Nickolas Guertin, who President Biden nominated to be the Department of Defense’s (DoD) next director of Operational Test and Evaluation (DOT&E), sees testing for cyber threats and building cyber testing into the test and evaluation process a priority for the next DOT&E. […]
The Senate Appropriations Committee released nine appropriations bills for fiscal year (FY) 2022 on October 18 including a Homeland Security funding bill that would give the Cybersecurity and Infrastructure Security Agency (CISA) a 30 percent budget increase over FY2021 levels, to $2.638 billion. […]
On Oct. 8, President Joe Biden signed the bipartisan K-12 Cybersecurity Act of 2021 into law to provide school districts with resources to combat and protect themselves against cyberattacks. […]
In a recent letter to the Department of Justice (DoJ), the Department of the Treasury (Treasury), the Department of State (State Department), and the Department of Homeland Security (DHS) lawmakers urge the agencies to pursue all options available to protect American communities and infrastructure from the growing threat of ransomware. They emphasized the need for stronger coordination between departments, primarily to address the role of cryptocurrency in ransomware attacks. […]
Paul Cunningham, chief information security officer (CISO) at the Department of Veterans (VA), explained this week how the agency is addressing cybersecurity vulnerabilities to protect its users and their health care and financial data as the agency has turned increasingly to providing telehealth services for veterans. […]
Federal CIO Clare Martorana emphasized today that the road to Federal agency IT improvements runs not only through agency CIO offices, but also needs to benefit from support from the entire organization’s executive suite. […]
Sen. Gary Peters, D-Mich., chairman of the Senate Committee on Homeland Security and Governmental Affairs, and Sen. Rob Portman, R-Ohio, the committee’s ranking member, have introduced legislation to require critical infrastructure entities to report cyberattacks to the Federal government, and to require most other entities to report to the government if they make a ransomware payment. […]
The Department of Commerce is seeking comment on questions related to the development of regulations to govern process and procedures the Commerce Secretary will use to deter foreign malicious cyber actors’ use of U.S. Infrastructure as a Service (IaaS) products and investigate foreign malicious cyber actors. […]
A Senate Homeland Security Committee hearing brought together several experts from the intelligence community today to discuss the homeland security landscape 20 years after the terrorist attacks on Sept. 11, 2001. […]
The hybrid work environment has created a previously unheard-of number of new endpoints that agencies need to protect. Federal officials examined the unique challenges that now exist as everything from computers to printers, mobile devices, and even sensors reside in and outside an agency’s walls during a September 1 GovLoop webinar. […]
A group of 17 tech-sector and other trade groups urged House and Senate leaders in an August 27 letter to consider a 72-hour reporting requirement for cyber incident breach reporting in any legislation that they may consider on the issue. […]
Ransomware attacks are on the rise and as adversaries mount more sophisticated attacks, government and private institutions need to advance their cyber strategies as well in order to not become easy targets. […]
The House Committee on Energy and Commerce unanimously approved six cybersecurity and supply chain-related bills during a markup session on July 21. The committee’s vote sends these bills to the House floor for further consideration. […]
Without a secure, reliable, and trustworthy digital identity system for people, entities, and things, the increasingly digital new reality is vulnerable to attacks, threatening individual safety and national security. […]
Federal agency chief information security officers (CISOs) talked about several aspects of the Biden administration’s cybersecurity executive order (EO) during a July 15 FedInsider webinar in which they flagged steps agencies should be taking to meet the order’s requirements. […]
The Department of Defense’s (DoD) efforts to defend the cybersecurity of critical infrastructure in the U.S. require a stronger implementation strategy in its collaboration efforts with the Department of Homeland Security (DHS), according to an audit by the Office of the Inspector General (OIG). […]
According to a joint advisory from the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and U.K.’s National Cyber Security Centre (NCSC), hackers from the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit – widely known as Fancy Bear or APT28 – utilized Kubernetes clusters to infiltrate targets in their global brute force campaign from mid-2019 through early 2021. […]
Sens. Gary Peters, D-Mich., and Ron Johnson, R-Wis., introduced bipartisan legislation on July 1 that would create a cyber training program for Federal employees, aimed to help protect the Federal government against cyberattacks and supply chain security vulnerabilities. […]
The United States remains the global leader in cyber capabilities, retaining its “clear superiority” over other nations, but China may soon leave the “second-tier” of cyber power with its growing digital infrastructure, according to a new report. […]
The Cybersecurity and Infrastructure Security Agency (CISA) is developing a catalog of bad practices in cybersecurity to help critical infrastructure providers prioritize their cybersecurity responsibilities. The agency plans to keep updating the narrow list based on feedback from cybersecurity professionals. […]
Organizations need a cybersecurity strategy to protect both infrastructure and customer data from growing cybersecurity threats. The Cybersecurity and Infrastructure Security Agency (CISA) developed the Cyber Essentials as a guide for small businesses and local government leaders to develop an actionable understanding of where to start implementing organizational cybersecurity practices. […]
Senators Maggie Hassan D-N.H. and John Cornyn R-Texas, have introduced the Federal Cybersecurity Workforce Expansion Act which aims to help strengthen U.S. cyber defenses and bolster the Federal government’s cyber workforce. […]
The House Appropriations Committee released a draft of the fiscal year (FY) 2022 Financial Services and General Government funding bill, to be considered by a subcommittee on June 25. […]
The COVID-19 pandemic accelerated the rate at which the entire Department of Defense (DoD) had to learn how to collaborate and operate more effectively regardless of location. The solutions in place to respond to this crisis inadvertently set the bar for how the DoD wanted to operate on a day-to-day basis post-pandemic. […]
Theodore N. Nemeroff has been named director for International Cyber Policy on the White House’s National Security Council (NSC). He will be responsible for expanding the U.S. government’s information and communications technology policy abroad. […]
If 2020 was the year of the pandemic, then 2021 is shaping up as the year of the Big Hack. […]
For decades, Federal chief information security officers (CISOs) focused on protecting a traditional perimeter and the users within. Today, however, they recognize that there are a seemingly endless number of third-party partners, vendors, and customer accounts, as well as service accounts – accounts which are either not directly tied to employees, or non-human accounts– which could result in compromises. […]
A secure software supply chain has become essential to fulfilling government missions. Massive cyberattacks like SolarWinds highlight the serious risks to the enterprise that insecure software can create. […]
Cyberthreats are constantly evolving. There are new attackers, new vulnerabilities, and new security risks that are arising every day. Threat hackers have rapidly increased their sophistication and techniques that make them harder to spot and threaten even the savviest targets. Criminal groups are also targeting businesses that have moved their infrastructure to the cloud. This way, they can hide among legitimate services. Attackers have developed new ways to scour the internet for systems vulnerable to ransomware. […]
The Senate voted late on June 8 to approve the much-amended U.S. Innovation and Competition Act of 2021, by a margin of 68-32. […]