Cybersecurity

Over Half of Operating Systems at VA Medical Center in Texas are Outdated, Watchdog Finds

An audit conducted by the VA’s Office of Inspector General found unaddressed security vulnerabilities and deficient devices at the Harlingen VA Health Care Center.

Watchdog Identifies Multiple Security Deficiencies at VA Medical Center in Louisiana

The VA’s Office of Inspector General found “critical and high-risk vulnerabilities on 37% of the devices” at the Louisiana-based medical center.

CISA, NSA Guidance Tries to Reduce Alternatives for Securing Industrial Control Systems

Policymakers in Congress and the administration are grappling with how to set a performance bar for companies' mitigation of cyber threats against critical infrastructure they own, while allowing flexibility the companies say is needed to run their operations.

VA ‘Moving Toward Full Compliance’ With Geospatial Data Law, Watchdog Finds

The VA’s Office of Inspector General found said the agency is noncompliant with three of the law’s requirements but is currently in the process of addressing its deficiencies.

Nuclear Weapon Development and Manufacturing Needs More Cybersecurity, Watchdog Says

The National Nuclear Security Administration, its contractors and subcontractors need to take cyber steps, according to a new report.

DOD’s Digital Threats Are Increasingly Interconnecting, Watchdog Warns

GAO identified six areas that require more oversight, as Defense warfighting operations and national security increasingly hinge on data security.

Industry Objections Spur Changes to Cybersecurity Provisions in Defense Bill  

Key members of the House and Senate are altering proposals for identifying systemically important critical infrastructure and securing the software supply chain.

Federal Cyber Mandates for Water Infrastructure Are Too Costly to Implement, Experts Say

A House hearing saw expert testimony emphasizing the need for steady funding to cybersecurity programs in water utility providers––especially in rural regions. 

FCC Adds China-linked Telecom Providers to List of National Security Threats

The departments of Defense and Justice want the agency to take a more comprehensive approach to preventing foreign adversaries from accessing Americans’ communications and data.

Combating Foreign Malign Influence Requires Enhanced Information Sharing

Experts advised the intelligence community to have “more holistic conversations” with the public about the threat landscape.

CISA Plans to Measure the Effect of Coming Standards on Industry’s Cybersecurity

But big companies want to avoid agencies’ use of related performance goals in new regulation.

Federal IT Modernization Fund’s Financial Needs Draw Lawmaker Scrutiny

Federal CIO Clare Martorana said that the government should be operating on the “most modern technology available.”

White House Announces $1B in Cyber Funding for State and Local Governments

The four-year grant program, included in last year’s infrastructure law, will help states and local communities “strengthen their cyber resilience.”

Defense, Justice Call for FCC Rulemaking to Secure Internet Routing, Opposing NTIA

The departments cited comments from the Cybersecurity and Infrastructure Security Agency and said a regulatory approach would have a greater impact “industry-wide” than dealing with entities case-by-case.

Whole-of-Government Effort Targets Iranian Hackers

An unsealed indictment from the Department of Justice accompanied  sanctions and an advisory with international allies warning against government-linked Iranian hackers.

Social Media’s National Security Implications Draw Lawmaker Scrutiny

Senate Homeland Security Committee members grilled social media executives about their content moderation practices and ties to foreign adversaries.

OMB: New Acquisition Rule Coming for Vendors to Vouch for Their Software Security

Agencies are also allowed to accept to-do lists from vendors who need to keep working up to a point where they can self-attest their compliance with NIST guidance.