Cybersecurity

Biden Official Credits Diplomacy With Russia for Arrest of Colonial Pipeline Hacker

A senior administration official disassociated the move from tensions between the U.S. and Russia amid a build-up of Russian troops near Ukraine and an unattributed cyberattack on the country’s government websites.

3 Strategies for Securing the Supply Chain, Security’s Weakest Link 

Today, no vendor or agency is safe—and just as importantly, no single organization can address all these threats independently.

FBI Officials Clarify What the Bureau Wants in Cyber Incident Reporting Bill

However the legislation is eventually passed, CISA plans to share reports with the FBI and other agencies, a Homeland Security official said.

FCC Chair Proposes Updating Data Breach Reporting Requirements

The Commission is still waiting for an empty chair to be filled as observers call for a vote on Biden nominee Gigi Sohn.

House FISMA Reform Would Empower Federal CISO With Budgeting Authority

Corresponding Senate legislation doesn’t mention the federal chief information security officer but shares other key elements—including a shorter incident reporting window—with a discussion draft issued by the House Oversight and Reform Committee.

NSA, CISA, FBI Issue Joint Advisory Against Russian Hackers Amid Growing Tensions

The warning comes as a military build-up occurs at the Russian-Ukrainian border.

Newly Uncovered Emails Intensify Republican Senator's Unease About DOD’s Cloud Contracts

A senior senator continued a back-and-forth with auditors over the Defense Department's now-canceled JEDI contract.

NIST Updates Cybersecurity Engineering Guidelines

Amid constant cybersecurity threats, NIST added more insight for engineers and programmers on how to mitigate system vulnerabilities.

How the Log4j Vulnerability is Forcing Change in Federal Cybersecurity Policy

Officials say agencies have demonstrated more dedication than ever in addressing a bug with astronomical reach, but organizations are at the mercy of product vendors to issue the patches they need to implement.

GSA Seeks Comments on Transfer of .Gov Domain to Cybersecurity Agency

The government’s site for managing government websites—dotgov.gov— may temporarily go down for maintenance as officials make the switch.

How Cybercriminals Turn Paper Checks Stolen from Mailboxes into Bitcoin

Mailboxes are increasingly becoming the scene of a crime.

FTC warns of legal risks of failing on Log4j mitigation

The Federal Trade Commission issued a warning this week urging companies to take "reasonable steps" to mitigate known software vulnerabilities or face potential legal consequences, recalling the $700 million settlement Equifax paid for a major breach in 2017.

New CMMC Training to Align with Certification Changes

Look for trainers working on the Cybersecurity Maturity Model Certification program to realign their efforts to support recent changes to the certification process in 2022.

AI-Powered Automation Can Be Both a Part of the Problem and Part of the Solution

There are real security concerns that should be addressed ahead of further government adoption of a truly automated future.

Corrected: FedRAMP Bill Includes Transparency Provisions for New Advisory Council

The legislation would create a public-private advisory council that would be subject to most of the provisions of the Federal Advisory Committee Act.

Feds Step Up Cybersecurity Support for State Governments

Forty-two advisers have been appointed or are in the process, with eight states still needing federal-level coordinators.