On December 13, 2020, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive that called for agencies to disconnect or turn off any SolarWinds Orion products by noon the following day, due to an exploit of Orion network monitoring software that posed a “grave risk” to agencies, critical infrastructure providers, and other private-sector organizations. […]

The White House released President Biden’s fiscal year (FY) 2023 budget request today, with a top-line number of $5.8 trillion and featuring proposals to spend $10.9 billion for civilian cybersecurity measures – marking an 11 percent increase in civilian agency cyber spending from reported FY2022 levels. […]

Federal cybersecurity agencies along with the Department of Energy (DOE) have published a new cyber advisory that talks about several Russian hacks on the energy sector between 2011 and 2018 that are the subject of a Department of Justice (DOJ) indictment unsealed this week against Russian actors for those past attacks. […]

Top officials from the Cybersecurity and Infrastructure Security Agency (CISA) said they briefed more than 13,000 industry stakeholders on March 22 about the Federal government’s latest warning about possible Russian cyberattacks that may be directed against U.S. critical infrastructure sectors. […]

Federal agencies are showing urgency and pushing hard to meet challenging zero trust security implementation deadlines following rollout of the Office of Management and Budget’s (OMB) zero trust strategy in January, government and industry experts agreed during a March 15 webinar hosted by MeriTalk and Merlin Cyber. […]

The late-day warning on Monday from President Biden and White House national security officials that the Russian government is exploring options for potential cyberattacks against U.S. critical infrastructure targets appeared to turn many heads in the Federal cybersecurity community that is by now long-used to receiving and generating cybersecurity advisories. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) issued an alert on March 17 warning of possible threats to U.S. and international satellite communication (SATCOM) networks. […]

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly has set what she called an “ambitious goal” to fill talent gaps in the cybersecurity industry by targeting a 50 percent share of that workforce for women by 2030. […]

President Biden signed the fiscal year (FY) 2022 omnibus appropriations bill today that will keep the Federal government funded through Sept. 30. […]

After a few failed attempts, cyber incident reporting legislation made it over the finish line as part of the fiscal year (FY) 2022 appropriations bill – a victory hailed by Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly and lawmakers as a necessary step for more visibility to protect critical infrastructure. […]

The House of Representatives late on March 9 passed the long-awaited full-year appropriations bill for fiscal year (FY) 2022 ending Sept. 30, along with a four-day continuing resolution (CR) to give the Senate a few more days to shepherd the full-year omnibus spending bill to passage. […]

The Cybersecurity and Infrastructure Security Agency’s (CISA) National Risk Management Center (NRMC) is preparing for a change in leadership, as founding member Bob Kolasky prepares to leave CISA for the private sector. […]

House and Senate Appropriations Committees today unveiled a full-year omnibus spending bill covering Federal government operations for the rest of fiscal year (FY) 2022 that ends on Sept. 30. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft version of its Applying Zero Trust Principles to Enterprise Mobility for public comment. […]

As the Cybersecurity and Infrastructure Security Agency (CISA) is shifting its focus from protecting sets of critical assets to improving the resilience of critical functions, the Government Accountability Office (GAO) said the agency should improve its priority setting, stakeholder involvement, and threat information sharing in connection with that effort. […]

The Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning United States-based organizations of two destructive malware programs used by Russia against Ukrainian organizations in the leadup to Russia’s invasion of Ukraine, and the threat vectors seen in those attacks. […]

The National Security Telecommunications Advisory Committee (NSTAC) – a group of private sector experts that advises the White House on telecommunications issues that affect national security and emergency preparedness – is advising the Cybersecurity and Infrastructure Security Agency (CISA) to establish a dedicated Zero Trust Program Office. […]

With tensions mounting between Russia and Ukraine, the Cybersecurity and Infrastructure Security Agency (CISA) is warning critical infrastructure (CI) owners and operators – as well as any other United States-based organizations – to keep their guard up. To help organizations do that, the cybersecurity agency released insights for the CI sector, as well as a new webpage Feb. 18 to help organizations better steel themselves against a potential Russian cyber threat. […]

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a new webpage featuring a catalog of free cybersecurity tools and resources that the agency hopes will serve as a “one-stop resource where organizations of all sizes can find free public and private sector resources to reduce their cybersecurity risk.” […]

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly made a strong pitch on Feb. 17 for the agency’s push to create an underlying culture of organizational success that she said is critical to creating optimal performance at the nation’s cyber defense agency. […]

A new cybersecurity advisory from the Federal government’s top cybersecurity watchdogs says that Russian state-sponsored hackers have compromised numerous defense industrial base (DIB) contractors both large and small over the past two years, and warns about the extensive bag of tricks that those hackers use when they target defense contractors. […]

Artificial intelligence-driven innovation requires top talent to drive agencies’ missions forward, and Federal officials this week shared how their agencies are building and recruiting their AI workforces. […]

After reviewing the cyberattack trends from 2021, the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint advisory with the FBI and other international security partners warning of the rising global threat of ransomware and gave mitigation and remediation advice. […]

In the wake of the discovery and remediation efforts surrounding the Log4shell vulnerability in the Apache library that contains Log4j, the Cybersecurity and Infrastructure Security Agency (CISA) called for efforts to push forward a software bill of materials (SBOM). Those calls were reiterated today at a Senate hearing on the vulnerability by industry witnesses involved in remediation efforts. […]

In their efforts to help shrink the cyber workforce shortage, officials from the Office of the National Cyber Director (OCND) and the Cybersecurity and Infrastructure Security Agency (CISA) are emphasizing the need for collaboration and creation of a more robust culture of cybersecurity – starting with K-12 education on up. […]

The Senate Homeland Security and Governmental Affairs Committee on Feb. 2 voted to approve the Improving Cybersecurity of Small Organizations Act of 2021 (S. 2483), which would require the Cybersecurity and Infrastructure Security Agency (CISA) to maintain and promote cyber guidance for use by small organizations. […]

Rep. Jim Langevin, D-R.I., said he is eyeing a universe of about 100 private sector firms that he considers to be “systemically important” critical infrastructure providers as he completes work on legislation that will call for closer collaboration between the Federal government and those companies on cybersecurity and related intelligence sharing. […]

A new report from the National Academy of Public Administrators (NAPA) is emphasizing the pressing need for a national cyber workforce development strategy and recommends that the Office of the National Cyber Director (ONCD) be in charge of developing the strategy. […]

Ross Nodurft, executive director of the Alliance for Digital Innovation and former chief of the Office of Management and Budget’s (OMB) cybersecurity team, gave positive reviews to the final version of OMB’s zero trust security directive to Federal agencies, but also noted agencies’ ability to find funding to implement the strategy in the near term remains somewhat cloudy. […]

Bipartisan leaders of the House Oversight and Reform Committee today introduced their version of legislation that would update the Federal Information Security Modernization Act (FISMA), which sets cybersecurity requirements for Federal civilian agencies. […]