve Daines, R-Mont., have introduced a bill that would direct the Department of Homeland Security (DHS) to study the risks and benefits of allowing private organizations to respond in kind to cyberattacks. […]
Data is at the center of the new race for technological superiority, however, data without analytics, automation, and technical know-how are just numbers on a page. Agencies need new approaches and on June 30 at a ‘Getting Gov the Right Data Skills’ webinar, Federal data experts revealed one method is to upskill an agency’s data workforce. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is developing a catalog of bad practices in cybersecurity to help critical infrastructure providers prioritize their cybersecurity responsibilities. The agency plans to keep updating the narrow list based on feedback from cybersecurity professionals. […]
After a year of high-profile cyberattacks on government and private sector infrastructure that have raised the profile of the Cybersecurity and Infrastructure Security Agency (CISA), the House Appropriations Committee is proposing a substantial funding bump for CISA in the Department of Homeland Security’s (DHS) fiscal year 2022 (FY2022) budget. […]
The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is looking to develop practices that will ease the migration from public-key cryptographic algorithms to replacement algorithms that are resistant to quantum computer-based attacks. […]
Organizations need a cybersecurity strategy to protect both infrastructure and customer data from growing cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA) developed the Cyber Essentials as a guide for small businesses and local government leaders to develop an actionable understanding of where to start implementing organizational cybersecurity practices. […]